Analysis
-
max time kernel
44s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
07-07-2022 11:52
Behavioral task
behavioral1
Sample
7cd03b30cfeea07b5ea4c8976e6456cb65e09f6b8e7dcc68884379925681b1c4.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
7cd03b30cfeea07b5ea4c8976e6456cb65e09f6b8e7dcc68884379925681b1c4.dll
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
7cd03b30cfeea07b5ea4c8976e6456cb65e09f6b8e7dcc68884379925681b1c4.dll
-
Size
603KB
-
MD5
f3e60f43ffae0656488bbea2861b0e31
-
SHA1
a3574879c1e0f8543571e22bf4f08ac784f69f54
-
SHA256
7cd03b30cfeea07b5ea4c8976e6456cb65e09f6b8e7dcc68884379925681b1c4
-
SHA512
397b4f0dbd720f4e62ccafd7e143f34e6d61f7fc131004aef64d1b769f712fe7b3cb10d657c9663e542098389b415ab834ce4a2bbe30c8bba655ce2c2c222615
Malware Config
Signatures
-
Detect Blister loader x32 1 IoCs
resource yara_rule behavioral1/memory/904-57-0x00000000749D0000-0x0000000074A6A000-memory.dmp family_blister_x32 -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1600 wrote to memory of 904 1600 regsvr32.exe 27 PID 1600 wrote to memory of 904 1600 regsvr32.exe 27 PID 1600 wrote to memory of 904 1600 regsvr32.exe 27 PID 1600 wrote to memory of 904 1600 regsvr32.exe 27 PID 1600 wrote to memory of 904 1600 regsvr32.exe 27 PID 1600 wrote to memory of 904 1600 regsvr32.exe 27 PID 1600 wrote to memory of 904 1600 regsvr32.exe 27
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\7cd03b30cfeea07b5ea4c8976e6456cb65e09f6b8e7dcc68884379925681b1c4.dll1⤵
- Suspicious use of WriteProcessMemory
PID:1600 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\7cd03b30cfeea07b5ea4c8976e6456cb65e09f6b8e7dcc68884379925681b1c4.dll2⤵PID:904
-