blister | 7cd03b30cfeea07b5ea4c8976e6456cb65e09f6b8e7dcc68884379925681b1c4 | Triage

Resubmissions

07-07-2022 11:52

220707-n1ty9sfhgm 10

12-05-2022 04:07

220512-epmldadbdp 1

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220414-en
submitted
07-07-2022 11:52

Sharing

Report Analysis Logs

General

Target

7cd03b30cfeea07b5ea4c8976e6456cb65e09f6b8e7dcc68884379925681b1c4.dll
Size

603KB
MD5

f3e60f43ffae0656488bbea2861b0e31
SHA1

a3574879c1e0f8543571e22bf4f08ac784f69f54
SHA256

7cd03b30cfeea07b5ea4c8976e6456cb65e09f6b8e7dcc68884379925681b1c4
SHA512

397b4f0dbd720f4e62ccafd7e143f34e6d61f7fc131004aef64d1b769f712fe7b3cb10d657c9663e542098389b415ab834ce4a2bbe30c8bba655ce2c2c222615

Score

10^/10

blister loader

Malware Config

Signatures

BLISTER
BLISTER is a downloader used to deliver other malware families.
loader blister

Detect Blister loader x32 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/904-57-0x00000000749D0000-0x0000000074A6A000-memory.dmp	family_blister_x32

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1600 wrote to memory of 904	1600	regsvr32.exe	regsvr32.exe
PID 1600 wrote to memory of 904	1600	regsvr32.exe	regsvr32.exe
PID 1600 wrote to memory of 904	1600	regsvr32.exe	regsvr32.exe
PID 1600 wrote to memory of 904	1600	regsvr32.exe	regsvr32.exe
PID 1600 wrote to memory of 904	1600	regsvr32.exe	regsvr32.exe
PID 1600 wrote to memory of 904	1600	regsvr32.exe	regsvr32.exe
PID 1600 wrote to memory of 904	1600	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7cd03b30cfeea07b5ea4c8976e6456cb65e09f6b8e7dcc68884379925681b1c4.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\7cd03b30cfeea07b5ea4c8976e6456cb65e09f6b8e7dcc68884379925681b1c4.dll
  2⤵
  PID:904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/904-55-0x0000000000000000-mapping.dmp

Download
memory/904-56-0x0000000075CD1000-0x0000000075CD3000-memory.dmp

Filesize
8KB

Download
memory/904-57-0x00000000749D0000-0x0000000074A6A000-memory.dmp

Filesize
616KB

Download
memory/1600-54-0x000007FEFBE61000-0x000007FEFBE63000-memory.dmp

Filesize
8KB

Download