Analysis
-
max time kernel
134s -
max time network
137s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
16-12-2020 08:32
General
-
Target
64196c73fde1578c805cd9175aab70e5.exe
-
Size
86KB
-
MD5
64196c73fde1578c805cd9175aab70e5
-
SHA1
6b109f1c3844b081edc36ddb65c3a379609a9db9
-
SHA256
b0a639215a6ea4dc14ffc7fbc6f3c102605d17008a51de477cb755e35794a8c0
-
SHA512
b752a8cf758540e2bce1bda7799acc4c3d47f9f08f533c70ef924141d1ebf3e18a1bc61afa744e87fd690f990d2d54a30d22c7e70f47c14c43c084d86f6250d1
Score
10/10
Malware Config
Extracted
Family
buer
C2
softwareconsbank.com
Signatures
-
Buer
Buer is a new modular loader first seen in August 2019.
-
Buer Loader 3 IoCs
Detects Buer loader in memory or disk.
-
Loads dropped DLL 1 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: MapViewOfSection 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\64196c73fde1578c805cd9175aab70e5.exe"C:\Users\Admin\AppData\Local\Temp\64196c73fde1578c805cd9175aab70e5.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\64196c73fde1578c805cd9175aab70e5.exe"C:\Users\Admin\AppData\Local\Temp\64196c73fde1578c805cd9175aab70e5.exe"2⤵
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
-
Filesize
36KB