Overview

overview

10

Static

static

1

8ae7694001...65.msi

windows7-x64

10

8ae7694001...65.msi

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29-02-2024 17:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8ae7694001a73e0eebf0ea394396cd1aacc3a817e1e321da288e445f4feb1465.msi

  • Size

    7.8MB

  • MD5

    cbce77f88d5fd1df590d5172bbb83a2c

  • SHA1

    65bd87e1c512e9cd60a3952e0712d0f67aa952e1

  • SHA256

    8ae7694001a73e0eebf0ea394396cd1aacc3a817e1e321da288e445f4feb1465

  • SHA512

    4d579a70782b99c4fb19398f9d7b430cbe5f9ee5b67dbf360f543fecd010aba373a43266b63b5e7bbe00f8636cdd7d9346806cdaffbaa02608c08310cd752ded

  • SSDEEP

    196608:jxaEo5JeKKpyRqNJMWb75RGlzGban/ba:joEWJeKKpyRqNJMWb75RGlzGbCba

Score
10/10
bumblebeeonkomsi2loader

Malware Config

Extracted

Family

bumblebee

Botnet

onkomsi2

Attributes
  • dga

    n64c2akw.life

    zefawfb0.life

    dph3pby8.life

    hx0hysyg.life

    1qa3k743.life

    luw8ubf2.life

    rbvsf6io.life

    4huoqrsp.life

    8qwcvseh.life

    37zi55wc.life

    i9f44mju.life

    aqnx9c9h.life

    3nmeg5wa.life

    r5ue5rok.life

    et53yjoc.life

    tvgco82h.life

    0xtmu3tz.life

    6xhpschv.life

    6o26tws0.life

    0oz7923s.life

    54y2q50j.life

    9hh7hq5r.life

    r0ca080m.life

    43vtghfz.life

    qal55els.life

    p5e68m36.life

    x698iah6.life

    kqn0zkig.life

    wq6w8jkq.life

    i6n08gx7.life

  • dga_seed

    anjd78ka

  • domain_length

    8

  • num_dga_domains

    100

  • port

    443

rc4.plain

Signatures

  • BumbleBee

    BumbleBee is a loader malware written in C++.

    loaderbumblebee
  • Blocklisted process makes network request 2 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
  • Drops file in Windows directory 5 IoCs
  • Loads dropped DLL 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 42 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\8ae7694001a73e0eebf0ea394396cd1aacc3a817e1e321da288e445f4feb1465.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2304
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2520
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding F8D0290FDB3C2E34B2D0DE4E9E2229D9
      2⤵
      • Loads dropped DLL
      PID:2460
    • C:\Windows\system32\MsiExec.exe
      C:\Windows\system32\MsiExec.exe -Embedding 56DBBB279FDCB774475CD71CA7DD4959
      2⤵
      • Suspicious use of NtCreateThreadExHideFromDebugger
      • Loads dropped DLL
      PID:1680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    634b6fbb6fa3ab343605a3121d2655b8

    SHA1

    a536bb358020fee700694df8560e271b34a8e130

    SHA256

    6dcec5bdc27a1d2c97012013d43fc330fbd0dd2862f9784addd311346db58bad

    SHA512

    9a12169468123e743f9b85ec90ace80a557c13e0e962e656decccc50a2d3f0f64b71be4fe9fb5db73e9c96aada87d11e62d38ddf5f7c0bd0aaede7e524861098

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab230D.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar231F.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3259.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit

  • C:\Windows\Installer\MSI32B8.tmp
    Filesize

    721KB

    MD5

    5a1f2196056c0a06b79a77ae981c7761

    SHA1

    a880ae54395658f129e24732800e207ecd0b5603

    SHA256

    52f41817669af7ac55b1516894ee705245c3148f2997fa0e6617e9cc6353e41e

    SHA512

    9afc180ebc10c0ee0d7306f4b7085608a4e69321044d474691587bf7e63f945888781a9fc5e69568d351ac690b0335214bd04bdf5c75fd8a3bd1ec4be5d3475a

    Download Submit

  • C:\Windows\Installer\MSI33E2.tmp
    Filesize

    2.1MB

    MD5

    bedb0f369ebb79dbcf856379ecb6566c

    SHA1

    4a8c27c1a2f0be31b73fdad222782648c9ce6b0c

    SHA256

    189046093d0018570c1d9a12ad4aca14d4ccd65fb63d228275fd7067c24d2ecd

    SHA512

    06a3d60bf011453711d2f1df385b28edc3815f6e108567169690821b3085b8fda526a123cfbacb6e42290a0576fa878c41cdebef77609367965df12a159a02ee

    Download Submit

  • memory/1680-70-0x0000000002930000-0x0000000002B48000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1680-69-0x0000000002620000-0x0000000002707000-memory.dmp

    Filesize

    924KB

    Download

  • memory/1680-72-0x0000000076E80000-0x0000000077029000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1680-73-0x0000000002930000-0x0000000002B48000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1680-74-0x0000000076E80000-0x0000000077029000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1680-75-0x0000000076E80000-0x0000000077029000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1680-76-0x0000000076E80000-0x0000000077029000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1680-77-0x0000000002930000-0x0000000002B48000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1680-78-0x0000000002620000-0x0000000002707000-memory.dmp

    Filesize

    924KB

    Download

  • memory/1680-79-0x0000000076E80000-0x0000000077029000-memory.dmp

    Filesize

    1.7MB

    Download