Analysis

  • max time kernel
    35s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    05-09-2022 15:53

General

  • Target

    ac89e5c3ba69bb41f4bb4bb7f7af39514b5a211ec6b641d45408777b30c75c5a.exe

  • Size

    572KB

  • MD5

    1ef4ef71230454934d759745e1e1240d

  • SHA1

    774012f2dd2f71d58b94faa83292503710eeb49c

  • SHA256

    ac89e5c3ba69bb41f4bb4bb7f7af39514b5a211ec6b641d45408777b30c75c5a

  • SHA512

    3445eacec6afe88214aa936ace0adec541d80c216886f3c99aa1053031a5a2eb57068c5e073e720e6db17d74ab3479a1fa49eb08e9a33feb358c1180db953098

  • SSDEEP

    12288:ojvtdyOr+WX4QbM9Vl9nlVgDlWkyRm30N9R:EjqAuy7ez

Score
10/10

Malware Config

Signatures

  • BLISTER

    BLISTER is a downloader used to deliver other malware families.

  • Detect Blister loader x64 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\ac89e5c3ba69bb41f4bb4bb7f7af39514b5a211ec6b641d45408777b30c75c5a.exe
    "C:\Users\Admin\AppData\Local\Temp\ac89e5c3ba69bb41f4bb4bb7f7af39514b5a211ec6b641d45408777b30c75c5a.exe"
    1⤵
    • Loads dropped DLL
    PID:892

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\wimgapi_64\wimgapi.dll

    Filesize

    784KB

    MD5

    642aa70b188eb7e76273130246419f1d

    SHA1

    6f1ed28b7660af5bdf36b06cc47ac763a96b46b8

    SHA256

    8e6c0d338f201630b5c5ba4f1757e931bc065c49559c514658b4c2090a23e57b

    SHA512

    ae485df1909fb504ea627a529d8650cd4249a9997ead8409e041302102b0eb3605c33406f1166eda7a4e3ddb8ca8bca9cf3fc0492b1606b8ac1d50842c59b312

  • memory/892-54-0x000007FEFB931000-0x000007FEFB933000-memory.dmp

    Filesize

    8KB

  • memory/892-56-0x000007FEF6520000-0x000007FEF65E8000-memory.dmp

    Filesize

    800KB