Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
19/03/2024, 21:11
Behavioral task
behavioral1
Sample
6bb302a06b42a535862e8fc5b0662e332e5be71ed8a83f4c33fc3beb6e5a630c.exe
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
General
-
Target
6bb302a06b42a535862e8fc5b0662e332e5be71ed8a83f4c33fc3beb6e5a630c.exe
-
Size
245KB
-
MD5
c2e17e081400ab7aec58e7efd8695317
-
SHA1
bd2aca732f3cd6b9be61ef4f592a85b1b9faac8c
-
SHA256
6bb302a06b42a535862e8fc5b0662e332e5be71ed8a83f4c33fc3beb6e5a630c
-
SHA512
0f8816b904dabd37881824afe2517aed800f8c1c4432dd3831567367b86b1a5be08af4e47d5c678eb778198408d4e11ac627fb29da5d174ba977a13d6d7e56f1
-
SSDEEP
6144:Bcm4FmowdHoSYrsyhraHcpOFltH4tVj6dx:L4wFHoSYg2eFp2j6n
Malware Config
Signatures
-
Detect Blackmoon payload 63 IoCs
resource yara_rule behavioral2/memory/3296-7-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1824-23-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4948-13-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4700-3-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2024-29-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4440-36-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1748-44-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4372-47-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/5112-54-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2104-58-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2444-64-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/800-69-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1180-81-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3596-87-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1296-95-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/228-79-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/800-75-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/864-106-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2736-126-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1016-120-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3800-139-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3684-132-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1428-144-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1528-171-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1608-166-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4732-183-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1888-177-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3360-190-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/868-207-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/5016-213-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1360-216-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2408-219-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3488-231-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4864-238-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4308-243-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3572-255-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/5028-267-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3636-275-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4116-278-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3472-285-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4372-288-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1580-307-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4460-345-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2176-343-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2540-348-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3800-357-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1564-376-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4820-405-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3432-418-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1128-443-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2132-461-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3556-479-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1748-482-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/448-480-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4500-506-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4532-513-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1776-547-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1736-579-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3804-586-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3316-726-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1404-790-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/404-807-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3316-1116-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/4700-0-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x0007000000023039-4.dat UPX behavioral2/memory/3296-7-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x0008000000023211-9.dat UPX behavioral2/files/0x0006000000023216-12.dat UPX behavioral2/memory/1824-23-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x0006000000023217-22.dat UPX behavioral2/memory/1824-17-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/memory/4948-13-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/memory/4700-3-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x0006000000023218-26.dat UPX behavioral2/memory/2024-29-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x0006000000023219-31.dat UPX behavioral2/memory/4440-36-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x000600000002321a-39.dat UPX behavioral2/files/0x000600000002321b-43.dat UPX behavioral2/memory/1748-44-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/memory/4372-47-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x000600000002321d-49.dat UPX behavioral2/files/0x000600000002321e-56.dat UPX behavioral2/memory/5112-54-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/memory/2104-58-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x000600000002321f-62.dat UPX behavioral2/memory/2444-64-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x0006000000023220-68.dat UPX behavioral2/memory/800-69-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x0006000000023221-73.dat UPX behavioral2/files/0x0006000000023222-77.dat UPX behavioral2/memory/1180-81-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x0006000000023223-84.dat UPX behavioral2/memory/3596-87-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/memory/1296-92-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/memory/1296-95-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x0006000000023225-96.dat UPX behavioral2/files/0x0006000000023224-91.dat UPX behavioral2/memory/228-79-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/memory/800-75-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x0006000000023226-100.dat UPX behavioral2/files/0x0006000000023226-101.dat UPX behavioral2/memory/864-106-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x0006000000023227-107.dat UPX behavioral2/files/0x0006000000023228-111.dat UPX behavioral2/files/0x0006000000023229-117.dat UPX behavioral2/memory/2736-126-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/memory/1016-120-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/memory/3800-139-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x000600000002322d-142.dat UPX behavioral2/files/0x000600000002322c-136.dat UPX behavioral2/memory/3684-132-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x000600000002322b-130.dat UPX behavioral2/files/0x000600000002322a-124.dat UPX behavioral2/memory/1428-144-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x000600000002322e-148.dat UPX behavioral2/files/0x0006000000023230-157.dat UPX behavioral2/files/0x000600000002322f-152.dat UPX behavioral2/files/0x0006000000023231-162.dat UPX behavioral2/memory/1528-171-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x0006000000023233-175.dat UPX behavioral2/files/0x0006000000023232-169.dat UPX behavioral2/memory/1608-166-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/memory/4732-183-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x0006000000023234-181.dat UPX behavioral2/memory/1888-177-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/memory/3360-190-0x0000000000400000-0x0000000000434000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 3296 hbhbbb.exe 4948 3hhbtt.exe 1824 9vjdv.exe 4872 xlfxlrf.exe 2024 htttht.exe 4440 1ffxflr.exe 1748 bnhbtn.exe 4372 xxxffff.exe 5112 llrrffl.exe 2104 1pjpj.exe 2444 3vvpv.exe 800 fxrxxlr.exe 1180 jpppp.exe 228 ppppp.exe 3596 7fffxxf.exe 1296 djjdj.exe 2884 frrrlll.exe 864 7hnnhh.exe 3616 1pjdp.exe 4460 nnhbbb.exe 1016 jjppp.exe 2736 llflfxl.exe 3684 5nnbtb.exe 3800 1rfxffl.exe 1428 nthnhn.exe 4120 dvdvv.exe 3552 tnhbnn.exe 3600 jjjvj.exe 1608 xfxrxxl.exe 1528 hbtnnn.exe 1888 vddjd.exe 4732 hbbnhb.exe 620 ppvjd.exe 3360 rlxxxxl.exe 932 hhbtth.exe 3576 jppdj.exe 3972 jvdpd.exe 4712 lrrllfx.exe 868 3bbthb.exe 4324 lrrlfxr.exe 5016 bttntt.exe 1360 9vvjv.exe 2408 5hhhbb.exe 4896 lxxrrlx.exe 4244 tnttnn.exe 3488 jjvpp.exe 1620 7xxxxxf.exe 4864 rrlfrfr.exe 4308 nbhbtb.exe 4352 xxxrlrl.exe 3464 rflffff.exe 4700 ntbtnh.exe 3572 5hnhtn.exe 4104 vvpjp.exe 1824 bbhhnn.exe 2876 tnhbth.exe 5028 jjppd.exe 4044 rrlfxrr.exe 3636 llxrxxf.exe 4116 bhhnhh.exe 4052 vjpvp.exe 3472 jdpjp.exe 4372 3flfrlx.exe 3740 tnhbbt.exe -
resource yara_rule behavioral2/memory/4700-0-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x0007000000023039-4.dat upx behavioral2/memory/3296-7-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x0008000000023211-9.dat upx behavioral2/files/0x0006000000023216-12.dat upx behavioral2/memory/1824-23-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x0006000000023217-22.dat upx behavioral2/memory/1824-17-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/memory/4948-13-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/memory/4700-3-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x0006000000023218-26.dat upx behavioral2/memory/2024-29-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x0006000000023219-31.dat upx behavioral2/memory/4440-36-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x000600000002321a-39.dat upx behavioral2/files/0x000600000002321b-43.dat upx behavioral2/memory/1748-44-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/memory/4372-47-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x000600000002321d-49.dat upx behavioral2/files/0x000600000002321e-56.dat upx behavioral2/memory/5112-54-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/memory/2104-58-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x000600000002321f-62.dat upx behavioral2/memory/2444-64-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x0006000000023220-68.dat upx behavioral2/memory/800-69-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x0006000000023221-73.dat upx behavioral2/files/0x0006000000023222-77.dat upx behavioral2/memory/1180-81-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x0006000000023223-84.dat upx behavioral2/memory/3596-87-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/memory/1296-92-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/memory/1296-95-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x0006000000023225-96.dat upx behavioral2/files/0x0006000000023224-91.dat upx behavioral2/memory/228-79-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/memory/800-75-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x0006000000023226-100.dat upx behavioral2/files/0x0006000000023226-101.dat upx behavioral2/memory/864-106-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x0006000000023227-107.dat upx behavioral2/files/0x0006000000023228-111.dat upx behavioral2/files/0x0006000000023229-117.dat upx behavioral2/memory/2736-126-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/memory/1016-120-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/memory/3800-139-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x000600000002322d-142.dat upx behavioral2/files/0x000600000002322c-136.dat upx behavioral2/memory/3684-132-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x000600000002322b-130.dat upx behavioral2/files/0x000600000002322a-124.dat upx behavioral2/memory/1428-144-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x000600000002322e-148.dat upx behavioral2/files/0x0006000000023230-157.dat upx behavioral2/files/0x000600000002322f-152.dat upx behavioral2/files/0x0006000000023231-162.dat upx behavioral2/memory/1528-171-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x0006000000023233-175.dat upx behavioral2/files/0x0006000000023232-169.dat upx behavioral2/memory/1608-166-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/memory/4732-183-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x0006000000023234-181.dat upx behavioral2/memory/1888-177-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/memory/3360-190-0x0000000000400000-0x0000000000434000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4700 wrote to memory of 3296 4700 6bb302a06b42a535862e8fc5b0662e332e5be71ed8a83f4c33fc3beb6e5a630c.exe 85 PID 4700 wrote to memory of 3296 4700 6bb302a06b42a535862e8fc5b0662e332e5be71ed8a83f4c33fc3beb6e5a630c.exe 85 PID 4700 wrote to memory of 3296 4700 6bb302a06b42a535862e8fc5b0662e332e5be71ed8a83f4c33fc3beb6e5a630c.exe 85 PID 3296 wrote to memory of 4948 3296 hbhbbb.exe 86 PID 3296 wrote to memory of 4948 3296 hbhbbb.exe 86 PID 3296 wrote to memory of 4948 3296 hbhbbb.exe 86 PID 4948 wrote to memory of 1824 4948 3hhbtt.exe 87 PID 4948 wrote to memory of 1824 4948 3hhbtt.exe 87 PID 4948 wrote to memory of 1824 4948 3hhbtt.exe 87 PID 1824 wrote to memory of 4872 1824 9vjdv.exe 88 PID 1824 wrote to memory of 4872 1824 9vjdv.exe 88 PID 1824 wrote to memory of 4872 1824 9vjdv.exe 88 PID 4872 wrote to memory of 2024 4872 xlfxlrf.exe 89 PID 4872 wrote to memory of 2024 4872 xlfxlrf.exe 89 PID 4872 wrote to memory of 2024 4872 xlfxlrf.exe 89 PID 2024 wrote to memory of 4440 2024 htttht.exe 90 PID 2024 wrote to memory of 4440 2024 htttht.exe 90 PID 2024 wrote to memory of 4440 2024 htttht.exe 90 PID 4440 wrote to memory of 1748 4440 1ffxflr.exe 91 PID 4440 wrote to memory of 1748 4440 1ffxflr.exe 91 PID 4440 wrote to memory of 1748 4440 1ffxflr.exe 91 PID 1748 wrote to memory of 4372 1748 bnhbtn.exe 92 PID 1748 wrote to memory of 4372 1748 bnhbtn.exe 92 PID 1748 wrote to memory of 4372 1748 bnhbtn.exe 92 PID 4372 wrote to memory of 5112 4372 xxxffff.exe 93 PID 4372 wrote to memory of 5112 4372 xxxffff.exe 93 PID 4372 wrote to memory of 5112 4372 xxxffff.exe 93 PID 5112 wrote to memory of 2104 5112 llrrffl.exe 94 PID 5112 wrote to memory of 2104 5112 llrrffl.exe 94 PID 5112 wrote to memory of 2104 5112 llrrffl.exe 94 PID 2104 wrote to memory of 2444 2104 1pjpj.exe 95 PID 2104 wrote to memory of 2444 2104 1pjpj.exe 95 PID 2104 wrote to memory of 2444 2104 1pjpj.exe 95 PID 2444 wrote to memory of 800 2444 3vvpv.exe 96 PID 2444 wrote to memory of 800 2444 3vvpv.exe 96 PID 2444 wrote to memory of 800 2444 3vvpv.exe 96 PID 800 wrote to memory of 1180 800 fxrxxlr.exe 97 PID 800 wrote to memory of 1180 800 fxrxxlr.exe 97 PID 800 wrote to memory of 1180 800 fxrxxlr.exe 97 PID 1180 wrote to memory of 228 1180 jpppp.exe 98 PID 1180 wrote to memory of 228 1180 jpppp.exe 98 PID 1180 wrote to memory of 228 1180 jpppp.exe 98 PID 228 wrote to memory of 3596 228 ppppp.exe 99 PID 228 wrote to memory of 3596 228 ppppp.exe 99 PID 228 wrote to memory of 3596 228 ppppp.exe 99 PID 3596 wrote to memory of 1296 3596 7fffxxf.exe 100 PID 3596 wrote to memory of 1296 3596 7fffxxf.exe 100 PID 3596 wrote to memory of 1296 3596 7fffxxf.exe 100 PID 1296 wrote to memory of 2884 1296 djjdj.exe 101 PID 1296 wrote to memory of 2884 1296 djjdj.exe 101 PID 1296 wrote to memory of 2884 1296 djjdj.exe 101 PID 2884 wrote to memory of 864 2884 frrrlll.exe 102 PID 2884 wrote to memory of 864 2884 frrrlll.exe 102 PID 2884 wrote to memory of 864 2884 frrrlll.exe 102 PID 864 wrote to memory of 3616 864 7hnnhh.exe 103 PID 864 wrote to memory of 3616 864 7hnnhh.exe 103 PID 864 wrote to memory of 3616 864 7hnnhh.exe 103 PID 3616 wrote to memory of 4460 3616 1pjdp.exe 104 PID 3616 wrote to memory of 4460 3616 1pjdp.exe 104 PID 3616 wrote to memory of 4460 3616 1pjdp.exe 104 PID 4460 wrote to memory of 1016 4460 nnhbbb.exe 105 PID 4460 wrote to memory of 1016 4460 nnhbbb.exe 105 PID 4460 wrote to memory of 1016 4460 nnhbbb.exe 105 PID 1016 wrote to memory of 2736 1016 jjppp.exe 106
Processes
-
C:\Users\Admin\AppData\Local\Temp\6bb302a06b42a535862e8fc5b0662e332e5be71ed8a83f4c33fc3beb6e5a630c.exe"C:\Users\Admin\AppData\Local\Temp\6bb302a06b42a535862e8fc5b0662e332e5be71ed8a83f4c33fc3beb6e5a630c.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4700 -
\??\c:\hbhbbb.exec:\hbhbbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3296 -
\??\c:\3hhbtt.exec:\3hhbtt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4948 -
\??\c:\9vjdv.exec:\9vjdv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1824 -
\??\c:\xlfxlrf.exec:\xlfxlrf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4872 -
\??\c:\htttht.exec:\htttht.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2024 -
\??\c:\1ffxflr.exec:\1ffxflr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4440 -
\??\c:\bnhbtn.exec:\bnhbtn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1748 -
\??\c:\xxxffff.exec:\xxxffff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4372 -
\??\c:\llrrffl.exec:\llrrffl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5112 -
\??\c:\1pjpj.exec:\1pjpj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2104 -
\??\c:\3vvpv.exec:\3vvpv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2444 -
\??\c:\fxrxxlr.exec:\fxrxxlr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:800 -
\??\c:\jpppp.exec:\jpppp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1180 -
\??\c:\ppppp.exec:\ppppp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:228 -
\??\c:\7fffxxf.exec:\7fffxxf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3596 -
\??\c:\djjdj.exec:\djjdj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1296 -
\??\c:\frrrlll.exec:\frrrlll.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2884 -
\??\c:\7hnnhh.exec:\7hnnhh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:864 -
\??\c:\1pjdp.exec:\1pjdp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3616 -
\??\c:\nnhbbb.exec:\nnhbbb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4460 -
\??\c:\jjppp.exec:\jjppp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1016 -
\??\c:\llflfxl.exec:\llflfxl.exe23⤵
- Executes dropped EXE
PID:2736 -
\??\c:\5nnbtb.exec:\5nnbtb.exe24⤵
- Executes dropped EXE
PID:3684 -
\??\c:\1rfxffl.exec:\1rfxffl.exe25⤵
- Executes dropped EXE
PID:3800 -
\??\c:\nthnhn.exec:\nthnhn.exe26⤵
- Executes dropped EXE
PID:1428 -
\??\c:\dvdvv.exec:\dvdvv.exe27⤵
- Executes dropped EXE
PID:4120 -
\??\c:\tnhbnn.exec:\tnhbnn.exe28⤵
- Executes dropped EXE
PID:3552 -
\??\c:\jjjvj.exec:\jjjvj.exe29⤵
- Executes dropped EXE
PID:3600 -
\??\c:\xfxrxxl.exec:\xfxrxxl.exe30⤵
- Executes dropped EXE
PID:1608 -
\??\c:\hbtnnn.exec:\hbtnnn.exe31⤵
- Executes dropped EXE
PID:1528 -
\??\c:\vddjd.exec:\vddjd.exe32⤵
- Executes dropped EXE
PID:1888 -
\??\c:\hbbnhb.exec:\hbbnhb.exe33⤵
- Executes dropped EXE
PID:4732 -
\??\c:\ppvjd.exec:\ppvjd.exe34⤵
- Executes dropped EXE
PID:620 -
\??\c:\rlxxxxl.exec:\rlxxxxl.exe35⤵
- Executes dropped EXE
PID:3360 -
\??\c:\hhbtth.exec:\hhbtth.exe36⤵
- Executes dropped EXE
PID:932 -
\??\c:\jppdj.exec:\jppdj.exe37⤵
- Executes dropped EXE
PID:3576 -
\??\c:\jvdpd.exec:\jvdpd.exe38⤵
- Executes dropped EXE
PID:3972 -
\??\c:\lrrllfx.exec:\lrrllfx.exe39⤵
- Executes dropped EXE
PID:4712 -
\??\c:\3bbthb.exec:\3bbthb.exe40⤵
- Executes dropped EXE
PID:868 -
\??\c:\lrrlfxr.exec:\lrrlfxr.exe41⤵
- Executes dropped EXE
PID:4324 -
\??\c:\bttntt.exec:\bttntt.exe42⤵
- Executes dropped EXE
PID:5016 -
\??\c:\9vvjv.exec:\9vvjv.exe43⤵
- Executes dropped EXE
PID:1360 -
\??\c:\5hhhbb.exec:\5hhhbb.exe44⤵
- Executes dropped EXE
PID:2408 -
\??\c:\lxxrrlx.exec:\lxxrrlx.exe45⤵
- Executes dropped EXE
PID:4896 -
\??\c:\tnttnn.exec:\tnttnn.exe46⤵
- Executes dropped EXE
PID:4244 -
\??\c:\jjvpp.exec:\jjvpp.exe47⤵
- Executes dropped EXE
PID:3488 -
\??\c:\7xxxxxf.exec:\7xxxxxf.exe48⤵
- Executes dropped EXE
PID:1620 -
\??\c:\rrlfrfr.exec:\rrlfrfr.exe49⤵
- Executes dropped EXE
PID:4864 -
\??\c:\nbhbtb.exec:\nbhbtb.exe50⤵
- Executes dropped EXE
PID:4308 -
\??\c:\xxxrlrl.exec:\xxxrlrl.exe51⤵
- Executes dropped EXE
PID:4352 -
\??\c:\rflffff.exec:\rflffff.exe52⤵
- Executes dropped EXE
PID:3464 -
\??\c:\ntbtnh.exec:\ntbtnh.exe53⤵
- Executes dropped EXE
PID:4700 -
\??\c:\5hnhtn.exec:\5hnhtn.exe54⤵
- Executes dropped EXE
PID:3572 -
\??\c:\vvpjp.exec:\vvpjp.exe55⤵
- Executes dropped EXE
PID:4104 -
\??\c:\bbhhnn.exec:\bbhhnn.exe56⤵
- Executes dropped EXE
PID:1824 -
\??\c:\tnhbth.exec:\tnhbth.exe57⤵
- Executes dropped EXE
PID:2876 -
\??\c:\jjppd.exec:\jjppd.exe58⤵
- Executes dropped EXE
PID:5028 -
\??\c:\rrlfxrr.exec:\rrlfxrr.exe59⤵
- Executes dropped EXE
PID:4044 -
\??\c:\llxrxxf.exec:\llxrxxf.exe60⤵
- Executes dropped EXE
PID:3636 -
\??\c:\bhhnhh.exec:\bhhnhh.exe61⤵
- Executes dropped EXE
PID:4116 -
\??\c:\vjpvp.exec:\vjpvp.exe62⤵
- Executes dropped EXE
PID:4052 -
\??\c:\jdpjp.exec:\jdpjp.exe63⤵
- Executes dropped EXE
PID:3472 -
\??\c:\3flfrlx.exec:\3flfrlx.exe64⤵
- Executes dropped EXE
PID:4372 -
\??\c:\tnhbbt.exec:\tnhbbt.exe65⤵
- Executes dropped EXE
PID:3740 -
\??\c:\pvvpd.exec:\pvvpd.exe66⤵PID:3408
-
\??\c:\1ttnbb.exec:\1ttnbb.exe67⤵PID:2208
-
\??\c:\vpvjv.exec:\vpvjv.exe68⤵PID:4800
-
\??\c:\jpppj.exec:\jpppj.exe69⤵PID:4868
-
\??\c:\djpjd.exec:\djpjd.exe70⤵PID:1580
-
\??\c:\xxllllf.exec:\xxllllf.exe71⤵PID:2536
-
\??\c:\tnbthh.exec:\tnbthh.exe72⤵PID:2036
-
\??\c:\vjppp.exec:\vjppp.exe73⤵PID:4880
-
\??\c:\lxxrxrl.exec:\lxxrxrl.exe74⤵PID:1372
-
\??\c:\thnhhh.exec:\thnhhh.exe75⤵PID:4972
-
\??\c:\bntbnb.exec:\bntbnb.exe76⤵PID:3316
-
\??\c:\jpvpp.exec:\jpvpp.exe77⤵PID:452
-
\??\c:\fxxxfff.exec:\fxxxfff.exe78⤵PID:3308
-
\??\c:\fxfxrrl.exec:\fxfxrrl.exe79⤵PID:4628
-
\??\c:\9bbhtn.exec:\9bbhtn.exe80⤵PID:2416
-
\??\c:\3djvd.exec:\3djvd.exe81⤵PID:2176
-
\??\c:\bhtntt.exec:\bhtntt.exe82⤵PID:4460
-
\??\c:\7pppj.exec:\7pppj.exe83⤵PID:2540
-
\??\c:\lrxxflr.exec:\lrxxflr.exe84⤵PID:3584
-
\??\c:\5dvvp.exec:\5dvvp.exe85⤵PID:3800
-
\??\c:\1djvd.exec:\1djvd.exe86⤵PID:4976
-
\??\c:\nnnthb.exec:\nnnthb.exe87⤵PID:3512
-
\??\c:\bnhnnn.exec:\bnhnnn.exe88⤵PID:2372
-
\??\c:\1jpjd.exec:\1jpjd.exe89⤵PID:1452
-
\??\c:\7xrxlfr.exec:\7xrxlfr.exe90⤵PID:1564
-
\??\c:\frlfxxr.exec:\frlfxxr.exe91⤵PID:4376
-
\??\c:\nhbbth.exec:\nhbbth.exe92⤵PID:3892
-
\??\c:\3pvpj.exec:\3pvpj.exe93⤵PID:1852
-
\??\c:\lrrlrlf.exec:\lrrlrlf.exe94⤵PID:1404
-
\??\c:\dvjjd.exec:\dvjjd.exe95⤵PID:5052
-
\??\c:\7pjjv.exec:\7pjjv.exe96⤵PID:4056
-
\??\c:\rflfxrx.exec:\rflfxrx.exe97⤵PID:4612
-
\??\c:\nbtnhb.exec:\nbtnhb.exe98⤵PID:3144
-
\??\c:\vdvvj.exec:\vdvvj.exe99⤵PID:4540
-
\??\c:\dvvpv.exec:\dvvpv.exe100⤵PID:3360
-
\??\c:\1lfflrl.exec:\1lfflrl.exe101⤵PID:4820
-
\??\c:\9hbhbn.exec:\9hbhbn.exe102⤵PID:852
-
\??\c:\9jvpv.exec:\9jvpv.exe103⤵PID:2008
-
\??\c:\9rlxxrf.exec:\9rlxxrf.exe104⤵PID:3248
-
\??\c:\bnbtbb.exec:\bnbtbb.exe105⤵PID:3432
-
\??\c:\thnnnt.exec:\thnnnt.exe106⤵PID:1172
-
\??\c:\vvjpd.exec:\vvjpd.exe107⤵PID:2936
-
\??\c:\flxxrxx.exec:\flxxrxx.exe108⤵PID:4928
-
\??\c:\nhnhtn.exec:\nhnhtn.exe109⤵PID:1260
-
\??\c:\vppvp.exec:\vppvp.exe110⤵PID:2428
-
\??\c:\rlrlxfx.exec:\rlrlxfx.exe111⤵PID:1128
-
\??\c:\flrlfff.exec:\flrlfff.exe112⤵PID:372
-
\??\c:\7ntnhh.exec:\7ntnhh.exe113⤵PID:3648
-
\??\c:\dvjvv.exec:\dvjvv.exe114⤵PID:1868
-
\??\c:\lxrxrlf.exec:\lxrxrlf.exe115⤵PID:2252
-
\??\c:\rflllfr.exec:\rflllfr.exe116⤵PID:3924
-
\??\c:\bthbbt.exec:\bthbbt.exe117⤵PID:2132
-
\??\c:\vdvpd.exec:\vdvpd.exe118⤵PID:4940
-
\??\c:\xrxxrrl.exec:\xrxxrrl.exe119⤵PID:3096
-
\??\c:\jjjdp.exec:\jjjdp.exe120⤵PID:4656
-
\??\c:\vvdjp.exec:\vvdjp.exe121⤵PID:2876
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-