Analysis

  • max time kernel
    138s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-09-2022 15:53

General

  • Target

    c0f1ebcca8a8094853aa65210ddde80f6a9ffe7b3f2d75d5652b166722b3aa4a.exe

  • Size

    695KB

  • MD5

    1fc7bfc48c95c47e06b59d795b6df6ca

  • SHA1

    2f2b5234734ecdc341572ab0cd0aa2c7df30a6da

  • SHA256

    c0f1ebcca8a8094853aa65210ddde80f6a9ffe7b3f2d75d5652b166722b3aa4a

  • SHA512

    9c70a20d66f74c4bb1c6837027b3bd3809bca7404c0d8899c90169f3da45e6a5265a9e0b4b11001a83f641f8118fd8412f64e7859cf281db813802b08e9c6ee3

  • SSDEEP

    12288:9sOol4XixHXc8cR8oxB5cD4w4k+WE97am7hA1RE1TcZVM7giqV2Ez38/CFtJlH/:9ynXHc9753w4ktSBA61ToM7giqhA/cH/

Score
10/10

Malware Config

Signatures

  • BLISTER

    BLISTER is a downloader used to deliver other malware families.

  • Detect Blister loader x32 3 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c0f1ebcca8a8094853aa65210ddde80f6a9ffe7b3f2d75d5652b166722b3aa4a.exe
    "C:\Users\Admin\AppData\Local\Temp\c0f1ebcca8a8094853aa65210ddde80f6a9ffe7b3f2d75d5652b166722b3aa4a.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4580
    • C:\Windows\SYSTEM32\Rundll32.exe
      Rundll32.exe C:\Users\Admin\AppData\Local\Temp\Helper.CC\Helper.CC.dll,LaunchColorCpl
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3864
      • C:\Windows\SysWOW64\rundll32.exe
        Rundll32.exe C:\Users\Admin\AppData\Local\Temp\Helper.CC\Helper.CC.dll,LaunchColorCpl
        3⤵
        • Loads dropped DLL
        PID:4432

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Helper.CC\Helper.CC.dll

    Filesize

    836KB

    MD5

    c7428d3dcbefd49f0f060d6771f17a5b

    SHA1

    b21b0b2cc73331d61e984a0ad28dbe5588cba361

    SHA256

    a34821b50aadee0dd85c382c43f44dae1e5fef0febf2f7aed6abf3f3e21f7994

    SHA512

    a011d0f52774525ff97420ecd1f13147a7e73040ee8f571025b57f6168521752e657f2f72496a2ee781a50905677cccfe4316232570367dec1b63c5feaa16c59

  • C:\Users\Admin\AppData\Local\Temp\Helper.CC\Helper.CC.dll

    Filesize

    836KB

    MD5

    c7428d3dcbefd49f0f060d6771f17a5b

    SHA1

    b21b0b2cc73331d61e984a0ad28dbe5588cba361

    SHA256

    a34821b50aadee0dd85c382c43f44dae1e5fef0febf2f7aed6abf3f3e21f7994

    SHA512

    a011d0f52774525ff97420ecd1f13147a7e73040ee8f571025b57f6168521752e657f2f72496a2ee781a50905677cccfe4316232570367dec1b63c5feaa16c59

  • memory/4432-136-0x0000000017170000-0x0000000017244000-memory.dmp

    Filesize

    848KB