Analysis

  • max time kernel
    92s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/03/2024, 23:21

General

  • Target

    Nezur.exe

  • Size

    2.3MB

  • MD5

    490ff45ffb331fe7d1af3e8be7505943

  • SHA1

    3dbaf10c1b701299d1a2e805b6a007f4e22e028d

  • SHA256

    68fc232535a29649d46dc5f9108a2a59b2b4ef7aad09fa675b497c7f1b585d1b

  • SHA512

    79ccefd495dfde1ddcd28ac57aa6033ba6b08255ee4ec6b844d716adf25fc74cc7e77fb68696af617563969eef2c5d5bbd982c124b5c5eed3e79eacf21363bb2

  • SSDEEP

    24576:uR+gKf3Iv02rq6s1Hm3MRWj3D2CotikzCEkXuSMOSByL8X:X/Ue6MG8A3eCISMOSB

Score
8/10

Malware Config

Signatures

  • Sets service image path in registry 2 TTPs 1 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Nezur.exe
    "C:\Users\Admin\AppData\Local\Temp\Nezur.exe"
    1⤵
    • Sets service image path in registry
    • Suspicious behavior: LoadsDriver
    • Suspicious use of AdjustPrivilegeToken
    PID:5044

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads