b6739bc0482e06244423bfd3732a4734d480aed773aa7f664efb8482e7f96f8a | Triage

Analysis

max time kernel
359s
max time network
362s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 12:37

Sharing

Report Analysis Logs

General

Target

Nezur.exe
Size

2.2MB
MD5

6e1f9ac640524fc971fd2205843cc3a7
SHA1

4b7f2499b351474386344c8a714528536e86071d
SHA256

debeffe90b04772fa9a2704ea9cc31ae16beaebc3c2e8baf7d179bec99485d60
SHA512

019cb543586deb2cc402875ef10756c53d6914a9b381f8bfba8dc47d5429bf6ef75e7b5c56496172c902845f8f6f0024062a704e36e8daa6d63f299cc557140e
SSDEEP

49152:MZBMrhJAX5d//xH2TMcuuMI42naplS7l:g1Jz8+pl

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1460	Nezur.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1460 wrote to memory of 1272	1460	Nezur.exe	29
PID 1460 wrote to memory of 1272	1460	Nezur.exe	29
PID 1460 wrote to memory of 1272	1460	Nezur.exe	29

C:\Users\Admin\AppData\Local\Temp\Nezur.exe
"C:\Users\Admin\AppData\Local\Temp\Nezur.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1460
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1460 -s 340
  2⤵
  PID:1272

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads