Resubmissions
12-02-2021 14:19
210212-d2eq66jkpe 1012-02-2021 13:05
210212-43tc7en5xn 1011-02-2021 21:45
210211-9zwb32kx8e 10Analysis
-
max time kernel
6s -
max time network
10s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
11-02-2021 21:45
General
-
Target
SCD10093264.jpg.exe
-
Size
116KB
-
MD5
69819de123d7b83d5881932d706841f5
-
SHA1
27fe7625cb44c9870fdaf810ec42cb02a0191c86
-
SHA256
650750b450fd881501aa5a879696e9d61e8fcbbad479ce37b0a2bb081d73c209
-
SHA512
fdd8578698fbcd278ee0c6820d57b834fd20a9172d8652ddbfd02b12b8f8f63845af01401838ef9b8c342fab919c74da53e4062271c157eb5bfa67a22ec9b907
Score
10/10
Malware Config
Extracted
Family
buer
C2
antipublicwestbank.com
Signatures
-
Buer
Buer is a new modular loader first seen in August 2019.
-
Buer Loader 1 IoCs
Detects Buer loader in memory or disk.
-
Loads dropped DLL 1 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: MapViewOfSection 1 IoCs
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\SCD10093264.jpg.exe"C:\Users\Admin\AppData\Local\Temp\SCD10093264.jpg.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\SCD10093264.jpg.exe"C:\Users\Admin\AppData\Local\Temp\SCD10093264.jpg.exe"2⤵
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
-
Filesize
40KB