Extracted

• • Target

    invoice_document.docm

  • Size

    3.3MB

  • MD5

    b0527860dce067ded04f8ed8cf99b7c1

  • SHA1

    4827966bf79e78991d8c1d94a1a2ff1d71ab371a

  • SHA256

    7bc840f3e200c5c877b411614a96a364f5402060db380a7691aeaabff18b602c

  • SHA512

    3a506e49670bfeebdd1154130063f091e4c48b365986042a43cba3aeddb180ae4df709012b935b9ee1d6de2f65887b5637f87e8a29e8461abf48242100c8134b

  Score

  10^/10

  rustybuerloader

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • RustyBuer

    RustyBuer is a new variant of Buer loader written in Rust.

    loaderrustybuer

  • Executes dropped EXE

  • Loads dropped DLL

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2