Analysis
-
max time kernel
92s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
02/03/2024, 23:21
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Nezur.exe
Resource
win7-20240221-en
10 signatures
150 seconds
Behavioral task
behavioral2
Sample
Nezur.exe
Resource
win10v2004-20240226-en
3 signatures
150 seconds
General
-
Target
Nezur.exe
-
Size
2.3MB
-
MD5
490ff45ffb331fe7d1af3e8be7505943
-
SHA1
3dbaf10c1b701299d1a2e805b6a007f4e22e028d
-
SHA256
68fc232535a29649d46dc5f9108a2a59b2b4ef7aad09fa675b497c7f1b585d1b
-
SHA512
79ccefd495dfde1ddcd28ac57aa6033ba6b08255ee4ec6b844d716adf25fc74cc7e77fb68696af617563969eef2c5d5bbd982c124b5c5eed3e79eacf21363bb2
-
SSDEEP
24576:uR+gKf3Iv02rq6s1Hm3MRWj3D2CotikzCEkXuSMOSByL8X:X/Ue6MG8A3eCISMOSB
Score
8/10
Malware Config
Signatures
-
Sets service image path in registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\frAQBc8Wsa1xVPfv\ImagePath = "\\??\\C:\\Users\\Admin\\AppData\\Local\\Temp\\frAQBc8Wsa1xVPfv" Nezur.exe -
Suspicious behavior: LoadsDriver 1 IoCs
pid Process 5044 Nezur.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 5044 Nezur.exe Token: SeLoadDriverPrivilege 5044 Nezur.exe