Overview

overview

10

Static

static

3

e1dbce8a89...15.dll

windows7-x64

10

e1dbce8a89...15.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    153s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-10-2023 01:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e1dbce8a89b5fea0f3cf6da9560fd573dfe9c93c5d6d8d2fef8902a3589cdf15.dll

  • Size

    1.1MB

  • MD5

    a6ac1a8bb63362ed7515f2ca02fb52be

  • SHA1

    8781347d2e723f823d5b996bc22389b14a4a72c8

  • SHA256

    e1dbce8a89b5fea0f3cf6da9560fd573dfe9c93c5d6d8d2fef8902a3589cdf15

  • SHA512

    6f01f0a630afff0dd71c5e457c8dbdb3a7743fb6337740384e034dad0d6b3f002992f2df5c953f223f8b2589098c43640b705a25482ed1c939a61b6dd783392d

  • SSDEEP

    24576:K40kaG+iDe5cMQW7v7+KIUC/ofj1fpLgN:K40kd+35cMv

Score
10/10
bumblebeejs1trojan

Malware Config

Extracted

Family

bumblebee

Botnet

js1

rc4.plain

Signatures

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\e1dbce8a89b5fea0f3cf6da9560fd573dfe9c93c5d6d8d2fef8902a3589cdf15.dll
    1⤵
    • Suspicious use of NtCreateThreadExHideFromDebugger
    PID:3768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3768-0-0x0000000002660000-0x00000000026D9000-memory.dmp

    Filesize

    484KB

    Download

  • memory/3768-1-0x00007FFDE5AD0000-0x00007FFDE5CC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3768-3-0x00007FFDE5AD0000-0x00007FFDE5CC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3768-4-0x00000000028A0000-0x00000000029AA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3768-2-0x00000000028A0000-0x00000000029AA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3768-6-0x00000000028A0000-0x00000000029AA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3768-5-0x00007FFDE5AD0000-0x00007FFDE5CC5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3768-7-0x00000000028A0000-0x00000000029AA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3768-8-0x0000000002660000-0x00000000026D9000-memory.dmp

    Filesize

    484KB

    Download

  • memory/3768-9-0x00007FFDE5AD0000-0x00007FFDE5CC5000-memory.dmp

    Filesize

    2.0MB

    Download