Analysis
-
max time kernel
13s -
max time network
13s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
05-03-2021 18:22
General
-
Target
OfficeDocument.exe
-
Size
277KB
-
MD5
50991ebb9f7b1eb055901dc643bf50c5
-
SHA1
366e13a36809fef35d12e46b3f14ce950de6a7c0
-
SHA256
a9ec36c1b7687d5436007f2640795702ec68b69a67561f94e8507857eb1971cd
-
SHA512
3b5388273e490433b9bef0c445dccb628c89be7568effe0bc3f709f3f1bb021f1881846ddc96831a201b74246be87c6404acaebe9f20be6d19b74797f0a903f0
Score
10/10
Malware Config
Extracted
Family
buer
C2
officesecuredocapi.com
Signatures
-
Buer
Buer is a new modular loader first seen in August 2019.
-
Buer Loader 1 IoCs
Detects Buer loader in memory or disk.
-
Loads dropped DLL 1 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: MapViewOfSection 1 IoCs
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\OfficeDocument.exe"C:\Users\Admin\AppData\Local\Temp\OfficeDocument.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\OfficeDocument.exe"C:\Users\Admin\AppData\Local\Temp\OfficeDocument.exe"2⤵
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
-
Filesize
36KB