Analysis
-
max time kernel
150s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
19/03/2024, 06:12
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
53513eff05b6d4a7ad780e0877c2a4e39767501fc61b1f869456f008fdc02fe2.exe
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
General
-
Target
53513eff05b6d4a7ad780e0877c2a4e39767501fc61b1f869456f008fdc02fe2.exe
-
Size
284KB
-
MD5
76b6c1486f570111d7a97c5707d68dea
-
SHA1
dbe9a56506adbcb185320d6d93c9f4475f23b4ea
-
SHA256
53513eff05b6d4a7ad780e0877c2a4e39767501fc61b1f869456f008fdc02fe2
-
SHA512
a31adffa990414c30b7d97427d4e1d53c5d583caf294e8a1ec7c197742d239d42d36da33151dec1aef504d1258b1a022356347d6f1765c3ff5e2a77eaf9be7d1
-
SSDEEP
3072:ThOm2sI93UufdC67cipfmCiiiXAQ5lpBoGYwNNhu0CzhKPEq:Tcm7ImGddXlWrXF5lpKGYV0wh6Eq
Malware Config
Signatures
-
Detect Blackmoon payload 63 IoCs
resource yara_rule behavioral2/memory/2096-4-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/2784-12-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/2168-21-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/5020-23-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/4588-9-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/408-28-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/888-51-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/864-45-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/4260-37-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/3300-57-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/4420-68-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/4572-74-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/1600-82-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/916-85-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/324-98-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/1936-104-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/2308-108-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/1260-124-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/4488-121-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/2932-137-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/3988-141-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/4740-164-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/3040-181-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/1692-180-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/3508-173-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/3832-166-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/2176-188-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/868-194-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/2276-197-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/2392-205-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/1544-221-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/3056-223-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/1420-231-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/1316-228-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/4148-236-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/4832-240-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/4712-248-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/1060-252-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/1452-270-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/4372-280-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/2928-297-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/4024-304-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/4040-311-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/3660-331-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/3040-341-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/2968-358-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/3532-370-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/2448-388-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/2172-399-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/4076-406-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/3140-411-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/3764-415-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/4020-421-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/3020-427-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/4632-434-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/4040-460-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/728-477-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/3956-522-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/4420-536-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/2156-601-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/2540-634-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/4776-783-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon behavioral2/memory/4400-976-0x0000000000400000-0x000000000042B000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/2096-4-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/2784-12-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/2168-21-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/5020-23-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/4588-9-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/408-28-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/888-51-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/864-45-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/4260-37-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/3300-57-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/4420-68-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/4572-74-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/1600-82-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/916-85-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/324-90-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/1204-95-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/324-98-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/1936-104-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/2308-108-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/1260-124-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/4488-121-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/2932-137-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/3988-141-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/3892-151-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/4740-164-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/3040-181-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/1692-180-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/3508-173-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/3832-166-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/4740-156-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/2176-188-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/868-191-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/868-194-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/2276-197-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/2392-205-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/1544-221-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/3056-223-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/1420-231-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/1316-228-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/4148-236-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/4832-240-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/4712-248-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/1060-252-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/4720-253-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/1452-270-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/4372-280-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/2928-297-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/4008-299-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/4024-304-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/4040-311-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/3660-331-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/3040-341-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/2968-358-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/1620-362-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/3532-370-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/2448-388-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/2500-392-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/2172-399-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/4076-406-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/3140-411-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/3764-415-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/4020-421-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/3020-427-0x0000000000400000-0x000000000042B000-memory.dmp UPX behavioral2/memory/4632-434-0x0000000000400000-0x000000000042B000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 4588 xllxrlf.exe 2784 nhhhhn.exe 2168 pdvpp.exe 5020 rxxrlfx.exe 408 tbtnbt.exe 4260 rrlfxxx.exe 3952 jdddv.exe 864 fxlfrlf.exe 888 9ffxrlf.exe 3300 jdjdv.exe 4076 frlxrlf.exe 4420 1ppvj.exe 4572 1rfxflr.exe 1600 tnhbbn.exe 916 7bbthn.exe 324 pvvjv.exe 1204 3fxlrlf.exe 1936 5hnhbt.exe 2308 3tnbnn.exe 3664 ddvjd.exe 4488 3rlfrlf.exe 1260 tbbtnh.exe 1508 dvddv.exe 2932 rlxxrrr.exe 3988 nhnhhb.exe 4884 vvjdj.exe 3892 frffxff.exe 4740 ppddd.exe 3832 rlrlfll.exe 3508 lflxrlf.exe 3040 1jdvv.exe 1692 rllffxf.exe 1276 hnthtt.exe 2176 jdpdp.exe 868 3jpjv.exe 2276 5rrlxfx.exe 4768 3hhhbb.exe 4124 1vvvp.exe 2392 9jpjd.exe 1828 5fxxxrr.exe 3436 hbttbh.exe 3484 nthbnn.exe 1544 pjppv.exe 3056 jdpjj.exe 1316 ttbtnn.exe 1420 dddvp.exe 4896 rxrxfll.exe 4148 hhhhbb.exe 4832 vpjpj.exe 2680 fxfxrll.exe 4712 rrrfxff.exe 1060 nhbbnb.exe 4720 tbbbth.exe 3140 xrxrrrx.exe 1564 bbbbbb.exe 4628 pvjdv.exe 1600 vvvpj.exe 1452 xfrllff.exe 2620 hhnbhh.exe 2244 rlxrlll.exe 4372 bbbbtt.exe 2296 jddvp.exe 1936 9ffxxlf.exe 4016 thtttt.exe -
resource yara_rule behavioral2/memory/2096-4-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/2784-12-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/2168-21-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/5020-23-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/4588-9-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/408-28-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/888-51-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/864-45-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/4260-37-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/3300-57-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/4420-68-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/4572-74-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/1600-82-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/916-85-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/324-90-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/1204-95-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/324-98-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/1936-104-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/2308-108-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/1260-124-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/4488-121-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/2932-137-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/3988-141-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/3892-151-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/4740-164-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/3040-181-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/1692-180-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/3508-173-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/3832-166-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/2176-188-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/868-191-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/868-194-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/2276-197-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/2392-205-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/1544-221-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/3056-223-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/1420-231-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/1316-228-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/4148-236-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/4832-240-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/4712-248-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/1060-252-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/4720-253-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/1452-270-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/4372-280-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/2928-297-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/4008-299-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/4024-304-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/4040-311-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/3660-331-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/3040-341-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/2968-358-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/1620-362-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/3532-370-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/2448-388-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/2500-392-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/2172-399-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/4076-406-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/3140-411-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/3764-415-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/4020-421-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/3020-427-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/4632-434-0x0000000000400000-0x000000000042B000-memory.dmp upx behavioral2/memory/4040-460-0x0000000000400000-0x000000000042B000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2096 wrote to memory of 4588 2096 53513eff05b6d4a7ad780e0877c2a4e39767501fc61b1f869456f008fdc02fe2.exe 89 PID 2096 wrote to memory of 4588 2096 53513eff05b6d4a7ad780e0877c2a4e39767501fc61b1f869456f008fdc02fe2.exe 89 PID 2096 wrote to memory of 4588 2096 53513eff05b6d4a7ad780e0877c2a4e39767501fc61b1f869456f008fdc02fe2.exe 89 PID 4588 wrote to memory of 2784 4588 xllxrlf.exe 90 PID 4588 wrote to memory of 2784 4588 xllxrlf.exe 90 PID 4588 wrote to memory of 2784 4588 xllxrlf.exe 90 PID 2784 wrote to memory of 2168 2784 nhhhhn.exe 91 PID 2784 wrote to memory of 2168 2784 nhhhhn.exe 91 PID 2784 wrote to memory of 2168 2784 nhhhhn.exe 91 PID 2168 wrote to memory of 5020 2168 pdvpp.exe 92 PID 2168 wrote to memory of 5020 2168 pdvpp.exe 92 PID 2168 wrote to memory of 5020 2168 pdvpp.exe 92 PID 5020 wrote to memory of 408 5020 rxxrlfx.exe 93 PID 5020 wrote to memory of 408 5020 rxxrlfx.exe 93 PID 5020 wrote to memory of 408 5020 rxxrlfx.exe 93 PID 408 wrote to memory of 4260 408 tbtnbt.exe 94 PID 408 wrote to memory of 4260 408 tbtnbt.exe 94 PID 408 wrote to memory of 4260 408 tbtnbt.exe 94 PID 4260 wrote to memory of 3952 4260 rrlfxxx.exe 95 PID 4260 wrote to memory of 3952 4260 rrlfxxx.exe 95 PID 4260 wrote to memory of 3952 4260 rrlfxxx.exe 95 PID 3952 wrote to memory of 864 3952 jdddv.exe 96 PID 3952 wrote to memory of 864 3952 jdddv.exe 96 PID 3952 wrote to memory of 864 3952 jdddv.exe 96 PID 864 wrote to memory of 888 864 fxlfrlf.exe 97 PID 864 wrote to memory of 888 864 fxlfrlf.exe 97 PID 864 wrote to memory of 888 864 fxlfrlf.exe 97 PID 888 wrote to memory of 3300 888 9ffxrlf.exe 98 PID 888 wrote to memory of 3300 888 9ffxrlf.exe 98 PID 888 wrote to memory of 3300 888 9ffxrlf.exe 98 PID 3300 wrote to memory of 4076 3300 jdjdv.exe 99 PID 3300 wrote to memory of 4076 3300 jdjdv.exe 99 PID 3300 wrote to memory of 4076 3300 jdjdv.exe 99 PID 4076 wrote to memory of 4420 4076 frlxrlf.exe 100 PID 4076 wrote to memory of 4420 4076 frlxrlf.exe 100 PID 4076 wrote to memory of 4420 4076 frlxrlf.exe 100 PID 4420 wrote to memory of 4572 4420 1ppvj.exe 101 PID 4420 wrote to memory of 4572 4420 1ppvj.exe 101 PID 4420 wrote to memory of 4572 4420 1ppvj.exe 101 PID 4572 wrote to memory of 1600 4572 1rfxflr.exe 102 PID 4572 wrote to memory of 1600 4572 1rfxflr.exe 102 PID 4572 wrote to memory of 1600 4572 1rfxflr.exe 102 PID 1600 wrote to memory of 916 1600 tnhbbn.exe 103 PID 1600 wrote to memory of 916 1600 tnhbbn.exe 103 PID 1600 wrote to memory of 916 1600 tnhbbn.exe 103 PID 916 wrote to memory of 324 916 7bbthn.exe 104 PID 916 wrote to memory of 324 916 7bbthn.exe 104 PID 916 wrote to memory of 324 916 7bbthn.exe 104 PID 324 wrote to memory of 1204 324 pvvjv.exe 105 PID 324 wrote to memory of 1204 324 pvvjv.exe 105 PID 324 wrote to memory of 1204 324 pvvjv.exe 105 PID 1204 wrote to memory of 1936 1204 3fxlrlf.exe 106 PID 1204 wrote to memory of 1936 1204 3fxlrlf.exe 106 PID 1204 wrote to memory of 1936 1204 3fxlrlf.exe 106 PID 1936 wrote to memory of 2308 1936 5hnhbt.exe 107 PID 1936 wrote to memory of 2308 1936 5hnhbt.exe 107 PID 1936 wrote to memory of 2308 1936 5hnhbt.exe 107 PID 2308 wrote to memory of 3664 2308 3tnbnn.exe 108 PID 2308 wrote to memory of 3664 2308 3tnbnn.exe 108 PID 2308 wrote to memory of 3664 2308 3tnbnn.exe 108 PID 3664 wrote to memory of 4488 3664 ddvjd.exe 109 PID 3664 wrote to memory of 4488 3664 ddvjd.exe 109 PID 3664 wrote to memory of 4488 3664 ddvjd.exe 109 PID 4488 wrote to memory of 1260 4488 3rlfrlf.exe 110
Processes
-
C:\Users\Admin\AppData\Local\Temp\53513eff05b6d4a7ad780e0877c2a4e39767501fc61b1f869456f008fdc02fe2.exe"C:\Users\Admin\AppData\Local\Temp\53513eff05b6d4a7ad780e0877c2a4e39767501fc61b1f869456f008fdc02fe2.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2096 -
\??\c:\xllxrlf.exec:\xllxrlf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4588 -
\??\c:\nhhhhn.exec:\nhhhhn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2784 -
\??\c:\pdvpp.exec:\pdvpp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2168 -
\??\c:\rxxrlfx.exec:\rxxrlfx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5020 -
\??\c:\tbtnbt.exec:\tbtnbt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:408 -
\??\c:\rrlfxxx.exec:\rrlfxxx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4260 -
\??\c:\jdddv.exec:\jdddv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3952 -
\??\c:\fxlfrlf.exec:\fxlfrlf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:864 -
\??\c:\9ffxrlf.exec:\9ffxrlf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:888 -
\??\c:\jdjdv.exec:\jdjdv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3300 -
\??\c:\frlxrlf.exec:\frlxrlf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4076 -
\??\c:\1ppvj.exec:\1ppvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4420 -
\??\c:\1rfxflr.exec:\1rfxflr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4572 -
\??\c:\tnhbbn.exec:\tnhbbn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1600 -
\??\c:\7bbthn.exec:\7bbthn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:916 -
\??\c:\pvvjv.exec:\pvvjv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:324 -
\??\c:\3fxlrlf.exec:\3fxlrlf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1204 -
\??\c:\5hnhbt.exec:\5hnhbt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1936 -
\??\c:\3tnbnn.exec:\3tnbnn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2308 -
\??\c:\ddvjd.exec:\ddvjd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3664 -
\??\c:\3rlfrlf.exec:\3rlfrlf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4488 -
\??\c:\tbbtnh.exec:\tbbtnh.exe23⤵
- Executes dropped EXE
PID:1260 -
\??\c:\dvddv.exec:\dvddv.exe24⤵
- Executes dropped EXE
PID:1508 -
\??\c:\rlxxrrr.exec:\rlxxrrr.exe25⤵
- Executes dropped EXE
PID:2932 -
\??\c:\nhnhhb.exec:\nhnhhb.exe26⤵
- Executes dropped EXE
PID:3988 -
\??\c:\vvjdj.exec:\vvjdj.exe27⤵
- Executes dropped EXE
PID:4884 -
\??\c:\frffxff.exec:\frffxff.exe28⤵
- Executes dropped EXE
PID:3892 -
\??\c:\ppddd.exec:\ppddd.exe29⤵
- Executes dropped EXE
PID:4740 -
\??\c:\rlrlfll.exec:\rlrlfll.exe30⤵
- Executes dropped EXE
PID:3832 -
\??\c:\lflxrlf.exec:\lflxrlf.exe31⤵
- Executes dropped EXE
PID:3508 -
\??\c:\1jdvv.exec:\1jdvv.exe32⤵
- Executes dropped EXE
PID:3040 -
\??\c:\rllffxf.exec:\rllffxf.exe33⤵
- Executes dropped EXE
PID:1692 -
\??\c:\hnthtt.exec:\hnthtt.exe34⤵
- Executes dropped EXE
PID:1276 -
\??\c:\jdpdp.exec:\jdpdp.exe35⤵
- Executes dropped EXE
PID:2176 -
\??\c:\3jpjv.exec:\3jpjv.exe36⤵
- Executes dropped EXE
PID:868 -
\??\c:\5rrlxfx.exec:\5rrlxfx.exe37⤵
- Executes dropped EXE
PID:2276 -
\??\c:\3hhhbb.exec:\3hhhbb.exe38⤵
- Executes dropped EXE
PID:4768 -
\??\c:\1vvvp.exec:\1vvvp.exe39⤵
- Executes dropped EXE
PID:4124 -
\??\c:\9jpjd.exec:\9jpjd.exe40⤵
- Executes dropped EXE
PID:2392 -
\??\c:\5fxxxrr.exec:\5fxxxrr.exe41⤵
- Executes dropped EXE
PID:1828 -
\??\c:\hbttbh.exec:\hbttbh.exe42⤵
- Executes dropped EXE
PID:3436 -
\??\c:\nthbnn.exec:\nthbnn.exe43⤵
- Executes dropped EXE
PID:3484 -
\??\c:\pjppv.exec:\pjppv.exe44⤵
- Executes dropped EXE
PID:1544 -
\??\c:\jdpjj.exec:\jdpjj.exe45⤵
- Executes dropped EXE
PID:3056 -
\??\c:\ttbtnn.exec:\ttbtnn.exe46⤵
- Executes dropped EXE
PID:1316 -
\??\c:\dddvp.exec:\dddvp.exe47⤵
- Executes dropped EXE
PID:1420 -
\??\c:\rxrxfll.exec:\rxrxfll.exe48⤵
- Executes dropped EXE
PID:4896 -
\??\c:\hhhhbb.exec:\hhhhbb.exe49⤵
- Executes dropped EXE
PID:4148 -
\??\c:\vpjpj.exec:\vpjpj.exe50⤵
- Executes dropped EXE
PID:4832 -
\??\c:\fxfxrll.exec:\fxfxrll.exe51⤵
- Executes dropped EXE
PID:2680 -
\??\c:\rrrfxff.exec:\rrrfxff.exe52⤵
- Executes dropped EXE
PID:4712 -
\??\c:\nhbbnb.exec:\nhbbnb.exe53⤵
- Executes dropped EXE
PID:1060 -
\??\c:\tbbbth.exec:\tbbbth.exe54⤵
- Executes dropped EXE
PID:4720 -
\??\c:\xrxrrrx.exec:\xrxrrrx.exe55⤵
- Executes dropped EXE
PID:3140 -
\??\c:\bbbbbb.exec:\bbbbbb.exe56⤵
- Executes dropped EXE
PID:1564 -
\??\c:\pvjdv.exec:\pvjdv.exe57⤵
- Executes dropped EXE
PID:4628 -
\??\c:\vvvpj.exec:\vvvpj.exe58⤵
- Executes dropped EXE
PID:1600 -
\??\c:\xfrllff.exec:\xfrllff.exe59⤵
- Executes dropped EXE
PID:1452 -
\??\c:\hhnbhh.exec:\hhnbhh.exe60⤵
- Executes dropped EXE
PID:2620 -
\??\c:\rlxrlll.exec:\rlxrlll.exe61⤵
- Executes dropped EXE
PID:2244 -
\??\c:\bbbbtt.exec:\bbbbtt.exe62⤵
- Executes dropped EXE
PID:4372 -
\??\c:\jddvp.exec:\jddvp.exe63⤵
- Executes dropped EXE
PID:2296 -
\??\c:\9ffxxlf.exec:\9ffxxlf.exe64⤵
- Executes dropped EXE
PID:1936 -
\??\c:\thtttt.exec:\thtttt.exe65⤵
- Executes dropped EXE
PID:4016 -
\??\c:\1thbnn.exec:\1thbnn.exe66⤵PID:2712
-
\??\c:\dvvpp.exec:\dvvpp.exe67⤵PID:2928
-
\??\c:\rlllllf.exec:\rlllllf.exe68⤵PID:4008
-
\??\c:\ttnntt.exec:\ttnntt.exe69⤵PID:4024
-
\??\c:\bbbbbb.exec:\bbbbbb.exe70⤵PID:4040
-
\??\c:\vpjdv.exec:\vpjdv.exe71⤵PID:4440
-
\??\c:\lffxffl.exec:\lffxffl.exe72⤵PID:3668
-
\??\c:\bnttnn.exec:\bnttnn.exe73⤵PID:4884
-
\??\c:\jjjdj.exec:\jjjdj.exe74⤵PID:3876
-
\??\c:\pjvvp.exec:\pjvvp.exe75⤵PID:4132
-
\??\c:\rlrlxlf.exec:\rlrlxlf.exe76⤵PID:1088
-
\??\c:\bttnhh.exec:\bttnhh.exe77⤵PID:3660
-
\??\c:\ppppd.exec:\ppppd.exe78⤵PID:1068
-
\??\c:\xxffrrl.exec:\xxffrrl.exe79⤵PID:232
-
\??\c:\nhhnbn.exec:\nhhnbn.exe80⤵PID:3040
-
\??\c:\3hnhtt.exec:\3hnhtt.exe81⤵PID:3880
-
\??\c:\lxfxllf.exec:\lxfxllf.exe82⤵PID:4892
-
\??\c:\7xrrllf.exec:\7xrrllf.exe83⤵PID:784
-
\??\c:\thnnhh.exec:\thnnhh.exe84⤵PID:4368
-
\??\c:\pdppj.exec:\pdppj.exe85⤵PID:4360
-
\??\c:\rlrlrrf.exec:\rlrlrrf.exe86⤵PID:2968
-
\??\c:\hhnhhn.exec:\hhnhhn.exe87⤵PID:1620
-
\??\c:\tnbbnt.exec:\tnbbnt.exe88⤵PID:3532
-
\??\c:\llrlfff.exec:\llrlfff.exe89⤵PID:4032
-
\??\c:\hhhbhn.exec:\hhhbhn.exe90⤵PID:1664
-
\??\c:\hbbthh.exec:\hbbthh.exe91⤵PID:408
-
\??\c:\dddvp.exec:\dddvp.exe92⤵PID:3056
-
\??\c:\vvdvv.exec:\vvdvv.exe93⤵PID:544
-
\??\c:\xfxrxxr.exec:\xfxrxxr.exe94⤵PID:2448
-
\??\c:\nhhhhh.exec:\nhhhhh.exe95⤵PID:3952
-
\??\c:\pppjp.exec:\pppjp.exe96⤵PID:2500
-
\??\c:\fxrlffx.exec:\fxrlffx.exe97⤵PID:2528
-
\??\c:\htbbbt.exec:\htbbbt.exe98⤵PID:2172
-
\??\c:\vpjpp.exec:\vpjpp.exe99⤵PID:4076
-
\??\c:\djvpj.exec:\djvpj.exe100⤵PID:3140
-
\??\c:\thnnbb.exec:\thnnbb.exe101⤵PID:1564
-
\??\c:\1vdpp.exec:\1vdpp.exe102⤵PID:3764
-
\??\c:\rllfxxr.exec:\rllfxxr.exe103⤵PID:4020
-
\??\c:\nhntnt.exec:\nhntnt.exe104⤵PID:1904
-
\??\c:\vdvpd.exec:\vdvpd.exe105⤵PID:3020
-
\??\c:\fxxxxxr.exec:\fxxxxxr.exe106⤵PID:3228
-
\??\c:\nhtnnh.exec:\nhtnnh.exe107⤵PID:4632
-
\??\c:\1bhbbb.exec:\1bhbbb.exe108⤵PID:1608
-
\??\c:\llllxxx.exec:\llllxxx.exe109⤵PID:4904
-
\??\c:\fxfxrrl.exec:\fxfxrrl.exe110⤵PID:3664
-
\??\c:\bttnhh.exec:\bttnhh.exe111⤵PID:4560
-
\??\c:\jjvvj.exec:\jjvvj.exe112⤵PID:4532
-
\??\c:\lllfxxf.exec:\lllfxxf.exe113⤵PID:2064
-
\??\c:\lffxfxf.exec:\lffxfxf.exe114⤵PID:3716
-
\??\c:\9bhbtt.exec:\9bhbtt.exe115⤵PID:4040
-
\??\c:\tnbbhh.exec:\tnbbhh.exe116⤵PID:3980
-
\??\c:\jjjjv.exec:\jjjjv.exe117⤵PID:3696
-
\??\c:\pdddd.exec:\pdddd.exe118⤵PID:4740
-
\??\c:\rlrlrrf.exec:\rlrlrrf.exe119⤵PID:4688
-
\??\c:\flxxxlf.exec:\flxxxlf.exe120⤵PID:728
-
\??\c:\nhnnnn.exec:\nhnnnn.exe121⤵PID:1088
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-