buer | f5b466272f13e31dd830c4f24d8ef4319a0222bc513c091d44d3c2b1bc05d810 | Triage

Analysis

max time kernel
4s
max time network
44s
platform
windows7_x64
resource
win7-20220414-en
submitted
17-04-2022 14:38

Sharing

Report Analysis Logs

General

Target

f5b466272f13e31dd830c4f24d8ef4319a0222bc513c091d44d3c2b1bc05d810.exe
Size

6.6MB
MD5

6d57333afba510598055f469fd6dae46
SHA1

365212477a7f38a8342ac9a64eca2f3cf03d5bac
SHA256

f5b466272f13e31dd830c4f24d8ef4319a0222bc513c091d44d3c2b1bc05d810
SHA512

4ebb9720ef9ff5ba5ab642d242145fc3a731ef764ce805bde0456164fa6d0f89fba88a01f10e0c4c2699cb35c542972bb914d94083d093bb0f992ee630e178d0

Score

10^/10

buer loader

Malware Config

Signatures

Buer
Buer is a new modular loader first seen in August 2019.
loader buer

Buer Loader 3 IoCs

Detects Buer loader in memory or disk.

resource	yara_rule
behavioral1/memory/964-55-0x0000000000360000-0x000000000036C000-memory.dmp	buer
behavioral1/memory/964-59-0x0000000040000000-0x0000000040009000-memory.dmp	buer
behavioral1/memory/964-62-0x0000000000350000-0x0000000000359000-memory.dmp	buer

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
964	f5b466272f13e31dd830c4f24d8ef4319a0222bc513c091d44d3c2b1bc05d810.exe
964	f5b466272f13e31dd830c4f24d8ef4319a0222bc513c091d44d3c2b1bc05d810.exe

C:\Users\Admin\AppData\Local\Temp\f5b466272f13e31dd830c4f24d8ef4319a0222bc513c091d44d3c2b1bc05d810.exe
"C:\Users\Admin\AppData\Local\Temp\f5b466272f13e31dd830c4f24d8ef4319a0222bc513c091d44d3c2b1bc05d810.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/964-54-0x00000000753B1000-0x00000000753B3000-memory.dmp

Filesize
8KB

Download
memory/964-55-0x0000000000360000-0x000000000036C000-memory.dmp

Filesize
48KB

Download
memory/964-59-0x0000000040000000-0x0000000040009000-memory.dmp

Filesize
36KB

Download
memory/964-62-0x0000000000350000-0x0000000000359000-memory.dmp

Filesize
36KB

Download