Analysis

  • max time kernel
    27s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    17-04-2022 14:40

General

  • Target

    10b20c831f23d94e1a773555f32aa53b73ebb160670acf67ad029037bcff9cdc.exe

  • Size

    6.6MB

  • MD5

    a4f98a3e44fc2c8c9371a5ea3529785b

  • SHA1

    0779436628e5ca4e8e5fc4fb66ebf2b4c7e89891

  • SHA256

    10b20c831f23d94e1a773555f32aa53b73ebb160670acf67ad029037bcff9cdc

  • SHA512

    a90843ffcc6581a6dcb67f73c1dddad01e8ad08746aa4c264562bf1f3928a7e6bf43bab9f9822d35f4c2e8670e4823be75f34c604e32cbcc7ced1c13ca407da9

Score
10/10

Malware Config

Signatures

  • Buer

    Buer is a new modular loader first seen in August 2019.

  • Buer Loader 3 IoCs

    Detects Buer loader in memory or disk.

  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\10b20c831f23d94e1a773555f32aa53b73ebb160670acf67ad029037bcff9cdc.exe
    "C:\Users\Admin\AppData\Local\Temp\10b20c831f23d94e1a773555f32aa53b73ebb160670acf67ad029037bcff9cdc.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious use of SetWindowsHookEx
    PID:940

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/940-54-0x0000000075801000-0x0000000075803000-memory.dmp

    Filesize

    8KB

  • memory/940-55-0x00000000023D0000-0x00000000023DC000-memory.dmp

    Filesize

    48KB

  • memory/940-59-0x0000000040000000-0x0000000040009000-memory.dmp

    Filesize

    36KB

  • memory/940-62-0x00000000023C0000-0x00000000023C9000-memory.dmp

    Filesize

    36KB