Analysis Overview
SHA256
0d17c73e51bb304798f8e23e1de0b5787e3d13fc8648764eab4f15c8d40af396
Threat Level: Known bad
The file Requested_Documents_SEPTEMBER2023.pdf .exe was found to be: Known bad.
Malicious Activity Summary
BumbleBee
Unsigned PE
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-09-07 13:26
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-09-07 13:26
Reported
2023-09-07 13:30
Platform
win10-20230831-en
Max time kernel
124s
Max time network
185s
Command Line
Signatures
BumbleBee
Processes
C:\Users\Admin\AppData\Local\Temp\Requested_Documents_SEPTEMBER2023.pdf .exe
"C:\Users\Admin\AppData\Local\Temp\Requested_Documents_SEPTEMBER2023.pdf .exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cmid1s1zeiu.life | udp |
| CA | 172.86.68.166:443 | cmid1s1zeiu.life | tcp |
| US | 8.8.8.8:53 | itszko2ot5u.life | udp |
| CA | 45.61.130.31:443 | itszko2ot5u.life | tcp |
| US | 8.8.8.8:53 | 3v1n35i5kwx.life | udp |
| US | 172.86.123.215:443 | 3v1n35i5kwx.life | tcp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | newdnq1xnl9.life | udp |
| DE | 88.198.203.50:443 | newdnq1xnl9.life | tcp |
| US | 8.8.8.8:53 | 50.203.198.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.57.101.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.73.42.20.in-addr.arpa | udp |
Files
memory/224-0-0x000001ED8D8A0000-0x000001ED8D91A000-memory.dmp
memory/224-1-0x000001ED8DA20000-0x000001ED8DB27000-memory.dmp
memory/224-2-0x000001ED8DA20000-0x000001ED8DB27000-memory.dmp
memory/224-3-0x000001ED8DA20000-0x000001ED8DB27000-memory.dmp