hxxps://nezur[.]net/

Analysis

max time kernel
15s
max time network
175s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
08/01/2024, 19:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://nezur.net/

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{69F3F1F1-AE58-11EE-B0EB-D691EE3F3902} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2548	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2548	iexplore.exe
2548	iexplore.exe
2012	IEXPLORE.EXE
2012	IEXPLORE.EXE
2012	IEXPLORE.EXE
2012	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 2012	2548	iexplore.exe	16
PID 2548 wrote to memory of 2012	2548	iexplore.exe	16
PID 2548 wrote to memory of 2012	2548	iexplore.exe	16
PID 2548 wrote to memory of 2012	2548	iexplore.exe	16

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2548 CREDAT:275457 /prefetch:2
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2012

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://nezur.net/
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
29KB

MD5
d3dbfd4df24e2c6ad61d0c1519ab4c2c

SHA1
d4970086fa78319ddea28ed58c9eee1fa79b601a

SHA256
5efc1e0da6af7b6a95a71cece925c633598588de5f5c49fef374d24a08c2554f

SHA512
87788f9fd13a869f082435b51f88c27fb1ece4725e64243cb7a1ace4f2e36b74787a0aace19839d2837ac320834d5ab6f9f82aa066072d5e09b3d6192b21d3e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
1fa2583d570d6b6e75486b4bc09a7e8f

SHA1
f7bd3427b41938cd1254262666616931323ba554

SHA256
b0dbef376ab8c7d449d2f52fa0471dfd72a0acd8b2b127e54999e5b10b18f83a

SHA512
3782d249c9f9decd23c89204c922b6fa4a84227def96d6d0258f1ed891da1cc4dcc8e7ecd0a8b51c7f7b7b5ebe442d542ce914e84a7f0c2504954b998c760e52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
263905e83ee2adda2a0bb20785a6d52b

SHA1
f51e92eab68aecf9961d54919796bb586c09ea78

SHA256
319cb8e0c6d06e340356d17a4f82e1623138260608ac9f1019efc43b0b04aaed

SHA512
ea863ba73062d70b749530634cdf6dcf847522b7f7fc50fa2f7c8bc6e8e9341b95451f68f5463e9cd154d2f68fd0ec6b0eaacdf56a4ac4d3225680c0822b7d31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
39df529c9140c550db7aee21140100c2

SHA1
418ff1d20cc209f055aaebb50e76d558322cb76d

SHA256
38fca265788b7b8a31538545eeaf274e28c0aa85c77323d0e4feed355fce4adc

SHA512
1c7afa1df319ee741627037075ed1fd4e59becac4dc34650e188c432131e0311acf0ea26de08294588c3c26cd8df7da1117ed01d40c97b92c447c01c4bec2021

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
84270d23664f7c316dfbf175f0fb387a

SHA1
477f66af785af6a93a19ac62c4d63e6b1298daad

SHA256
5985b6d05e2169c82410fea17e6ef764b20ff551930f0dc0816f9f24332c182f

SHA512
ea2fa111551ad80093b9dab71ad1aa30632f8b13bf8b28da31fad6aefec1e9d254ba3b121f7c6b18bb0783e5f50f0e4e4bb469cacabe7d0ec45f878377c24f8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
dd50aa9e5b865d50182f459e1efab29d

SHA1
fac01cd97f4bff2c24397c931fe6a35cbbb25ad6

SHA256
f1168dbf92bcbf87195019ae4543e0abf094c95ed92bc59c98e485f32f315214

SHA512
5999552a81e98b75b20fe988950524d52916adceed4153c22726dd1577b007e51d9636e01bf23d79fc8034c82801e2edcd1d12162843551f2e9f49b91926a7e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
d1658a0b6e4a694d5e175508e552e0ad

SHA1
84146f671fde00e8a0d367c85458335001b26aa9

SHA256
1875eba520c301662cc1503dfd183ec99e79d9114233b18fbe70cfb513b20b83

SHA512
f06d250b47f9e6f0e13b787f103f11eee635dabefe48fa0dbbbbafd9d42276838412b87ce33b3c1b22d894d86f249ce40d61f50aa866ddc9a53f6ef821123062

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
0f73e083147b9836a00be776e0493416

SHA1
c526102a51c9424b47af0b8c86ebb16da74889fb

SHA256
f75cfa895270a1d850908ec813ec9a853f8b6edf41ff15ea3ec8d3ffd9dd0701

SHA512
fe63d3aaa943e28a25d724a75ffbec998ddeff9eb3d58c2ac3a581aadcf5172c89f76a1a01e925f552220b733b497539f627c63228b0eda280a63a4d621d21fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
cf5ef28c96512922832fd692fcf8fe0e

SHA1
cbce7f4b379f793bf09ab45b8276f2b2495c6181

SHA256
0768f644afba9ee40cd0dc68ba2ef34afbf9ac84b62040406cdca3dd6ba688fa

SHA512
bbe0019e25bf7a317c07568c0670535410cd27deecf58d25922d60492d81cf8a0666fd09f48eb3e3d01e3075739969bdfc595a54f48627504ab688ac82b71ff8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
f91a33c38ec5469d5ac2a44136416c96

SHA1
4ebd0a2c1d26d5cf5d6990dbfa657d930a84ad64

SHA256
d82ba3e53da1f568e027c01ee1531a61da66150f52ceaedd935b06389f4a5f95

SHA512
0ab1f0854f5594905ff2e9f94f0ee376483a2e3cfbfd0f6208aac5888d9a814c8cdc0d49732684980f050f98aa3669f53242f143823c164b11eac44a1fb22929

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
e83ba52c6081b902733f8bb6890334ea

SHA1
eb1c8e6942edadfdf39942f763801c938ffb04c1

SHA256
e6cd25755dd2dfc8e5583bb375c61750ccc78e60afa3273bf6d780dc359828f6

SHA512
d0dec34f8e825cca810e7036b612bad240dbde37f69ac727a064615b72657f0c82303e578f3808df3a94fe6a65742d14cd7a829a2769042bf4425ade128aa32a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
4ec89f67271f7b5887b4a4a2516f3c06

SHA1
483145abec67c59fbd3f05519652c21c09a60aad

SHA256
e4a630dcf02f31862f869937f2c967a9c5c65756e4477bfda556f8b8e2bd89a3

SHA512
9f8b6c7891a6dfc44452718d0b0e7eb9fb394df962c261ce92faaf9685b4477ce7026fda10a334684a0955cce6d537392f3f5b96fd28e05830c65359760b691a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
b556af9f754bb2d2def26287ae09c569

SHA1
da3ac6ebe98724661b9e0966c51825ecdf7aa124

SHA256
f7bec1be07a85a1b2c262427b07b34883d4c983ae1d36cce4fbfeb2575688e75

SHA512
5512c5275bbad73429d2a3292573a07ec0ca2d64616a26425ba5c78b55f5fe16713d6c992f84d4b6d9b2ee19a4e6b23d940e698065e5db49861419b90707e2c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
8f98cec771a4e297f902062f3a20e1c0

SHA1
4978b3f61d4d9909be51b0f42804dcf83a1408f7

SHA256
66f1dfa9c2f71497695fc149d80f89478c559e6cbb57a2882e1e69e09642ab45

SHA512
175b311efe7e2f174211517f46db1a2a36c5e37c8b7eff0eee659d0a43206e51413b9d7904bdbc4b9e8eff66cb2d4fb21d3faadc1fcab944f20f270f7ce27a79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
98b4080634b64b3317db6d2c1ee7b4b3

SHA1
87b405e5f564209c5cf08006bdfe119d73566719

SHA256
a8eae14ba6bede4a872cf969cfd3189766b6257c31bcbcc4eef7da3ac9687c44

SHA512
aa4ec72a0c4355ee5ca4395b5a739141f8b7009d25838cd494f0b1d8d5e9ac34bb5b4b0c8269da37471c384576e44218d0d73cb785ae21fcf5d536c918690270

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
7a0de0443a512e0af0757b48161c66c4

SHA1
501090475406d2835319a407ee8c398405efa0af

SHA256
66666a9c792396999a20999584f8fcefce0a4f5ba9ca3045ace165a5b35d1eea

SHA512
0ad23103fa6fe18b37306b826da708a38a3c353b55d68f197f4926a1892d78af519a9e0d2b61395f6774dc838c337be83b691f1354eb6b3e65aae4e77299526d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
a765cfa91028589523e955df3a089fe2

SHA1
6f91279e04a4757ca51df0e70418bf8326f13062

SHA256
001106a4384ad14fc4572069f1e0f66c5a23726ae29bf863a4c1017e3a6c93a3

SHA512
7e1c5eae3441ee38d80bb13dfebe53deed8c873f9224ee08f49067bb2049a48bca5ab947d426503ea7e537886c59db437902ad1c23ecb074a5e7667d935380c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF731.tmp

Filesize
38KB

MD5
9d560949414df667bd2a81edf5226963

SHA1
0158e9b1f21896567b9feb8d3d1ea4fa3481c20d

SHA256
eb2b237098031516b5488ac4e284b88623e95931ed79052f1ac9c5ec847fa9d6

SHA512
77b6d8ed3ea678f6a484478ae14f323726e1c467f94d02040125e718c6f9502746d8742b8bbb7f5a425b8fbce23833532c187d63756d28415fce0457412f3810

Download Submit