Analysis
-
max time kernel
573s -
max time network
575s -
platform
windows10-1703_x64 -
resource
win10-20240221-en -
resource tags
arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system -
submitted
02/03/2024, 22:45
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Nezur.exe
Resource
win10-20240221-en
4 signatures
600 seconds
General
-
Target
Nezur.exe
-
Size
2.3MB
-
MD5
490ff45ffb331fe7d1af3e8be7505943
-
SHA1
3dbaf10c1b701299d1a2e805b6a007f4e22e028d
-
SHA256
68fc232535a29649d46dc5f9108a2a59b2b4ef7aad09fa675b497c7f1b585d1b
-
SHA512
79ccefd495dfde1ddcd28ac57aa6033ba6b08255ee4ec6b844d716adf25fc74cc7e77fb68696af617563969eef2c5d5bbd982c124b5c5eed3e79eacf21363bb2
-
SSDEEP
24576:uR+gKf3Iv02rq6s1Hm3MRWj3D2CotikzCEkXuSMOSByL8X:X/Ue6MG8A3eCISMOSB
Score
8/10
Malware Config
Signatures
-
Sets service image path in registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\frAQBc8Wsa1xVPfv\ImagePath = "\\??\\C:\\Users\\Admin\\AppData\\Local\\Temp\\frAQBc8Wsa1xVPfv" Nezur.exe -
Suspicious behavior: LoadsDriver 1 IoCs
pid Process 3516 Nezur.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 3516 Nezur.exe Token: SeLoadDriverPrivilege 3516 Nezur.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 3516 Nezur.exe 3516 Nezur.exe