Overview

overview

7

Static

static

7

Nezur.exe

windows11-21h2-x64

1

Analysis

  • max time kernel
    433s
  • max time network
    439s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    08/08/2024, 23:23

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Nezur.exe

  • Size

    15.0MB

  • MD5

    b06252a7c65822778ae33c974f0414da

  • SHA1

    35dc4e77f433ec0c21a4e5c2aa9e1d062bc75458

  • SHA256

    66d71098581533e988e005f6d2884065e138b6a249559ca5ba29ea9f2afdb72d

  • SHA512

    ed8c65329e6fa985e0f69069f0be429240d466b07384cbc1119b3c2bc52311e359de2287edddba7b83e8bd16ed3516959152be4e39c711086cc4b6d8ebc655ac

  • SSDEEP

    393216:uq43OHubtyD8VmNNoTiq2kBJ2LqiDR3+2TJcePdBCeK7:umRDMm2HoR9HPdBi

Score
1/10

Malware Config

Signatures

  • Modifies registry class 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Nezur.exe
    "C:\Users\Admin\AppData\Local\Temp\Nezur.exe"
    1⤵
      PID:4772
    • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
      "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1180
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:1160

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
              Filesize

              10KB

              MD5

              a73ea6e1db27acedbe4055c448f82ef7

              SHA1

              01769a266d26c4b4b374099606e86b8874ddd55f

              SHA256

              c3059c62596021e555ec7901361fcde75078ad931bcac6027539930bef8b77d9

              SHA512

              f9cfe99077e40ac3ff11ab39020d6e159ec06cf50f9b1d156858198d48851d29de8882a18609a17dd30ddea421c6c415683b8d7b14fa30a51ddd1cd76032deb4

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
              Filesize

              10KB

              MD5

              c08cda8b30daf0f971ed3fca378d480d

              SHA1

              8c0a3593ff62ec10f1c6e88d448eb8e23aaf7662

              SHA256

              1af0cf8b1e5f3299794832e511471afa6fcd4a10987464a7c043285cd49f0c58

              SHA512

              3cae2439b79bc45a0e233e9178224eba4164e535f7b94dbc02d703db37513c73c4ea6cb94cd2f37b2c5e3c37f807555c51bb7902679db2538c3f16a9db1114a2

              Download Submit