Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

Nezur.exe

windows11-21h2-x64

1

Analysis

  • max time kernel
    433s
  • max time network
    439s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    08/08/2024, 23:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Nezur.exe

  • Size

    15.0MB

  • MD5

    b06252a7c65822778ae33c974f0414da

  • SHA1

    35dc4e77f433ec0c21a4e5c2aa9e1d062bc75458

  • SHA256

    66d71098581533e988e005f6d2884065e138b6a249559ca5ba29ea9f2afdb72d

  • SHA512

    ed8c65329e6fa985e0f69069f0be429240d466b07384cbc1119b3c2bc52311e359de2287edddba7b83e8bd16ed3516959152be4e39c711086cc4b6d8ebc655ac

  • SSDEEP

    393216:uq43OHubtyD8VmNNoTiq2kBJ2LqiDR3+2TJcePdBCeK7:umRDMm2HoR9HPdBi

Score
1/10

Malware Config

Signatures

  • Modifies registry class 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Nezur.exe
    "C:\Users\Admin\AppData\Local\Temp\Nezur.exe"
    1⤵
      PID:4772
    • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
      "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1180
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:1160

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
        Filesize

        10KB

        MD5

        a73ea6e1db27acedbe4055c448f82ef7

        SHA1

        01769a266d26c4b4b374099606e86b8874ddd55f

        SHA256

        c3059c62596021e555ec7901361fcde75078ad931bcac6027539930bef8b77d9

        SHA512

        f9cfe99077e40ac3ff11ab39020d6e159ec06cf50f9b1d156858198d48851d29de8882a18609a17dd30ddea421c6c415683b8d7b14fa30a51ddd1cd76032deb4

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
        Filesize

        10KB

        MD5

        c08cda8b30daf0f971ed3fca378d480d

        SHA1

        8c0a3593ff62ec10f1c6e88d448eb8e23aaf7662

        SHA256

        1af0cf8b1e5f3299794832e511471afa6fcd4a10987464a7c043285cd49f0c58

        SHA512

        3cae2439b79bc45a0e233e9178224eba4164e535f7b94dbc02d703db37513c73c4ea6cb94cd2f37b2c5e3c37f807555c51bb7902679db2538c3f16a9db1114a2

        Download Submit