Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-12-2024 15:16

General

  • Target

    JaffaCakes118_86cc9451105653da36ae8beaa4c3872ab997632637ac0e1ff6d7513fb86764da.exe

  • Size

    709.9MB

  • MD5

    0150b647aef4ee48f2b12c811ba882f2

  • SHA1

    bf334f886c0c0c23dc878e95bdca3984ba9c39a0

  • SHA256

    86cc9451105653da36ae8beaa4c3872ab997632637ac0e1ff6d7513fb86764da

  • SHA512

    9740ef9429fc07e8b0559d3d4755a8bb60df21aa1de1f7af93f58e8d3eb8f061f6fd48adec98d2abbef247bacc3add3a4a76f9cde31a8d641983fabd7c782d62

  • SSDEEP

    24576:tuEYpL6eGotXnc1lus5nY+7B+FfJoiXygld/gr1:tu1L6Rkn2ws5nRNoygKJ

Score
10/10

Malware Config

Extracted

Family

bumblebee

Botnet

17maca

C2

108.62.141.20:443

23.108.57.201:443

108.62.118.170:443

rc4.plain

Signatures

  • BumbleBee

    BumbleBee is a loader malware written in C++.

  • Bumblebee family
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_86cc9451105653da36ae8beaa4c3872ab997632637ac0e1ff6d7513fb86764da.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_86cc9451105653da36ae8beaa4c3872ab997632637ac0e1ff6d7513fb86764da.exe"
    1⤵
    • Suspicious use of NtCreateThreadExHideFromDebugger
    PID:3796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3796-0-0x0000025DFCA60000-0x0000025DFCBC1000-memory.dmp

    Filesize

    1.4MB

  • memory/3796-1-0x0000025DFCA60000-0x0000025DFCBC1000-memory.dmp

    Filesize

    1.4MB

  • memory/3796-2-0x0000025DFCA60000-0x0000025DFCBC1000-memory.dmp

    Filesize

    1.4MB