buer | 0fea530c3e1b3290bce89ca25905dee3c818c194b011a2472a1efeb7c8d68767 | Triage

Analysis

max time kernel
46s
max time network
57s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
17-04-2022 14:40

Sharing

Report Analysis Logs

General

Target

0fea530c3e1b3290bce89ca25905dee3c818c194b011a2472a1efeb7c8d68767.exe
Size

6.6MB
MD5

bddedfa2fac6f82ab6b699cb92d1a81d
SHA1

07a0dfd0412815cbc80dee008c93fe1e5be8a1c9
SHA256

0fea530c3e1b3290bce89ca25905dee3c818c194b011a2472a1efeb7c8d68767
SHA512

5269b9f0d8e6ecf755f70bea7f54d7056cef2b6d35614f5ca6ea771128a20ce829c43e679ade91fcff754b96deefaf5294d23ca4116027ea2ceb2f88274f3e50

Score

10^/10

buer loader

Malware Config

Signatures

Buer
Buer is a new modular loader first seen in August 2019.
loader buer

Buer Loader 3 IoCs

Detects Buer loader in memory or disk.

resource	yara_rule
behavioral2/memory/3488-130-0x0000000002920000-0x000000000292C000-memory.dmp	buer
behavioral2/memory/3488-134-0x0000000040000000-0x0000000040009000-memory.dmp	buer
behavioral2/memory/3488-137-0x0000000002910000-0x0000000002919000-memory.dmp	buer

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3488	0fea530c3e1b3290bce89ca25905dee3c818c194b011a2472a1efeb7c8d68767.exe
3488	0fea530c3e1b3290bce89ca25905dee3c818c194b011a2472a1efeb7c8d68767.exe

C:\Users\Admin\AppData\Local\Temp\0fea530c3e1b3290bce89ca25905dee3c818c194b011a2472a1efeb7c8d68767.exe
"C:\Users\Admin\AppData\Local\Temp\0fea530c3e1b3290bce89ca25905dee3c818c194b011a2472a1efeb7c8d68767.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3488-130-0x0000000002920000-0x000000000292C000-memory.dmp

Filesize
48KB

Download
memory/3488-134-0x0000000040000000-0x0000000040009000-memory.dmp

Filesize
36KB

Download
memory/3488-137-0x0000000002910000-0x0000000002919000-memory.dmp

Filesize
36KB

Download