Bumblebee x1

anthonyqian

来自MB。

执行方式：

1. rundll32 da4nos.dll, ajwGwRKhLi

复制代码

ESET扫描missed，ELG查杀。

kuroandsan

Kaspersky miss

喀反

360 miss

Jerry.Lin

ikarus & vtss scan miss

心醉咖啡

毒霸扫描miss

Tom179090

HMPA拦截

The application, one of its loaded modules, or another process, has attempted to allocate memory with executable permissions to introduce additional code not part of the base program.

MITRE ATT&CK

Supply Chain Compromise - ID: T1195, Tactic: Initial Access

Hibike

1. Mitigation   HeapHeapProtect
   
2. Timestamp    2022-06-09T15:30:39
   
3. 
   
4. Platform     10.0.22000/x64 v943 06_8d*
   
5. PID          17636
   
6. Feature      007D0A30000000A6
   
7. Application  C:\Windows\System32\rundll32.exe
   
8. Created      2022-05-14T06:29:55
   
9. Description  Windows 主进程 (Rundll32) 10
   
10. 
    
11. Callee Type  LoadLibrary
    
12.              gdiplus.dll
    
13.              0x00007FFF0BDFF000 (4096 bytes)
    
14. 
    
15. Shellcode (HHA) (0x00010000 bytes)
    
16. Owner of CALLER: (anonymous; allocated by 00007FFEAA41DE57, da4nos.dll)
    

复制代码

zpy0206

火绒扫描 MISS

kuroandsan

补个红伞的，HEUR/APC

lvseqiji

卡巴已经拉黑了