Overview

overview

10

Static

static

3

LdrAddX64_...70.dll

windows7-x64

10

LdrAddX64_...70.dll

windows10-2004-x64

10

Resubmissions

12-10-2023 14:05

231012-rea6tadc7z 10

09-10-2023 22:23

231009-2a2hbagg61 10

Analysis

  • max time kernel
    169s
  • max time network
    205s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-10-2023 14:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LdrAddX64_out_cr70.dll

  • Size

    894KB

  • MD5

    a4e4f8966796845079ca6b853fd1899d

  • SHA1

    25906943d58610a2208c9312c555dee7eb16952e

  • SHA256

    15b7cb2818530bbf0b55ea608d85df1bd97004a8556a358c11f84dbb93b893f7

  • SHA512

    22df60f5d457cca829aa86f708d6df492aa8acf794dbaed5bfac06b3f6fcbd7a331139c92465a9e5ec57232b76102b26ba593e527266709fd225ca15a3c3045a

  • SSDEEP

    12288:1hPALJCb+JI7GB5ShQUO3wY6Wpg8qvtN2FCOWPZzMe0n28qX2Y5aIv/86PaeAkYT:1hum+JI/jO3z6WStlFq4Gd66PybS

Score
10/10
bumblebeelg1010trojan

Malware Config

Extracted

Family

bumblebee

Botnet

lg1010

rc4.plain

Signatures

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\LdrAddX64_out_cr70.dll
    1⤵
    • Suspicious use of NtCreateThreadExHideFromDebugger
    PID:4040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4040-0-0x0000000002E40000-0x0000000002EAF000-memory.dmp

    Filesize

    444KB

    Download

  • memory/4040-1-0x00007FFC3A3F0000-0x00007FFC3A5E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4040-3-0x00000000030C0000-0x00000000031CA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4040-4-0x00007FFC3A3F0000-0x00007FFC3A5E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4040-5-0x00000000030C0000-0x00000000031CA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4040-6-0x00007FFC3A3F0000-0x00007FFC3A5E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4040-7-0x00007FFC3A3F0000-0x00007FFC3A5E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4040-2-0x00000000030C0000-0x00000000031CA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4040-8-0x00007FFC3A3F0000-0x00007FFC3A5E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4040-9-0x00007FFC3A3F0000-0x00007FFC3A5E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4040-10-0x00007FFC3A3F0000-0x00007FFC3A5E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4040-11-0x00007FFC3A3F0000-0x00007FFC3A5E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4040-12-0x00000000030C0000-0x00000000031CA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4040-13-0x0000000002E40000-0x0000000002EAF000-memory.dmp

    Filesize

    444KB

    Download

  • memory/4040-14-0x00007FFC3A3F0000-0x00007FFC3A5E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4040-15-0x00007FFC3A3F0000-0x00007FFC3A5E5000-memory.dmp

    Filesize

    2.0MB

    Download