Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

Nezur.exe

windows10-2004-x64

1

Resubmissions

09/10/2024, 23:28 UTC

241009-3gd62a1dkd 7

09/10/2024, 23:25 UTC

241009-3d8lgawhkr 7

Analysis

  • max time kernel
    32s
  • max time network
    36s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/10/2024, 23:28 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Nezur.exe

  • Size

    27.3MB

  • MD5

    5ed13dc119c01160f107fcb5720d4925

  • SHA1

    1a1fba531b6fc6c934a8187eae681de505f059ba

  • SHA256

    29ef187b2f8b30dfcce52e559444af5e7816bb941b6ce0641dee17569c1c2cd8

  • SHA512

    04941d0c9aa4637dcde8357f3f1f4f6a77316d344b84743197cded78aa368aaef54fce92b87439f17fd9f523027b9f63f1f47bc10398ecc3d7de363fc6ec11f5

  • SSDEEP

    393216:PUtcwvbK3tNkLauq105tx+izCtkdlN9Ri+a7hGB3XANJU70v+oQBN9oUHoH7FS7:PqcwOK3x9d9rN9RuhWHAbv+oQB3tSS

Score
1/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\Nezur.exe
    "C:\Users\Admin\AppData\Local\Temp\Nezur.exe"
    1⤵
      PID:2176

    Network

    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.ax-0001.ax-msedge.net
      g-bing-com.ax-0001.ax-msedge.net
      IN CNAME
      ax-0001.ax-msedge.net
      ax-0001.ax-msedge.net
      IN A
      150.171.27.10
      ax-0001.ax-msedge.net
      IN A
      150.171.28.10
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0d6f2794c2584f9894f30ab7d2fccb90&localId=w:47999119-06B9-CF8D-8780-3C81959A9B6E&deviceId=6755476188931877&anid=
      Remote address:
      150.171.27.10:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0d6f2794c2584f9894f30ab7d2fccb90&localId=w:47999119-06B9-CF8D-8780-3C81959A9B6E&deviceId=6755476188931877&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=356FB84252236B402037AD5153126AC6; domain=.bing.com; expires=Mon, 03-Nov-2025 23:29:10 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 72AA75368F6E4A649409CBD325D0538A Ref B: LON601060101023 Ref C: 2024-10-09T23:29:10Z
      date: Wed, 09 Oct 2024 23:29:09 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=0d6f2794c2584f9894f30ab7d2fccb90&localId=w:47999119-06B9-CF8D-8780-3C81959A9B6E&deviceId=6755476188931877&anid=
      Remote address:
      150.171.27.10:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=0d6f2794c2584f9894f30ab7d2fccb90&localId=w:47999119-06B9-CF8D-8780-3C81959A9B6E&deviceId=6755476188931877&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=356FB84252236B402037AD5153126AC6
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=MudaMqThizRk5o7wyTYFCO6U6X70BouepeV7QnXZ4j8; domain=.bing.com; expires=Mon, 03-Nov-2025 23:29:10 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 4AD0E9BF15E944548A92D2EACBEDB89F Ref B: LON601060101023 Ref C: 2024-10-09T23:29:10Z
      date: Wed, 09 Oct 2024 23:29:09 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0d6f2794c2584f9894f30ab7d2fccb90&localId=w:47999119-06B9-CF8D-8780-3C81959A9B6E&deviceId=6755476188931877&anid=
      Remote address:
      150.171.27.10:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0d6f2794c2584f9894f30ab7d2fccb90&localId=w:47999119-06B9-CF8D-8780-3C81959A9B6E&deviceId=6755476188931877&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=356FB84252236B402037AD5153126AC6; MSPTC=MudaMqThizRk5o7wyTYFCO6U6X70BouepeV7QnXZ4j8
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: F4940A00555F46F8A0EBC49A9C153B65 Ref B: LON601060101023 Ref C: 2024-10-09T23:29:10Z
      date: Wed, 09 Oct 2024 23:29:10 GMT
    • flag-us
      DNS
      4.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      4.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      0.204.248.87.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      0.204.248.87.in-addr.arpa
      IN PTR
      Response
      0.204.248.87.in-addr.arpa
      IN PTR
      https-87-248-204-0lhrllnwnet
    • flag-us
      DNS
      10.27.171.150.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      10.27.171.150.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      58.99.105.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      58.99.105.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      212.20.149.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      212.20.149.52.in-addr.arpa
      IN PTR
      Response
    • 150.171.27.10:443
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0d6f2794c2584f9894f30ab7d2fccb90&localId=w:47999119-06B9-CF8D-8780-3C81959A9B6E&deviceId=6755476188931877&anid=
      tls, http2
      2.0kB
       9.4kB
       22
      19

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0d6f2794c2584f9894f30ab7d2fccb90&localId=w:47999119-06B9-CF8D-8780-3C81959A9B6E&deviceId=6755476188931877&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=0d6f2794c2584f9894f30ab7d2fccb90&localId=w:47999119-06B9-CF8D-8780-3C81959A9B6E&deviceId=6755476188931877&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=0d6f2794c2584f9894f30ab7d2fccb90&localId=w:47999119-06B9-CF8D-8780-3C81959A9B6E&deviceId=6755476188931877&anid=

      HTTP Response

      204
    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      66 B
       90 B
       1
      1

      DNS Request

      8.8.8.8.in-addr.arpa

    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       148 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      150.171.27.10
      150.171.28.10

    • 8.8.8.8:53
      4.159.190.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      4.159.190.20.in-addr.arpa

    • 8.8.8.8:53
      0.204.248.87.in-addr.arpa
      dns
      71 B
       116 B
       1
      1

      DNS Request

      0.204.248.87.in-addr.arpa

    • 8.8.8.8:53
      10.27.171.150.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      10.27.171.150.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      58.99.105.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      58.99.105.20.in-addr.arpa

    • 8.8.8.8:53
      212.20.149.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      212.20.149.52.in-addr.arpa

    • 8.8.8.8:53

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.