Overview

overview

10

Static

static

3

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    126s
  • max time network
    136s
  • platform
    windows10-1703_x64
  • resource
    win10-20230831-en
  • resource tags

    arch:x64arch:x86image:win10-20230831-enlocale:en-usos:windows10-1703-x64system
  • submitted
    14-09-2023 08:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    33e80e854c0959e28b1f94cdcd67e28298dcfa3d80d160bc2042f00047a81922.dll

  • Size

    1.1MB

  • MD5

    fcbb53724b1df93a5d1fc45bb55b9069

  • SHA1

    890b9b2dfda3203dc1a65c926d45b4e55db7c01a

  • SHA256

    33e80e854c0959e28b1f94cdcd67e28298dcfa3d80d160bc2042f00047a81922

  • SHA512

    64ea2135efb1af48da4675ff8754a776c0681165cb4e3824143404f96bebb417cfff9e3243f49b3720df16bdc5ab8f72ae063b38ce133ad58f0dfedbce3bef9d

  • SSDEEP

    24576:IzGpwBNRQH5EcGOgDhb0fHgrak/05JROMdw8+:gGSBis4

Score
10/10
bumblebeejs1trojan

Malware Config

Extracted

Family

bumblebee

Botnet

js1

rc4.plain

Signatures

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
  • Program crash 1 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\33e80e854c0959e28b1f94cdcd67e28298dcfa3d80d160bc2042f00047a81922.dll
    1⤵
    • Suspicious use of NtCreateThreadExHideFromDebugger
    PID:3416
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 3416 -s 456
      2⤵
      • Program crash
      PID:4660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3416-0-0x0000000002A60000-0x0000000002AD9000-memory.dmp

    Filesize

    484KB

    Download

  • memory/3416-1-0x00007FFFC8FC0000-0x00007FFFC919B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3416-3-0x00007FFFC8FC0000-0x00007FFFC919B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3416-5-0x00007FFFC8FC0000-0x00007FFFC919B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3416-6-0x0000000002BF0000-0x0000000002CFA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3416-4-0x0000000002BF0000-0x0000000002CFA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3416-2-0x0000000002BF0000-0x0000000002CFA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3416-7-0x0000000002A60000-0x0000000002AD9000-memory.dmp

    Filesize

    484KB

    Download

  • memory/3416-8-0x00007FFFC8FC0000-0x00007FFFC919B000-memory.dmp

    Filesize

    1.9MB

    Download