2aace00ef40acb91d0131d07838d4ab0d5c4387730eae8a5a74c23806fe17d8a

Analysis

max time kernel
238s
max time network
236s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
11/09/2024, 09:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Nezur.exe
Size

315KB
MD5

62ddeb34d900f007dbf3dffa3d37c6a0
SHA1

69c357dd3aca07a61db8bb78ba0ab70fc88c6d70
SHA256

2aace00ef40acb91d0131d07838d4ab0d5c4387730eae8a5a74c23806fe17d8a
SHA512

f5f26c7402c0d38cb61db5ea1e35c28e6bcff946000d401ae9f1281ad61a38251f6b60d7a53b2316d014bb04167b98795aec5a05d0cfbe666fecc49e8f29f54d
SSDEEP

3072:hiS4omp03WQthI/9S3BZi08iRQ1G78IVn2sbS7cJ68ltre0T5T+aGQ:hiS4ompB9S3BZi0a1G78IVAcUctLThG

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
1120	Nezur.exe
2312	Nezur.exe
1344	Nezur.exe
2568	Nezur.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133705205643482482"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
308	chrome.exe
308	chrome.exe
4724	chrome.exe
4724	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 308 wrote to memory of 4656	308	chrome.exe	75
PID 308 wrote to memory of 4656	308	chrome.exe	75
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 1372	308	chrome.exe	77
PID 308 wrote to memory of 4240	308	chrome.exe	78
PID 308 wrote to memory of 4240	308	chrome.exe	78
PID 308 wrote to memory of 4596	308	chrome.exe	79
PID 308 wrote to memory of 4596	308	chrome.exe	79
PID 308 wrote to memory of 4596	308	chrome.exe	79
PID 308 wrote to memory of 4596	308	chrome.exe	79
PID 308 wrote to memory of 4596	308	chrome.exe	79
PID 308 wrote to memory of 4596	308	chrome.exe	79
PID 308 wrote to memory of 4596	308	chrome.exe	79
PID 308 wrote to memory of 4596	308	chrome.exe	79
PID 308 wrote to memory of 4596	308	chrome.exe	79
PID 308 wrote to memory of 4596	308	chrome.exe	79
PID 308 wrote to memory of 4596	308	chrome.exe	79
PID 308 wrote to memory of 4596	308	chrome.exe	79
PID 308 wrote to memory of 4596	308	chrome.exe	79
PID 308 wrote to memory of 4596	308	chrome.exe	79
PID 308 wrote to memory of 4596	308	chrome.exe	79
PID 308 wrote to memory of 4596	308	chrome.exe	79
PID 308 wrote to memory of 4596	308	chrome.exe	79
PID 308 wrote to memory of 4596	308	chrome.exe	79
PID 308 wrote to memory of 4596	308	chrome.exe	79
PID 308 wrote to memory of 4596	308	chrome.exe	79
PID 308 wrote to memory of 4596	308	chrome.exe	79
PID 308 wrote to memory of 4596	308	chrome.exe	79

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Nezur.exe
"C:\Users\Admin\AppData\Local\Temp\Nezur.exe"
1⤵
PID:824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7ffca32f9758,0x7ffca32f9768,0x7ffca32f9778
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1800,i,14863567605063464558,7800566362862867938,131072 /prefetch:2
  2⤵
  PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1872 --field-trial-handle=1800,i,14863567605063464558,7800566362862867938,131072 /prefetch:8
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1800,i,14863567605063464558,7800566362862867938,131072 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2856 --field-trial-handle=1800,i,14863567605063464558,7800566362862867938,131072 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2868 --field-trial-handle=1800,i,14863567605063464558,7800566362862867938,131072 /prefetch:1
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4036 --field-trial-handle=1800,i,14863567605063464558,7800566362862867938,131072 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1800,i,14863567605063464558,7800566362862867938,131072 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=1800,i,14863567605063464558,7800566362862867938,131072 /prefetch:8
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3852 --field-trial-handle=1800,i,14863567605063464558,7800566362862867938,131072 /prefetch:8
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1620 --field-trial-handle=1800,i,14863567605063464558,7800566362862867938,131072 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4108 --field-trial-handle=1800,i,14863567605063464558,7800566362862867938,131072 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1068 --field-trial-handle=1800,i,14863567605063464558,7800566362862867938,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1068 --field-trial-handle=1800,i,14863567605063464558,7800566362862867938,131072 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3140 --field-trial-handle=1800,i,14863567605063464558,7800566362862867938,131072 /prefetch:8
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2856 --field-trial-handle=1800,i,14863567605063464558,7800566362862867938,131072 /prefetch:8
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4016 --field-trial-handle=1800,i,14863567605063464558,7800566362862867938,131072 /prefetch:8
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 --field-trial-handle=1800,i,14863567605063464558,7800566362862867938,131072 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2488 --field-trial-handle=1800,i,14863567605063464558,7800566362862867938,131072 /prefetch:8
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4528 --field-trial-handle=1800,i,14863567605063464558,7800566362862867938,131072 /prefetch:8
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3056 --field-trial-handle=1800,i,14863567605063464558,7800566362862867938,131072 /prefetch:8
  2⤵
  PID:2088
- C:\Users\Admin\Downloads\Nezur.exe
  "C:\Users\Admin\Downloads\Nezur.exe"
  2⤵
  - Executes dropped EXE
  PID:2568

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2564

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3928

C:\Users\Admin\Downloads\Nezur.exe
"C:\Users\Admin\Downloads\Nezur.exe"
1⤵
- Executes dropped EXE
PID:1120

C:\Users\Admin\Downloads\Nezur.exe
"C:\Users\Admin\Downloads\Nezur.exe"
1⤵
- Executes dropped EXE
PID:2312

C:\Users\Admin\Downloads\Nezur.exe
"C:\Users\Admin\Downloads\Nezur.exe"
1⤵
- Executes dropped EXE
PID:1344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
4a1f5a92e1f43a070f921e69c17b5526

SHA1
f0a9d1aa98e03326c0831a3fc427fa0235a6c610

SHA256
ab5087f1e09415a3d3562ffae0d1ce05633af760f2d5ef3bce812d3fce8aa79a

SHA512
f6d17ad0332220eea0b9ee9ff65f2ff7cd9508a4c20a7da58ec3bf9d6643f17851d28cf3a25a583bfc55fd17d855c605d2f54d26804db98d22347403279be5c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f3230cc073750cd7351b6251fff4983a

SHA1
36f50a89437a36bbdc0c1760630c81aaaf8929e4

SHA256
35f5feea943c57b85eb7cab7ad05ad70bbfd5ee7c1426cbe6d5e8f4bd27f6b19

SHA512
5794353ba39d642e7514f505b8cbebfa5570ce36ac70a89f90196cd950c8ce58826be7503fc5c67fc96fdfbdfc5a3a3d02854ad0748cd5de3b7fd8be2eab22f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c08cab5d95c4f6da306aa4a6c621cad5

SHA1
e28511cd573d8beecd782551a09780f6543eb0fa

SHA256
c19a615be60063d6697980a80de92711679d8cab9c1e34b6ef16b9cf55ab5e29

SHA512
9bf4fa438c54c0c7b5b213cb84d50955107c557abaa7877eacee2f4e998982966712e2e22950d05e45f76c06a0c43d187a265e1bcfe6e1ea3fd03790b368d52f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1018B

MD5
f4332c2e309acf4043f13e3461b3587a

SHA1
c994a7216fd3a977090c95e8cb2c560e66d956ec

SHA256
b3f25f51ddac01355cc442e42d0553c6898a42884d8bd3d5867dfb26b1758cd8

SHA512
8e89981f1cf23492b8ed486d5c6f9892b1ec4d667f203f8700d9ae6c4649f34bb4b1cd16781f8f798d2b12a089c57bcd19a4afdc7ff0f5a6584a44794f242a27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
fa1855bd05d1516fd0ca4130d8bf67ad

SHA1
9804f6bd92c6dbb6c05a76dbef8c81131ede17ca

SHA256
be224f84659b8abb5936664cfcc67e710689c285bd616eef971ee9b8e730e832

SHA512
656703c93d6ca58c82587f9eb461e940454c9a4cf7a121bdb74dd8f64d87c9b0b89670ee4827f01823c73bab8fc48ee4c0600885196b118d960577d2c938e99a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
1ae8b5142fbd7748337731e317fd4ab1

SHA1
d046e261d502c17bc626b396be73fe589eb0fad7

SHA256
c05634e54c53ac779b1193bdbba88b3fc78ab5b59cbb164ddb517583180d1e1d

SHA512
09dd4a360b8e6bf06de47460b2cae187fa7945360fe42dfbf25f156d70f8b2b4914df30128ff39862ae58101144db738377053d210a49ac082d2a757089aff6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
703B

MD5
ca92c2998cc8bca1ce44bf6fd25fb14b

SHA1
9e4433d2582d2f25e3311ee85cde871ce2ae70a0

SHA256
0d85cc098acdc83216611abb6e736cc2c2804226e1bdcf6439364dda068db2f6

SHA512
1dd8af0016dfc8d808cd7f02fcc5ebf534ea3bccb091c0498e14818c107ee5415811abb7b8614f84ddf88d5a9a0fe3d3c00ce2e505733fb4910f02b5a0b95a68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f2287ac54870458481a9fcc42ec44b3a

SHA1
2a74de33506234f38739b3adda437312c9362d49

SHA256
f6c17bc671fa1f5035f08a30aacde189af86f545588e8ae7a3f688377f3d0676

SHA512
26e567a55dee695084b750a3d628153f15001ee60d752eaea39e1c1d35d7915122df560bfae05924730a46bbe4b76c00538adc07f72838b2307ff2e8b1e78439

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
801867566c580ab74718485eb7502573

SHA1
7f2523b3c0c7501f98318893bd58d32cc56d61e4

SHA256
98bd7826288083ebcdcfcb19147302de165a9f5b4fd15bee436e8de764cd3eb7

SHA512
a031c00c6623182212a68a43eb22748af606848d3a83f6f925d54525a2720e1dab2c94c4488cd7dbf86f3e03bf8b046dc8595f381128adac25a596e921f340b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7e43524c4d767d2abdda1e040aaafbab

SHA1
cdf60410c7317c953f77db63f4def3029435e6cd

SHA256
c18b430f7aa6cfc680ace465399766b274241908dbc20d7e9c1f276e9b5c84aa

SHA512
2f6011ad8c71ab78e49ccc487b3ce719a47bbbc89c7ef1a20880b0f1a1b6dbaf834239bfb90d3eb0eab7692c6bfc1ac3e08433b26768de220a09c8d1a84dc766

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
220d7c60943b2b4d1631b5a50e5f96b3

SHA1
523847a9e088645485f7527de0cb645570dcda6c

SHA256
b0a6926c7b41294df94f5bb6bfd6ec2231039797bcee72012187a2ead5b4af06

SHA512
6b2ce5b1c25ec3bb7d79e31e671bb7d0c259c68865fd31470fafc01df3446b914bd0e4bdcbd58318a0d3942f365ec0433e88f2e8b7c0e52e8bf16eafb1de5f7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
d5dda39cc2d9a6fa13558b482f45a92d

SHA1
b0e72b9cb1c7cb177cae8aeeb1a7afef198b483a

SHA256
f6e30c979da017e6c70e23d51a188bfcdc798b1162c4f16cfd6cdadf772ab0f5

SHA512
5c06cfd7d83ef34d103366e4e49ff4283171380a13cdf767a0776d27ff8d12f27f07437acffb1b60dac17ca698c8a0f55b9f194cec1ae0328fdd100cbfd490b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
304KB

MD5
de44710db196d33578ddea69915d6602

SHA1
165f549f720d2ba0ee364468c2eba1a27e54bbee

SHA256
c2e667010e7257dab0d46cb64537f5151ef00d176a209dea71f083a971590c1a

SHA512
9b5a00564d7c3552b48f4563a76514cd9d961cdee347a42bc9ee96066b08298ea68d2312df78f8c7e19d9de4dd32ef4f8cc6131b6c7ea5fc93b41d848a21408a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
675309a6bb2276485da325ee46b4b905

SHA1
b8e8cce6be139f99b10cad6e64d2deebd96e2666

SHA256
9ffa2dc8e44b51e14ace1f624d11171be1157c420391dcdec40f433aeaf27d1b

SHA512
ecd043912c232b15e8a3190cff4db1fe4ed6558acf06b2f7ef0356536b5871af89aba1153dd98447da79644cab3f40b595dae8e8f56a37d416a52bf31e623b44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
9c7bea81d1a64e504e8fcc69ee663d36

SHA1
6f01b039214c76e81d4c42f11b267e1766213705

SHA256
959f7bcab9b9c798ec22f8c2e9422122ea8ec803b8b09c74cafb47e1e2c39271

SHA512
f7823f5ac60fe5c5ad3018a7089c1b646de269226b8173b6669f2d9b7b70386ed53caeca814b753aee260f039db52fd2abda4526ff98e6757f99aa8c4d1012a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5aa087.TMP

Filesize
93KB

MD5
b5cfb83ea42e55219961706764ac663c

SHA1
12373a703042c6ba52c4fcdc05a011ae77f6da79

SHA256
e03b6f073602d6aca2e84aebb1192009bc4b8440522ec9a52c153508215d3f42

SHA512
0fc13445abcb39dc6b16b1b652f44e698aa5a747aecd977d1d39761cb6df1036448b43e1870578f0ddefae7b60dbc61c3a55e2fd504eaff9891e6ef48fe36513

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 131057.crdownload

Filesize
315KB

MD5
62ddeb34d900f007dbf3dffa3d37c6a0

SHA1
69c357dd3aca07a61db8bb78ba0ab70fc88c6d70

SHA256
2aace00ef40acb91d0131d07838d4ab0d5c4387730eae8a5a74c23806fe17d8a

SHA512
f5f26c7402c0d38cb61db5ea1e35c28e6bcff946000d401ae9f1281ad61a38251f6b60d7a53b2316d014bb04167b98795aec5a05d0cfbe666fecc49e8f29f54d

Download Submit