buer | f5b466272f13e31dd830c4f24d8ef4319a0222bc513c091d44d3c2b1bc05d810 | Triage

Analysis

max time kernel
61s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
17-04-2022 14:38

Sharing

Report Analysis Logs

General

Target

f5b466272f13e31dd830c4f24d8ef4319a0222bc513c091d44d3c2b1bc05d810.exe
Size

6.6MB
MD5

6d57333afba510598055f469fd6dae46
SHA1

365212477a7f38a8342ac9a64eca2f3cf03d5bac
SHA256

f5b466272f13e31dd830c4f24d8ef4319a0222bc513c091d44d3c2b1bc05d810
SHA512

4ebb9720ef9ff5ba5ab642d242145fc3a731ef764ce805bde0456164fa6d0f89fba88a01f10e0c4c2699cb35c542972bb914d94083d093bb0f992ee630e178d0

Score

10^/10

buer loader

Malware Config

Signatures

Buer
Buer is a new modular loader first seen in August 2019.
loader buer

Buer Loader 3 IoCs

Detects Buer loader in memory or disk.

resource	yara_rule
behavioral2/memory/2312-130-0x0000000002920000-0x000000000292C000-memory.dmp	buer
behavioral2/memory/2312-134-0x0000000040000000-0x0000000040009000-memory.dmp	buer
behavioral2/memory/2312-137-0x0000000000CF0000-0x0000000000CF9000-memory.dmp	buer

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2312	f5b466272f13e31dd830c4f24d8ef4319a0222bc513c091d44d3c2b1bc05d810.exe
2312	f5b466272f13e31dd830c4f24d8ef4319a0222bc513c091d44d3c2b1bc05d810.exe

C:\Users\Admin\AppData\Local\Temp\f5b466272f13e31dd830c4f24d8ef4319a0222bc513c091d44d3c2b1bc05d810.exe
"C:\Users\Admin\AppData\Local\Temp\f5b466272f13e31dd830c4f24d8ef4319a0222bc513c091d44d3c2b1bc05d810.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2312-130-0x0000000002920000-0x000000000292C000-memory.dmp

Filesize
48KB

Download
memory/2312-134-0x0000000040000000-0x0000000040009000-memory.dmp

Filesize
36KB

Download
memory/2312-137-0x0000000000CF0000-0x0000000000CF9000-memory.dmp

Filesize
36KB

Download