f4d4286a5b93621dac280247aa449c39a018aa4295e6f2c6a8dc80dfcfa64bf7

Analysis

max time kernel
13s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
19-11-2024 23:02

Target

nezurr.exe
Size

7.5MB
MD5

92c47cbd15a6099a4da50d726015508c
SHA1

91e8ab7d6c699f8ed8247705d03cec2c3d9b97d8
SHA256

f4d4286a5b93621dac280247aa449c39a018aa4295e6f2c6a8dc80dfcfa64bf7
SHA512

00f7b1ff896e034108c4e66812605dbbcf3eaef712823a561ffc642282b45a5838bf706e449b42381f794ccb0aa74e41fcc72ecfe28b5e37e31fff24800e3946
SSDEEP

196608:qWgeIvwfI9jUC2gYBYv3vbWvGPI63p1e5zf:CaIH2gYBgDWgpwVf

Score

7^/10

upx

Loads dropped DLL 1 IoCs

Processes:

nezurr.exe

pid process

3020 nezurr.exe

pid	process
3020	nezurr.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI23042\python312.dll	upx
behavioral1/memory/3020-23-0x000007FEF5DB0000-0x000007FEF6475000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

nezurr.exe

description	pid	process	target process
PID 2304 wrote to memory of 3020	2304	nezurr.exe	nezurr.exe
PID 2304 wrote to memory of 3020	2304	nezurr.exe	nezurr.exe
PID 2304 wrote to memory of 3020	2304	nezurr.exe	nezurr.exe

C:\Users\Admin\AppData\Local\Temp\nezurr.exe
"C:\Users\Admin\AppData\Local\Temp\nezurr.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Users\Admin\AppData\Local\Temp\nezurr.exe
  "C:\Users\Admin\AppData\Local\Temp\nezurr.exe"
  2⤵
  - Loads dropped DLL
  PID:3020

C:\Users\Admin\AppData\Local\Temp\_MEI23042\python312.dll

Filesize
1.7MB

MD5
6f7c42579f6c2b45fe866747127aef09

SHA1
b9487372fe3ed61022e52cc8dbd37e6640e87723

SHA256
07642b6a3d99ce88cff790087ac4e2ba0b2da1100cf1897f36e096427b580ee5

SHA512
aadf06fd6b4e14f600b0a614001b8c31e42d71801adec7c9c177dcbb4956e27617fa45ba477260a7e06d2ca4979ed5acc60311258427ee085e8025b61452acec

Download Submit
memory/3020-23-0x000007FEF5DB0000-0x000007FEF6475000-memory.dmp

Filesize
6.8MB

Download