6dba900ba4e73e88cf3d3a062f71735f30e615436d01aa96d18545e97d31a5a4

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

Nezur_Executor.zip

windows7-x64

Nezur_Executor.zip

windows10-2004-x64

Microsoft....re.xml

windows7-x64

Microsoft....re.xml

windows10-2004-x64

Microsoft....ms.xml

windows7-x64

Microsoft....ms.xml

windows10-2004-x64

Microsoft....pf.xml

windows7-x64

Microsoft....pf.xml

windows10-2004-x64

Nezur_Inte...s.json

windows7-x64

Nezur_Inte...s.json

windows10-2004-x64

Nezur_Inte...rprint

windows7-x64

Nezur_Inte...rprint

windows10-2004-x64

Nezur_Inte...t.json

windows7-x64

Nezur_Inte...t.json

windows10-2004-x64

Nezur_Inte...s.json

windows7-x64

Nezur_Inte...s.json

windows10-2004-x64

Nezur_Inte...re.pma

windows7-x64

Nezur_Inte...re.pma

windows10-2004-x64

Nezur_Inte...3C.pma

windows7-x64

Nezur_Inte...3C.pma

windows10-2004-x64

Nezur_Inte...rl-set

windows7-x64

Nezur_Inte...rl-set

windows10-2004-x64

Nezur_Inte...rprint

windows7-x64

Nezur_Inte...rprint

windows10-2004-x64

Nezur_Inte...t.json

windows7-x64

Nezur_Inte...t.json

windows10-2004-x64

Nezur_Inte...gs.dat

windows7-x64

Nezur_Inte...gs.dat

windows10-2004-x64

Nezur_Inte...re.dat

windows7-x64

Nezur_Inte...re.dat

windows10-2004-x64

Nezur_Inte...data_0

windows7-x64

Nezur_Inte...data_0

windows10-2004-x64

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21/12/2024, 14:42

Sharing

Copy URL

Twitter E-mail

Static task

static1

themida

2 signatures

Behavioral task

behavioral1

Sample

Nezur_Executor.zip

Resource

win7-20240903-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

Nezur_Executor.zip

Resource

win10v2004-20241007-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral3

Sample

Microsoft.Web.WebView2.Core.xml

Resource

win7-20241023-en

discovery

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral4

Sample

Microsoft.Web.WebView2.Core.xml

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

Microsoft.Web.WebView2.WinForms.xml

Resource

win7-20240903-en

discovery

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral6

Sample

Microsoft.Web.WebView2.WinForms.xml

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral7

Sample

Microsoft.Web.WebView2.Wpf.xml

Resource

win7-20240729-en

discovery

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral8

Sample

Microsoft.Web.WebView2.Wpf.xml

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

Nezur_Interface.deps.json

Resource

win7-20240903-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral10

Sample

Nezur_Interface.deps.json

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral11

Sample

Nezur_Interface.exe.WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/manifest.fingerprint

Resource

win7-20240903-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral12

Sample

Nezur_Interface.exe.WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/manifest.fingerprint

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral13

Sample

Nezur_Interface.exe.WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/manifest.json

Resource

win7-20240708-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral14

Sample

Nezur_Interface.exe.WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/manifest.json

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral15

Sample

Nezur_Interface.exe.WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/protocols.json

Resource

win7-20241010-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral16

Sample

Nezur_Interface.exe.WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/protocols.json

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral17

Sample

Nezur_Interface.exe.WebView2/EBWebView/BrowserMetrics-spare.pma

Resource

win7-20240903-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral18

Sample

Nezur_Interface.exe.WebView2/EBWebView/BrowserMetrics-spare.pma

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral19

Sample

Nezur_Interface.exe.WebView2/EBWebView/BrowserMetrics/BrowserMetrics-6758B082-4D3C.pma

Resource

win7-20240903-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral20

Sample

Nezur_Interface.exe.WebView2/EBWebView/BrowserMetrics/BrowserMetrics-6758B082-4D3C.pma

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral21

Sample

Nezur_Interface.exe.WebView2/EBWebView/CertificateRevocation/6498.2024.12.2/crl-set

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral22

Sample

Nezur_Interface.exe.WebView2/EBWebView/CertificateRevocation/6498.2024.12.2/crl-set

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral23

Sample

Nezur_Interface.exe.WebView2/EBWebView/CertificateRevocation/6498.2024.12.2/manifest.fingerprint

Resource

win7-20240903-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral24

Sample

Nezur_Interface.exe.WebView2/EBWebView/CertificateRevocation/6498.2024.12.2/manifest.fingerprint

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral25

Sample

Nezur_Interface.exe.WebView2/EBWebView/CertificateRevocation/6498.2024.12.2/manifest.json

Resource

win7-20241010-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral26

Sample

Nezur_Interface.exe.WebView2/EBWebView/CertificateRevocation/6498.2024.12.2/manifest.json

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral27

Sample

Nezur_Interface.exe.WebView2/EBWebView/Crashpad/settings.dat

Resource

win7-20241010-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral28

Sample

Nezur_Interface.exe.WebView2/EBWebView/Crashpad/settings.dat

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral29

Sample

Nezur_Interface.exe.WebView2/EBWebView/Crashpad/throttle_store.dat

Resource

win7-20241023-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral30

Sample

Nezur_Interface.exe.WebView2/EBWebView/Crashpad/throttle_store.dat

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral31

Sample

Nezur_Interface.exe.WebView2/EBWebView/Default/Cache/Cache_Data/data_0

Resource

win7-20241010-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral32

Sample

Nezur_Interface.exe.WebView2/EBWebView/Default/Cache/Cache_Data/data_0

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Report Analysis Logs

General

Target

Microsoft.Web.WebView2.Core.xml
Size

611KB
MD5

6c5c5290bdd2d4072d64a3f8aac6d02e
SHA1

a610567951bf885e11ee5dabfd87dd1d37e4f50d
SHA256

1cf4f0c0994cdb65fac609dd19755541ae109d917695dfca9c4acae08ebb850e
SHA512

a77ad02fe706227712c231e7ccae084f8d74bfa490c8879117109746c3cb3bf77feb818e0de03880e03b46d22ad1b8cadd9f14fe2e69b34bc2770632a2311a48
SSDEEP

12288:rV/cM0fctDZuwKxzdpeqKgan2xqfcan2NPPVeLoBWkO4am+7RufDufBSCspK2sSl:4pBYvfVO

Score

1^/10

Malware Config

Signatures

Processes

C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Microsoft.Web.WebView2.Core.xml"
1⤵
PID:3976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3976-1-0x00007FFE8272D000-0x00007FFE8272E000-memory.dmp

Filesize
4KB

Download
memory/3976-0-0x00007FFE42710000-0x00007FFE42720000-memory.dmp

Filesize
64KB

Download
memory/3976-2-0x00007FFE82690000-0x00007FFE82885000-memory.dmp

Filesize
2.0MB

Download
memory/3976-3-0x00007FFE82690000-0x00007FFE82885000-memory.dmp

Filesize
2.0MB

Download
memory/3976-4-0x00007FFE82690000-0x00007FFE82885000-memory.dmp

Filesize
2.0MB

Download