Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

devx_foot2.dll

windows7-x64

10

devx_foot2.dll

windows10-2004-x64

10

forum_old.bat

windows7-x64

1

forum_old.bat

windows10-2004-x64

3

license.lnk

windows7-x64

8

license.lnk

windows10-2004-x64

10

Analysis

  • max time kernel
    137s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/12/2022, 13:34 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    devx_foot2.dll

  • Size

    1005KB

  • MD5

    b955bf20f8c1b01b9f1d12023183115d

  • SHA1

    1649e261310a5cd12965bc7a6440c18adaeea6b9

  • SHA256

    84155dc50b0e963c16477793e5814b9feb9603b80924a047d7558a26228b6749

  • SHA512

    4bee83ee71c7ce24d2488170c1b15861e280efa25637447d4b1b18acfcbe178ba4a21d70590771f617219dc20b26fec1da9b3ffd00480cfe06efc1833237a1e7

  • SSDEEP

    24576:YInlGCMQ33VI15YlmePz8nGQrUc9KLVy:j0CFyBn3rn9P

Score
10/10
bumblebee1412trojan

Malware Config

Extracted

Family

bumblebee

Botnet

1412

C2

108.62.141.52:443

23.82.140.180:443

198.98.51.235:443
rc4.plain
1
eCUmnQerTx

Signatures

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee
  • Blocklisted process makes network request 6 IoCs
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\devx_foot2.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious use of NtCreateThreadExHideFromDebugger
    PID:4820

Network

    No results found
  • 13.89.178.27:443
    322 B
     7
  • 87.160.157.230:278
    rundll32.exe
    260 B
     5
  • 104.80.225.205:443
    322 B
     7
  • 8.249.91.254:80
    322 B
     7
  • 8.249.91.254:80
    322 B
     7
  • 8.249.91.254:80
    322 B
     7
  • 183.184.241.198:301
    rundll32.exe
    260 B
     5
  • 133.24.10.29:153
    rundll32.exe
    260 B
     5
  • 117.125.62.129:149
    rundll32.exe
    260 B
     5
  • 129.67.27.80:106
    rundll32.exe
    260 B
     5
  • 23.137.232.146:496
    rundll32.exe
    208 B
     4
No results found

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4820-132-0x000002070E990000-0x000002070EAD9000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/4820-133-0x000002070E7D0000-0x000002070E846000-memory.dmp

    Filesize

    472KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.