Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

bumblexe_JC.exe

windows7-x64

10

bumblexe_JC.exe

windows10-2004-x64

10

Resubmissions

09/10/2023, 22:51

231009-2sr2lagh9w 10

05/10/2023, 18:36

231005-w9a7hsgb43 10

Analysis

  • max time kernel
    137s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/10/2023, 18:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bumblexe_JC.exe

  • Size

    1.1MB

  • MD5

    18bed86ae98c975ae31c170c3a8e1981

  • SHA1

    7ea59b934a0b3a0c89832ad11e87a4cfd92a6774

  • SHA256

    e0c72b8d08e6fdd5446ddd8102e841a44b1d51af8fd2599533e374c44f2a5946

  • SHA512

    b2fb27157cf03a80ecf16c106d6434441fea3f5dbd7ff2ac8341c815b1dc4da605d1e7da16618b0d7db0c893bf08170232acbb94acbf816bb9fea0f7ee866771

  • SSDEEP

    24576:fKf0SdDbFUsLbfzo1SI5N3SttKE+GWXfDb0mW:fKfdbFUsLzzmN3gtMX4m

Score
10/10
bumblebeeis0210trojan

Malware Config

Extracted

Family

bumblebee

Botnet

is0210

rc4.plain

Signatures

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bumblexe_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\bumblexe_JC.exe"
    1⤵
      PID:2000
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
      1⤵
        PID:4928
      • C:\Windows\System32\svchost.exe
        C:\Windows\System32\svchost.exe -k UnistackSvcGroup
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1356

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1356-4-0x000002779A650000-0x000002779A660000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1356-20-0x000002779A750000-0x000002779A760000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1356-36-0x00000277A2AC0000-0x00000277A2AC1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1356-38-0x00000277A2AF0000-0x00000277A2AF1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1356-39-0x00000277A2AF0000-0x00000277A2AF1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1356-40-0x00000277A2C00000-0x00000277A2C01000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2000-0-0x0000023C2C470000-0x0000023C2C529000-memory.dmp

        Filesize

        740KB

        Download

      • memory/2000-1-0x0000023C2C7A0000-0x0000023C2C8A7000-memory.dmp

        Filesize

        1.0MB

        Download

      • memory/2000-2-0x0000023C2C7A0000-0x0000023C2C8A7000-memory.dmp

        Filesize

        1.0MB

        Download

      • memory/2000-3-0x0000023C2C7A0000-0x0000023C2C8A7000-memory.dmp

        Filesize

        1.0MB

        Download