Overview

overview

10

Static

static

10

nezur.rar

windows7-x64

3

nezur.rar

windows10-2004-x64

3

nezur/nezu...ur.exe

windows7-x64

7

nezur/nezu...ur.exe

windows10-2004-x64

7

�,l]+i�.pyc

windows7-x64

�,l]+i�.pyc

windows10-2004-x64

nezur/nezu...ME.txt

windows7-x64

1

nezur/nezu...ME.txt

windows10-2004-x64

1

nezur/nezu...er.dll

windows7-x64

1

nezur/nezu...er.dll

windows10-2004-x64

1

nezur/nezu...on.dll

windows7-x64

1

nezur/nezu...on.dll

windows10-2004-x64

1

nezur/nezu...er.dll

windows7-x64

1

nezur/nezu...er.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    147s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    01/11/2023, 14:21

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    nezur.rar

  • Size

    7.3MB

  • MD5

    57f97951f8836eec896f2cff7f855880

  • SHA1

    bf8bbf89a27ab8c5eb5007788c50a6c4b26e7705

  • SHA256

    b6b28dba0dce19d3dc8fac2261298c22ec02cd89c38303aa49a56f191cba5350

  • SHA512

    02fcddf4c57c841c9f215dd3a3d86840dc5af39a430d46d2d4274d2fa1a2a8529d1c386f4ae926feca37cc845e7e696da0dd4345b6fc8a57447ab165954cd0bf

  • SSDEEP

    196608:X+ipT02aG19pfAdjbG72l1KoCJsuF3bR/Lpy3rzRW+A:X+qpfAdjS72TKoK3lzOhk

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\nezur.rar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2284
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\nezur.rar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2808
      • C:\Program Files\VideoLAN\VLC\vlc.exe
        "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\nezur.rar"
        3⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:2736

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2736-29-0x000000013F970000-0x000000013FA68000-memory.dmp

          Filesize

          992KB

          Download

        • memory/2736-30-0x000007FEF7480000-0x000007FEF74B4000-memory.dmp

          Filesize

          208KB

          Download

        • memory/2736-31-0x000007FEF5AE0000-0x000007FEF5D94000-memory.dmp

          Filesize

          2.7MB

          Download

        • memory/2736-33-0x000007FEF67B0000-0x000007FEF67C7000-memory.dmp

          Filesize

          92KB

          Download

        • memory/2736-32-0x000007FEFB1C0000-0x000007FEFB1D8000-memory.dmp

          Filesize

          96KB

          Download

        • memory/2736-36-0x000007FEF6290000-0x000007FEF62A1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2736-38-0x000007FEF61E0000-0x000007FEF61F1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2736-37-0x000007FEF6200000-0x000007FEF621D000-memory.dmp

          Filesize

          116KB

          Download

        • memory/2736-35-0x000007FEF6770000-0x000007FEF6787000-memory.dmp

          Filesize

          92KB

          Download

        • memory/2736-34-0x000007FEF6790000-0x000007FEF67A1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2736-39-0x000007FEF58E0000-0x000007FEF5AE0000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2736-48-0x000007FEF47D0000-0x000007FEF47E1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2736-50-0x000007FEF4780000-0x000007FEF47B0000-memory.dmp

          Filesize

          192KB

          Download

        • memory/2736-53-0x000007FEF4680000-0x000007FEF4691000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2736-54-0x000007FEF4620000-0x000007FEF4676000-memory.dmp

          Filesize

          344KB

          Download

        • memory/2736-52-0x000007FEF46A0000-0x000007FEF470F000-memory.dmp

          Filesize

          444KB

          Download

        • memory/2736-57-0x000007FEFAA70000-0x000007FEFAA87000-memory.dmp

          Filesize

          92KB

          Download

        • memory/2736-56-0x000007FEFAA90000-0x000007FEFAAB4000-memory.dmp

          Filesize

          144KB

          Download

        • memory/2736-58-0x000007FEFAA40000-0x000007FEFAA63000-memory.dmp

          Filesize

          140KB

          Download

        • memory/2736-55-0x000007FEFAAC0000-0x000007FEFAAE8000-memory.dmp

          Filesize

          160KB

          Download

        • memory/2736-51-0x000007FEF4710000-0x000007FEF4777000-memory.dmp

          Filesize

          412KB

          Download

        • memory/2736-63-0x000007FEF4570000-0x000007FEF4582000-memory.dmp

          Filesize

          72KB

          Download

        • memory/2736-64-0x000007FEF4430000-0x000007FEF456B000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/2736-65-0x000007FEF4290000-0x000007FEF42BC000-memory.dmp

          Filesize

          176KB

          Download

        • memory/2736-66-0x000007FEF40D0000-0x000007FEF4282000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2736-67-0x000007FEF3AC0000-0x000007FEF3B1C000-memory.dmp

          Filesize

          368KB

          Download

        • memory/2736-70-0x000007FEF3260000-0x000007FEF3272000-memory.dmp

          Filesize

          72KB

          Download

        • memory/2736-69-0x000007FEF32A0000-0x000007FEF3337000-memory.dmp

          Filesize

          604KB

          Download

        • memory/2736-68-0x000007FEF3380000-0x000007FEF3391000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2736-62-0x000007FEF4590000-0x000007FEF45A3000-memory.dmp

          Filesize

          76KB

          Download

        • memory/2736-61-0x000007FEF45B0000-0x000007FEF45D1000-memory.dmp

          Filesize

          132KB

          Download

        • memory/2736-71-0x000007FEF3020000-0x000007FEF3251000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/2736-60-0x000007FEF45E0000-0x000007FEF45F2000-memory.dmp

          Filesize

          72KB

          Download

        • memory/2736-72-0x000007FEF2F00000-0x000007FEF3012000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/2736-75-0x000007FEF2E30000-0x000007FEF2E41000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2736-80-0x000007FEF2CC0000-0x000007FEF2D5F000-memory.dmp

          Filesize

          636KB

          Download

        • memory/2736-79-0x000007FEF2D60000-0x000007FEF2D73000-memory.dmp

          Filesize

          76KB

          Download

        • memory/2736-82-0x000007FEF2B90000-0x000007FEF2C92000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/2736-87-0x000007FEF2AF0000-0x000007FEF2B08000-memory.dmp

          Filesize

          96KB

          Download

        • memory/2736-92-0x000007FEF2A40000-0x000007FEF2A51000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2736-91-0x000007FEF2A60000-0x000007FEF2A71000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2736-90-0x000007FEF2A80000-0x000007FEF2A92000-memory.dmp

          Filesize

          72KB

          Download

        • memory/2736-89-0x000007FEF2AA0000-0x000007FEF2AC9000-memory.dmp

          Filesize

          164KB

          Download

        • memory/2736-88-0x000007FEF2AD0000-0x000007FEF2AE6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2736-86-0x000007FEF2B10000-0x000007FEF2B22000-memory.dmp

          Filesize

          72KB

          Download

        • memory/2736-85-0x000007FEF2B30000-0x000007FEF2B41000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2736-84-0x000007FEF2B50000-0x000007FEF2B61000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2736-83-0x000007FEF2B70000-0x000007FEF2B81000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2736-81-0x000007FEF2CA0000-0x000007FEF2CB1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2736-78-0x000007FEF2D80000-0x000007FEF2D92000-memory.dmp

          Filesize

          72KB

          Download

        • memory/2736-77-0x000007FEF2DA0000-0x000007FEF2DB1000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2736-76-0x000007FEF2DC0000-0x000007FEF2E21000-memory.dmp

          Filesize

          388KB

          Download

        • memory/2736-74-0x000007FEF2E50000-0x000007FEF2E75000-memory.dmp

          Filesize

          148KB

          Download

        • memory/2736-73-0x000007FEF2E80000-0x000007FEF2EB5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/2736-59-0x000007FEFAA20000-0x000007FEFAA31000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2736-49-0x000007FEF47B0000-0x000007FEF47C8000-memory.dmp

          Filesize

          96KB

          Download

        • memory/2736-47-0x000007FEF47F0000-0x000007FEF480B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/2736-46-0x000007FEF4810000-0x000007FEF4821000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2736-45-0x000007FEF6110000-0x000007FEF6121000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2736-44-0x000007FEF6130000-0x000007FEF6141000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2736-43-0x000007FEF6150000-0x000007FEF6168000-memory.dmp

          Filesize

          96KB

          Download

        • memory/2736-42-0x000007FEF6170000-0x000007FEF6191000-memory.dmp

          Filesize

          132KB

          Download

        • memory/2736-41-0x000007FEF61A0000-0x000007FEF61DF000-memory.dmp

          Filesize

          252KB

          Download

        • memory/2736-40-0x000007FEF4830000-0x000007FEF58DB000-memory.dmp

          Filesize

          16.7MB

          Download