Malware Analysis Report

2024-11-13 16:52

Sample ID 241109-cztfkaxrcn
Target 31b9b21a2d6867856f8d91068eceb706.exe
SHA256 44fc749f1e8069f218d721eb1adbc5958fd6cdb7a535f899cf6726d19dd40d7b
Tags
bumblebee lnk001 loader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

44fc749f1e8069f218d721eb1adbc5958fd6cdb7a535f899cf6726d19dd40d7b

Threat Level: Known bad

The file 31b9b21a2d6867856f8d91068eceb706.exe was found to be: Known bad.

Malicious Activity Summary

bumblebee lnk001 loader

BumbleBee

Bumblebee family

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-11-09 02:31

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 02:31

Reported

2024-11-09 02:32

Platform

win11-20241007-en

Max time kernel

26s

Max time network

28s

Command Line

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\31b9b21a2d6867856f8d91068eceb706.dll

Signatures

BumbleBee

loader bumblebee

Bumblebee family

bumblebee

Processes

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\31b9b21a2d6867856f8d91068eceb706.dll

Network

Country Destination Domain Proto
US 8.8.8.8:53 tvx1ovdepj8.life udp
DE 188.40.187.138:443 8x2apo5m7ri.life tcp
DE 188.40.187.138:443 8x2apo5m7ri.life tcp
DE 188.40.187.138:443 8x2apo5m7ri.life tcp
DE 188.40.187.138:443 8x2apo5m7ri.life tcp

Files

memory/8-0-0x0000000001FD0000-0x00000000020B4000-memory.dmp

memory/8-1-0x00007FFB087C4000-0x00007FFB087C5000-memory.dmp

memory/8-2-0x0000000002360000-0x0000000002579000-memory.dmp

memory/8-6-0x00007FFB08720000-0x00007FFB08929000-memory.dmp

memory/8-5-0x0000000002360000-0x0000000002579000-memory.dmp

memory/8-4-0x0000000002360000-0x0000000002579000-memory.dmp

memory/8-3-0x0000000002360000-0x0000000002579000-memory.dmp

memory/8-7-0x0000000002360000-0x0000000002579000-memory.dmp

memory/8-8-0x0000000001FD0000-0x00000000020B4000-memory.dmp

memory/8-9-0x00007FFB08720000-0x00007FFB08929000-memory.dmp