Analysis
-
max time kernel
95s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
15/03/2024, 22:59
Behavioral task
behavioral1
Sample
b244d96b2f17d97246e34d5cce7e53df3da8966167abae75fc140098a2be84e6.exe
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
General
-
Target
b244d96b2f17d97246e34d5cce7e53df3da8966167abae75fc140098a2be84e6.exe
-
Size
197KB
-
MD5
5aa1c20bd8dfde913da39763b119fd1d
-
SHA1
dacab93cda94693f707d68cbc915ac4b9d99b516
-
SHA256
b244d96b2f17d97246e34d5cce7e53df3da8966167abae75fc140098a2be84e6
-
SHA512
3a1f3eec47d7cbf39cde7b0e50f76741a8372b3febeed3fd847aa4be2ff34f81cf43cde3d565775cf1db5eec100eee490660f2a421615572bbbc57ad4f60e616
-
SSDEEP
3072:xhOmTsF93UYfwC6GIout3WVi/8HCpi8rY9AABa1YRMxl1522cJ1uIH:xcm4FmowdHoS3WV28HCddWhRO1Lc9H
Malware Config
Signatures
-
Detect Blackmoon payload 46 IoCs
resource yara_rule behavioral1/memory/1744-11-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/280-26-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/3040-35-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2032-6-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2688-40-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2732-49-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2592-67-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2616-58-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2460-77-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2212-86-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/3000-117-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2640-104-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2904-100-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/1600-125-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/280-134-0x00000000003B0000-0x00000000003E6000-memory.dmp family_blackmoon behavioral1/memory/320-133-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/320-139-0x0000000000220000-0x0000000000256000-memory.dmp family_blackmoon behavioral1/memory/1648-144-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/1704-148-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2696-157-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2072-175-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/1928-185-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/1044-207-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/1704-219-0x0000000000220000-0x0000000000256000-memory.dmp family_blackmoon behavioral1/memory/864-228-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2852-254-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2852-263-0x0000000000440000-0x0000000000476000-memory.dmp family_blackmoon behavioral1/memory/1836-264-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/328-282-0x0000000000230000-0x0000000000266000-memory.dmp family_blackmoon behavioral1/memory/1004-297-0x00000000003A0000-0x00000000003D6000-memory.dmp family_blackmoon behavioral1/memory/1612-318-0x0000000000220000-0x0000000000256000-memory.dmp family_blackmoon behavioral1/memory/2964-333-0x00000000001B0000-0x00000000001E6000-memory.dmp family_blackmoon behavioral1/memory/2964-331-0x00000000001B0000-0x00000000001E6000-memory.dmp family_blackmoon behavioral1/memory/1004-348-0x00000000003A0000-0x00000000003D6000-memory.dmp family_blackmoon behavioral1/memory/2464-353-0x0000000000220000-0x0000000000256000-memory.dmp family_blackmoon behavioral1/memory/1612-367-0x0000000000220000-0x0000000000256000-memory.dmp family_blackmoon behavioral1/memory/2616-368-0x00000000003C0000-0x00000000003F6000-memory.dmp family_blackmoon behavioral1/memory/2620-375-0x0000000000220000-0x0000000000256000-memory.dmp family_blackmoon behavioral1/memory/2476-383-0x00000000002B0000-0x00000000002E6000-memory.dmp family_blackmoon behavioral1/memory/2460-384-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2792-411-0x0000000000220000-0x0000000000256000-memory.dmp family_blackmoon behavioral1/memory/784-445-0x0000000000220000-0x0000000000256000-memory.dmp family_blackmoon behavioral1/memory/784-439-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2376-448-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/1464-468-0x00000000001B0000-0x00000000001E6000-memory.dmp family_blackmoon behavioral1/memory/2828-469-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral1/memory/2032-0-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/files/0x000d000000012248-5.dat UPX behavioral1/memory/1744-11-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/files/0x000d0000000143fa-19.dat UPX behavioral1/memory/280-21-0x00000000003B0000-0x00000000003E6000-memory.dmp UPX behavioral1/memory/280-26-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/memory/3040-35-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/files/0x00070000000149ea-37.dat UPX behavioral1/memory/3040-39-0x0000000000220000-0x0000000000256000-memory.dmp UPX behavioral1/files/0x0035000000014665-29.dat UPX behavioral1/memory/2032-6-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/memory/2688-40-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/files/0x0007000000014b12-47.dat UPX behavioral1/memory/2732-49-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/files/0x0007000000014c25-55.dat UPX behavioral1/files/0x0007000000014e5a-64.dat UPX behavioral1/memory/2592-67-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/files/0x0008000000015ca5-73.dat UPX behavioral1/memory/2616-58-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/memory/2460-77-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/memory/2212-86-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/files/0x0006000000015cad-84.dat UPX behavioral1/files/0x0006000000015cb9-93.dat UPX behavioral1/files/0x0006000000015cc1-102.dat UPX behavioral1/files/0x0006000000015cdb-118.dat UPX behavioral1/memory/3000-117-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/memory/2640-104-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/memory/2904-100-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/files/0x0006000000015cca-111.dat UPX behavioral1/files/0x0006000000015cec-127.dat UPX behavioral1/memory/1600-125-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/files/0x0006000000015cf7-136.dat UPX behavioral1/memory/320-133-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/memory/1648-144-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/memory/1704-148-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/files/0x0006000000015d06-146.dat UPX behavioral1/files/0x0035000000014701-153.dat UPX behavioral1/memory/2696-157-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/files/0x0006000000015d5d-163.dat UPX behavioral1/memory/2072-175-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/files/0x0006000000015d6e-173.dat UPX behavioral1/memory/1928-185-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/files/0x0006000000015f1b-183.dat UPX behavioral1/files/0x0006000000015f9e-192.dat UPX behavioral1/files/0x0006000000016056-200.dat UPX behavioral1/memory/1044-207-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/files/0x00060000000160f8-209.dat UPX behavioral1/files/0x0006000000016277-217.dat UPX behavioral1/files/0x0006000000016411-226.dat UPX behavioral1/memory/864-228-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/files/0x0006000000016525-234.dat UPX behavioral1/files/0x0006000000016597-244.dat UPX behavioral1/files/0x00060000000167ef-251.dat UPX behavioral1/memory/2852-254-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/files/0x0006000000016a45-261.dat UPX behavioral1/memory/1836-264-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/files/0x0006000000016c17-270.dat UPX behavioral1/memory/2232-271-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/files/0x0006000000016c26-279.dat UPX behavioral1/files/0x0006000000016c2e-288.dat UPX behavioral1/memory/1004-296-0x00000000003A0000-0x00000000003D6000-memory.dmp UPX behavioral1/memory/2460-384-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/memory/784-439-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/memory/2376-448-0x0000000000400000-0x0000000000436000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 1744 flrlxxl.exe 280 vvjvj.exe 3040 rrlxrxx.exe 2688 jpdvj.exe 2732 9pdjd.exe 2616 bnbhtn.exe 2592 7jvvd.exe 2460 lllrflx.exe 2212 hhbhnb.exe 2904 hbntht.exe 2640 bhtnbb.exe 3000 1fflxfx.exe 1600 bntttt.exe 320 lrfxrfl.exe 1648 9htthb.exe 1704 xlflllf.exe 2696 ddpdp.exe 1220 rlxlxrr.exe 2072 xrlrxrx.exe 1928 dvpdp.exe 600 tbthbh.exe 1044 dvpdj.exe 3032 pjddd.exe 328 9bnttb.exe 864 dvpdv.exe 2972 xxllxfr.exe 1840 nnhhbh.exe 2852 dddjp.exe 1836 rrlxffx.exe 2232 llxfrxl.exe 2240 dvppd.exe 1004 rlxxxfr.exe 1528 nbhbhh.exe 1760 dpddp.exe 1612 llxfxxr.exe 1744 9dpvd.exe 2964 3xrxllr.exe 2564 rrfxflf.exe 2116 bthntt.exe 2464 jdjpd.exe 2040 xrxlrrl.exe 2616 nbhhbh.exe 2620 1htnnh.exe 2476 9ppdp.exe 2460 rlxxffr.exe 1996 htbntb.exe 2276 3vdvd.exe 2792 7xrxllx.exe 2144 htbttb.exe 2284 ddpdv.exe 2884 llxxrrf.exe 1980 nnnthn.exe 784 pjvpd.exe 2376 rlrxflx.exe 1800 vvjpj.exe 1464 9xxrffr.exe 2828 rrxrlrf.exe 1328 bthnbh.exe 2672 ddppv.exe 804 ffrxffl.exe 1504 5lxxxxf.exe 700 hbbnhn.exe 932 pjppd.exe 1156 9xllrxf.exe -
resource yara_rule behavioral1/memory/2032-0-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x000d000000012248-5.dat upx behavioral1/memory/1744-11-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x000d0000000143fa-19.dat upx behavioral1/memory/280-21-0x00000000003B0000-0x00000000003E6000-memory.dmp upx behavioral1/memory/280-26-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/memory/3040-35-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x00070000000149ea-37.dat upx behavioral1/memory/3040-39-0x0000000000220000-0x0000000000256000-memory.dmp upx behavioral1/files/0x0035000000014665-29.dat upx behavioral1/memory/2032-6-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/memory/2688-40-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0007000000014b12-47.dat upx behavioral1/memory/2732-49-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0007000000014c25-55.dat upx behavioral1/files/0x0007000000014e5a-64.dat upx behavioral1/memory/2592-67-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0008000000015ca5-73.dat upx behavioral1/memory/2616-58-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/memory/2460-77-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/memory/2212-86-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0006000000015cad-84.dat upx behavioral1/files/0x0006000000015cb9-93.dat upx behavioral1/files/0x0006000000015cc1-102.dat upx behavioral1/files/0x0006000000015cdb-118.dat upx behavioral1/memory/3000-117-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/memory/2640-104-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/memory/2904-100-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0006000000015cca-111.dat upx behavioral1/files/0x0006000000015cec-127.dat upx behavioral1/memory/1600-125-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0006000000015cf7-136.dat upx behavioral1/memory/320-133-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/memory/1648-144-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/memory/1704-148-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0006000000015d06-146.dat upx behavioral1/files/0x0035000000014701-153.dat upx behavioral1/memory/2696-157-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0006000000015d5d-163.dat upx behavioral1/memory/2072-175-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0006000000015d6e-173.dat upx behavioral1/memory/1928-185-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0006000000015f1b-183.dat upx behavioral1/files/0x0006000000015f9e-192.dat upx behavioral1/files/0x0006000000016056-200.dat upx behavioral1/memory/1044-207-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x00060000000160f8-209.dat upx behavioral1/files/0x0006000000016277-217.dat upx behavioral1/files/0x0006000000016411-226.dat upx behavioral1/memory/864-228-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0006000000016525-234.dat upx behavioral1/files/0x0006000000016597-244.dat upx behavioral1/files/0x00060000000167ef-251.dat upx behavioral1/memory/2852-254-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0006000000016a45-261.dat upx behavioral1/memory/1836-264-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0006000000016c17-270.dat upx behavioral1/memory/2232-271-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0006000000016c26-279.dat upx behavioral1/files/0x0006000000016c2e-288.dat upx behavioral1/memory/1004-296-0x00000000003A0000-0x00000000003D6000-memory.dmp upx behavioral1/memory/2460-384-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/memory/784-439-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/memory/2376-448-0x0000000000400000-0x0000000000436000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2032 wrote to memory of 1744 2032 b244d96b2f17d97246e34d5cce7e53df3da8966167abae75fc140098a2be84e6.exe 28 PID 2032 wrote to memory of 1744 2032 b244d96b2f17d97246e34d5cce7e53df3da8966167abae75fc140098a2be84e6.exe 28 PID 2032 wrote to memory of 1744 2032 b244d96b2f17d97246e34d5cce7e53df3da8966167abae75fc140098a2be84e6.exe 28 PID 2032 wrote to memory of 1744 2032 b244d96b2f17d97246e34d5cce7e53df3da8966167abae75fc140098a2be84e6.exe 28 PID 1744 wrote to memory of 280 1744 flrlxxl.exe 29 PID 1744 wrote to memory of 280 1744 flrlxxl.exe 29 PID 1744 wrote to memory of 280 1744 flrlxxl.exe 29 PID 1744 wrote to memory of 280 1744 flrlxxl.exe 29 PID 280 wrote to memory of 3040 280 vvjvj.exe 30 PID 280 wrote to memory of 3040 280 vvjvj.exe 30 PID 280 wrote to memory of 3040 280 vvjvj.exe 30 PID 280 wrote to memory of 3040 280 vvjvj.exe 30 PID 3040 wrote to memory of 2688 3040 rrlxrxx.exe 31 PID 3040 wrote to memory of 2688 3040 rrlxrxx.exe 31 PID 3040 wrote to memory of 2688 3040 rrlxrxx.exe 31 PID 3040 wrote to memory of 2688 3040 rrlxrxx.exe 31 PID 2688 wrote to memory of 2732 2688 jpdvj.exe 32 PID 2688 wrote to memory of 2732 2688 jpdvj.exe 32 PID 2688 wrote to memory of 2732 2688 jpdvj.exe 32 PID 2688 wrote to memory of 2732 2688 jpdvj.exe 32 PID 2732 wrote to memory of 2616 2732 9pdjd.exe 33 PID 2732 wrote to memory of 2616 2732 9pdjd.exe 33 PID 2732 wrote to memory of 2616 2732 9pdjd.exe 33 PID 2732 wrote to memory of 2616 2732 9pdjd.exe 33 PID 2616 wrote to memory of 2592 2616 bnbhtn.exe 34 PID 2616 wrote to memory of 2592 2616 bnbhtn.exe 34 PID 2616 wrote to memory of 2592 2616 bnbhtn.exe 34 PID 2616 wrote to memory of 2592 2616 bnbhtn.exe 34 PID 2592 wrote to memory of 2460 2592 7jvvd.exe 35 PID 2592 wrote to memory of 2460 2592 7jvvd.exe 35 PID 2592 wrote to memory of 2460 2592 7jvvd.exe 35 PID 2592 wrote to memory of 2460 2592 7jvvd.exe 35 PID 2460 wrote to memory of 2212 2460 lllrflx.exe 36 PID 2460 wrote to memory of 2212 2460 lllrflx.exe 36 PID 2460 wrote to memory of 2212 2460 lllrflx.exe 36 PID 2460 wrote to memory of 2212 2460 lllrflx.exe 36 PID 2212 wrote to memory of 2904 2212 hhbhnb.exe 37 PID 2212 wrote to memory of 2904 2212 hhbhnb.exe 37 PID 2212 wrote to memory of 2904 2212 hhbhnb.exe 37 PID 2212 wrote to memory of 2904 2212 hhbhnb.exe 37 PID 2904 wrote to memory of 2640 2904 hbntht.exe 38 PID 2904 wrote to memory of 2640 2904 hbntht.exe 38 PID 2904 wrote to memory of 2640 2904 hbntht.exe 38 PID 2904 wrote to memory of 2640 2904 hbntht.exe 38 PID 2640 wrote to memory of 3000 2640 bhtnbb.exe 39 PID 2640 wrote to memory of 3000 2640 bhtnbb.exe 39 PID 2640 wrote to memory of 3000 2640 bhtnbb.exe 39 PID 2640 wrote to memory of 3000 2640 bhtnbb.exe 39 PID 3000 wrote to memory of 1600 3000 1fflxfx.exe 40 PID 3000 wrote to memory of 1600 3000 1fflxfx.exe 40 PID 3000 wrote to memory of 1600 3000 1fflxfx.exe 40 PID 3000 wrote to memory of 1600 3000 1fflxfx.exe 40 PID 1600 wrote to memory of 320 1600 bntttt.exe 41 PID 1600 wrote to memory of 320 1600 bntttt.exe 41 PID 1600 wrote to memory of 320 1600 bntttt.exe 41 PID 1600 wrote to memory of 320 1600 bntttt.exe 41 PID 320 wrote to memory of 1648 320 lrfxrfl.exe 42 PID 320 wrote to memory of 1648 320 lrfxrfl.exe 42 PID 320 wrote to memory of 1648 320 lrfxrfl.exe 42 PID 320 wrote to memory of 1648 320 lrfxrfl.exe 42 PID 1648 wrote to memory of 1704 1648 9htthb.exe 43 PID 1648 wrote to memory of 1704 1648 9htthb.exe 43 PID 1648 wrote to memory of 1704 1648 9htthb.exe 43 PID 1648 wrote to memory of 1704 1648 9htthb.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\b244d96b2f17d97246e34d5cce7e53df3da8966167abae75fc140098a2be84e6.exe"C:\Users\Admin\AppData\Local\Temp\b244d96b2f17d97246e34d5cce7e53df3da8966167abae75fc140098a2be84e6.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2032 -
\??\c:\flrlxxl.exec:\flrlxxl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1744 -
\??\c:\vvjvj.exec:\vvjvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:280 -
\??\c:\rrlxrxx.exec:\rrlxrxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3040 -
\??\c:\jpdvj.exec:\jpdvj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2688 -
\??\c:\9pdjd.exec:\9pdjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2732 -
\??\c:\bnbhtn.exec:\bnbhtn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2616 -
\??\c:\7jvvd.exec:\7jvvd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2592 -
\??\c:\lllrflx.exec:\lllrflx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2460 -
\??\c:\hhbhnb.exec:\hhbhnb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2212 -
\??\c:\hbntht.exec:\hbntht.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2904 -
\??\c:\bhtnbb.exec:\bhtnbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2640 -
\??\c:\1fflxfx.exec:\1fflxfx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3000 -
\??\c:\bntttt.exec:\bntttt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1600 -
\??\c:\lrfxrfl.exec:\lrfxrfl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:320 -
\??\c:\9htthb.exec:\9htthb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1648 -
\??\c:\xlflllf.exec:\xlflllf.exe17⤵
- Executes dropped EXE
PID:1704 -
\??\c:\ddpdp.exec:\ddpdp.exe18⤵
- Executes dropped EXE
PID:2696 -
\??\c:\rlxlxrr.exec:\rlxlxrr.exe19⤵
- Executes dropped EXE
PID:1220 -
\??\c:\xrlrxrx.exec:\xrlrxrx.exe20⤵
- Executes dropped EXE
PID:2072 -
\??\c:\dvpdp.exec:\dvpdp.exe21⤵
- Executes dropped EXE
PID:1928 -
\??\c:\tbthbh.exec:\tbthbh.exe22⤵
- Executes dropped EXE
PID:600 -
\??\c:\dvpdj.exec:\dvpdj.exe23⤵
- Executes dropped EXE
PID:1044 -
\??\c:\pjddd.exec:\pjddd.exe24⤵
- Executes dropped EXE
PID:3032 -
\??\c:\9bnttb.exec:\9bnttb.exe25⤵
- Executes dropped EXE
PID:328 -
\??\c:\dvpdv.exec:\dvpdv.exe26⤵
- Executes dropped EXE
PID:864 -
\??\c:\xxllxfr.exec:\xxllxfr.exe27⤵
- Executes dropped EXE
PID:2972 -
\??\c:\nnhhbh.exec:\nnhhbh.exe28⤵
- Executes dropped EXE
PID:1840 -
\??\c:\dddjp.exec:\dddjp.exe29⤵
- Executes dropped EXE
PID:2852 -
\??\c:\rrlxffx.exec:\rrlxffx.exe30⤵
- Executes dropped EXE
PID:1836 -
\??\c:\llxfrxl.exec:\llxfrxl.exe31⤵
- Executes dropped EXE
PID:2232 -
\??\c:\dvppd.exec:\dvppd.exe32⤵
- Executes dropped EXE
PID:2240 -
\??\c:\rlxxxfr.exec:\rlxxxfr.exe33⤵
- Executes dropped EXE
PID:1004 -
\??\c:\nbhbhh.exec:\nbhbhh.exe34⤵
- Executes dropped EXE
PID:1528 -
\??\c:\dpddp.exec:\dpddp.exe35⤵
- Executes dropped EXE
PID:1760 -
\??\c:\llxfxxr.exec:\llxfxxr.exe36⤵
- Executes dropped EXE
PID:1612 -
\??\c:\9dpvd.exec:\9dpvd.exe37⤵
- Executes dropped EXE
PID:1744 -
\??\c:\3xrxllr.exec:\3xrxllr.exe38⤵
- Executes dropped EXE
PID:2964 -
\??\c:\rrfxflf.exec:\rrfxflf.exe39⤵
- Executes dropped EXE
PID:2564 -
\??\c:\bthntt.exec:\bthntt.exe40⤵
- Executes dropped EXE
PID:2116 -
\??\c:\jdjpd.exec:\jdjpd.exe41⤵
- Executes dropped EXE
PID:2464 -
\??\c:\xrxlrrl.exec:\xrxlrrl.exe42⤵
- Executes dropped EXE
PID:2040 -
\??\c:\nbhhbh.exec:\nbhhbh.exe43⤵
- Executes dropped EXE
PID:2616 -
\??\c:\1htnnh.exec:\1htnnh.exe44⤵
- Executes dropped EXE
PID:2620 -
\??\c:\9ppdp.exec:\9ppdp.exe45⤵
- Executes dropped EXE
PID:2476 -
\??\c:\rlxxffr.exec:\rlxxffr.exe46⤵
- Executes dropped EXE
PID:2460 -
\??\c:\htbntb.exec:\htbntb.exe47⤵
- Executes dropped EXE
PID:1996 -
\??\c:\3vdvd.exec:\3vdvd.exe48⤵
- Executes dropped EXE
PID:2276 -
\??\c:\7xrxllx.exec:\7xrxllx.exe49⤵
- Executes dropped EXE
PID:2792 -
\??\c:\htbttb.exec:\htbttb.exe50⤵
- Executes dropped EXE
PID:2144 -
\??\c:\ddpdv.exec:\ddpdv.exe51⤵
- Executes dropped EXE
PID:2284 -
\??\c:\llxxrrf.exec:\llxxrrf.exe52⤵
- Executes dropped EXE
PID:2884 -
\??\c:\nnnthn.exec:\nnnthn.exe53⤵
- Executes dropped EXE
PID:1980 -
\??\c:\pjvpd.exec:\pjvpd.exe54⤵
- Executes dropped EXE
PID:784 -
\??\c:\rlrxflx.exec:\rlrxflx.exe55⤵
- Executes dropped EXE
PID:2376 -
\??\c:\vvjpj.exec:\vvjpj.exe56⤵
- Executes dropped EXE
PID:1800 -
\??\c:\9xxrffr.exec:\9xxrffr.exe57⤵
- Executes dropped EXE
PID:1464 -
\??\c:\rrxrlrf.exec:\rrxrlrf.exe58⤵
- Executes dropped EXE
PID:2828 -
\??\c:\bthnbh.exec:\bthnbh.exe59⤵
- Executes dropped EXE
PID:1328 -
\??\c:\ddppv.exec:\ddppv.exe60⤵
- Executes dropped EXE
PID:2672 -
\??\c:\ffrxffl.exec:\ffrxffl.exe61⤵
- Executes dropped EXE
PID:804 -
\??\c:\5lxxxxf.exec:\5lxxxxf.exe62⤵
- Executes dropped EXE
PID:1504 -
\??\c:\hbbnhn.exec:\hbbnhn.exe63⤵
- Executes dropped EXE
PID:700 -
\??\c:\pjppd.exec:\pjppd.exe64⤵
- Executes dropped EXE
PID:932 -
\??\c:\9xllrxf.exec:\9xllrxf.exe65⤵
- Executes dropped EXE
PID:1156 -
\??\c:\bbnntb.exec:\bbnntb.exe66⤵PID:1336
-
\??\c:\9nhtbh.exec:\9nhtbh.exe67⤵PID:864
-
\??\c:\vpdvj.exec:\vpdvj.exe68⤵PID:3060
-
\??\c:\xllllxx.exec:\xllllxx.exe69⤵PID:1084
-
\??\c:\3hbbhb.exec:\3hbbhb.exe70⤵PID:1080
-
\??\c:\vvppv.exec:\vvppv.exe71⤵PID:1176
-
\??\c:\dvjpd.exec:\dvjpd.exe72⤵PID:920
-
\??\c:\5xlrrfl.exec:\5xlrrfl.exe73⤵PID:2944
-
\??\c:\hbhtbb.exec:\hbhtbb.exe74⤵PID:1396
-
\??\c:\pvddj.exec:\pvddj.exe75⤵PID:3016
-
\??\c:\lrxfllx.exec:\lrxfllx.exe76⤵PID:1004
-
\??\c:\xfrlrlr.exec:\xfrlrlr.exe77⤵PID:1720
-
\??\c:\bnttbb.exec:\bnttbb.exe78⤵PID:1624
-
\??\c:\vdpdj.exec:\vdpdj.exe79⤵PID:2744
-
\??\c:\3xlfflx.exec:\3xlfflx.exe80⤵PID:2980
-
\??\c:\1btbbh.exec:\1btbbh.exe81⤵PID:2684
-
\??\c:\hbnntt.exec:\hbnntt.exe82⤵PID:2564
-
\??\c:\dvpdj.exec:\dvpdj.exe83⤵PID:2668
-
\??\c:\hhhnht.exec:\hhhnht.exe84⤵PID:2588
-
\??\c:\xxlrxxf.exec:\xxlrxxf.exe85⤵PID:2500
-
\??\c:\btbhnb.exec:\btbhnb.exe86⤵PID:2624
-
\??\c:\vvvpp.exec:\vvvpp.exe87⤵PID:2480
-
\??\c:\fxfllxx.exec:\fxfllxx.exe88⤵PID:2452
-
\??\c:\lxllllr.exec:\lxllllr.exe89⤵PID:2476
-
\??\c:\5jdjd.exec:\5jdjd.exe90⤵PID:2532
-
\??\c:\xrrrrxx.exec:\xrrrrxx.exe91⤵PID:1996
-
\??\c:\rrrlxlx.exec:\rrrlxlx.exe92⤵PID:2768
-
\??\c:\pvvvd.exec:\pvvvd.exe93⤵PID:2280
-
\??\c:\ffxfxfr.exec:\ffxfxfr.exe94⤵PID:2068
-
\??\c:\bbhnbh.exec:\bbhnbh.exe95⤵PID:2284
-
\??\c:\nnbbhn.exec:\nnbbhn.exe96⤵PID:816
-
\??\c:\jvddp.exec:\jvddp.exe97⤵PID:1636
-
\??\c:\lrrxrxr.exec:\lrrxrxr.exe98⤵PID:1648
-
\??\c:\5rlfrfr.exec:\5rlfrfr.exe99⤵PID:1120
-
\??\c:\ddjvj.exec:\ddjvj.exe100⤵PID:2268
-
\??\c:\xlrlllx.exec:\xlrlllx.exe101⤵PID:2516
-
\??\c:\llxrfrf.exec:\llxrfrf.exe102⤵PID:2436
-
\??\c:\7bnnnt.exec:\7bnnnt.exe103⤵PID:2152
-
\??\c:\7rflxxl.exec:\7rflxxl.exe104⤵PID:1928
-
\??\c:\3xrxrxf.exec:\3xrxrxf.exe105⤵PID:488
-
\??\c:\tnbnth.exec:\tnbnth.exe106⤵PID:1812
-
\??\c:\vdpvj.exec:\vdpvj.exe107⤵PID:1660
-
\??\c:\jvjjp.exec:\jvjjp.exe108⤵PID:2332
-
\??\c:\tnhnht.exec:\tnhnht.exe109⤵PID:2428
-
\??\c:\5ppjv.exec:\5ppjv.exe110⤵PID:408
-
\??\c:\rrlrflx.exec:\rrlrflx.exe111⤵PID:1712
-
\??\c:\1tbthh.exec:\1tbthh.exe112⤵PID:1988
-
\??\c:\5vjjp.exec:\5vjjp.exe113⤵PID:2196
-
\??\c:\7rrrflx.exec:\7rrrflx.exe114⤵PID:1696
-
\??\c:\btbtnh.exec:\btbtnh.exe115⤵PID:2176
-
\??\c:\lfxfrfx.exec:\lfxfrfx.exe116⤵PID:1288
-
\??\c:\bththn.exec:\bththn.exe117⤵PID:2416
-
\??\c:\vvjdp.exec:\vvjdp.exe118⤵PID:2160
-
\??\c:\ppppv.exec:\ppppv.exe119⤵PID:1396
-
\??\c:\xxrxrrl.exec:\xxrxrrl.exe120⤵PID:2952
-
\??\c:\dvjpd.exec:\dvjpd.exe121⤵PID:2372
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-