buer | 0fea530c3e1b3290bce89ca25905dee3c818c194b011a2472a1efeb7c8d68767 | Triage

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
17-04-2022 14:40

Sharing

Report Analysis Logs

General

Target

0fea530c3e1b3290bce89ca25905dee3c818c194b011a2472a1efeb7c8d68767.exe
Size

6.6MB
MD5

bddedfa2fac6f82ab6b699cb92d1a81d
SHA1

07a0dfd0412815cbc80dee008c93fe1e5be8a1c9
SHA256

0fea530c3e1b3290bce89ca25905dee3c818c194b011a2472a1efeb7c8d68767
SHA512

5269b9f0d8e6ecf755f70bea7f54d7056cef2b6d35614f5ca6ea771128a20ce829c43e679ade91fcff754b96deefaf5294d23ca4116027ea2ceb2f88274f3e50

Score

10^/10

buer loader

Malware Config

Signatures

Buer
Buer is a new modular loader first seen in August 2019.
loader buer

Buer Loader 3 IoCs

Detects Buer loader in memory or disk.

resource	yara_rule
behavioral1/memory/1184-55-0x00000000002E0000-0x00000000002EC000-memory.dmp	buer
behavioral1/memory/1184-59-0x0000000040000000-0x0000000040009000-memory.dmp	buer
behavioral1/memory/1184-62-0x00000000002D0000-0x00000000002D9000-memory.dmp	buer

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1184	0fea530c3e1b3290bce89ca25905dee3c818c194b011a2472a1efeb7c8d68767.exe
1184	0fea530c3e1b3290bce89ca25905dee3c818c194b011a2472a1efeb7c8d68767.exe

C:\Users\Admin\AppData\Local\Temp\0fea530c3e1b3290bce89ca25905dee3c818c194b011a2472a1efeb7c8d68767.exe
"C:\Users\Admin\AppData\Local\Temp\0fea530c3e1b3290bce89ca25905dee3c818c194b011a2472a1efeb7c8d68767.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1184-54-0x0000000075AE1000-0x0000000075AE3000-memory.dmp

Filesize
8KB

Download
memory/1184-55-0x00000000002E0000-0x00000000002EC000-memory.dmp

Filesize
48KB

Download
memory/1184-59-0x0000000040000000-0x0000000040009000-memory.dmp

Filesize
36KB

Download
memory/1184-62-0x00000000002D0000-0x00000000002D9000-memory.dmp

Filesize
36KB

Download