bumblebee | 71a4d395499af1cf4349bea2860f4da8aabef2136205cd1a3898bc707bd4aef8

Analysis

max time kernel
139s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
28-04-2024 04:21

Target

fd320a755022e6c79c245ad70e2324f6640feb23ef0787d2d54a572b90cabadf.dll
Size

3.9MB
MD5

3379fc690c9bb07934e15354dfabd263
SHA1

9631affd92612bc7dc0abe316936888939e58f4c
SHA256

fd320a755022e6c79c245ad70e2324f6640feb23ef0787d2d54a572b90cabadf
SHA512

77425f1a12c466e0c4da03415fd54c2c28508383b449069b4c77f87c780e24776fa848d369a06602720f87fef89648175a67aecbc7a1f9a0281c4931acdc9ea4
SSDEEP

49152:Kt7aKxh/DddwZd1b9g4UJibw1PlX4IaVb5nhXzIXEe/Y9dARDzNfsI3Hl3:azI9g4eis1PlB01hjGENd4lsI3HJ

Score

10^/10

Family

bumblebee

Botnet

asd123

rc4.plain

BumbleBee
BumbleBee is a loader malware written in C++.
loader bumblebee
Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

Processes:

regsvr32.exe

pid process

808 regsvr32.exe

pid	process
808	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\fd320a755022e6c79c245ad70e2324f6640feb23ef0787d2d54a572b90cabadf.dll
1⤵
- Suspicious use of NtCreateThreadExHideFromDebugger
PID:808

memory/808-0-0x0000000002530000-0x0000000002748000-memory.dmp

Filesize
2.1MB

Download
memory/808-2-0x0000000002530000-0x0000000002748000-memory.dmp

Filesize
2.1MB

Download
memory/808-3-0x00000000022F0000-0x0000000002527000-memory.dmp

Filesize
2.2MB

Download
memory/808-1-0x0000000002530000-0x0000000002748000-memory.dmp

Filesize
2.1MB

Download
memory/808-4-0x0000000002530000-0x0000000002748000-memory.dmp

Filesize
2.1MB

Download
memory/808-6-0x00007FFFBD190000-0x00007FFFBD385000-memory.dmp

Filesize
2.0MB

Download
memory/808-5-0x00007FFFBD190000-0x00007FFFBD385000-memory.dmp

Filesize
2.0MB

Download