blackmoon | 4466b8453e9c1325a915d0de60f79850630e97ba5ef93ecb0863e1daa488f62e

Analysis

max time kernel
149s
max time network
124s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
13-11-2023 06:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.9fea6ec3d434a41e312eba4efa232740.exe
Size

80KB
MD5

9fea6ec3d434a41e312eba4efa232740
SHA1

41360ae5d2393719e78c38674cc07993e1c53484
SHA256

4466b8453e9c1325a915d0de60f79850630e97ba5ef93ecb0863e1daa488f62e
SHA512

d7e54072aa6d567b202403207490b30aafe3214d25f6e613b695865b8f4e6d0031bdec4ff0cf84379d4cfefee12e581343c4abdea9fc34583589151b76988149
SSDEEP

1536:FvQBeOGtrYS3srx93UBWfwC6Ggnouy87mSSDLum+WV9iOQeWPCyOzxoi0ELGewuV:FhOmTsF93UYfwC6GIout7DSHt+S9Ie51

Score

10^/10

blackmoon banker dropper persistence trojan upx

Malware Config

Signatures

Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
trojan banker blackmoon

Detect Blackmoon payload 39 IoCs

resource	yara_rule
behavioral1/memory/2928-33-0x0000000000400000-0x0000000000437000-memory.dmp	family_blackmoon
behavioral1/memory/2232-42-0x0000000000400000-0x0000000000437000-memory.dmp	family_blackmoon
behavioral1/memory/2636-77-0x0000000000400000-0x0000000000437000-memory.dmp	family_blackmoon
behavioral1/memory/2660-90-0x0000000000400000-0x0000000000437000-memory.dmp	family_blackmoon
behavioral1/memory/2920-98-0x0000000000400000-0x0000000000437000-memory.dmp	family_blackmoon
behavioral1/memory/2708-107-0x0000000000400000-0x0000000000437000-memory.dmp	family_blackmoon
behavioral1/memory/944-156-0x0000000000400000-0x0000000000437000-memory.dmp	family_blackmoon
behavioral1/memory/1580-184-0x0000000000220000-0x0000000000257000-memory.dmp	family_blackmoon
behavioral1/memory/2764-194-0x0000000000400000-0x0000000000437000-memory.dmp	family_blackmoon
behavioral1/memory/1132-224-0x0000000000400000-0x0000000000437000-memory.dmp	family_blackmoon
behavioral1/memory/1148-232-0x0000000000400000-0x0000000000437000-memory.dmp	family_blackmoon
behavioral1/memory/1576-277-0x0000000000400000-0x0000000000437000-memory.dmp	family_blackmoon
behavioral1/memory/556-292-0x0000000000220000-0x0000000000257000-memory.dmp	family_blackmoon
behavioral1/memory/1588-305-0x0000000000400000-0x0000000000437000-memory.dmp	family_blackmoon
behavioral1/memory/2856-332-0x0000000000400000-0x0000000000437000-memory.dmp	family_blackmoon
behavioral1/memory/2364-299-0x0000000000400000-0x0000000000437000-memory.dmp	family_blackmoon
behavioral1/memory/2652-359-0x0000000000400000-0x0000000000437000-memory.dmp	family_blackmoon
behavioral1/memory/2664-379-0x00000000003C0000-0x00000000003F7000-memory.dmp	family_blackmoon
behavioral1/memory/3028-349-0x0000000000400000-0x0000000000437000-memory.dmp	family_blackmoon
behavioral1/memory/2608-397-0x0000000000220000-0x0000000000257000-memory.dmp	family_blackmoon
behavioral1/memory/2608-398-0x0000000000220000-0x0000000000257000-memory.dmp	family_blackmoon
behavioral1/memory/2608-396-0x0000000000400000-0x0000000000437000-memory.dmp	family_blackmoon
behavioral1/memory/2828-395-0x0000000000220000-0x0000000000257000-memory.dmp	family_blackmoon
behavioral1/memory/2972-343-0x0000000000220000-0x0000000000257000-memory.dmp	family_blackmoon
behavioral1/memory/2368-459-0x0000000000220000-0x0000000000257000-memory.dmp	family_blackmoon
behavioral1/memory/2540-445-0x0000000000400000-0x0000000000437000-memory.dmp	family_blackmoon
behavioral1/memory/1632-433-0x0000000000220000-0x0000000000257000-memory.dmp	family_blackmoon
behavioral1/memory/1632-432-0x0000000000400000-0x0000000000437000-memory.dmp	family_blackmoon
behavioral1/memory/2772-480-0x00000000001B0000-0x00000000001E7000-memory.dmp	family_blackmoon
behavioral1/memory/2804-487-0x0000000000220000-0x0000000000257000-memory.dmp	family_blackmoon
behavioral1/memory/1364-517-0x0000000000220000-0x0000000000257000-memory.dmp	family_blackmoon
behavioral1/memory/1880-524-0x0000000000220000-0x0000000000257000-memory.dmp	family_blackmoon
behavioral1/memory/2512-414-0x0000000000220000-0x0000000000257000-memory.dmp	family_blackmoon
behavioral1/memory/2372-624-0x0000000000400000-0x0000000000437000-memory.dmp	family_blackmoon
behavioral1/memory/2712-622-0x0000000000220000-0x0000000000257000-memory.dmp	family_blackmoon
behavioral1/memory/1620-589-0x00000000002A0000-0x00000000002D7000-memory.dmp	family_blackmoon
behavioral1/memory/1260-682-0x0000000000220000-0x0000000000257000-memory.dmp	family_blackmoon
behavioral1/memory/1620-695-0x00000000002A0000-0x00000000002D7000-memory.dmp	family_blackmoon
behavioral1/memory/3012-708-0x0000000000220000-0x0000000000257000-memory.dmp	family_blackmoon

Malware Backdoor - Berbew 56 IoCs

Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.

persistence dropper trojan

resource	yara_rule
behavioral1/memory/2244-0-0x0000000000400000-0x0000000000437000-memory.dmp	family_berbew
behavioral1/files/0x00080000000120ca-8.dat	family_berbew
behavioral1/memory/2928-33-0x0000000000400000-0x0000000000437000-memory.dmp	family_berbew
behavioral1/files/0x0008000000018727-26.dat	family_berbew
behavioral1/memory/2232-42-0x0000000000400000-0x0000000000437000-memory.dmp	family_berbew
behavioral1/files/0x00070000000192dc-60.dat	family_berbew
behavioral1/memory/2636-77-0x0000000000400000-0x0000000000437000-memory.dmp	family_berbew
behavioral1/memory/2660-90-0x0000000000400000-0x0000000000437000-memory.dmp	family_berbew
behavioral1/memory/2920-98-0x0000000000400000-0x0000000000437000-memory.dmp	family_berbew
behavioral1/memory/2708-107-0x0000000000400000-0x0000000000437000-memory.dmp	family_berbew
behavioral1/files/0x000400000001934e-114.dat	family_berbew
behavioral1/files/0x0004000000019398-123.dat	family_berbew
behavioral1/files/0x0004000000019398-122.dat	family_berbew
behavioral1/files/0x0004000000019399-131.dat	family_berbew
behavioral1/files/0x00040000000193aa-139.dat	family_berbew
behavioral1/memory/944-156-0x0000000000400000-0x0000000000437000-memory.dmp	family_berbew
behavioral1/files/0x00040000000193b3-157.dat	family_berbew
behavioral1/memory/1580-184-0x0000000000220000-0x0000000000257000-memory.dmp	family_berbew
behavioral1/memory/2764-194-0x0000000000400000-0x0000000000437000-memory.dmp	family_berbew
behavioral1/memory/1132-224-0x0000000000400000-0x0000000000437000-memory.dmp	family_berbew
behavioral1/memory/1148-232-0x0000000000400000-0x0000000000437000-memory.dmp	family_berbew
behavioral1/files/0x0004000000019478-235.dat	family_berbew
behavioral1/memory/1576-277-0x0000000000400000-0x0000000000437000-memory.dmp	family_berbew
behavioral1/memory/556-292-0x0000000000220000-0x0000000000257000-memory.dmp	family_berbew
behavioral1/memory/1588-305-0x0000000000400000-0x0000000000437000-memory.dmp	family_berbew
behavioral1/memory/2856-332-0x0000000000400000-0x0000000000437000-memory.dmp	family_berbew
behavioral1/memory/2364-299-0x0000000000400000-0x0000000000437000-memory.dmp	family_berbew
behavioral1/memory/2972-350-0x0000000000220000-0x0000000000257000-memory.dmp	family_berbew
behavioral1/memory/2652-359-0x0000000000400000-0x0000000000437000-memory.dmp	family_berbew
behavioral1/memory/2740-371-0x0000000000440000-0x0000000000477000-memory.dmp	family_berbew
behavioral1/memory/2664-379-0x00000000003C0000-0x00000000003F7000-memory.dmp	family_berbew
behavioral1/memory/3028-349-0x0000000000400000-0x0000000000437000-memory.dmp	family_berbew
behavioral1/memory/2608-397-0x0000000000220000-0x0000000000257000-memory.dmp	family_berbew
behavioral1/memory/2608-398-0x0000000000220000-0x0000000000257000-memory.dmp	family_berbew
behavioral1/memory/2608-396-0x0000000000400000-0x0000000000437000-memory.dmp	family_berbew
behavioral1/memory/2828-395-0x0000000000220000-0x0000000000257000-memory.dmp	family_berbew
behavioral1/memory/2972-343-0x0000000000220000-0x0000000000257000-memory.dmp	family_berbew
behavioral1/memory/1788-446-0x0000000000220000-0x0000000000257000-memory.dmp	family_berbew
behavioral1/memory/2368-459-0x0000000000220000-0x0000000000257000-memory.dmp	family_berbew
behavioral1/memory/2540-445-0x0000000000400000-0x0000000000437000-memory.dmp	family_berbew
behavioral1/memory/1632-433-0x0000000000220000-0x0000000000257000-memory.dmp	family_berbew
behavioral1/memory/1632-432-0x0000000000400000-0x0000000000437000-memory.dmp	family_berbew
behavioral1/memory/2772-480-0x00000000001B0000-0x00000000001E7000-memory.dmp	family_berbew
behavioral1/memory/2804-487-0x0000000000220000-0x0000000000257000-memory.dmp	family_berbew
behavioral1/memory/1364-517-0x0000000000220000-0x0000000000257000-memory.dmp	family_berbew
behavioral1/memory/1880-524-0x0000000000220000-0x0000000000257000-memory.dmp	family_berbew
behavioral1/memory/2000-504-0x0000000000220000-0x0000000000257000-memory.dmp	family_berbew
behavioral1/memory/2512-414-0x0000000000220000-0x0000000000257000-memory.dmp	family_berbew
behavioral1/memory/2216-602-0x0000000000220000-0x0000000000257000-memory.dmp	family_berbew
behavioral1/memory/2372-624-0x0000000000400000-0x0000000000437000-memory.dmp	family_berbew
behavioral1/memory/2712-622-0x0000000000220000-0x0000000000257000-memory.dmp	family_berbew
behavioral1/memory/1620-589-0x00000000002A0000-0x00000000002D7000-memory.dmp	family_berbew
behavioral1/memory/2516-649-0x0000000000220000-0x0000000000257000-memory.dmp	family_berbew
behavioral1/memory/1260-682-0x0000000000220000-0x0000000000257000-memory.dmp	family_berbew
behavioral1/memory/1620-695-0x00000000002A0000-0x00000000002D7000-memory.dmp	family_berbew
behavioral1/memory/3012-708-0x0000000000220000-0x0000000000257000-memory.dmp	family_berbew

UPX packed file 32 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2244-0-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral1/files/0x00080000000120ca-8.dat	upx
behavioral1/memory/2928-33-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral1/files/0x0008000000018727-26.dat	upx
behavioral1/memory/2232-42-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral1/files/0x00070000000192dc-60.dat	upx
behavioral1/memory/2636-77-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral1/memory/2660-90-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral1/memory/2920-98-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral1/memory/2708-107-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral1/files/0x000400000001934e-114.dat	upx
behavioral1/files/0x0004000000019398-123.dat	upx
behavioral1/files/0x0004000000019398-122.dat	upx
behavioral1/files/0x0004000000019399-131.dat	upx
behavioral1/files/0x00040000000193aa-139.dat	upx
behavioral1/memory/944-156-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral1/files/0x00040000000193b3-157.dat	upx
behavioral1/memory/2764-194-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral1/memory/1132-224-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral1/memory/1148-232-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral1/files/0x0004000000019478-235.dat	upx
behavioral1/memory/1576-277-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral1/memory/1588-305-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral1/memory/2856-332-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral1/memory/2364-299-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral1/memory/2652-359-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral1/memory/3028-349-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral1/memory/2608-396-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral1/memory/2540-445-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral1/memory/1632-432-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral1/memory/2372-624-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral1/memory/2712-622-0x0000000000220000-0x0000000000257000-memory.dmp	upx

\??\c:\pnrrdxj.exe
c:\pnrrdxj.exe
1⤵
PID:2928

\??\c:\bjdbfxp.exe
c:\bjdbfxp.exe
1⤵
PID:2756
- \??\c:\rbtlxn.exe
  c:\rbtlxn.exe
  2⤵
  PID:2000
- - \??\c:\vfndjrh.exe
    c:\vfndjrh.exe
    3⤵
    PID:1564

\??\c:\llxdhvl.exe
c:\llxdhvl.exe
1⤵
PID:1576

\??\c:\lffpfhx.exe
c:\lffpfhx.exe
1⤵
PID:2972
- \??\c:\hrbxj.exe
  c:\hrbxj.exe
  2⤵
  PID:3028
- - \??\c:\jfhjbj.exe
    c:\jfhjbj.exe
    3⤵
    PID:2964
  - - \??\c:\rhrjvp.exe
      c:\rhrjvp.exe
      4⤵
      PID:1464

\??\c:\fbvnx.exe
c:\fbvnx.exe
1⤵
PID:2044

\??\c:\flvbnr.exe
c:\flvbnr.exe
1⤵
PID:2124

\??\c:\nnrbbnl.exe
c:\nnrbbnl.exe
1⤵
PID:2828
- \??\c:\xpxdjbb.exe
  c:\xpxdjbb.exe
  2⤵
  PID:2608

\??\c:\rlfjjt.exe
c:\rlfjjt.exe
1⤵
PID:2368

\??\c:\jvdhnf.exe
c:\jvdhnf.exe
1⤵
PID:2664

\??\c:\nntphhp.exe
c:\nntphhp.exe
1⤵
PID:2740
- \??\c:\xhjvnjb.exe
  c:\xhjvnjb.exe
  2⤵
  PID:2736

\??\c:\tjtdfjp.exe
c:\tjtdfjp.exe
1⤵
PID:2652

\??\c:\xlhjb.exe
c:\xlhjb.exe
1⤵
PID:2512
- \??\c:\nvxfj.exe
  c:\nvxfj.exe
  2⤵
  PID:2584

\??\c:\jtfrbtr.exe
c:\jtfrbtr.exe
1⤵
PID:2596
- \??\c:\nlnrhhf.exe
  c:\nlnrhhf.exe
  2⤵
  PID:2884
- - \??\c:\jtjnb.exe
    c:\jtjnb.exe
    3⤵
    PID:2772
  - - \??\c:\hpddd.exe
      c:\hpddd.exe
      4⤵
      PID:2804

\??\c:\fjblf.exe
c:\fjblf.exe
1⤵
PID:2700

\??\c:\vtlpxft.exe
c:\vtlpxft.exe
1⤵
PID:3040

\??\c:\hjvnb.exe
c:\hjvnb.exe
1⤵
PID:2540
- \??\c:\bfnrn.exe
  c:\bfnrn.exe
  2⤵
  PID:832

\??\c:\lpvnhv.exe
c:\lpvnhv.exe
1⤵
PID:1788

\??\c:\hrfvd.exe
c:\hrfvd.exe
1⤵
PID:1632
- \??\c:\lllpdh.exe
  c:\lllpdh.exe
  2⤵
  PID:2168

\??\c:\bjpvvdv.exe
c:\bjpvvdv.exe
1⤵
PID:2888
- \??\c:\hbxfp.exe
  c:\hbxfp.exe
  2⤵
  PID:1060
- - \??\c:\jrflplv.exe
    c:\jrflplv.exe
    3⤵
    PID:2000
  - - \??\c:\fbrnfbr.exe
      c:\fbrnfbr.exe
      4⤵
      PID:1996

\??\c:\tjjtb.exe
c:\tjjtb.exe
1⤵
PID:1268
- \??\c:\xjvvp.exe
  c:\xjvvp.exe
  2⤵
  PID:3008

\??\c:\nhtjhr.exe
c:\nhtjhr.exe
1⤵
PID:1880

\??\c:\ffvdd.exe
c:\ffvdd.exe
1⤵
PID:1504

\??\c:\xltxff.exe
c:\xltxff.exe
1⤵
PID:1364

\??\c:\jddtpdd.exe
c:\jddtpdd.exe
1⤵
PID:2452

\??\c:\vxxxt.exe
c:\vxxxt.exe
1⤵
PID:3012

\??\c:\ftrxpb.exe
c:\ftrxpb.exe
1⤵
PID:3048

\??\c:\nnptpp.exe
c:\nnptpp.exe
1⤵
PID:2668

\??\c:\xlpfvr.exe
c:\xlpfvr.exe
1⤵
PID:2372
- \??\c:\ntrft.exe
  c:\ntrft.exe
  2⤵
  PID:2716

\??\c:\lxlxnb.exe
c:\lxlxnb.exe
1⤵
PID:2712
- \??\c:\bdrjj.exe
  c:\bdrjj.exe
  2⤵
  PID:2732

\??\c:\pftjjv.exe
c:\pftjjv.exe
1⤵
PID:2636

\??\c:\bhthd.exe
c:\bhthd.exe
1⤵
PID:2548

\??\c:\bvxpvhl.exe
c:\bvxpvhl.exe
1⤵
PID:2328

\??\c:\dpnpr.exe
c:\dpnpr.exe
1⤵
PID:3036

\??\c:\nfhfldb.exe
c:\nfhfldb.exe
1⤵
PID:2064
- \??\c:\prpdbnj.exe
  c:\prpdbnj.exe
  2⤵
  PID:2172
- - \??\c:\tnxxlth.exe
    c:\tnxxlth.exe
    3⤵
    PID:3068
  - - \??\c:\ldrdrjn.exe
      c:\ldrdrjn.exe
      4⤵
      PID:2032
    - - \??\c:\npjvfj.exe
        
        c:\npjvfj.exe
        5⤵
        
        PID:2016
      - \??\c:\pttvt.exe
        
        c:\pttvt.exe
        6⤵
        
        PID:2076
        
        \??\c:\dpvtr.exe
        
        c:\dpvtr.exe
        7⤵
        
        PID:1172
        
        \??\c:\vnnttxn.exe
        
        c:\vnnttxn.exe
        8⤵
        
        PID:584
        
        \??\c:\lllrj.exe
        
        c:\lllrj.exe
        9⤵
        
        PID:2732
        
        \??\c:\rdflt.exe
        
        c:\rdflt.exe
        10⤵
        
        PID:2728
        
        \??\c:\rrhvx.exe
        
        c:\rrhvx.exe
        11⤵
        
        PID:1924
        
        \??\c:\xvvvtd.exe
        
        c:\xvvvtd.exe
        12⤵
        
        PID:2716
        
        \??\c:\dfjhvfp.exe
        
        c:\dfjhvfp.exe
        13⤵
        
        PID:2748
        
        \??\c:\tnhxlx.exe
        
        c:\tnhxlx.exe
        10⤵
        
        PID:2964
    - - \??\c:\lvvdd.exe
        
        c:\lvvdd.exe
        5⤵
        
        PID:3044
- \??\c:\hxbnd.exe
  c:\hxbnd.exe
  2⤵
  PID:2348

\??\c:\tthbbl.exe
c:\tthbbl.exe
1⤵
PID:1016

\??\c:\lllfl.exe
c:\lllfl.exe
1⤵
PID:1684

\??\c:\rlrfrxn.exe
c:\rlrfrxn.exe
1⤵
PID:2904

\??\c:\lxppn.exe
c:\lxppn.exe
1⤵
PID:596

\??\c:\bpdttld.exe
c:\bpdttld.exe
1⤵
PID:440

\??\c:\hdptfjv.exe
c:\hdptfjv.exe
1⤵
PID:2508

\??\c:\jdlrjr.exe
c:\jdlrjr.exe
1⤵
PID:268

\??\c:\ltnfhb.exe
c:\ltnfhb.exe
1⤵
PID:2472

\??\c:\tvbbpbr.exe
c:\tvbbpbr.exe
1⤵
PID:2756

\??\c:\fxpnt.exe
c:\fxpnt.exe
1⤵
PID:2788

\??\c:\fjfnn.exe
c:\fjfnn.exe
1⤵
PID:1652

\??\c:\lhjhjhr.exe
c:\lhjhjhr.exe
1⤵
PID:1516

\??\c:\nrjhxp.exe
c:\nrjhxp.exe
1⤵
PID:2576

\??\c:\ldjdr.exe
c:\ldjdr.exe
1⤵
PID:1688

\??\c:\pftnl.exe
c:\pftnl.exe
1⤵
PID:2836
- \??\c:\jphrlf.exe
  c:\jphrlf.exe
  2⤵
  PID:1400
- - \??\c:\vvtjrhv.exe
    c:\vvtjrhv.exe
    3⤵
    PID:1632
  - - \??\c:\xnrrldj.exe
      c:\xnrrldj.exe
      4⤵
      PID:2344
    - - \??\c:\jpxxjdp.exe
        
        c:\jpxxjdp.exe
        5⤵
        
        PID:2700
      - \??\c:\blvjnbb.exe
        
        c:\blvjnbb.exe
        6⤵
        
        PID:2868
        
        \??\c:\brxrt.exe
        
        c:\brxrt.exe
        7⤵
        
        PID:2720
        
        \??\c:\jftpx.exe
        
        c:\jftpx.exe
        8⤵
        
        PID:2952
        
        \??\c:\lxlbjf.exe
        
        c:\lxlbjf.exe
        9⤵
        
        PID:2856
        
        \??\c:\hhvvxhp.exe
        
        c:\hhvvxhp.exe
        10⤵
        
        PID:2148
        
        \??\c:\xbflxr.exe
        
        c:\xbflxr.exe
        11⤵
        
        PID:2888
        
        \??\c:\rjbdt.exe
        
        c:\rjbdt.exe
        12⤵
        
        PID:2604
        
        \??\c:\nfpjd.exe
        
        c:\nfpjd.exe
        13⤵
        
        PID:2624
        
        \??\c:\dlvxhr.exe
        
        c:\dlvxhr.exe
        14⤵
        
        PID:2292
        
        \??\c:\jtndxjt.exe
        
        c:\jtndxjt.exe
        15⤵
        
        PID:2804
        
        \??\c:\vpdrjnx.exe
        
        c:\vpdrjnx.exe
        16⤵
        
        PID:284
        
        \??\c:\lblnrb.exe
        
        c:\lblnrb.exe
        17⤵
        
        PID:2612
        
        \??\c:\hhjpf.exe
        
        c:\hhjpf.exe
        18⤵
        
        PID:1060
        
        \??\c:\bvljtj.exe
        
        c:\bvljtj.exe
        19⤵
        
        PID:2356
        
        \??\c:\rltlhh.exe
        
        c:\rltlhh.exe
        19⤵
        
        PID:2704
        
        \??\c:\nbjdxt.exe
        
        c:\nbjdxt.exe
        20⤵
        
        PID:1744
        
        \??\c:\hphxhpd.exe
        
        c:\hphxhpd.exe
        21⤵
        
        PID:1948
        
        \??\c:\hfjjrdn.exe
        
        c:\hfjjrdn.exe
        22⤵
        
        PID:2960
        
        \??\c:\brbfjjf.exe
        
        c:\brbfjjf.exe
        23⤵
        
        PID:2300
        
        \??\c:\rbprfnn.exe
        
        c:\rbprfnn.exe
        24⤵
        
        PID:1260
        
        \??\c:\vrxpp.exe
        
        c:\vrxpp.exe
        25⤵
        
        PID:1032
        
        \??\c:\vprbp.exe
        
        c:\vprbp.exe
        26⤵
        
        PID:2268
        
        \??\c:\jrvvhn.exe
        
        c:\jrvvhn.exe
        27⤵
        
        PID:952
        
        \??\c:\ptlhb.exe
        
        c:\ptlhb.exe
        10⤵
        
        PID:960
        
        \??\c:\bnrpr.exe
        
        c:\bnrpr.exe
        8⤵
        
        PID:768

\??\c:\htpvt.exe
c:\htpvt.exe
1⤵
PID:1328

\??\c:\xttnb.exe
c:\xttnb.exe
1⤵
PID:2892

\??\c:\xftfj.exe
c:\xftfj.exe
1⤵
PID:2672

\??\c:\hdtltr.exe
c:\hdtltr.exe
1⤵
PID:2740

\??\c:\dxnthf.exe
c:\dxnthf.exe
1⤵
PID:2644

\??\c:\djjbr.exe
c:\djjbr.exe
1⤵
PID:2100

\??\c:\jlnhnf.exe
c:\jlnhnf.exe
1⤵
PID:1644

\??\c:\hnxxxd.exe
c:\hnxxxd.exe
1⤵
PID:3056

\??\c:\jhrxpn.exe
c:\jhrxpn.exe
1⤵
PID:2712

\??\c:\xplpxpj.exe
c:\xplpxpj.exe
1⤵
PID:2108

\??\c:\hxbdbr.exe
c:\hxbdbr.exe
1⤵
PID:2032

\??\c:\ffbntnr.exe
c:\ffbntnr.exe
1⤵
PID:1544

\??\c:\rthbxj.exe
c:\rthbxj.exe
1⤵
PID:2064

\??\c:\tnnnh.exe
c:\tnnnh.exe
1⤵
PID:1624

\??\c:\fxrrl.exe
c:\fxrrl.exe
1⤵
PID:308

\??\c:\njrbtt.exe
c:\njrbtt.exe
1⤵
PID:1348

\??\c:\bfbnhv.exe
c:\bfbnhv.exe
1⤵
PID:1060

\??\c:\xhtbpnl.exe
c:\xhtbpnl.exe
1⤵
PID:988

\??\c:\jljpj.exe
c:\jljpj.exe
1⤵
PID:980

\??\c:\phxhrhx.exe
c:\phxhrhx.exe
1⤵
PID:844

\??\c:\lvnpdd.exe
c:\lvnpdd.exe
1⤵
PID:2060

\??\c:\jtbdn.exe
c:\jtbdn.exe
1⤵
PID:2000

\??\c:\lbjnd.exe
c:\lbjnd.exe
1⤵
PID:2856

\??\c:\flfrhhf.exe
c:\flfrhhf.exe
1⤵
PID:2720

\??\c:\tldjb.exe
c:\tldjb.exe
1⤵
PID:1976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\hnlxx.exe

Filesize
80KB

MD5
0e9da5ef3d17a0bf3e22cdd5150ca0f3

SHA1
caf19a8991bece158eb747b3be9082e6a5267940

SHA256
0650abaa81d82e67784109a7dff24f85450110e424a68478d2e9477db5666139

SHA512
c862a0e12988bc06ca4f34a66e0bcf51dbd87bd9b15321c3266c11cff4ac8c9c335b64c86354e80fab95bedb2e59ea3e1fb1aff68b7fa66f54dd47586aafb6d7

Download Submit
C:\pjpnlld.exe

Filesize
80KB

MD5
9b5c91aadd631190cd430bb1db71bbf8

SHA1
cbaf7915a41153ae4d1c6277cac4e3106dc73977

SHA256
e2a4afe5e9697ee3ddb8e950028c8f6d6605b13903f5e264f4d4bbdd1c358308

SHA512
5ea2f3b68fe6cf9a3ca953f5cb06b43a1a7555be99359428786f0e677d43463d62197410b6dce82148f279a2e917eba44f2645ec40118ec83b42f7a4e495a336

Download Submit
C:\tlbpfl.exe

Filesize
80KB

MD5
9e0d64316c52f4b7ca683df6d0436284

SHA1
6d149c8439338e4d482dfd1c645e3eda612a7087

SHA256
7fc835d8655038edc999da6cce48524225f5ef29a1979ab15e206b7a14827b6b

SHA512
9135b351433c3df6cc4bcc91c9166739326602750801f2e8750265e873f48a150fe89b033c98994e23f91bfdbe079cd1522eb457c7d78be2eae9621b962111f4

Download Submit
C:\xlphnh.exe

Filesize
80KB

MD5
e14eff0438ab9aaaa441b0d74a850c3f

SHA1
eba960e05e0a6f7c90af3e013df84778b19cecd6

SHA256
18874af66da7b3a1466fa004c64e5805979eed51ac6be1f8ea772ef391e80063

SHA512
8436b7a95b8ace02838ed03fa7247ba84f49f8a5157b20ad9330621fe5cd3fcacc7c51899a632dbe3718f52e7639f0a08103561c89ced1fc46fad6740c0f8092

Download Submit
\??\c:\dhhnbv.exe

Filesize
80KB

MD5
aa649e2fa5459488ed0cd8098d7d2ed4

SHA1
8a8b03f059a278c308a8a7a5d462458cb8f9ab5e

SHA256
2834e65a794edd25eb39d4644f7641400b1cf724f989de60cea968bc4ee07969

SHA512
5bf5f6c660a250685cbf8031edd77279ed5aff09ff76fdd63746b490b808db36897fd1117d07c4796a4b965e6e4cfa4f914b97fc253395cae689c602e182d709

Download Submit
\??\c:\hvhdvh.exe

Filesize
80KB

MD5
152d6426a874a1f5d258dec8ab8c6f54

SHA1
f6986844e913eee293691df75eb2aecf37ccedbb

SHA256
fb50caec06b3df87c7279c04e7688d193f9e1c68fb99c521c3d3bfb61205dd33

SHA512
e1dc7896f94e7cc0def8a813dadb84195492da85881cbaa47a3cd45fb2823dc0cb8145dbdba8ba3b2a3466f337d04aebccd66ce14bfa9e2777a2ecc241ed8c01

Download Submit
\??\c:\pnrrdxj.exe

Filesize
80KB

MD5
217bad9b61e68b3215d01f1b7ec435cf

SHA1
09c75d23e43fedfc1f9227e97160fc346350fe24

SHA256
aafc776f0afff4302b81a17f1fc0b84939340b2937c6a91f3573deeb55d22d0d

SHA512
73ab8a5f18e745f3735168558331021ff5f5c978b52121305399ca5f0d0c88afd5002ccdd856706f210581c8d4682f0be445488b17fd33af94055fa786aa7c02

Download Submit
\??\c:\rbtjtx.exe

Filesize
80KB

MD5
6e467a0f7c354a50dc2dd15ac33a80d5

SHA1
a583d4b4eabd93100bb55914f48995264651e991

SHA256
94032e34eaa5f56ef4d6a42552cb9475ebec28aa33fb7ddae5e598ddb07062ff

SHA512
8cc098c73f1e7c70adc337c2bebd5c3df01f615f7819a73c614b6f7b0fb95c7ffcc2960909efca387114fc771110318f35018166db0a1ef1373e0bb0bbd4b948

Download Submit
\??\c:\rjxnb.exe

Filesize
81KB

MD5
5bb832110a8d045a56b0b4422584da93

SHA1
02ca88b629b450e4404f349327be83737f71cb80

SHA256
13f5025672eb9dbf263f32ec691be07958b915d9f75faf27e9c2e03c6ed49b3f

SHA512
17f5bd68a9962e587998f867d6760dc88dabf3d2da4ae3e4c95bf46c1267d4cf17cca96016daddfdc6e7b116b33299994a629968d499e8e8d568a7b24cd65c57

Download Submit
\??\c:\tlbpfl.exe

Filesize
80KB

MD5
9e0d64316c52f4b7ca683df6d0436284

SHA1
6d149c8439338e4d482dfd1c645e3eda612a7087

SHA256
7fc835d8655038edc999da6cce48524225f5ef29a1979ab15e206b7a14827b6b

SHA512
9135b351433c3df6cc4bcc91c9166739326602750801f2e8750265e873f48a150fe89b033c98994e23f91bfdbe079cd1522eb457c7d78be2eae9621b962111f4

Download Submit
memory/556-292-0x0000000000220000-0x0000000000257000-memory.dmp

Filesize
220KB

Download
memory/944-156-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1128-549-0x0000000000220000-0x0000000000257000-memory.dmp

Filesize
220KB

Download
memory/1132-224-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1132-337-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1148-232-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1260-682-0x0000000000220000-0x0000000000257000-memory.dmp

Filesize
220KB

Download
memory/1364-517-0x0000000000220000-0x0000000000257000-memory.dmp

Filesize
220KB

Download
memory/1576-277-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1580-184-0x0000000000220000-0x0000000000257000-memory.dmp

Filesize
220KB

Download
memory/1588-305-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1620-589-0x00000000002A0000-0x00000000002D7000-memory.dmp

Filesize
220KB

Download
memory/1620-695-0x00000000002A0000-0x00000000002D7000-memory.dmp

Filesize
220KB

Download
memory/1632-432-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1632-433-0x0000000000220000-0x0000000000257000-memory.dmp

Filesize
220KB

Download
memory/1788-446-0x0000000000220000-0x0000000000257000-memory.dmp

Filesize
220KB

Download
memory/1880-524-0x0000000000220000-0x0000000000257000-memory.dmp

Filesize
220KB

Download
memory/2000-504-0x0000000000220000-0x0000000000257000-memory.dmp

Filesize
220KB

Download
memory/2216-602-0x0000000000220000-0x0000000000257000-memory.dmp

Filesize
220KB

Download
memory/2232-42-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2244-0-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2364-299-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2368-459-0x0000000000220000-0x0000000000257000-memory.dmp

Filesize
220KB

Download
memory/2368-385-0x0000000000220000-0x0000000000257000-memory.dmp

Filesize
220KB

Download
memory/2372-624-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2512-414-0x0000000000220000-0x0000000000257000-memory.dmp

Filesize
220KB

Download
memory/2516-649-0x0000000000220000-0x0000000000257000-memory.dmp

Filesize
220KB

Download
memory/2540-445-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2608-398-0x0000000000220000-0x0000000000257000-memory.dmp

Filesize
220KB

Download
memory/2608-396-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2608-397-0x0000000000220000-0x0000000000257000-memory.dmp

Filesize
220KB

Download
memory/2636-77-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2652-359-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2660-90-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2664-379-0x00000000003C0000-0x00000000003F7000-memory.dmp

Filesize
220KB

Download
memory/2708-107-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2712-622-0x0000000000220000-0x0000000000257000-memory.dmp

Filesize
220KB

Download
memory/2740-371-0x0000000000440000-0x0000000000477000-memory.dmp

Filesize
220KB

Download
memory/2764-194-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2772-480-0x00000000001B0000-0x00000000001E7000-memory.dmp

Filesize
220KB

Download
memory/2804-487-0x0000000000220000-0x0000000000257000-memory.dmp

Filesize
220KB

Download
memory/2828-395-0x0000000000220000-0x0000000000257000-memory.dmp

Filesize
220KB

Download
memory/2856-332-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2876-562-0x00000000002D0000-0x0000000000307000-memory.dmp

Filesize
220KB

Download
memory/2912-64-0x0000000001B60000-0x0000000001B97000-memory.dmp

Filesize
220KB

Download
memory/2916-615-0x0000000001B90000-0x0000000001BC7000-memory.dmp

Filesize
220KB

Download
memory/2920-98-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2928-33-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2972-350-0x0000000000220000-0x0000000000257000-memory.dmp

Filesize
220KB

Download
memory/2972-343-0x0000000000220000-0x0000000000257000-memory.dmp

Filesize
220KB

Download
memory/3012-708-0x0000000000220000-0x0000000000257000-memory.dmp

Filesize
220KB

Download
memory/3028-349-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download