Overview

overview

10

Static

static

3

452bb49772...JC.dll

windows7-x64

10

452bb49772...JC.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    15-09-2023 12:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    452bb497728f1eb2ccd56b83f7a13e51447bd79852085e68908cb6c47625060b_JC.dll

  • Size

    1.1MB

  • MD5

    7d2156efddf126dfb4c466da06f15e11

  • SHA1

    cf90131f73f72b7f32bccca438283a04a1001dbe

  • SHA256

    452bb497728f1eb2ccd56b83f7a13e51447bd79852085e68908cb6c47625060b

  • SHA512

    83496c49175e85e627ff320ec954f1e393d1473e17bf098f3dfbb98c09b18da6c1d4258bdcfcecc382a8da91424ff63ad882deb8a9572fecb6c667b131d74fe4

  • SSDEEP

    24576:drD2uxNbJd3BU7XFLH9io8hAGOAHxLrQ+P3U:ZDBxNvR

Score
10/10
bumblebeejs1trojan

Malware Config

Extracted

Family

bumblebee

Botnet

js1

rc4.plain

Signatures

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\452bb497728f1eb2ccd56b83f7a13e51447bd79852085e68908cb6c47625060b_JC.dll
    1⤵
    • Suspicious use of NtCreateThreadExHideFromDebugger
    PID:2124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2124-0-0x0000000000120000-0x0000000000199000-memory.dmp

    Filesize

    484KB

    Download

  • memory/2124-1-0x0000000077970000-0x0000000077B19000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2124-2-0x0000000002040000-0x000000000214A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2124-4-0x0000000002040000-0x000000000214A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2124-5-0x0000000077970000-0x0000000077B19000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2124-6-0x0000000002040000-0x000000000214A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2124-7-0x0000000000120000-0x0000000000199000-memory.dmp

    Filesize

    484KB

    Download

  • memory/2124-8-0x0000000077970000-0x0000000077B19000-memory.dmp

    Filesize

    1.7MB

    Download