Overview

overview

10

Static

static

19f68a2c05...5b.exe

windows7_x64

10

19f68a2c05...5b.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    63s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    17-04-2022 14:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    19f68a2c0567aa9d47fc9ca69fc0a2192413f38142b61911a8999ce6c4c16e5b.exe

  • Size

    6.6MB

  • MD5

    037d4104c1e24c0bb8372981fa8db345

  • SHA1

    71ade2a6e235d97283961cec0902a5c2836b2a22

  • SHA256

    19f68a2c0567aa9d47fc9ca69fc0a2192413f38142b61911a8999ce6c4c16e5b

  • SHA512

    64382367232993f9f221ae91b18722c6a4aeae7720cc9e07e3d76be001b3222c7e57b6153e27bcbf3ae8b63e00367844f10805fc999e734bb0ee0caa94679a7a

Score
10/10
buerloader

Malware Config

Signatures

  • Buer

    Buer is a new modular loader first seen in August 2019.

    loaderbuer
  • Buer Loader 3 IoCs

    Detects Buer loader in memory or disk.

    loader
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\19f68a2c0567aa9d47fc9ca69fc0a2192413f38142b61911a8999ce6c4c16e5b.exe
    "C:\Users\Admin\AppData\Local\Temp\19f68a2c0567aa9d47fc9ca69fc0a2192413f38142b61911a8999ce6c4c16e5b.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious use of SetWindowsHookEx
    PID:4644

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4644-130-0x00000000029C0000-0x00000000029CC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/4644-134-0x0000000040000000-0x0000000040009000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4644-137-0x00000000030E0000-0x00000000030E9000-memory.dmp

    Filesize

    36KB

    Download