Analysis
-
max time kernel
125s -
max time network
131s -
platform
windows10-1703_x64 -
resource
win10-20230831-en -
resource tags
-
submitted
14-09-2023 08:45
General
-
Target
452bb497728f1eb2ccd56b83f7a13e51447bd79852085e68908cb6c47625060b.dll
-
Size
1.1MB
-
MD5
7d2156efddf126dfb4c466da06f15e11
-
SHA1
cf90131f73f72b7f32bccca438283a04a1001dbe
-
SHA256
452bb497728f1eb2ccd56b83f7a13e51447bd79852085e68908cb6c47625060b
-
SHA512
83496c49175e85e627ff320ec954f1e393d1473e17bf098f3dfbb98c09b18da6c1d4258bdcfcecc382a8da91424ff63ad882deb8a9572fecb6c667b131d74fe4
-
SSDEEP
24576:drD2uxNbJd3BU7XFLH9io8hAGOAHxLrQ+P3U:ZDBxNvR
Score
10/10
Malware Config
Extracted
Family
bumblebee
Botnet
js1
rc4.plain
Signatures
-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
-
Program crash 1 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\452bb497728f1eb2ccd56b83f7a13e51447bd79852085e68908cb6c47625060b.dll1⤵
- Suspicious use of NtCreateThreadExHideFromDebugger
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 3672 -s 4482⤵
- Program crash
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
484KB
-
Filesize
1.9MB
-
Filesize
1.0MB
-
Filesize
1.0MB
-
Filesize
1.9MB
-
Filesize
1.0MB
-
Filesize
1.9MB
-
Filesize
484KB
-
Filesize
1.9MB