Overview

overview

10

Static

static

3

3b4d473842...0d.dll

windows7-x64

10

3b4d473842...0d.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    132s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-09-2024 20:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3b4d4738423f642a5db68e72b8af49a1481c75e7d079e9de80bb76ab44ec2c0d.dll

  • Size

    1.1MB

  • MD5

    2041cee41fced905b2c09b7f05d1815c

  • SHA1

    0a051ded4a4cd380a89f92198992c488bb333d0f

  • SHA256

    3b4d4738423f642a5db68e72b8af49a1481c75e7d079e9de80bb76ab44ec2c0d

  • SHA512

    30e27eaddc44eba32abf79e6d76bde40e211b7158f5f1bd7592cfc37b5ba81ef03bed5802d343739ba5e3094499860fd035372316faee2e4d4fd45e6a0f92a59

  • SSDEEP

    24576:IzGpwBNRQH5EcGOgDhb0fHgrak/05JROMdw8+9:gGSBis4o

Score
10/10
bumblebeejs1loader

Malware Config

Extracted

Family

bumblebee

Botnet

js1

Attributes
  • dga

    v5b6ml4o0nq.life

    d4mdwvwm8c8.life

    6uwsby1vmyj.life

    mp0zt8ctj70.life

    tkqeai6tead.life

    2xek4jch3xf.life

    ugwfyzhao98.life

    auq2lckl2e0.life

    1odrw6y2sad.life

    hk5ekbl02o8.life

    knqbckw92x9.life

    nnjg4uf5vij.life

    nk4xgtjnvs9.life

    7xbapl162fg.life

    8djp3zmzbif.life

    nojzch0pgfo.life

    b9dsvlk8f23.life

    v3jmvczsden.life

    8vpndr56eb1.life

    5gbcnik1ba0.life

    k6r11hdxxm2.life

    wc87pfwqvbx.life

    3b73akpd5ip.life

    5o5f0or1704.life

    ve0tcgv0oks.life

    tsd7d3pynml.life

    kfjgd8tquo8.life

    ff7xb5l0zl5.life

    27qrg2npbhu.life

    fvawc0jtdkp.life

  • dga_seed_string

    OKFsgukk

  • domain_length

    11

  • num_dga_domains

    100

  • port

    443

rc4.plain

Signatures

  • BumbleBee

    BumbleBee is a loader malware written in C++.

    loaderbumblebee
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3b4d4738423f642a5db68e72b8af49a1481c75e7d079e9de80bb76ab44ec2c0d.dll
    1⤵
    • Suspicious use of NtCreateThreadExHideFromDebugger
    PID:2800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2800-0-0x0000000002D40000-0x0000000002DB9000-memory.dmp

    Filesize

    484KB

    Download

  • memory/2800-1-0x00007FF8EEFAD000-0x00007FF8EEFAE000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2800-3-0x0000000002FA0000-0x00000000030AA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2800-4-0x0000000002FA0000-0x00000000030AA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2800-6-0x00007FF8EEF10000-0x00007FF8EF105000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2800-5-0x00007FF8EEF10000-0x00007FF8EF105000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2800-2-0x0000000002FA0000-0x00000000030AA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2800-7-0x0000000002FA0000-0x00000000030AA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2800-8-0x0000000002D40000-0x0000000002DB9000-memory.dmp

    Filesize

    484KB

    Download

  • memory/2800-9-0x00007FF8EEFAD000-0x00007FF8EEFAE000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2800-10-0x00007FF8EEF10000-0x00007FF8EF105000-memory.dmp

    Filesize

    2.0MB

    Download