Analysis
-
max time kernel
40s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
25-06-2022 02:51
General
-
Target
b73e52768067d97464a6991027693246fad1afb144cbf9c9e66ffc840cc8542e.exe
-
Size
31KB
-
MD5
d91559ae45b8f9bc903d27703211b119
-
SHA1
f1b02bf6d06cfba37bfea3a5fdc0664cd7b8b91a
-
SHA256
b73e52768067d97464a6991027693246fad1afb144cbf9c9e66ffc840cc8542e
-
SHA512
3b048d58c7024a7d0ca78b0ffc2ec066bb4712082f8f33fd1aa853fc0ba37d207825be8517e57f548852c6bc2681a16196f7ddfd0dd792d2cb69a21afaa564af
Malware Config
Extracted
buer
https://java-stat.com/
https://installerr.pw/
Signatures
-
Buer
Buer is a new modular loader first seen in August 2019.
-
Buer Loader 10 IoCs
Detects Buer loader in memory or disk.
-
Executes dropped EXE 1 IoCs
-
Deletes itself 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Adds Run key to start application 2 TTPs 4 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of WriteProcessMemory 15 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b73e52768067d97464a6991027693246fad1afb144cbf9c9e66ffc840cc8542e.exe"C:\Users\Admin\AppData\Local\Temp\b73e52768067d97464a6991027693246fad1afb144cbf9c9e66ffc840cc8542e.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\ActiveX\manager.exeC:\Users\Admin\AppData\Roaming\ActiveX\manager.exe "C:\Users\Admin\AppData\Local\Temp\b73e52768067d97464a6991027693246fad1afb144cbf9c9e66ffc840cc8542e.exe" ensgJJ2⤵
- Executes dropped EXE
- Deletes itself
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\secinit.exeC:\Users\Admin\AppData\Roaming\ActiveX\manager.exe3⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
31KB
MD5d91559ae45b8f9bc903d27703211b119
SHA1f1b02bf6d06cfba37bfea3a5fdc0664cd7b8b91a
SHA256b73e52768067d97464a6991027693246fad1afb144cbf9c9e66ffc840cc8542e
SHA5123b048d58c7024a7d0ca78b0ffc2ec066bb4712082f8f33fd1aa853fc0ba37d207825be8517e57f548852c6bc2681a16196f7ddfd0dd792d2cb69a21afaa564af
-
Filesize
31KB
MD5d91559ae45b8f9bc903d27703211b119
SHA1f1b02bf6d06cfba37bfea3a5fdc0664cd7b8b91a
SHA256b73e52768067d97464a6991027693246fad1afb144cbf9c9e66ffc840cc8542e
SHA5123b048d58c7024a7d0ca78b0ffc2ec066bb4712082f8f33fd1aa853fc0ba37d207825be8517e57f548852c6bc2681a16196f7ddfd0dd792d2cb69a21afaa564af
-
Filesize
31KB
MD5d91559ae45b8f9bc903d27703211b119
SHA1f1b02bf6d06cfba37bfea3a5fdc0664cd7b8b91a
SHA256b73e52768067d97464a6991027693246fad1afb144cbf9c9e66ffc840cc8542e
SHA5123b048d58c7024a7d0ca78b0ffc2ec066bb4712082f8f33fd1aa853fc0ba37d207825be8517e57f548852c6bc2681a16196f7ddfd0dd792d2cb69a21afaa564af
-
Filesize
31KB
MD5d91559ae45b8f9bc903d27703211b119
SHA1f1b02bf6d06cfba37bfea3a5fdc0664cd7b8b91a
SHA256b73e52768067d97464a6991027693246fad1afb144cbf9c9e66ffc840cc8542e
SHA5123b048d58c7024a7d0ca78b0ffc2ec066bb4712082f8f33fd1aa853fc0ba37d207825be8517e57f548852c6bc2681a16196f7ddfd0dd792d2cb69a21afaa564af
-
Filesize
44KB
-
Filesize
44KB
-
Filesize
44KB
-
Filesize
44KB
-
Filesize
44KB
-
Filesize
4KB
-
Filesize
44KB
-
Filesize
44KB
-
Filesize
8KB