Overview

overview

10

Static

static

1

SCD10093264.jpg.exe

windows7_x64

10

SCD10093264.jpg.exe

windows10_x64

10

Analysis

  • max time kernel
    46s
  • max time network
    110s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    10-02-2021 20:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SCD10093264.jpg.exe

  • Size

    104KB

  • MD5

    1fa27c5e084887e9e3a2e232d27e10e3

  • SHA1

    a7c98a694753ed745e8618369d16e39c46cca1e7

  • SHA256

    41a4ee153b3c61cc8ed50de571e5b8f884de1c8c07332b7b31f238360832988c

  • SHA512

    81ecb5e4b3ea478f27509d1eafd106ec224fc0ccdfd411cb3b2345fc752d738f6300fd575a2941611e1763dce125364fb765a48835249cd7e7e33e28a01f40b5

Score
10/10
buerloader

Malware Config

Extracted

Family

buer

C2

dtermalherbhos.com

Signatures

  • Buer

    Buer is a new modular loader first seen in August 2019.

    loaderbuer
  • Buer Loader 1 IoCs

    Detects Buer loader in memory or disk.

  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SCD10093264.jpg.exe
    "C:\Users\Admin\AppData\Local\Temp\SCD10093264.jpg.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:648
    • C:\Users\Admin\AppData\Local\Temp\SCD10093264.jpg.exe
      "C:\Users\Admin\AppData\Local\Temp\SCD10093264.jpg.exe"
      2⤵
        PID:4068

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4068-4-0x0000000040000000-0x000000004000A000-memory.dmp

      Filesize

      40KB

      Download