Overview

overview

10

Static

static

f61c05d773...fb.exe

windows7_x64

10

f61c05d773...fb.exe

windows10_x64

10

Analysis

  • max time kernel
    61s
  • max time network
    21s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    11-10-2020 05:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f61c05d773f31637ba2d7dd4a7a30364c08205deb9620723f0f79cd94106ccfb.exe

  • Size

    1.2MB

  • MD5

    dbeda20b182f67b85630a839a0599cf4

  • SHA1

    f4c705bf3b933cc8b20e1443f23a595506f49c5e

  • SHA256

    f61c05d773f31637ba2d7dd4a7a30364c08205deb9620723f0f79cd94106ccfb

  • SHA512

    c54ec86e4af44b46c67a5f17b2a33ac617247c53ec015c2ede35b362780d35fb657921e443cbdbc52c9640df31652fcf29e6c36890129322c4e364b396f26e23

Score
10/10
buerloader

Malware Config

Extracted

Family

buer

C2

https://housewestbefore.com/

Signatures

  • Buer

    Buer is a new modular loader first seen in August 2019.

    loaderbuer
  • Buer Loader 2 IoCs

    Detects Buer loader in memory or disk.

  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f61c05d773f31637ba2d7dd4a7a30364c08205deb9620723f0f79cd94106ccfb.exe
    "C:\Users\Admin\AppData\Local\Temp\f61c05d773f31637ba2d7dd4a7a30364c08205deb9620723f0f79cd94106ccfb.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious use of WriteProcessMemory
    PID:1156
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -Command "& {Add-MpPreference -ExclusionPath C:\ProgramData\1f9c1db019ea6c121b09}"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:768

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/768-6-0x0000000002540000-0x0000000002541000-memory.dmp

    Filesize

    4KB

    Download

  • memory/768-10-0x0000000005620000-0x0000000005621000-memory.dmp

    Filesize

    4KB

    Download

  • memory/768-3-0x00000000739A0000-0x000000007408E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/768-4-0x0000000000B80000-0x0000000000B81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/768-5-0x00000000048F0000-0x00000000048F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/768-39-0x0000000006290000-0x0000000006291000-memory.dmp

    Filesize

    4KB

    Download

  • memory/768-7-0x0000000002850000-0x0000000002851000-memory.dmp

    Filesize

    4KB

    Download

  • memory/768-38-0x0000000006280000-0x0000000006281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/768-15-0x0000000005670000-0x0000000005671000-memory.dmp

    Filesize

    4KB

    Download

  • memory/768-16-0x0000000005720000-0x0000000005721000-memory.dmp

    Filesize

    4KB

    Download

  • memory/768-23-0x00000000061C0000-0x00000000061C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/768-24-0x00000000055E0000-0x00000000055E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1156-0-0x0000000002210000-0x0000000002270000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1156-1-0x0000000040000000-0x000000004005D000-memory.dmp

    Filesize

    372KB

    Download