Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

SCD10093264.jpg.exe

windows7_x64

10

SCD10093264.jpg.exe

windows10_x64

10

Analysis

  • max time kernel
    46s
  • max time network
    110s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    10/02/2021, 20:47 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SCD10093264.jpg.exe

  • Size

    104KB

  • MD5

    1fa27c5e084887e9e3a2e232d27e10e3

  • SHA1

    a7c98a694753ed745e8618369d16e39c46cca1e7

  • SHA256

    41a4ee153b3c61cc8ed50de571e5b8f884de1c8c07332b7b31f238360832988c

  • SHA512

    81ecb5e4b3ea478f27509d1eafd106ec224fc0ccdfd411cb3b2345fc752d738f6300fd575a2941611e1763dce125364fb765a48835249cd7e7e33e28a01f40b5

Score
10/10
buerloader

Malware Config

Extracted

Family

buer

C2

dtermalherbhos.com

Signatures

  • Buer

    Buer is a new modular loader first seen in August 2019.

    loaderbuer
  • Buer Loader 1 IoCs

    Detects Buer loader in memory or disk.

  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SCD10093264.jpg.exe
    "C:\Users\Admin\AppData\Local\Temp\SCD10093264.jpg.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:648
    • C:\Users\Admin\AppData\Local\Temp\SCD10093264.jpg.exe
      "C:\Users\Admin\AppData\Local\Temp\SCD10093264.jpg.exe"
      2⤵
        PID:4068

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4068-4-0x0000000040000000-0x000000004000A000-memory.dmp

      Filesize

      40KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.