bumblebee | 452bb497728f1eb2ccd56b83f7a13e51447bd79852085e68908cb6c47625060b

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
15-09-2023 12:39

Target

452bb497728f1eb2ccd56b83f7a13e51447bd79852085e68908cb6c47625060b_JC.dll
Size

1.1MB
MD5

7d2156efddf126dfb4c466da06f15e11
SHA1

cf90131f73f72b7f32bccca438283a04a1001dbe
SHA256

452bb497728f1eb2ccd56b83f7a13e51447bd79852085e68908cb6c47625060b
SHA512

83496c49175e85e627ff320ec954f1e393d1473e17bf098f3dfbb98c09b18da6c1d4258bdcfcecc382a8da91424ff63ad882deb8a9572fecb6c667b131d74fe4
SSDEEP

24576:drD2uxNbJd3BU7XFLH9io8hAGOAHxLrQ+P3U:ZDBxNvR

Score

10^/10

Family

bumblebee

Botnet

js1

rc4.plain

Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

pid	Process
2740	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\452bb497728f1eb2ccd56b83f7a13e51447bd79852085e68908cb6c47625060b_JC.dll
1⤵
- Suspicious use of NtCreateThreadExHideFromDebugger
PID:2740

memory/2740-0-0x0000000002680000-0x00000000026F9000-memory.dmp

Filesize
484KB

Download
memory/2740-1-0x00007FF881630000-0x00007FF881825000-memory.dmp

Filesize
2.0MB

Download
memory/2740-2-0x0000000002900000-0x0000000002A0A000-memory.dmp

Filesize
1.0MB

Download
memory/2740-5-0x00007FF881630000-0x00007FF881825000-memory.dmp

Filesize
2.0MB

Download
memory/2740-4-0x0000000002900000-0x0000000002A0A000-memory.dmp

Filesize
1.0MB

Download
memory/2740-3-0x00007FF881630000-0x00007FF881825000-memory.dmp

Filesize
2.0MB

Download
memory/2740-6-0x0000000002900000-0x0000000002A0A000-memory.dmp

Filesize
1.0MB

Download
memory/2740-7-0x0000000002900000-0x0000000002A0A000-memory.dmp

Filesize
1.0MB

Download
memory/2740-8-0x0000000002680000-0x00000000026F9000-memory.dmp

Filesize
484KB

Download
memory/2740-9-0x00007FF881630000-0x00007FF881825000-memory.dmp

Filesize
2.0MB

Download