bumblebee | b8fc2474a801ea4b51df01d869c192cf430d72763758d8ca68cc43e318fdc7a0

Analysis

max time kernel
144s
max time network
158s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 01:36

Target

b8fc2474a801ea4b51df01d869c192cf430d72763758d8ca68cc43e318fdc7a0.dll
Size

1.1MB
MD5

9a05abe3e58b71abd91ba819bbe88846
SHA1

3cf06a801d3b061e6dfd7c0fd257778ce878d4d1
SHA256

b8fc2474a801ea4b51df01d869c192cf430d72763758d8ca68cc43e318fdc7a0
SHA512

c4a2a544527cf6d0fb909bdc8cf58eb3e4f3741ecba2578f0ec11ef69a4ca1713110ca1b3c8dc1f02c35ed4a241247abe042e725080dd0945cca3ba4c124a392
SSDEEP

24576:Vi1XU5dnViuxKLDjpZkECM513RshB80lPW6XmA:01cdnVkjq

Score

10^/10

Family

bumblebee

Botnet

js1

rc4.plain

Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

pid	Process
1444	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b8fc2474a801ea4b51df01d869c192cf430d72763758d8ca68cc43e318fdc7a0.dll
1⤵
- Suspicious use of NtCreateThreadExHideFromDebugger
PID:1444

memory/1444-0-0x0000000000500000-0x0000000000579000-memory.dmp

Filesize
484KB

Download
memory/1444-1-0x0000000077680000-0x0000000077829000-memory.dmp

Filesize
1.7MB

Download
memory/1444-2-0x0000000001F60000-0x000000000206A000-memory.dmp

Filesize
1.0MB

Download
memory/1444-3-0x0000000077680000-0x0000000077829000-memory.dmp

Filesize
1.7MB

Download
memory/1444-5-0x0000000077680000-0x0000000077829000-memory.dmp

Filesize
1.7MB

Download
memory/1444-6-0x0000000001F60000-0x000000000206A000-memory.dmp

Filesize
1.0MB

Download
memory/1444-7-0x0000000001F60000-0x000000000206A000-memory.dmp

Filesize
1.0MB

Download
memory/1444-8-0x0000000000500000-0x0000000000579000-memory.dmp

Filesize
484KB

Download
memory/1444-9-0x0000000077680000-0x0000000077829000-memory.dmp

Filesize
1.7MB

Download