Overview

overview

10

Static

static

3

5hzkjlg864.dll

windows7-x64

10

5hzkjlg864.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    205s
  • max time network
    219s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-10-2023 03:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5hzkjlg864.dll

  • Size

    1.1MB

  • MD5

    946ff48f5b0f50a5501979347e8a411f

  • SHA1

    407e18f76b337fe146b100c2a330ab7b5844c6ed

  • SHA256

    35105efb993284937212530ebf3625f532dfb9b00b73409c266ad380d0665b4f

  • SHA512

    d06328b0c92cd6237758d27060ab8a2b9b230454f194bb434c39945a5670b6ea8505109a6c3ea739758c5f26c0dbc400d1e1620695d812d687bd25fce54eba8e

  • SSDEEP

    24576:bQAzTZH7ALVi4S8lvHV40phqqOCx/ZDAwPM:1zTZHE5rt9

Score
10/10
bumblebeejs1trojan

Malware Config

Extracted

Family

bumblebee

Botnet

js1

rc4.plain

Signatures

  • BumbleBee

    BumbleBee is a webshell malware written in C++.

    trojanbumblebee
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5hzkjlg864.dll
    1⤵
    • Suspicious use of NtCreateThreadExHideFromDebugger
    PID:4192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4192-0-0x0000000002300000-0x0000000002379000-memory.dmp

    Filesize

    484KB

    Download

  • memory/4192-1-0x00007FFE414D0000-0x00007FFE416C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4192-2-0x0000000002540000-0x000000000264A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4192-3-0x00007FFE414D0000-0x00007FFE416C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4192-4-0x0000000002540000-0x000000000264A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4192-5-0x0000000002540000-0x000000000264A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4192-6-0x0000000002540000-0x000000000264A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4192-7-0x0000000002300000-0x0000000002379000-memory.dmp

    Filesize

    484KB

    Download

  • memory/4192-8-0x00007FFE414D0000-0x00007FFE416C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4192-9-0x00007FFE414D0000-0x00007FFE416C5000-memory.dmp

    Filesize

    2.0MB

    Download