Overview

overview

3

Static

static

3

Nezur.exe

windows7-x64

1

Nezur.exe

windows10-2004-x64

1

Resubmissions

11-01-2024 18:51

240111-xhpfhaebcr 3

Analysis

  • max time kernel
    144s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    11-01-2024 18:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Nezur.exe

  • Size

    14.7MB

  • MD5

    3c9a94b97096769950f06c52a3996e39

  • SHA1

    7b8fcff9218297c291dd9a2a2f98137db0a59e44

  • SHA256

    0a161101b3f21c0e1e16da8747fce66d4162b8a4133291f860c55ce7873731f7

  • SHA512

    274646512526ca3f63fb090959babcd6c6a77cd4abcfc1e09812e3ad98e2af85b5e6b451de563afa23feff5d3146fa92b4ba3fb64c594f42d85650b0d89b93ca

  • SSDEEP

    98304:giHbalWeWP84rAJzM0gLIRfyC7egWJi56w65z/vA/OcOQi8ur+xMsnKMCFJlIsz8:fOM8Wb0guhegT56w6Vr8ucnmtz8

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Nezur.exe
    "C:\Users\Admin\AppData\Local\Temp\Nezur.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:952
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win7-x64&apphost_version=7.0.14&gui=true
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2984
  • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2984 CREDAT:275457 /prefetch:2
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:3048

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    c3479d52662ab4832c6cc2bf891a4c86

    SHA1

    41d27823cf038b5e6e55b4073783588dc489b88a

    SHA256

    21db852722f097461163aa02533fc15b41141d31f7592c3c56937900d9d7e676

    SHA512

    cd4ce4209ca5686c15c52c79de1e858b7941afeb62f344ef5c383914a8947393228ea87ee9ea3228355f5d69c05eeee406c59723830649e3ac0fa95b5c9bbea3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bcc537259d23ef129006a09d0e585aaa

    SHA1

    7c3afec76426540192a1298d73b0aeffd6b69c7d

    SHA256

    500437e5c4e58e6bc4be05ff82b2560fedc5e72aad684bde8af45b559cf4ba32

    SHA512

    ec34cf4f043370879e56aa83797bb0dfc6759281d814e63a90b3b76e061b77d53735596f5f9f858e6eab29a8b32efc35effab7c8aca477f753ccb5c088f02d46

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d0dcc855a4840c80fcf0848e945c45de

    SHA1

    5f3bb5d6e794eb3dd93d7a36b44ba24ee051a639

    SHA256

    275972979ced4d63426be0b8e1d3214e8b957314397f56a84dd5f89bfc57c313

    SHA512

    7750e2661eb14f4d53dfcfe8af7dd6fe8811144e777b33021df2c7c9ce37d26f17bf2acde1a40a243633050e7a835f926750460424ccce7a28281c684466ba64

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7f9b3e76525ab52c24369fef8aff5230

    SHA1

    6de7864764c31ca0e15559c387905706b0dc5875

    SHA256

    f467109b6098ad0ac0b31ccf6cc8b6da9ec51030ae8606ab9486c1edc7d5787f

    SHA512

    3efb0393ffcf5113f332088e549394ac6bf2520697ed58d6377510740cf7a5b97dfbaa0ef53547676524824d38dac789955b5e21e01ff589b9ff75489abff39a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9491a4c365446ab6abc5a78d37aaecf0

    SHA1

    234e67e66c19e22adee1a0e83a43bd779c86c556

    SHA256

    ce8e073880c2f8d6f73963b7c83d59fb409fd52d97555fd6f3e2605ef39153d8

    SHA512

    56cadb61651efbff457d4845166dc7e7ebe54fa89fed6d743ccd3c1133b76df367a62cd001259c4d217dc5437b1a28319958e238046e9c9d5fdd9fb2792eb08e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    80011e7ba80faaa6c87d6c4a153fc8b5

    SHA1

    f8faee272023308326f978abb8edd3d613b2da78

    SHA256

    dbee59d75e0658cdfe82c611191c4a27077d2a478aca265dd3dc39203d69dccc

    SHA512

    317a5705054049296909b7185a856f810ee0908bc3ab9038ff5df83444b20625c6efa41981bb0e356d4f832fa7168cf7e4343cee5834439f8b9623128ae4107d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5d98a781a94d264cceb64f14adcef25a

    SHA1

    2874b0c7953c9255e5f5f71a14d384af796e1b19

    SHA256

    8578da91af53a44a33be8017156c887f4eb46f4089132c929338963f0369f786

    SHA512

    03217d696ed5bb05232f3c5810d3186519132e8bb6af4d1e6e355102808c3464e62a1127226f9130b3fb00ffc8f675c7ba594599666c344cfc38302908b53f0d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7dd2c49e84fcddc5b2b16a0a01ba5458

    SHA1

    0545a69e9562dce5481c791d45e01b470a4c7b33

    SHA256

    11c879af95495ca516b284b1d68b14f104abfdde6975e4aa28b999475fae4a86

    SHA512

    187ce0396eaade93aba3c6512cf9a8bc6a3a1ef2687c510a5acf2f5dcc867d1cc480ff3acfb2c74be6860c0c1d2cd63dcaadcaee78938e1231757f9e65626fa7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c50180f10bd64e7bbb890b31a2db5f4b

    SHA1

    1931a91ab1ecd0f38628052a04a58692479631c3

    SHA256

    23aa641d9667cd2c0b8c64b20c179c0ed9ab978098a5a151d0902f3a5c831372

    SHA512

    66a1a71750cd749e7f4751a5840c9ca16a0fbee74d7f4966cae04d0814b0c65bba5a993f1b4a7d524fdb8d24dd549f76b61144f1b2f441dd678932c7237bfdd1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    145ee8b4844210577173176be3b19110

    SHA1

    415b5d77467fdf9c9f6de8286bc8ae0a62d5a97f

    SHA256

    38543fd97b1d69232cefbea9249f23853acefea1aaa69ac942ddc9c2d16a0c22

    SHA512

    0e1ae69fa075b0d139f9c8d27fa2df597928c00be493c4fd375f57da7be8437eb905788cbb238bbdcaf528ca55af1330eedcdebb48c7281f098bf96a054a358b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5cc6134a81344541fc30c49d2cc949cf

    SHA1

    883e547c61efb340dc7b25e06922def81beedcad

    SHA256

    4ea9bc0582a812e351fa6744545438cb4cebb437a253cfe4c0c46ab3e29a6ab5

    SHA512

    465e7c1897ae8b696f35bc4c2d090b5b534be1d52f388ced94ea3280ed5c21a2257d6158e63075614ab2fde5ba9dce112bf7c9e9c3e6af316d7782e47a0f3b73

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    3f83b7ec7a3565fe7117799a31c6dd2e

    SHA1

    a62f3ef06cc84c3b427f73035b23fe0c54e575ef

    SHA256

    6390f8983aca0b13d428f959c5e17fb02217500929d26ba5ca1aa27546f4501f

    SHA512

    68eb5e562fdc45c56d9d7502dcfd54242f6cf04bf729b3e4ca0334276de7a7813e8808005fd9469e55ece60b6cd3cca3c92361c55397434b9e3e1fd50ea436b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4CAF.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit