Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
19-03-2024 08:24
Behavioral task
behavioral1
Sample
9b4bf307bb7f5e4dd8a8e6b969a800562de25c9f2dfc5118f0f250aa0362f2f8.exe
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
General
-
Target
9b4bf307bb7f5e4dd8a8e6b969a800562de25c9f2dfc5118f0f250aa0362f2f8.exe
-
Size
184KB
-
MD5
d35cf1672bef20f1a0d6442879741abf
-
SHA1
80f6635dc1e65f6930d7779ad56ddd136067211d
-
SHA256
9b4bf307bb7f5e4dd8a8e6b969a800562de25c9f2dfc5118f0f250aa0362f2f8
-
SHA512
5c9f563abbad726887bc2c7809ea10af6633a31aa3a97413bb2b4adcddbdada4fee246a34cf39655acdc95a3a38f6ca16c1dbc53056e7820596becff73bb2479
-
SSDEEP
3072:3hOmTsF93UYfwC6GIoutw8YcvrqrE66kropO6BWlPFH4tw1D43eMM:3cm4FmowdHoSzhraHcpOFltH4twl43vM
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/3464-4-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4124-12-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4816-18-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3340-16-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2576-27-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2720-36-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4400-31-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/264-55-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2308-59-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4964-46-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/640-77-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4888-73-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3568-100-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4904-94-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/756-107-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/1664-126-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2636-122-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3508-136-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2836-132-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2044-143-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/1416-154-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2908-166-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3844-174-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/592-178-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2476-182-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/1616-188-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/1936-192-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4832-198-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/896-203-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2368-202-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4116-207-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4136-218-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2040-225-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/1600-230-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3020-234-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2024-244-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2056-255-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/5088-262-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4944-265-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3380-273-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4372-280-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/1408-297-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/1652-304-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/744-347-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2584-361-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4632-365-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/776-380-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/384-388-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4336-397-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/220-415-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/1428-440-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/1644-445-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3656-448-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2992-476-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2300-480-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2204-495-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3444-498-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4220-642-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4296-653-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2680-686-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2312-690-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3304-742-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4440-815-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2912-842-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/3464-0-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x000300000001e9a0-3.dat UPX behavioral2/memory/3464-4-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/memory/4124-6-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x000f000000023140-9.dat UPX behavioral2/files/0x00090000000231c2-11.dat UPX behavioral2/memory/4124-12-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/memory/4816-18-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x000700000002320d-20.dat UPX behavioral2/memory/3340-16-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x000700000002320e-25.dat UPX behavioral2/memory/2576-27-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x000700000002320f-32.dat UPX behavioral2/files/0x0007000000023210-37.dat UPX behavioral2/memory/2720-36-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/memory/4400-31-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x0007000000023211-40.dat UPX behavioral2/memory/264-55-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/memory/2308-59-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x0007000000023215-58.dat UPX behavioral2/files/0x0007000000023216-65.dat UPX behavioral2/files/0x0007000000023214-53.dat UPX behavioral2/memory/4964-46-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x0007000000023213-48.dat UPX behavioral2/files/0x0007000000023217-69.dat UPX behavioral2/files/0x0007000000023218-75.dat UPX behavioral2/files/0x0007000000023219-79.dat UPX behavioral2/memory/640-77-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/memory/4888-73-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x000700000002321a-86.dat UPX behavioral2/files/0x000700000002321b-90.dat UPX behavioral2/memory/3568-100-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/memory/4904-94-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x000700000002321c-96.dat UPX behavioral2/files/0x000700000002321d-101.dat UPX behavioral2/memory/756-107-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x000a000000023203-105.dat UPX behavioral2/files/0x000700000002321e-111.dat UPX behavioral2/files/0x000700000002321f-118.dat UPX behavioral2/files/0x0007000000023220-121.dat UPX behavioral2/memory/1664-126-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/memory/2636-122-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x0007000000023221-127.dat UPX behavioral2/files/0x0007000000023222-134.dat UPX behavioral2/memory/3508-136-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/memory/2836-132-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x0007000000023223-139.dat UPX behavioral2/memory/2044-143-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x0007000000023224-145.dat UPX behavioral2/memory/1416-154-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x0007000000023226-155.dat UPX behavioral2/memory/3068-157-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x0007000000023225-149.dat UPX behavioral2/files/0x0007000000023227-162.dat UPX behavioral2/files/0x0007000000023228-165.dat UPX behavioral2/memory/2908-166-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x0007000000023229-171.dat UPX behavioral2/memory/3844-174-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/memory/592-178-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/memory/2476-182-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/memory/1616-188-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/memory/1936-189-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/memory/1936-192-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/memory/4832-198-0x0000000000400000-0x0000000000432000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 4124 lxrfxlf.exe 4816 tnbnht.exe 3340 pdjjp.exe 2576 ppvvp.exe 4400 bhhtth.exe 2720 7djdd.exe 2832 3fxrffr.exe 4964 9jdvv.exe 1104 lrxrllx.exe 264 fllrlfr.exe 2308 ntnnnn.exe 3264 jvpjd.exe 4888 fxxllff.exe 640 nhnhnh.exe 3584 3jvpj.exe 632 ffrffff.exe 4904 7tnhbb.exe 3568 3tnhnn.exe 756 xffxllf.exe 60 9djjp.exe 696 rffrfxr.exe 2636 nbbnnt.exe 1664 1dvpd.exe 2836 7fxxlfx.exe 3508 bbhbbb.exe 2044 3pjvj.exe 3400 7tnthn.exe 1416 5ddvp.exe 3068 rlrrrfx.exe 2908 jpvdd.exe 3092 frrfllf.exe 3844 nthbnt.exe 592 5dpvd.exe 2476 llfxrll.exe 1616 7lxrffr.exe 1936 ntntnt.exe 1036 1rlfxxr.exe 4832 tnhbtn.exe 2368 vvjvp.exe 896 bbthtn.exe 4116 ppvvv.exe 3420 9xxllfx.exe 4744 vjvpd.exe 4136 lrllxxr.exe 1252 rrrlllf.exe 2040 7hhhhh.exe 4176 5xxrffr.exe 1600 9fxxxlf.exe 3020 tttnhh.exe 4340 vjjdp.exe 4364 9lxlxrl.exe 2024 tnhhtt.exe 2612 bhbtnn.exe 952 fxrlrlf.exe 2056 pvpdv.exe 2308 1jvjv.exe 5088 lllfxxl.exe 4944 rffxxrf.exe 4708 pvvjd.exe 4888 lxxxlfr.exe 3380 rxrfrfx.exe 780 nhntnh.exe 4372 bnhhnt.exe 632 vdddp.exe -
resource yara_rule behavioral2/memory/3464-0-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x000300000001e9a0-3.dat upx behavioral2/memory/3464-4-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/memory/4124-6-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x000f000000023140-9.dat upx behavioral2/files/0x00090000000231c2-11.dat upx behavioral2/memory/4124-12-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/memory/4816-18-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x000700000002320d-20.dat upx behavioral2/memory/3340-16-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x000700000002320e-25.dat upx behavioral2/memory/2576-27-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x000700000002320f-32.dat upx behavioral2/files/0x0007000000023210-37.dat upx behavioral2/memory/2720-36-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/memory/4400-31-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x0007000000023211-40.dat upx behavioral2/memory/264-55-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/memory/2308-59-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x0007000000023215-58.dat upx behavioral2/files/0x0007000000023216-65.dat upx behavioral2/files/0x0007000000023214-53.dat upx behavioral2/memory/4964-46-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x0007000000023213-48.dat upx behavioral2/files/0x0007000000023217-69.dat upx behavioral2/files/0x0007000000023218-75.dat upx behavioral2/files/0x0007000000023219-79.dat upx behavioral2/memory/640-77-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/memory/4888-73-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x000700000002321a-86.dat upx behavioral2/files/0x000700000002321b-90.dat upx behavioral2/memory/3568-100-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/memory/4904-94-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x000700000002321c-96.dat upx behavioral2/files/0x000700000002321d-101.dat upx behavioral2/memory/756-107-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x000a000000023203-105.dat upx behavioral2/files/0x000700000002321e-111.dat upx behavioral2/files/0x000700000002321f-118.dat upx behavioral2/files/0x0007000000023220-121.dat upx behavioral2/memory/1664-126-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/memory/2636-122-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x0007000000023221-127.dat upx behavioral2/files/0x0007000000023222-134.dat upx behavioral2/memory/3508-136-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/memory/2836-132-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x0007000000023223-139.dat upx behavioral2/memory/2044-143-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x0007000000023224-145.dat upx behavioral2/memory/1416-154-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x0007000000023226-155.dat upx behavioral2/memory/3068-157-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x0007000000023225-149.dat upx behavioral2/files/0x0007000000023227-162.dat upx behavioral2/files/0x0007000000023228-165.dat upx behavioral2/memory/2908-166-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x0007000000023229-171.dat upx behavioral2/memory/3844-174-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/memory/592-178-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/memory/2476-182-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/memory/1616-188-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/memory/1936-189-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/memory/1936-192-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/memory/4832-198-0x0000000000400000-0x0000000000432000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3464 wrote to memory of 4124 3464 9b4bf307bb7f5e4dd8a8e6b969a800562de25c9f2dfc5118f0f250aa0362f2f8.exe 87 PID 3464 wrote to memory of 4124 3464 9b4bf307bb7f5e4dd8a8e6b969a800562de25c9f2dfc5118f0f250aa0362f2f8.exe 87 PID 3464 wrote to memory of 4124 3464 9b4bf307bb7f5e4dd8a8e6b969a800562de25c9f2dfc5118f0f250aa0362f2f8.exe 87 PID 4124 wrote to memory of 4816 4124 lxrfxlf.exe 88 PID 4124 wrote to memory of 4816 4124 lxrfxlf.exe 88 PID 4124 wrote to memory of 4816 4124 lxrfxlf.exe 88 PID 4816 wrote to memory of 3340 4816 tnbnht.exe 89 PID 4816 wrote to memory of 3340 4816 tnbnht.exe 89 PID 4816 wrote to memory of 3340 4816 tnbnht.exe 89 PID 3340 wrote to memory of 2576 3340 pdjjp.exe 90 PID 3340 wrote to memory of 2576 3340 pdjjp.exe 90 PID 3340 wrote to memory of 2576 3340 pdjjp.exe 90 PID 2576 wrote to memory of 4400 2576 ppvvp.exe 91 PID 2576 wrote to memory of 4400 2576 ppvvp.exe 91 PID 2576 wrote to memory of 4400 2576 ppvvp.exe 91 PID 4400 wrote to memory of 2720 4400 bhhtth.exe 92 PID 4400 wrote to memory of 2720 4400 bhhtth.exe 92 PID 4400 wrote to memory of 2720 4400 bhhtth.exe 92 PID 2720 wrote to memory of 2832 2720 7djdd.exe 93 PID 2720 wrote to memory of 2832 2720 7djdd.exe 93 PID 2720 wrote to memory of 2832 2720 7djdd.exe 93 PID 2832 wrote to memory of 4964 2832 3fxrffr.exe 94 PID 2832 wrote to memory of 4964 2832 3fxrffr.exe 94 PID 2832 wrote to memory of 4964 2832 3fxrffr.exe 94 PID 4964 wrote to memory of 1104 4964 9jdvv.exe 95 PID 4964 wrote to memory of 1104 4964 9jdvv.exe 95 PID 4964 wrote to memory of 1104 4964 9jdvv.exe 95 PID 1104 wrote to memory of 264 1104 lrxrllx.exe 96 PID 1104 wrote to memory of 264 1104 lrxrllx.exe 96 PID 1104 wrote to memory of 264 1104 lrxrllx.exe 96 PID 264 wrote to memory of 2308 264 fllrlfr.exe 97 PID 264 wrote to memory of 2308 264 fllrlfr.exe 97 PID 264 wrote to memory of 2308 264 fllrlfr.exe 97 PID 2308 wrote to memory of 3264 2308 ntnnnn.exe 98 PID 2308 wrote to memory of 3264 2308 ntnnnn.exe 98 PID 2308 wrote to memory of 3264 2308 ntnnnn.exe 98 PID 3264 wrote to memory of 4888 3264 jvpjd.exe 99 PID 3264 wrote to memory of 4888 3264 jvpjd.exe 99 PID 3264 wrote to memory of 4888 3264 jvpjd.exe 99 PID 4888 wrote to memory of 640 4888 fxxllff.exe 100 PID 4888 wrote to memory of 640 4888 fxxllff.exe 100 PID 4888 wrote to memory of 640 4888 fxxllff.exe 100 PID 640 wrote to memory of 3584 640 nhnhnh.exe 101 PID 640 wrote to memory of 3584 640 nhnhnh.exe 101 PID 640 wrote to memory of 3584 640 nhnhnh.exe 101 PID 3584 wrote to memory of 632 3584 3jvpj.exe 102 PID 3584 wrote to memory of 632 3584 3jvpj.exe 102 PID 3584 wrote to memory of 632 3584 3jvpj.exe 102 PID 632 wrote to memory of 4904 632 ffrffff.exe 103 PID 632 wrote to memory of 4904 632 ffrffff.exe 103 PID 632 wrote to memory of 4904 632 ffrffff.exe 103 PID 4904 wrote to memory of 3568 4904 7tnhbb.exe 104 PID 4904 wrote to memory of 3568 4904 7tnhbb.exe 104 PID 4904 wrote to memory of 3568 4904 7tnhbb.exe 104 PID 3568 wrote to memory of 756 3568 3tnhnn.exe 105 PID 3568 wrote to memory of 756 3568 3tnhnn.exe 105 PID 3568 wrote to memory of 756 3568 3tnhnn.exe 105 PID 756 wrote to memory of 60 756 xffxllf.exe 106 PID 756 wrote to memory of 60 756 xffxllf.exe 106 PID 756 wrote to memory of 60 756 xffxllf.exe 106 PID 60 wrote to memory of 696 60 9djjp.exe 107 PID 60 wrote to memory of 696 60 9djjp.exe 107 PID 60 wrote to memory of 696 60 9djjp.exe 107 PID 696 wrote to memory of 2636 696 rffrfxr.exe 108
Processes
-
C:\Users\Admin\AppData\Local\Temp\9b4bf307bb7f5e4dd8a8e6b969a800562de25c9f2dfc5118f0f250aa0362f2f8.exe"C:\Users\Admin\AppData\Local\Temp\9b4bf307bb7f5e4dd8a8e6b969a800562de25c9f2dfc5118f0f250aa0362f2f8.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3464 -
\??\c:\lxrfxlf.exec:\lxrfxlf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4124 -
\??\c:\tnbnht.exec:\tnbnht.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4816 -
\??\c:\pdjjp.exec:\pdjjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3340 -
\??\c:\ppvvp.exec:\ppvvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2576 -
\??\c:\bhhtth.exec:\bhhtth.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4400 -
\??\c:\7djdd.exec:\7djdd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2720 -
\??\c:\3fxrffr.exec:\3fxrffr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2832 -
\??\c:\9jdvv.exec:\9jdvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4964 -
\??\c:\lrxrllx.exec:\lrxrllx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1104 -
\??\c:\fllrlfr.exec:\fllrlfr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:264 -
\??\c:\ntnnnn.exec:\ntnnnn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2308 -
\??\c:\jvpjd.exec:\jvpjd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3264 -
\??\c:\fxxllff.exec:\fxxllff.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4888 -
\??\c:\nhnhnh.exec:\nhnhnh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:640 -
\??\c:\3jvpj.exec:\3jvpj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3584 -
\??\c:\ffrffff.exec:\ffrffff.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:632 -
\??\c:\7tnhbb.exec:\7tnhbb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4904 -
\??\c:\3tnhnn.exec:\3tnhnn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3568 -
\??\c:\xffxllf.exec:\xffxllf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:756 -
\??\c:\9djjp.exec:\9djjp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:60 -
\??\c:\rffrfxr.exec:\rffrfxr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:696 -
\??\c:\nbbnnt.exec:\nbbnnt.exe23⤵
- Executes dropped EXE
PID:2636 -
\??\c:\1dvpd.exec:\1dvpd.exe24⤵
- Executes dropped EXE
PID:1664 -
\??\c:\7fxxlfx.exec:\7fxxlfx.exe25⤵
- Executes dropped EXE
PID:2836 -
\??\c:\bbhbbb.exec:\bbhbbb.exe26⤵
- Executes dropped EXE
PID:3508 -
\??\c:\3pjvj.exec:\3pjvj.exe27⤵
- Executes dropped EXE
PID:2044 -
\??\c:\7tnthn.exec:\7tnthn.exe28⤵
- Executes dropped EXE
PID:3400 -
\??\c:\5ddvp.exec:\5ddvp.exe29⤵
- Executes dropped EXE
PID:1416 -
\??\c:\rlrrrfx.exec:\rlrrrfx.exe30⤵
- Executes dropped EXE
PID:3068 -
\??\c:\jpvdd.exec:\jpvdd.exe31⤵
- Executes dropped EXE
PID:2908 -
\??\c:\frrfllf.exec:\frrfllf.exe32⤵
- Executes dropped EXE
PID:3092 -
\??\c:\nthbnt.exec:\nthbnt.exe33⤵
- Executes dropped EXE
PID:3844 -
\??\c:\5dpvd.exec:\5dpvd.exe34⤵
- Executes dropped EXE
PID:592 -
\??\c:\llfxrll.exec:\llfxrll.exe35⤵
- Executes dropped EXE
PID:2476 -
\??\c:\7lxrffr.exec:\7lxrffr.exe36⤵
- Executes dropped EXE
PID:1616 -
\??\c:\ntntnt.exec:\ntntnt.exe37⤵
- Executes dropped EXE
PID:1936 -
\??\c:\1rlfxxr.exec:\1rlfxxr.exe38⤵
- Executes dropped EXE
PID:1036 -
\??\c:\tnhbtn.exec:\tnhbtn.exe39⤵
- Executes dropped EXE
PID:4832 -
\??\c:\vvjvp.exec:\vvjvp.exe40⤵
- Executes dropped EXE
PID:2368 -
\??\c:\bbthtn.exec:\bbthtn.exe41⤵
- Executes dropped EXE
PID:896 -
\??\c:\ppvvv.exec:\ppvvv.exe42⤵
- Executes dropped EXE
PID:4116 -
\??\c:\9xxllfx.exec:\9xxllfx.exe43⤵
- Executes dropped EXE
PID:3420 -
\??\c:\vjvpd.exec:\vjvpd.exe44⤵
- Executes dropped EXE
PID:4744 -
\??\c:\lrllxxr.exec:\lrllxxr.exe45⤵
- Executes dropped EXE
PID:4136 -
\??\c:\rrrlllf.exec:\rrrlllf.exe46⤵
- Executes dropped EXE
PID:1252 -
\??\c:\7hhhhh.exec:\7hhhhh.exe47⤵
- Executes dropped EXE
PID:2040 -
\??\c:\5xxrffr.exec:\5xxrffr.exe48⤵
- Executes dropped EXE
PID:4176 -
\??\c:\9fxxxlf.exec:\9fxxxlf.exe49⤵
- Executes dropped EXE
PID:1600 -
\??\c:\tttnhh.exec:\tttnhh.exe50⤵
- Executes dropped EXE
PID:3020 -
\??\c:\vjjdp.exec:\vjjdp.exe51⤵
- Executes dropped EXE
PID:4340 -
\??\c:\9lxlxrl.exec:\9lxlxrl.exe52⤵
- Executes dropped EXE
PID:4364 -
\??\c:\tnhhtt.exec:\tnhhtt.exe53⤵
- Executes dropped EXE
PID:2024 -
\??\c:\bhbtnn.exec:\bhbtnn.exe54⤵
- Executes dropped EXE
PID:2612 -
\??\c:\fxrlrlf.exec:\fxrlrlf.exe55⤵
- Executes dropped EXE
PID:952 -
\??\c:\pvpdv.exec:\pvpdv.exe56⤵
- Executes dropped EXE
PID:2056 -
\??\c:\1jvjv.exec:\1jvjv.exe57⤵
- Executes dropped EXE
PID:2308 -
\??\c:\lllfxxl.exec:\lllfxxl.exe58⤵
- Executes dropped EXE
PID:5088 -
\??\c:\rffxxrf.exec:\rffxxrf.exe59⤵
- Executes dropped EXE
PID:4944 -
\??\c:\pvvjd.exec:\pvvjd.exe60⤵
- Executes dropped EXE
PID:4708 -
\??\c:\lxxxlfr.exec:\lxxxlfr.exe61⤵
- Executes dropped EXE
PID:4888 -
\??\c:\rxrfrfx.exec:\rxrfrfx.exe62⤵
- Executes dropped EXE
PID:3380 -
\??\c:\nhntnh.exec:\nhntnh.exe63⤵
- Executes dropped EXE
PID:780 -
\??\c:\bnhhnt.exec:\bnhhnt.exe64⤵
- Executes dropped EXE
PID:4372 -
\??\c:\vdddp.exec:\vdddp.exe65⤵
- Executes dropped EXE
PID:632 -
\??\c:\7fxrfrl.exec:\7fxrfrl.exe66⤵PID:2284
-
\??\c:\nbtnnh.exec:\nbtnnh.exe67⤵PID:2396
-
\??\c:\9ppjd.exec:\9ppjd.exe68⤵PID:1408
-
\??\c:\xxlfxfx.exec:\xxlfxfx.exe69⤵PID:4056
-
\??\c:\xrrlrll.exec:\xrrlrll.exe70⤵PID:3304
-
\??\c:\hbtnhb.exec:\hbtnhb.exe71⤵PID:1652
-
\??\c:\vvjvp.exec:\vvjvp.exe72⤵PID:1896
-
\??\c:\xrlxrrx.exec:\xrlxrrx.exe73⤵PID:700
-
\??\c:\bhnbtn.exec:\bhnbtn.exe74⤵PID:3508
-
\??\c:\ttnhtn.exec:\ttnhtn.exe75⤵PID:4312
-
\??\c:\jvvjv.exec:\jvvjv.exe76⤵PID:392
-
\??\c:\rlxlflx.exec:\rlxlflx.exe77⤵PID:840
-
\??\c:\tbtnbt.exec:\tbtnbt.exe78⤵PID:4636
-
\??\c:\3tnbbt.exec:\3tnbbt.exe79⤵PID:3800
-
\??\c:\vvvvj.exec:\vvvvj.exe80⤵PID:4660
-
\??\c:\fxxlxrl.exec:\fxxlxrl.exe81⤵PID:216
-
\??\c:\7hhtnn.exec:\7hhtnn.exe82⤵PID:5072
-
\??\c:\bnnbtt.exec:\bnnbtt.exe83⤵PID:4972
-
\??\c:\dvddd.exec:\dvddd.exe84⤵PID:744
-
\??\c:\frrxlfl.exec:\frrxlfl.exe85⤵PID:4432
-
\??\c:\nhhbbt.exec:\nhhbbt.exe86⤵PID:3924
-
\??\c:\jjdvd.exec:\jjdvd.exe87⤵PID:1616
-
\??\c:\jpppp.exec:\jpppp.exe88⤵PID:2732
-
\??\c:\xrfrflf.exec:\xrfrflf.exe89⤵PID:2584
-
\??\c:\btbtbt.exec:\btbtbt.exe90⤵PID:4632
-
\??\c:\3tnnhb.exec:\3tnnhb.exe91⤵PID:2860
-
\??\c:\jppjv.exec:\jppjv.exe92⤵PID:412
-
\??\c:\hbtnbt.exec:\hbtnbt.exe93⤵PID:4540
-
\??\c:\nthhnt.exec:\nthhnt.exe94⤵PID:776
-
\??\c:\5ppjv.exec:\5ppjv.exe95⤵PID:624
-
\??\c:\vpdpp.exec:\vpdpp.exe96⤵PID:384
-
\??\c:\fxlfxxl.exec:\fxlfxxl.exe97⤵PID:1832
-
\??\c:\hhtnhb.exec:\hhtnhb.exe98⤵PID:1600
-
\??\c:\pdjdj.exec:\pdjdj.exe99⤵PID:4336
-
\??\c:\7xxlrrl.exec:\7xxlrrl.exe100⤵PID:3848
-
\??\c:\hbthhb.exec:\hbthhb.exe101⤵PID:3788
-
\??\c:\jjjdv.exec:\jjjdv.exe102⤵PID:4308
-
\??\c:\djvpd.exec:\djvpd.exe103⤵PID:3240
-
\??\c:\fflrlrl.exec:\fflrlrl.exe104⤵PID:1544
-
\??\c:\htnnhh.exec:\htnnhh.exe105⤵PID:220
-
\??\c:\httthb.exec:\httthb.exe106⤵PID:4880
-
\??\c:\7rrlfxr.exec:\7rrlfxr.exe107⤵PID:2252
-
\??\c:\lfrlxrr.exec:\lfrlxrr.exe108⤵PID:4648
-
\??\c:\htnbtn.exec:\htnbtn.exe109⤵PID:4888
-
\??\c:\dvpjv.exec:\dvpjv.exe110⤵PID:640
-
\??\c:\rrxrrrl.exec:\rrxrrrl.exe111⤵PID:780
-
\??\c:\htbtnn.exec:\htbtnn.exe112⤵PID:3224
-
\??\c:\hbbtnh.exec:\hbbtnh.exe113⤵PID:1428
-
\??\c:\pvvjv.exec:\pvvjv.exe114⤵PID:1644
-
\??\c:\ddvjv.exec:\ddvjv.exe115⤵PID:3656
-
\??\c:\htbthb.exec:\htbthb.exe116⤵PID:892
-
\??\c:\bhbtnh.exec:\bhbtnh.exe117⤵PID:1432
-
\??\c:\5djdd.exec:\5djdd.exe118⤵PID:3752
-
\??\c:\fxxrrlr.exec:\fxxrrlr.exe119⤵PID:4672
-
\??\c:\bntbtt.exec:\bntbtt.exe120⤵PID:2836
-
\??\c:\jpjjv.exec:\jpjjv.exe121⤵PID:2188
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-