Overview

overview

10

Static

static

a0cc60b4fa...0f.exe

windows7-x64

3

a0cc60b4fa...0f.exe

windows10-2004-x64

3

a69cf4fa61...7f.exe

windows7-x64

10

a69cf4fa61...7f.exe

windows10-2004-x64

10

a6dbbf3d86...75.exe

windows7-x64

7

a6dbbf3d86...75.exe

windows10-2004-x64

7

a783bb9edd...09.exe

windows7-x64

10

a783bb9edd...09.exe

windows10-2004-x64

10

ac89e5c3ba...5a.exe

windows7-x64

10

ac89e5c3ba...5a.exe

windows10-2004-x64

10

b6d4c3b56c...24.exe

windows7-x64

3

b6d4c3b56c...24.exe

windows10-2004-x64

3

b91eb833de...81.exe

windows7-x64

10

b91eb833de...81.exe

windows10-2004-x64

10

b959b003c1...74.exe

windows7-x64

10

b959b003c1...74.exe

windows10-2004-x64

10

ba8824a7c7...63.exe

windows7-x64

7

ba8824a7c7...63.exe

windows10-2004-x64

7

c0f1ebcca8...4a.exe

windows7-x64

10

c0f1ebcca8...4a.exe

windows10-2004-x64

10

c3117be60e...ea.exe

windows7-x64

10

c3117be60e...ea.exe

windows10-2004-x64

10

c492754e6c...ef.exe

windows7-x64

3

c492754e6c...ef.exe

windows10-2004-x64

3

c9cc4d95ca...cd.exe

windows7-x64

10

c9cc4d95ca...cd.exe

windows10-2004-x64

10

ca4a22ce76...20.exe

windows7-x64

10

ca4a22ce76...20.exe

windows10-2004-x64

10

cb949ebe87...26.exe

windows7-x64

10

cb949ebe87...26.exe

windows10-2004-x64

10

cbc0718c3c...99.exe

windows7-x64

10

cbc0718c3c...99.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    37s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    05/09/2022, 15:53 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b959b003c1e558ff0ccf1d0f96509b155d6f86eb20caa97b470f3422494d8d74.exe

  • Size

    1.4MB

  • MD5

    9dbbbe699a03f9a5b5fe9d9e820d36c2

  • SHA1

    5015b57d95cfacdd340d36f07076d886c3aa7e7e

  • SHA256

    b959b003c1e558ff0ccf1d0f96509b155d6f86eb20caa97b470f3422494d8d74

  • SHA512

    ed2cf8f02b79366d559dc439d062772d90f30559a680ceacab5fe764b26fc2b89704ee74f4a7a29877c087a69d85f517bb140d3efd7c01384f5750ccb5cc35ae

  • SSDEEP

    24576:D7JIUlsTxVks6Ci9BE/qdBlFE6WmV3T9NlC/ChMJJxFaQ7e3MyCn1GVkXoBv:PJxWAPh3F3JNliwQC83n6kE

Score
10/10
blisterloader

Malware Config

Signatures

  • BLISTER

    BLISTER is a downloader used to deliver other malware families.

    loaderblister
  • Detect Blister loader x32 4 IoCs
    loader
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b959b003c1e558ff0ccf1d0f96509b155d6f86eb20caa97b470f3422494d8d74.exe
    "C:\Users\Admin\AppData\Local\Temp\b959b003c1e558ff0ccf1d0f96509b155d6f86eb20caa97b470f3422494d8d74.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:780
    • C:\Windows\system32\Rundll32.exe
      Rundll32.exe C:\Users\Admin\AppData\Local\Temp\TempInstall\col.dll,LaunchColorCpl
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1992
      • C:\Windows\SysWOW64\rundll32.exe
        Rundll32.exe C:\Users\Admin\AppData\Local\Temp\TempInstall\col.dll,LaunchColorCpl
        3⤵
        • Loads dropped DLL
        PID:2012

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\TempInstall\col.dll
    Filesize

    1.5MB

    MD5

    6f522c8da98bed1b4726558b7d5a8e81

    SHA1

    19ff3faaa3ae1736f9785443e60a0dad857d9cce

    SHA256

    863228efa55b54a8d03a87bb602a2e418856e0028ae409357454a6303b128224

    SHA512

    604108542b0d48c67b9f0b9ceaacf511b8455c8212c571b5ee26d47d3e4e1def055d877036ae7148941420bf15c94b1a5ae003731c756303d45338575c8af81d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\TempInstall\col.dll
    Filesize

    1.5MB

    MD5

    6f522c8da98bed1b4726558b7d5a8e81

    SHA1

    19ff3faaa3ae1736f9785443e60a0dad857d9cce

    SHA256

    863228efa55b54a8d03a87bb602a2e418856e0028ae409357454a6303b128224

    SHA512

    604108542b0d48c67b9f0b9ceaacf511b8455c8212c571b5ee26d47d3e4e1def055d877036ae7148941420bf15c94b1a5ae003731c756303d45338575c8af81d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\TempInstall\col.dll
    Filesize

    1.5MB

    MD5

    6f522c8da98bed1b4726558b7d5a8e81

    SHA1

    19ff3faaa3ae1736f9785443e60a0dad857d9cce

    SHA256

    863228efa55b54a8d03a87bb602a2e418856e0028ae409357454a6303b128224

    SHA512

    604108542b0d48c67b9f0b9ceaacf511b8455c8212c571b5ee26d47d3e4e1def055d877036ae7148941420bf15c94b1a5ae003731c756303d45338575c8af81d

    Download Submit

  • memory/780-54-0x000007FEFBD81000-0x000007FEFBD83000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2012-58-0x0000000076121000-0x0000000076123000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2012-61-0x0000000017170000-0x00000000172FD000-memory.dmp

    Filesize

    1.6MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.