Overview

overview

10

Static

static

ca833b3820...d4.exe

windows7_x64

10

ca833b3820...d4.exe

windows10_x64

10

Analysis

  • max time kernel
    132s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    11-10-2020 05:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ca833b3820cff853dc84eb98bf8910249a80a28ed2a7e1da2cc13937df1b39d4.exe

  • Size

    1.3MB

  • MD5

    6def4f90609b737a0d4ed1970029c1cf

  • SHA1

    bd8a68f7ce2ed1ff2f2e9d3db7b07f23c06d3698

  • SHA256

    ca833b3820cff853dc84eb98bf8910249a80a28ed2a7e1da2cc13937df1b39d4

  • SHA512

    168793273138156661ed22c49008e24ffffeb70c3ad8ec3c54d4a1cd0cb45e8d5b4369c4f6ff7b9ba213a3efcb0a126c37b722bd76da2a5cb74ed1a16a3b4682

Score
10/10
buerloader

Malware Config

Extracted

Family

buer

C2

https://supsuncorner.com/

Signatures

  • Buer

    Buer is a new modular loader first seen in August 2019.

    loaderbuer
  • Buer Loader 2 IoCs

    Detects Buer loader in memory or disk.

  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ca833b3820cff853dc84eb98bf8910249a80a28ed2a7e1da2cc13937df1b39d4.exe
    "C:\Users\Admin\AppData\Local\Temp\ca833b3820cff853dc84eb98bf8910249a80a28ed2a7e1da2cc13937df1b39d4.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious use of WriteProcessMemory
    PID:1184
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -Command "& {Add-MpPreference -ExclusionPath C:\ProgramData\dece35c48166205f77b4}"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1056

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1056-6-0x0000000002550000-0x0000000002551000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1056-10-0x0000000005640000-0x0000000005641000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1056-3-0x0000000073C20000-0x000000007430E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1056-4-0x00000000009C0000-0x00000000009C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1056-5-0x0000000004920000-0x0000000004921000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1056-39-0x00000000062D0000-0x00000000062D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1056-7-0x0000000004850000-0x0000000004851000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1056-38-0x00000000062C0000-0x00000000062C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1056-15-0x0000000005710000-0x0000000005711000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1056-16-0x0000000005750000-0x0000000005751000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1056-23-0x0000000006240000-0x0000000006241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1056-24-0x0000000005680000-0x0000000005681000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1184-0-0x00000000003A0000-0x0000000000400000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1184-1-0x0000000040000000-0x000000004005D000-memory.dmp

    Filesize

    372KB

    Download