Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
19/03/2024, 05:49
Behavioral task
behavioral1
Sample
4354858bd90248802f19bd42326fa1cc4185bd47e6938d635945d2437448d980.exe
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
General
-
Target
4354858bd90248802f19bd42326fa1cc4185bd47e6938d635945d2437448d980.exe
-
Size
325KB
-
MD5
2566da43344c27905eb70a0b0ae34247
-
SHA1
419f0e48a65704a1ba21ac01ffc0df2157943a25
-
SHA256
4354858bd90248802f19bd42326fa1cc4185bd47e6938d635945d2437448d980
-
SHA512
d6c4c2bd9cce127a778dbab671b5e5a38760f12ea629fe6acf19ae1e967a7e98a1ac6c91c503cfdb1100e7bf34753d112e1b5bb8001c50d433ed81d0ca89ba43
-
SSDEEP
6144:9cm4FmowdHoS4BftapTs8Hoo+6MjTVhRD1:/4wFHoS4d0G8HoljTVhRD1
Malware Config
Signatures
-
Detect Blackmoon payload 62 IoCs
resource yara_rule behavioral2/memory/2336-7-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5112-13-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4388-24-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2532-22-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4052-30-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4992-39-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3672-42-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4212-4-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4876-49-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1452-58-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4860-52-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1276-70-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4968-78-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3656-68-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1444-82-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2020-97-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4460-103-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/400-121-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3068-114-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4836-129-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/232-134-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3984-141-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4520-154-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2464-164-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4016-171-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4960-183-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1352-180-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/368-187-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4348-197-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1412-217-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/396-230-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4876-241-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2472-253-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4564-244-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2880-256-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2256-261-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3116-270-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2324-278-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2884-299-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4392-301-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5080-319-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5048-328-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2024-334-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2360-344-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2336-363-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3880-403-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4760-399-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2472-414-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1720-419-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1512-444-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5052-458-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3148-476-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2076-517-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2732-579-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1240-585-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/956-595-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1052-624-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3892-655-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2004-673-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5112-678-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3400-685-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4804-781-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/4212-0-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000400000001e980-5.dat UPX behavioral2/files/0x000a000000022d8f-9.dat UPX behavioral2/memory/2336-7-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/5112-13-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a0000000231a5-16.dat UPX behavioral2/files/0x000700000002322d-20.dat UPX behavioral2/memory/4388-24-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2532-22-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002322e-27.dat UPX behavioral2/files/0x000700000002322e-28.dat UPX behavioral2/memory/4052-30-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002322f-32.dat UPX behavioral2/files/0x0007000000023231-38.dat UPX behavioral2/memory/4992-39-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3672-42-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4212-4-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023232-50.dat UPX behavioral2/memory/4876-49-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023233-56.dat UPX behavioral2/memory/1452-58-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023234-61.dat UPX behavioral2/memory/4860-52-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3656-63-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023235-67.dat UPX behavioral2/memory/4968-75-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023236-74.dat UPX behavioral2/memory/1276-70-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4968-78-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023237-79.dat UPX behavioral2/memory/3656-68-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1444-82-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023238-86.dat UPX behavioral2/files/0x0007000000023239-90.dat UPX behavioral2/files/0x000a0000000231d4-94.dat UPX behavioral2/files/0x000700000002323a-101.dat UPX behavioral2/memory/2020-97-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4460-103-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002323b-107.dat UPX behavioral2/files/0x000700000002323d-118.dat UPX behavioral2/memory/400-121-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002323e-124.dat UPX behavioral2/memory/3068-114-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002323c-111.dat UPX behavioral2/memory/4836-125-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002323f-130.dat UPX behavioral2/memory/4836-129-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023241-135.dat UPX behavioral2/memory/232-134-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023242-139.dat UPX behavioral2/memory/3984-141-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023244-144.dat UPX behavioral2/memory/4520-154-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023245-152.dat UPX behavioral2/files/0x0007000000023246-157.dat UPX behavioral2/memory/4844-146-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2464-164-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023247-162.dat UPX behavioral2/files/0x0007000000023248-168.dat UPX behavioral2/memory/4016-171-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023249-174.dat UPX behavioral2/files/0x000700000002324a-178.dat UPX behavioral2/memory/4960-183-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1352-180-0x0000000000400000-0x0000000000427000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 2336 btttnt.exe 5112 jdppv.exe 2532 ffxrffx.exe 4388 nhhthb.exe 4052 dvdvj.exe 4992 xrxlxrx.exe 3672 vddpj.exe 4876 dvdvj.exe 4860 rllfxxx.exe 1452 5ffxrxr.exe 3656 9ddvp.exe 1276 rfffxxx.exe 4968 bhnbnn.exe 1444 fxxxrrr.exe 1240 rfrflfr.exe 2020 tbbtnt.exe 2324 lflfllx.exe 4460 bnbnnh.exe 3728 pvjvv.exe 3068 1bhbbt.exe 400 9vvjv.exe 4836 lffxlfr.exe 232 hnthbt.exe 3984 tttbnb.exe 2216 lflfxrl.exe 4844 tbtnth.exe 4520 pvvjd.exe 4812 5nnbnh.exe 2464 bnbthh.exe 4016 ntthnn.exe 1352 tnnhbt.exe 4960 djpjp.exe 368 rfllffx.exe 4776 djvpd.exe 2588 xrfxllx.exe 3892 bhnhbt.exe 4348 hbbthb.exe 4692 7jpjp.exe 2772 xllxlfx.exe 4972 3tnhht.exe 5044 djdvj.exe 4800 pddvp.exe 1412 fxfxxfx.exe 4772 rlxfxrr.exe 2644 7bhthh.exe 4644 vddvd.exe 396 vvpvp.exe 3708 rlxrffx.exe 2160 1bthtn.exe 4876 jddvp.exe 4564 flrrfff.exe 1860 hhbnhn.exe 2472 hbhbnn.exe 2880 jjvdd.exe 376 bnnbnt.exe 2256 jpvvv.exe 4020 pdjjv.exe 3116 llxrxxf.exe 3520 thtnnh.exe 804 xxxrllf.exe 2324 rlrxrff.exe 3320 tnthtn.exe 3728 xrffffr.exe 4472 tbthbb.exe -
resource yara_rule behavioral2/memory/4212-0-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000400000001e980-5.dat upx behavioral2/files/0x000a000000022d8f-9.dat upx behavioral2/memory/2336-7-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/5112-13-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a0000000231a5-16.dat upx behavioral2/files/0x000700000002322d-20.dat upx behavioral2/memory/4388-24-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2532-22-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002322e-27.dat upx behavioral2/files/0x000700000002322e-28.dat upx behavioral2/memory/4052-30-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002322f-32.dat upx behavioral2/files/0x0007000000023231-38.dat upx behavioral2/memory/4992-39-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3672-42-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4212-4-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023232-50.dat upx behavioral2/memory/4876-49-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023233-56.dat upx behavioral2/memory/1452-58-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023234-61.dat upx behavioral2/memory/4860-52-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3656-63-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023235-67.dat upx behavioral2/memory/4968-75-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023236-74.dat upx behavioral2/memory/1276-70-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4968-78-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023237-79.dat upx behavioral2/memory/3656-68-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1444-82-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023238-86.dat upx behavioral2/files/0x0007000000023239-90.dat upx behavioral2/files/0x000a0000000231d4-94.dat upx behavioral2/files/0x000700000002323a-101.dat upx behavioral2/memory/2020-97-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4460-103-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002323b-107.dat upx behavioral2/files/0x000700000002323d-118.dat upx behavioral2/memory/400-121-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002323e-124.dat upx behavioral2/memory/3068-114-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002323c-111.dat upx behavioral2/memory/4836-125-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002323f-130.dat upx behavioral2/memory/4836-129-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023241-135.dat upx behavioral2/memory/232-134-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023242-139.dat upx behavioral2/memory/3984-141-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023244-144.dat upx behavioral2/memory/4520-154-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023245-152.dat upx behavioral2/files/0x0007000000023246-157.dat upx behavioral2/memory/4844-146-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2464-164-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023247-162.dat upx behavioral2/files/0x0007000000023248-168.dat upx behavioral2/memory/4016-171-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023249-174.dat upx behavioral2/files/0x000700000002324a-178.dat upx behavioral2/memory/4960-183-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1352-180-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4212 wrote to memory of 2336 4212 4354858bd90248802f19bd42326fa1cc4185bd47e6938d635945d2437448d980.exe 90 PID 4212 wrote to memory of 2336 4212 4354858bd90248802f19bd42326fa1cc4185bd47e6938d635945d2437448d980.exe 90 PID 4212 wrote to memory of 2336 4212 4354858bd90248802f19bd42326fa1cc4185bd47e6938d635945d2437448d980.exe 90 PID 2336 wrote to memory of 5112 2336 btttnt.exe 91 PID 2336 wrote to memory of 5112 2336 btttnt.exe 91 PID 2336 wrote to memory of 5112 2336 btttnt.exe 91 PID 5112 wrote to memory of 2532 5112 jdppv.exe 92 PID 5112 wrote to memory of 2532 5112 jdppv.exe 92 PID 5112 wrote to memory of 2532 5112 jdppv.exe 92 PID 2532 wrote to memory of 4388 2532 ffxrffx.exe 93 PID 2532 wrote to memory of 4388 2532 ffxrffx.exe 93 PID 2532 wrote to memory of 4388 2532 ffxrffx.exe 93 PID 4388 wrote to memory of 4052 4388 nhhthb.exe 94 PID 4388 wrote to memory of 4052 4388 nhhthb.exe 94 PID 4388 wrote to memory of 4052 4388 nhhthb.exe 94 PID 4052 wrote to memory of 4992 4052 dvdvj.exe 95 PID 4052 wrote to memory of 4992 4052 dvdvj.exe 95 PID 4052 wrote to memory of 4992 4052 dvdvj.exe 95 PID 4992 wrote to memory of 3672 4992 xrxlxrx.exe 96 PID 4992 wrote to memory of 3672 4992 xrxlxrx.exe 96 PID 4992 wrote to memory of 3672 4992 xrxlxrx.exe 96 PID 3672 wrote to memory of 4876 3672 vddpj.exe 97 PID 3672 wrote to memory of 4876 3672 vddpj.exe 97 PID 3672 wrote to memory of 4876 3672 vddpj.exe 97 PID 4876 wrote to memory of 4860 4876 dvdvj.exe 98 PID 4876 wrote to memory of 4860 4876 dvdvj.exe 98 PID 4876 wrote to memory of 4860 4876 dvdvj.exe 98 PID 4860 wrote to memory of 1452 4860 rllfxxx.exe 99 PID 4860 wrote to memory of 1452 4860 rllfxxx.exe 99 PID 4860 wrote to memory of 1452 4860 rllfxxx.exe 99 PID 1452 wrote to memory of 3656 1452 5ffxrxr.exe 100 PID 1452 wrote to memory of 3656 1452 5ffxrxr.exe 100 PID 1452 wrote to memory of 3656 1452 5ffxrxr.exe 100 PID 3656 wrote to memory of 1276 3656 9ddvp.exe 101 PID 3656 wrote to memory of 1276 3656 9ddvp.exe 101 PID 3656 wrote to memory of 1276 3656 9ddvp.exe 101 PID 1276 wrote to memory of 4968 1276 rfffxxx.exe 102 PID 1276 wrote to memory of 4968 1276 rfffxxx.exe 102 PID 1276 wrote to memory of 4968 1276 rfffxxx.exe 102 PID 4968 wrote to memory of 1444 4968 bhnbnn.exe 103 PID 4968 wrote to memory of 1444 4968 bhnbnn.exe 103 PID 4968 wrote to memory of 1444 4968 bhnbnn.exe 103 PID 1444 wrote to memory of 1240 1444 fxxxrrr.exe 104 PID 1444 wrote to memory of 1240 1444 fxxxrrr.exe 104 PID 1444 wrote to memory of 1240 1444 fxxxrrr.exe 104 PID 1240 wrote to memory of 2020 1240 rfrflfr.exe 105 PID 1240 wrote to memory of 2020 1240 rfrflfr.exe 105 PID 1240 wrote to memory of 2020 1240 rfrflfr.exe 105 PID 2020 wrote to memory of 2324 2020 tbbtnt.exe 106 PID 2020 wrote to memory of 2324 2020 tbbtnt.exe 106 PID 2020 wrote to memory of 2324 2020 tbbtnt.exe 106 PID 2324 wrote to memory of 4460 2324 lflfllx.exe 107 PID 2324 wrote to memory of 4460 2324 lflfllx.exe 107 PID 2324 wrote to memory of 4460 2324 lflfllx.exe 107 PID 4460 wrote to memory of 3728 4460 bnbnnh.exe 108 PID 4460 wrote to memory of 3728 4460 bnbnnh.exe 108 PID 4460 wrote to memory of 3728 4460 bnbnnh.exe 108 PID 3728 wrote to memory of 3068 3728 pvjvv.exe 109 PID 3728 wrote to memory of 3068 3728 pvjvv.exe 109 PID 3728 wrote to memory of 3068 3728 pvjvv.exe 109 PID 3068 wrote to memory of 400 3068 1bhbbt.exe 110 PID 3068 wrote to memory of 400 3068 1bhbbt.exe 110 PID 3068 wrote to memory of 400 3068 1bhbbt.exe 110 PID 400 wrote to memory of 4836 400 9vvjv.exe 111
Processes
-
C:\Users\Admin\AppData\Local\Temp\4354858bd90248802f19bd42326fa1cc4185bd47e6938d635945d2437448d980.exe"C:\Users\Admin\AppData\Local\Temp\4354858bd90248802f19bd42326fa1cc4185bd47e6938d635945d2437448d980.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4212 -
\??\c:\btttnt.exec:\btttnt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2336 -
\??\c:\jdppv.exec:\jdppv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5112 -
\??\c:\ffxrffx.exec:\ffxrffx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2532 -
\??\c:\nhhthb.exec:\nhhthb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4388 -
\??\c:\dvdvj.exec:\dvdvj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4052 -
\??\c:\xrxlxrx.exec:\xrxlxrx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4992 -
\??\c:\vddpj.exec:\vddpj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3672 -
\??\c:\dvdvj.exec:\dvdvj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4876 -
\??\c:\rllfxxx.exec:\rllfxxx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4860 -
\??\c:\5ffxrxr.exec:\5ffxrxr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1452 -
\??\c:\9ddvp.exec:\9ddvp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3656 -
\??\c:\rfffxxx.exec:\rfffxxx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1276 -
\??\c:\bhnbnn.exec:\bhnbnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4968 -
\??\c:\fxxxrrr.exec:\fxxxrrr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1444 -
\??\c:\rfrflfr.exec:\rfrflfr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1240 -
\??\c:\tbbtnt.exec:\tbbtnt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2020 -
\??\c:\lflfllx.exec:\lflfllx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2324 -
\??\c:\bnbnnh.exec:\bnbnnh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4460 -
\??\c:\pvjvv.exec:\pvjvv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3728 -
\??\c:\1bhbbt.exec:\1bhbbt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3068 -
\??\c:\9vvjv.exec:\9vvjv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:400 -
\??\c:\lffxlfr.exec:\lffxlfr.exe23⤵
- Executes dropped EXE
PID:4836 -
\??\c:\hnthbt.exec:\hnthbt.exe24⤵
- Executes dropped EXE
PID:232 -
\??\c:\tttbnb.exec:\tttbnb.exe25⤵
- Executes dropped EXE
PID:3984 -
\??\c:\lflfxrl.exec:\lflfxrl.exe26⤵
- Executes dropped EXE
PID:2216 -
\??\c:\tbtnth.exec:\tbtnth.exe27⤵
- Executes dropped EXE
PID:4844 -
\??\c:\pvvjd.exec:\pvvjd.exe28⤵
- Executes dropped EXE
PID:4520 -
\??\c:\5nnbnh.exec:\5nnbnh.exe29⤵
- Executes dropped EXE
PID:4812 -
\??\c:\bnbthh.exec:\bnbthh.exe30⤵
- Executes dropped EXE
PID:2464 -
\??\c:\ntthnn.exec:\ntthnn.exe31⤵
- Executes dropped EXE
PID:4016 -
\??\c:\tnnhbt.exec:\tnnhbt.exe32⤵
- Executes dropped EXE
PID:1352 -
\??\c:\djpjp.exec:\djpjp.exe33⤵
- Executes dropped EXE
PID:4960 -
\??\c:\rfllffx.exec:\rfllffx.exe34⤵
- Executes dropped EXE
PID:368 -
\??\c:\djvpd.exec:\djvpd.exe35⤵
- Executes dropped EXE
PID:4776 -
\??\c:\xrfxllx.exec:\xrfxllx.exe36⤵
- Executes dropped EXE
PID:2588 -
\??\c:\bhnhbt.exec:\bhnhbt.exe37⤵
- Executes dropped EXE
PID:3892 -
\??\c:\hbbthb.exec:\hbbthb.exe38⤵
- Executes dropped EXE
PID:4348 -
\??\c:\7jpjp.exec:\7jpjp.exe39⤵
- Executes dropped EXE
PID:4692 -
\??\c:\xllxlfx.exec:\xllxlfx.exe40⤵
- Executes dropped EXE
PID:2772 -
\??\c:\3tnhht.exec:\3tnhht.exe41⤵
- Executes dropped EXE
PID:4972 -
\??\c:\djdvj.exec:\djdvj.exe42⤵
- Executes dropped EXE
PID:5044 -
\??\c:\pddvp.exec:\pddvp.exe43⤵
- Executes dropped EXE
PID:4800 -
\??\c:\fxfxxfx.exec:\fxfxxfx.exe44⤵
- Executes dropped EXE
PID:1412 -
\??\c:\rlxfxrr.exec:\rlxfxrr.exe45⤵
- Executes dropped EXE
PID:4772 -
\??\c:\7bhthh.exec:\7bhthh.exe46⤵
- Executes dropped EXE
PID:2644 -
\??\c:\vddvd.exec:\vddvd.exe47⤵
- Executes dropped EXE
PID:4644 -
\??\c:\vvpvp.exec:\vvpvp.exe48⤵
- Executes dropped EXE
PID:396 -
\??\c:\rlxrffx.exec:\rlxrffx.exe49⤵
- Executes dropped EXE
PID:3708 -
\??\c:\1bthtn.exec:\1bthtn.exe50⤵
- Executes dropped EXE
PID:2160 -
\??\c:\jddvp.exec:\jddvp.exe51⤵
- Executes dropped EXE
PID:4876 -
\??\c:\flrrfff.exec:\flrrfff.exe52⤵
- Executes dropped EXE
PID:4564 -
\??\c:\hhbnhn.exec:\hhbnhn.exe53⤵
- Executes dropped EXE
PID:1860 -
\??\c:\hbhbnn.exec:\hbhbnn.exe54⤵
- Executes dropped EXE
PID:2472 -
\??\c:\jjvdd.exec:\jjvdd.exe55⤵
- Executes dropped EXE
PID:2880 -
\??\c:\bnnbnt.exec:\bnnbnt.exe56⤵
- Executes dropped EXE
PID:376 -
\??\c:\jpvvv.exec:\jpvvv.exe57⤵
- Executes dropped EXE
PID:2256 -
\??\c:\pdjjv.exec:\pdjjv.exe58⤵
- Executes dropped EXE
PID:4020 -
\??\c:\llxrxxf.exec:\llxrxxf.exe59⤵
- Executes dropped EXE
PID:3116 -
\??\c:\thtnnh.exec:\thtnnh.exe60⤵
- Executes dropped EXE
PID:3520 -
\??\c:\xxxrllf.exec:\xxxrllf.exe61⤵
- Executes dropped EXE
PID:804 -
\??\c:\rlrxrff.exec:\rlrxrff.exe62⤵
- Executes dropped EXE
PID:2324 -
\??\c:\tnthtn.exec:\tnthtn.exe63⤵
- Executes dropped EXE
PID:3320 -
\??\c:\xrffffr.exec:\xrffffr.exe64⤵
- Executes dropped EXE
PID:3728 -
\??\c:\tbthbb.exec:\tbthbb.exe65⤵
- Executes dropped EXE
PID:4472 -
\??\c:\vjvdv.exec:\vjvdv.exe66⤵PID:1644
-
\??\c:\jddvp.exec:\jddvp.exe67⤵PID:2796
-
\??\c:\xllfxrr.exec:\xllfxrr.exe68⤵PID:2884
-
\??\c:\hnhbtt.exec:\hnhbtt.exe69⤵PID:4392
-
\??\c:\3jdpp.exec:\3jdpp.exe70⤵PID:1052
-
\??\c:\9tnhnh.exec:\9tnhnh.exe71⤵PID:432
-
\??\c:\ttbbbb.exec:\ttbbbb.exe72⤵PID:3364
-
\??\c:\jvjdj.exec:\jvjdj.exe73⤵PID:2244
-
\??\c:\djvvv.exec:\djvvv.exe74⤵PID:5080
-
\??\c:\lfflxlf.exec:\lfflxlf.exe75⤵PID:1876
-
\??\c:\9tnhtt.exec:\9tnhtt.exe76⤵PID:3976
-
\??\c:\pvpjp.exec:\pvpjp.exe77⤵PID:5048
-
\??\c:\vvdvv.exec:\vvdvv.exe78⤵PID:2024
-
\??\c:\3hnhbb.exec:\3hnhbb.exe79⤵PID:4508
-
\??\c:\hhhbnn.exec:\hhhbnn.exe80⤵PID:4960
-
\??\c:\ddjdd.exec:\ddjdd.exe81⤵PID:688
-
\??\c:\xllxlfr.exec:\xllxlfr.exe82⤵PID:2360
-
\??\c:\hnhtnh.exec:\hnhtnh.exe83⤵PID:1576
-
\??\c:\vpjdj.exec:\vpjdj.exe84⤵PID:4292
-
\??\c:\lfxlxfx.exec:\lfxlxfx.exe85⤵PID:4340
-
\??\c:\hhbthb.exec:\hhbthb.exe86⤵PID:1724
-
\??\c:\bnhbbt.exec:\bnhbbt.exe87⤵PID:2336
-
\??\c:\jvddv.exec:\jvddv.exe88⤵PID:1568
-
\??\c:\3tnhnn.exec:\3tnhnn.exe89⤵PID:5112
-
\??\c:\dpdvp.exec:\dpdvp.exe90⤵PID:464
-
\??\c:\pppvj.exec:\pppvj.exe91⤵PID:4044
-
\??\c:\lfxxrll.exec:\lfxxrll.exe92⤵PID:4756
-
\??\c:\hbbtbt.exec:\hbbtbt.exe93⤵PID:1972
-
\??\c:\pppjd.exec:\pppjd.exe94⤵PID:2108
-
\??\c:\5ddpd.exec:\5ddpd.exe95⤵PID:5020
-
\??\c:\xrxlrxx.exec:\xrxlrxx.exe96⤵PID:3288
-
\??\c:\thhbtn.exec:\thhbtn.exe97⤵PID:2396
-
\??\c:\tnhtnh.exec:\tnhtnh.exe98⤵PID:3900
-
\??\c:\jpdjd.exec:\jpdjd.exe99⤵PID:4760
-
\??\c:\lllfxxr.exec:\lllfxxr.exe100⤵PID:3880
-
\??\c:\hbbnnb.exec:\hbbnnb.exe101⤵PID:4956
-
\??\c:\fflfxrx.exec:\fflfxrx.exe102⤵PID:772
-
\??\c:\tnhbtt.exec:\tnhbtt.exe103⤵PID:2472
-
\??\c:\7bbthh.exec:\7bbthh.exe104⤵PID:1720
-
\??\c:\rlfxrrr.exec:\rlfxrrr.exe105⤵PID:4456
-
\??\c:\tbhbbt.exec:\tbhbbt.exe106⤵PID:1948
-
\??\c:\1btnnh.exec:\1btnnh.exe107⤵PID:1240
-
\??\c:\ppjvv.exec:\ppjvv.exe108⤵PID:2936
-
\??\c:\rfllffx.exec:\rfllffx.exe109⤵PID:2892
-
\??\c:\lfllfxr.exec:\lfllfxr.exe110⤵PID:956
-
\??\c:\bttnnh.exec:\bttnnh.exe111⤵PID:2324
-
\??\c:\7bhbtt.exec:\7bhbtt.exe112⤵PID:1512
-
\??\c:\djjvp.exec:\djjvp.exe113⤵PID:3100
-
\??\c:\ttnnhh.exec:\ttnnhh.exe114⤵PID:3544
-
\??\c:\bhnhbb.exec:\bhnhbb.exe115⤵PID:4836
-
\??\c:\5jjjd.exec:\5jjjd.exe116⤵PID:2944
-
\??\c:\5ffxrrl.exec:\5ffxrrl.exe117⤵PID:5052
-
\??\c:\xllfffx.exec:\xllfffx.exe118⤵PID:4608
-
\??\c:\tbnhbt.exec:\tbnhbt.exe119⤵PID:3984
-
\??\c:\vdvjd.exec:\vdvjd.exe120⤵PID:3696
-
\??\c:\fxxxfff.exec:\fxxxfff.exe121⤵PID:3468
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-