Analysis

  • max time kernel
    45s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    02/03/2024, 23:21

General

  • Target

    Nezur.exe

  • Size

    2.3MB

  • MD5

    490ff45ffb331fe7d1af3e8be7505943

  • SHA1

    3dbaf10c1b701299d1a2e805b6a007f4e22e028d

  • SHA256

    68fc232535a29649d46dc5f9108a2a59b2b4ef7aad09fa675b497c7f1b585d1b

  • SHA512

    79ccefd495dfde1ddcd28ac57aa6033ba6b08255ee4ec6b844d716adf25fc74cc7e77fb68696af617563969eef2c5d5bbd982c124b5c5eed3e79eacf21363bb2

  • SSDEEP

    24576:uR+gKf3Iv02rq6s1Hm3MRWj3D2CotikzCEkXuSMOSByL8X:X/Ue6MG8A3eCISMOSB

Score
8/10

Malware Config

Signatures

  • Sets service image path in registry 2 TTPs 1 IoCs
  • Drops file in System32 directory 3 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Nezur.exe
    "C:\Users\Admin\AppData\Local\Temp\Nezur.exe"
    1⤵
    • Sets service image path in registry
    • Suspicious behavior: LoadsDriver
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:832
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 832 -s 240
      2⤵
        PID:2308
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2288
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef65c9758,0x7fef65c9768,0x7fef65c9778
        2⤵
          PID:2556
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1288,i,15579457462087202270,14039968749966236178,131072 /prefetch:2
          2⤵
            PID:2496
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1288,i,15579457462087202270,14039968749966236178,131072 /prefetch:8
            2⤵
              PID:2688
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1640 --field-trial-handle=1288,i,15579457462087202270,14039968749966236178,131072 /prefetch:8
              2⤵
                PID:2468
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2036 --field-trial-handle=1288,i,15579457462087202270,14039968749966236178,131072 /prefetch:1
                2⤵
                  PID:772
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2164 --field-trial-handle=1288,i,15579457462087202270,14039968749966236178,131072 /prefetch:1
                  2⤵
                    PID:2540
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1484 --field-trial-handle=1288,i,15579457462087202270,14039968749966236178,131072 /prefetch:2
                    2⤵
                      PID:2628
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1316 --field-trial-handle=1288,i,15579457462087202270,14039968749966236178,131072 /prefetch:1
                      2⤵
                        PID:384
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3676 --field-trial-handle=1288,i,15579457462087202270,14039968749966236178,131072 /prefetch:8
                        2⤵
                          PID:2088
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3708 --field-trial-handle=1288,i,15579457462087202270,14039968749966236178,131072 /prefetch:1
                          2⤵
                            PID:888
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2072 --field-trial-handle=1288,i,15579457462087202270,14039968749966236178,131072 /prefetch:8
                            2⤵
                              PID:1792
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1872 --field-trial-handle=1288,i,15579457462087202270,14039968749966236178,131072 /prefetch:1
                              2⤵
                                PID:2904
                            • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                              "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                              1⤵
                                PID:2244
                              • C:\Windows\system32\mmc.exe
                                "C:\Windows\system32\mmc.exe" "C:\Windows\system32\secpol.msc" /s
                                1⤵
                                • Drops file in System32 directory
                                • Suspicious use of AdjustPrivilegeToken
                                • Suspicious use of SetWindowsHookEx
                                PID:2344

                              Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\45f859a5-1369-4901-8865-235d40868fc8.tmp

                                      Filesize

                                      256KB

                                      MD5

                                      8915fc935db5ae595c699a0e083054ba

                                      SHA1

                                      bc65dcf6f47d2637964643861980dde1e659e8e2

                                      SHA256

                                      36d979a535665d077163c10f1da581ccea0bcb4501e1d74a3c69dffedd7b9699

                                      SHA512

                                      76898c9e643610d9c25fa802bee3aa7656fcccf0a33e90a2e99d2e50f1347419976a77d3e99c790e29d49e65f9ae46a3e04f260cb9aa3705b6ad6bd1e9a87c9c

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

                                      Filesize

                                      195KB

                                      MD5

                                      89d79dbf26a3c2e22ddd95766fe3173d

                                      SHA1

                                      f38fd066eef4cf4e72a934548eafb5f6abb00b53

                                      SHA256

                                      367ef9ec8dc07f84fed51cac5c75dc1ac87688bbf8f5da8e17655e7917bd7b69

                                      SHA512

                                      ab7ce168e6f59e2250b82ec62857c2f2b08e5a548de85ac82177ac550729287ead40382a7c8a92fbce7f53b106d199b1c8adbb770e47287fc70ea0ea858faba6

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

                                      Filesize

                                      34KB

                                      MD5

                                      fc2a7d2849daca79b4c1b6146aee0392

                                      SHA1

                                      aef22b22492edfae8d6377cde0af97d93fbfd2dc

                                      SHA256

                                      89e6b3d18f1e4872bdbfc2e684d6298452508c66119055a84db3b2e04bca28b6

                                      SHA512

                                      fad22bca0222e150e9cf1f655630d127853d4083f974d1c7695ce78b7e0ef49591db1c779b551aa81a78b9a8f96d162231682e36322803a1d456ad2ad873dfc5

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                      Filesize

                                      168B

                                      MD5

                                      103363e76272893e0e938a59826cfc7d

                                      SHA1

                                      385f2ac0b0b122ebbaeb160ab56725b594805bab

                                      SHA256

                                      38e016354dfa46f2ce83e82742a60289b43ad38fa3a083143ebf9fe1d8735b81

                                      SHA512

                                      32657d453a3b2e116b263f67c5484aef7220d3927231b05f9b390d5f6f31de5bbef099e9c6ca0f1b214eba1a6520774462f2804ff6fe68db6f5c9cb320a85137

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

                                      Filesize

                                      264KB

                                      MD5

                                      f50f89a0a91564d0b8a211f8921aa7de

                                      SHA1

                                      112403a17dd69d5b9018b8cede023cb3b54eab7d

                                      SHA256

                                      b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                      SHA512

                                      bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                      Filesize

                                      1KB

                                      MD5

                                      190df7332edb5114f71c2c73be3390b7

                                      SHA1

                                      d49b5a7d6430e0d31a0c3fe8d9e1e6835e1fcca3

                                      SHA256

                                      8d71586355c85d8cd5157443b61df61cdd389eceddb3299c2f29418669e03c43

                                      SHA512

                                      862f0f21e3b712c5b3642d1c8d0776aea30fd366481bb2083533fddb422a116f65f4baefc9e6871a7579c70b23edfc862c23544c0c8fe1a22222ca4f9b91cfd1

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                      Filesize

                                      363B

                                      MD5

                                      8f49afd8f73a24ee8bb9e60f26f9d15c

                                      SHA1

                                      153ef8e1c92f3d6228fff77977429f86bff6f033

                                      SHA256

                                      42b5119a55cf21e8f9067a0403c72780b58753f56cfb92fdf0c02ab3559d9170

                                      SHA512

                                      e3b548764aa2c3c0457164111198a41772a44a500ef72f44335f3a170870ba015439d95b694e45b31da63373cac3e95f99adc7dafc769d612b73133fee8604e0

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      5KB

                                      MD5

                                      cfdbf76955905c4607fb3c8eb64dcd87

                                      SHA1

                                      e70d3deefdd697fb299ac0dd270520e8621aad50

                                      SHA256

                                      96c780f2282875c2fa3303f2fcb988ba5037255711555c837bc076bd909f72e5

                                      SHA512

                                      fdde39d8cc36cff18aae59dacba20e4e23aa4898cb19b82eb9cde53194925e4bcd06ab0f4f6e9daa2a987bdfc1619bdebaca2ce05ce30224c69b0fb28ed80838

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      5KB

                                      MD5

                                      186d38499d76d068e1161ad7d5abf227

                                      SHA1

                                      f74a80e00f4436426f18e219c3dbb48f365afee6

                                      SHA256

                                      45d5306def5ea601743903ded940eca52d13edbd4287b1ca69e7e2d2524baf61

                                      SHA512

                                      fa20f1171d5dd4215a85960d0a8b9549c408ce17e41b357fe68231e1755cd9444ad5fbd0e9aa36dfdbf8cbd95a98f283eb337df2ef3dfa5adad2838e69e66798

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      6KB

                                      MD5

                                      f90f951359da96e67978426f27ec6bd0

                                      SHA1

                                      1d51b52c7c465f544d2e0782d9c9fad8c6afa355

                                      SHA256

                                      9b19c13354612d88e13b4f84198ceee9852f1d65b5290c0445f7ded83a924679

                                      SHA512

                                      6241adc4c21cee441ae507e7f82b2a468fef1570c503b781eb3f9d942dd20a338a79dce173b87e26ca6e5b55714e2165c35d98850176261303d12cf5a5196996

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      6KB

                                      MD5

                                      4cab6cbce8edadf22fc55a8956ccc325

                                      SHA1

                                      6318a4490adea0594f2d6c71091c947d64f2b962

                                      SHA256

                                      536d11a9dc2a5da82046dbe61b5602d159803b1552d3dfbfa3d5c82b84e7ea6d

                                      SHA512

                                      d3e39dec8c88d35657042b1fc5ce8a136cf6d0379fc7b5ae9dc18582f491beefb59c76f2db74d5d029888ac43d0e39b085d83ad910213f20e8c8949a23543b36

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

                                      Filesize

                                      16B

                                      MD5

                                      18e723571b00fb1694a3bad6c78e4054

                                      SHA1

                                      afcc0ef32d46fe59e0483f9a3c891d3034d12f32

                                      SHA256

                                      8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

                                      SHA512

                                      43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                      Filesize

                                      256KB

                                      MD5

                                      0254894a0374ced96380cfad0fc9c62d

                                      SHA1

                                      d8a3c24bf00ae763b45d1abd9ba10065f9577b73

                                      SHA256

                                      5afb33d233e4bb58b225a01c6de745dea4bd62f45c8768fd0bcfa2926b60005e

                                      SHA512

                                      8b638fa6d30625bf0243c769ceeb222b0622b5ea16e5fb6e620be2b49884115f7672d4117c2372a768717111f0932703f7338ccc17855c57bd8684afcd9d126e

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                      Filesize

                                      256KB

                                      MD5

                                      23c2d940e9805d8a082ccf2c1097ccc1

                                      SHA1

                                      ae37cf0e8bfa1533374840ff58a208676bd110c2

                                      SHA256

                                      a282070823225ade47ceebf0621fcac76a5a4525ec222f9a8dffa4b89c59bf67

                                      SHA512

                                      8f16b081b0f8c82c0f94d8cf3c3829bb3f746bd48bd07f455e8b1a0c6fca869a5286b64d2b1065806606afaeef59a7fff48b913f70d7f1a80d6c6bd26b2b6397

                                    • memory/832-2-0x0000000140000000-0x00000001405E8000-memory.dmp

                                      Filesize

                                      5.9MB

                                    • memory/2344-73-0x000007FEF1A00000-0x000007FEF239D000-memory.dmp

                                      Filesize

                                      9.6MB

                                    • memory/2344-89-0x000007FEF1A00000-0x000007FEF239D000-memory.dmp

                                      Filesize

                                      9.6MB

                                    • memory/2344-88-0x0000000004A80000-0x0000000004B00000-memory.dmp

                                      Filesize

                                      512KB

                                    • memory/2344-87-0x000007FFFFF00000-0x000007FFFFF10000-memory.dmp

                                      Filesize

                                      64KB

                                    • memory/2344-78-0x0000000004A80000-0x0000000004B00000-memory.dmp

                                      Filesize

                                      512KB

                                    • memory/2344-76-0x0000000004A80000-0x0000000004B00000-memory.dmp

                                      Filesize

                                      512KB

                                    • memory/2344-77-0x00000000031D0000-0x00000000031FB000-memory.dmp

                                      Filesize

                                      172KB

                                    • memory/2344-75-0x000007FEF1A00000-0x000007FEF239D000-memory.dmp

                                      Filesize

                                      9.6MB

                                    • memory/2344-74-0x0000000004A80000-0x0000000004B00000-memory.dmp

                                      Filesize

                                      512KB

                                    • memory/2344-72-0x00000000027C0000-0x00000000027DE000-memory.dmp

                                      Filesize

                                      120KB

                                    • memory/2344-69-0x0000000002230000-0x0000000002231000-memory.dmp

                                      Filesize

                                      4KB