Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
28/03/2024, 19:25
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
3f44068f73e307086ce0ca7074db35dc9af24d7c88fb8f45bba1d1763349792f.exe
Resource
win7-20240220-en
windows7-x64
6 signatures
150 seconds
General
-
Target
3f44068f73e307086ce0ca7074db35dc9af24d7c88fb8f45bba1d1763349792f.exe
-
Size
340KB
-
MD5
c2b942ed96abb8c3b1f602cde376ebad
-
SHA1
cd50c7a564be012f44deb4ba5dbe484102e89274
-
SHA256
3f44068f73e307086ce0ca7074db35dc9af24d7c88fb8f45bba1d1763349792f
-
SHA512
58d3ada4936b42cbb9e9ed5f8ed5adce4d9d59c7a18c1ab4800d27a3b6dbfca66ab77573b2d4d828f1d277e8b4b91d1ccf5f9d3f9e0812813fcd5ba2be75e17f
-
SSDEEP
6144:Xcm7ImGddXgYW5fNZWB5hFfci3Add4kGYAG:l7TcbWXZshJX2VGdG
Malware Config
Signatures
-
Detect Blackmoon payload 63 IoCs
resource yara_rule behavioral2/memory/1960-7-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/4136-13-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/4600-4-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/4372-21-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/3988-29-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/1308-39-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/2388-41-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/2172-51-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/4908-62-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/4620-53-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/3484-69-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/880-82-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/2284-89-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/4004-93-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/1664-100-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/3708-110-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/1696-116-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/3780-103-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/3264-132-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/4060-137-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/1356-144-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/1624-161-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/3472-165-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/4000-174-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/3704-182-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/4032-186-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/4348-190-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/1364-199-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/1252-195-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/3052-204-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/1600-208-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/4360-212-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/2016-216-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/3244-227-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/4340-235-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/332-242-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/4764-258-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/1676-278-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/3484-291-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/5060-319-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/3332-324-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/4856-331-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/4068-334-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/528-345-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/1320-344-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/4680-395-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/3104-411-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/964-440-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/4704-463-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/2588-484-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/4824-493-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/3308-503-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/1664-511-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/3780-513-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/228-566-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/3704-573-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/1364-594-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/2492-601-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/2280-620-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/220-640-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/2856-689-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/4124-829-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral2/memory/3336-1063-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/1960-7-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/4136-13-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/4600-4-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/4372-21-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/3988-29-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/1308-39-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/2388-41-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/2172-45-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/2172-51-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/4908-62-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/4620-53-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/3484-69-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/2312-75-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/880-82-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/2284-89-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/4004-93-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/1664-100-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/3708-110-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/1696-116-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/3780-103-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/3264-132-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/4060-137-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/1356-144-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/1624-161-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/3472-165-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/4000-174-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/3704-177-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/3704-182-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/4032-186-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/4348-190-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/1364-199-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/1252-195-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/3052-204-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/1600-208-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/4360-212-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/2016-216-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/3244-227-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/4340-235-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/332-242-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/4764-258-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/1676-278-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/3484-291-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/5060-319-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/3332-324-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/4856-331-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/4068-334-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/528-345-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/1320-344-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/4680-395-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/3104-411-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/964-440-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/2808-446-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/4704-463-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/2588-484-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/4824-493-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/3308-503-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/1664-511-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/3780-513-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/228-566-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/2396-568-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/3704-573-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/1364-594-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/2492-601-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral2/memory/2280-620-0x0000000000400000-0x0000000000428000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 1960 5pvjv.exe 4136 lxrfrlx.exe 4372 3ttnbb.exe 4972 3lrlxxr.exe 3988 djpjd.exe 1308 fxfxrrl.exe 2388 9xxrxlf.exe 2172 bhnbnn.exe 4620 djpdp.exe 5056 xrfxrlf.exe 4908 nbhbbh.exe 3484 jdvjp.exe 2312 3jvvj.exe 880 xxfrlfr.exe 2284 thhhbt.exe 4004 ffxllfx.exe 1664 5bhtnh.exe 3780 fflxlfx.exe 3708 hntnbt.exe 1696 jpdvd.exe 664 xllxlrl.exe 4804 vvdpd.exe 3264 rfxlrlf.exe 4060 hhnbbt.exe 1356 nntbth.exe 3040 fllxlfr.exe 3796 1xffrlx.exe 1624 bhhthh.exe 3472 jjdvp.exe 4000 rxfxlfr.exe 3704 jjpjv.exe 4032 pdvjv.exe 3804 lxfxfff.exe 4348 htbnbt.exe 1252 bnhbnh.exe 1364 llrrrrr.exe 1528 lrrrrxx.exe 3052 5jdvj.exe 1600 7jdvv.exe 4360 9llxlff.exe 2016 thhhbt.exe 3020 dppjv.exe 4956 bnbtbt.exe 3244 1jpjv.exe 4820 fflfxxf.exe 4044 nhbnnh.exe 4340 dpvdd.exe 2908 flxrlfx.exe 332 xllffxx.exe 2816 thbtnh.exe 4136 5vpjd.exe 3024 9jdjv.exe 5024 lflfllr.exe 4764 9bbnhh.exe 1100 1ppjj.exe 1756 1rrfrxx.exe 4644 ttttnh.exe 3632 hhbthb.exe 872 9ppdp.exe 1676 lxxrffx.exe 3340 nhbthh.exe 712 hthhbh.exe 860 pdpjv.exe 3484 jvvjv.exe -
resource yara_rule behavioral2/memory/1960-7-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/4136-13-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/4600-4-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/4372-21-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/3988-29-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/1308-39-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/2388-41-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/2172-45-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/2172-51-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/4908-62-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/4620-53-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/3484-69-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/2312-75-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/880-82-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/2284-89-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/4004-93-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/1664-100-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/3708-110-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/1696-116-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/3780-103-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/3264-132-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/4060-137-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/1356-144-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/1624-161-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/3472-165-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/4000-174-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/3704-177-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/3704-182-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/4032-186-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/4348-190-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/1364-199-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/1252-195-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/3052-204-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/1600-208-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/4360-212-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/2016-216-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/3244-227-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/4340-235-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/332-242-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/4764-258-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/1676-278-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/3484-291-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/5060-319-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/3332-324-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/4856-331-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/4068-334-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/528-345-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/1320-344-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/4680-395-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/3104-411-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/964-440-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/2808-446-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/4704-463-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/2588-484-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/4824-493-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/3308-503-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/1664-511-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/3780-513-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/228-566-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/2396-568-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/3704-573-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/1364-594-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/2492-601-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral2/memory/2280-620-0x0000000000400000-0x0000000000428000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4600 wrote to memory of 1960 4600 3f44068f73e307086ce0ca7074db35dc9af24d7c88fb8f45bba1d1763349792f.exe 85 PID 4600 wrote to memory of 1960 4600 3f44068f73e307086ce0ca7074db35dc9af24d7c88fb8f45bba1d1763349792f.exe 85 PID 4600 wrote to memory of 1960 4600 3f44068f73e307086ce0ca7074db35dc9af24d7c88fb8f45bba1d1763349792f.exe 85 PID 1960 wrote to memory of 4136 1960 5pvjv.exe 86 PID 1960 wrote to memory of 4136 1960 5pvjv.exe 86 PID 1960 wrote to memory of 4136 1960 5pvjv.exe 86 PID 4136 wrote to memory of 4372 4136 lxrfrlx.exe 87 PID 4136 wrote to memory of 4372 4136 lxrfrlx.exe 87 PID 4136 wrote to memory of 4372 4136 lxrfrlx.exe 87 PID 4372 wrote to memory of 4972 4372 3ttnbb.exe 88 PID 4372 wrote to memory of 4972 4372 3ttnbb.exe 88 PID 4372 wrote to memory of 4972 4372 3ttnbb.exe 88 PID 4972 wrote to memory of 3988 4972 3lrlxxr.exe 89 PID 4972 wrote to memory of 3988 4972 3lrlxxr.exe 89 PID 4972 wrote to memory of 3988 4972 3lrlxxr.exe 89 PID 3988 wrote to memory of 1308 3988 djpjd.exe 90 PID 3988 wrote to memory of 1308 3988 djpjd.exe 90 PID 3988 wrote to memory of 1308 3988 djpjd.exe 90 PID 1308 wrote to memory of 2388 1308 fxfxrrl.exe 91 PID 1308 wrote to memory of 2388 1308 fxfxrrl.exe 91 PID 1308 wrote to memory of 2388 1308 fxfxrrl.exe 91 PID 2388 wrote to memory of 2172 2388 9xxrxlf.exe 92 PID 2388 wrote to memory of 2172 2388 9xxrxlf.exe 92 PID 2388 wrote to memory of 2172 2388 9xxrxlf.exe 92 PID 2172 wrote to memory of 4620 2172 bhnbnn.exe 93 PID 2172 wrote to memory of 4620 2172 bhnbnn.exe 93 PID 2172 wrote to memory of 4620 2172 bhnbnn.exe 93 PID 4620 wrote to memory of 5056 4620 djpdp.exe 94 PID 4620 wrote to memory of 5056 4620 djpdp.exe 94 PID 4620 wrote to memory of 5056 4620 djpdp.exe 94 PID 5056 wrote to memory of 4908 5056 xrfxrlf.exe 95 PID 5056 wrote to memory of 4908 5056 xrfxrlf.exe 95 PID 5056 wrote to memory of 4908 5056 xrfxrlf.exe 95 PID 4908 wrote to memory of 3484 4908 nbhbbh.exe 96 PID 4908 wrote to memory of 3484 4908 nbhbbh.exe 96 PID 4908 wrote to memory of 3484 4908 nbhbbh.exe 96 PID 3484 wrote to memory of 2312 3484 jdvjp.exe 97 PID 3484 wrote to memory of 2312 3484 jdvjp.exe 97 PID 3484 wrote to memory of 2312 3484 jdvjp.exe 97 PID 2312 wrote to memory of 880 2312 3jvvj.exe 98 PID 2312 wrote to memory of 880 2312 3jvvj.exe 98 PID 2312 wrote to memory of 880 2312 3jvvj.exe 98 PID 880 wrote to memory of 2284 880 xxfrlfr.exe 99 PID 880 wrote to memory of 2284 880 xxfrlfr.exe 99 PID 880 wrote to memory of 2284 880 xxfrlfr.exe 99 PID 2284 wrote to memory of 4004 2284 thhhbt.exe 100 PID 2284 wrote to memory of 4004 2284 thhhbt.exe 100 PID 2284 wrote to memory of 4004 2284 thhhbt.exe 100 PID 4004 wrote to memory of 1664 4004 ffxllfx.exe 101 PID 4004 wrote to memory of 1664 4004 ffxllfx.exe 101 PID 4004 wrote to memory of 1664 4004 ffxllfx.exe 101 PID 1664 wrote to memory of 3780 1664 5bhtnh.exe 102 PID 1664 wrote to memory of 3780 1664 5bhtnh.exe 102 PID 1664 wrote to memory of 3780 1664 5bhtnh.exe 102 PID 3780 wrote to memory of 3708 3780 fflxlfx.exe 103 PID 3780 wrote to memory of 3708 3780 fflxlfx.exe 103 PID 3780 wrote to memory of 3708 3780 fflxlfx.exe 103 PID 3708 wrote to memory of 1696 3708 hntnbt.exe 104 PID 3708 wrote to memory of 1696 3708 hntnbt.exe 104 PID 3708 wrote to memory of 1696 3708 hntnbt.exe 104 PID 1696 wrote to memory of 664 1696 jpdvd.exe 105 PID 1696 wrote to memory of 664 1696 jpdvd.exe 105 PID 1696 wrote to memory of 664 1696 jpdvd.exe 105 PID 664 wrote to memory of 4804 664 xllxlrl.exe 106
Processes
-
C:\Users\Admin\AppData\Local\Temp\3f44068f73e307086ce0ca7074db35dc9af24d7c88fb8f45bba1d1763349792f.exe"C:\Users\Admin\AppData\Local\Temp\3f44068f73e307086ce0ca7074db35dc9af24d7c88fb8f45bba1d1763349792f.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4600 -
\??\c:\5pvjv.exec:\5pvjv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1960 -
\??\c:\lxrfrlx.exec:\lxrfrlx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4136 -
\??\c:\3ttnbb.exec:\3ttnbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4372 -
\??\c:\3lrlxxr.exec:\3lrlxxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4972 -
\??\c:\djpjd.exec:\djpjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3988 -
\??\c:\fxfxrrl.exec:\fxfxrrl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1308 -
\??\c:\9xxrxlf.exec:\9xxrxlf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2388 -
\??\c:\bhnbnn.exec:\bhnbnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2172 -
\??\c:\djpdp.exec:\djpdp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4620 -
\??\c:\xrfxrlf.exec:\xrfxrlf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5056 -
\??\c:\nbhbbh.exec:\nbhbbh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4908 -
\??\c:\jdvjp.exec:\jdvjp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3484 -
\??\c:\3jvvj.exec:\3jvvj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2312 -
\??\c:\xxfrlfr.exec:\xxfrlfr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:880 -
\??\c:\thhhbt.exec:\thhhbt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2284 -
\??\c:\ffxllfx.exec:\ffxllfx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4004 -
\??\c:\5bhtnh.exec:\5bhtnh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1664 -
\??\c:\fflxlfx.exec:\fflxlfx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3780 -
\??\c:\hntnbt.exec:\hntnbt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3708 -
\??\c:\jpdvd.exec:\jpdvd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1696 -
\??\c:\xllxlrl.exec:\xllxlrl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:664 -
\??\c:\vvdpd.exec:\vvdpd.exe23⤵
- Executes dropped EXE
PID:4804 -
\??\c:\rfxlrlf.exec:\rfxlrlf.exe24⤵
- Executes dropped EXE
PID:3264 -
\??\c:\hhnbbt.exec:\hhnbbt.exe25⤵
- Executes dropped EXE
PID:4060 -
\??\c:\nntbth.exec:\nntbth.exe26⤵
- Executes dropped EXE
PID:1356 -
\??\c:\fllxlfr.exec:\fllxlfr.exe27⤵
- Executes dropped EXE
PID:3040 -
\??\c:\1xffrlx.exec:\1xffrlx.exe28⤵
- Executes dropped EXE
PID:3796 -
\??\c:\bhhthh.exec:\bhhthh.exe29⤵
- Executes dropped EXE
PID:1624 -
\??\c:\jjdvp.exec:\jjdvp.exe30⤵
- Executes dropped EXE
PID:3472 -
\??\c:\rxfxlfr.exec:\rxfxlfr.exe31⤵
- Executes dropped EXE
PID:4000 -
\??\c:\jjpjv.exec:\jjpjv.exe32⤵
- Executes dropped EXE
PID:3704 -
\??\c:\pdvjv.exec:\pdvjv.exe33⤵
- Executes dropped EXE
PID:4032 -
\??\c:\lxfxfff.exec:\lxfxfff.exe34⤵
- Executes dropped EXE
PID:3804 -
\??\c:\htbnbt.exec:\htbnbt.exe35⤵
- Executes dropped EXE
PID:4348 -
\??\c:\bnhbnh.exec:\bnhbnh.exe36⤵
- Executes dropped EXE
PID:1252 -
\??\c:\llrrrrr.exec:\llrrrrr.exe37⤵
- Executes dropped EXE
PID:1364 -
\??\c:\lrrrrxx.exec:\lrrrrxx.exe38⤵
- Executes dropped EXE
PID:1528 -
\??\c:\5jdvj.exec:\5jdvj.exe39⤵
- Executes dropped EXE
PID:3052 -
\??\c:\7jdvv.exec:\7jdvv.exe40⤵
- Executes dropped EXE
PID:1600 -
\??\c:\9llxlff.exec:\9llxlff.exe41⤵
- Executes dropped EXE
PID:4360 -
\??\c:\thhhbt.exec:\thhhbt.exe42⤵
- Executes dropped EXE
PID:2016 -
\??\c:\dppjv.exec:\dppjv.exe43⤵
- Executes dropped EXE
PID:3020 -
\??\c:\bnbtbt.exec:\bnbtbt.exe44⤵
- Executes dropped EXE
PID:4956 -
\??\c:\1jpjv.exec:\1jpjv.exe45⤵
- Executes dropped EXE
PID:3244 -
\??\c:\fflfxxf.exec:\fflfxxf.exe46⤵
- Executes dropped EXE
PID:4820 -
\??\c:\nhbnnh.exec:\nhbnnh.exe47⤵
- Executes dropped EXE
PID:4044 -
\??\c:\dpvdd.exec:\dpvdd.exe48⤵
- Executes dropped EXE
PID:4340 -
\??\c:\flxrlfx.exec:\flxrlfx.exe49⤵
- Executes dropped EXE
PID:2908 -
\??\c:\xllffxx.exec:\xllffxx.exe50⤵
- Executes dropped EXE
PID:332 -
\??\c:\thbtnh.exec:\thbtnh.exe51⤵
- Executes dropped EXE
PID:2816 -
\??\c:\5vpjd.exec:\5vpjd.exe52⤵
- Executes dropped EXE
PID:4136 -
\??\c:\9jdjv.exec:\9jdjv.exe53⤵
- Executes dropped EXE
PID:3024 -
\??\c:\lflfllr.exec:\lflfllr.exe54⤵
- Executes dropped EXE
PID:5024 -
\??\c:\9bbnhh.exec:\9bbnhh.exe55⤵
- Executes dropped EXE
PID:4764 -
\??\c:\1ppjj.exec:\1ppjj.exe56⤵
- Executes dropped EXE
PID:1100 -
\??\c:\1rrfrxx.exec:\1rrfrxx.exe57⤵
- Executes dropped EXE
PID:1756 -
\??\c:\ttttnh.exec:\ttttnh.exe58⤵
- Executes dropped EXE
PID:4644 -
\??\c:\hhbthb.exec:\hhbthb.exe59⤵
- Executes dropped EXE
PID:3632 -
\??\c:\9ppdp.exec:\9ppdp.exe60⤵
- Executes dropped EXE
PID:872 -
\??\c:\lxxrffx.exec:\lxxrffx.exe61⤵
- Executes dropped EXE
PID:1676 -
\??\c:\nhbthh.exec:\nhbthh.exe62⤵
- Executes dropped EXE
PID:3340 -
\??\c:\hthhbh.exec:\hthhbh.exe63⤵
- Executes dropped EXE
PID:712 -
\??\c:\pdpjv.exec:\pdpjv.exe64⤵
- Executes dropped EXE
PID:860 -
\??\c:\jvvjv.exec:\jvvjv.exe65⤵
- Executes dropped EXE
PID:3484 -
\??\c:\5xfxrrl.exec:\5xfxrrl.exe66⤵PID:3332
-
\??\c:\vjdvp.exec:\vjdvp.exe67⤵PID:4824
-
\??\c:\vpdvv.exec:\vpdvv.exe68⤵PID:4452
-
\??\c:\rfrlxrr.exec:\rfrlxrr.exe69⤵PID:4536
-
\??\c:\thbnhh.exec:\thbnhh.exe70⤵PID:4892
-
\??\c:\hhtntt.exec:\hhtntt.exe71⤵PID:4888
-
\??\c:\ddppp.exec:\ddppp.exe72⤵PID:3068
-
\??\c:\lrfxrrl.exec:\lrfxrrl.exe73⤵PID:3680
-
\??\c:\ntnhtt.exec:\ntnhtt.exe74⤵PID:5060
-
\??\c:\5hhhth.exec:\5hhhth.exe75⤵PID:3708
-
\??\c:\flrfrrl.exec:\flrfrrl.exe76⤵PID:4480
-
\??\c:\1lrxrxr.exec:\1lrxrxr.exe77⤵PID:4856
-
\??\c:\bntnhh.exec:\bntnhh.exe78⤵PID:4068
-
\??\c:\pvjdv.exec:\pvjdv.exe79⤵PID:864
-
\??\c:\9ntnhh.exec:\9ntnhh.exe80⤵PID:1320
-
\??\c:\pdjdp.exec:\pdjdp.exe81⤵PID:528
-
\??\c:\rlxxxxf.exec:\rlxxxxf.exe82⤵PID:2072
-
\??\c:\nbnnbt.exec:\nbnnbt.exe83⤵PID:4800
-
\??\c:\vpdpd.exec:\vpdpd.exe84⤵PID:5116
-
\??\c:\1rrfrlr.exec:\1rrfrlr.exe85⤵PID:1556
-
\??\c:\lxxrlfr.exec:\lxxrlfr.exe86⤵PID:3040
-
\??\c:\tbnbtt.exec:\tbnbtt.exe87⤵PID:4432
-
\??\c:\djppd.exec:\djppd.exe88⤵PID:4904
-
\??\c:\lfxlxrl.exec:\lfxlxrl.exe89⤵PID:3472
-
\??\c:\xrlxrlx.exec:\xrlxrlx.exe90⤵PID:952
-
\??\c:\nntttt.exec:\nntttt.exe91⤵PID:3984
-
\??\c:\ttnhnn.exec:\ttnhnn.exe92⤵PID:2972
-
\??\c:\pvpjv.exec:\pvpjv.exe93⤵PID:3824
-
\??\c:\9jpjd.exec:\9jpjd.exe94⤵PID:772
-
\??\c:\flrfrlf.exec:\flrfrlf.exe95⤵PID:3868
-
\??\c:\9tbttt.exec:\9tbttt.exe96⤵PID:3516
-
\??\c:\dpvdv.exec:\dpvdv.exe97⤵PID:4680
-
\??\c:\rfrfxxr.exec:\rfrfxxr.exe98⤵PID:1616
-
\??\c:\rlxrxrr.exec:\rlxrxrr.exe99⤵PID:2360
-
\??\c:\bbbbth.exec:\bbbbth.exe100⤵PID:1400
-
\??\c:\3djvp.exec:\3djvp.exe101⤵PID:1316
-
\??\c:\fllxlfx.exec:\fllxlfx.exe102⤵PID:2032
-
\??\c:\5xfxrrl.exec:\5xfxrrl.exe103⤵PID:3104
-
\??\c:\7nntbn.exec:\7nntbn.exe104⤵PID:2828
-
\??\c:\dvdjp.exec:\dvdjp.exe105⤵PID:4932
-
\??\c:\xlrxffx.exec:\xlrxffx.exe106⤵PID:4988
-
\??\c:\xfxlfxr.exec:\xfxlfxr.exe107⤵PID:3872
-
\??\c:\tbtnnn.exec:\tbtnnn.exe108⤵PID:4820
-
\??\c:\vdpdj.exec:\vdpdj.exe109⤵PID:828
-
\??\c:\jvdvj.exec:\jvdvj.exe110⤵PID:3248
-
\??\c:\rlxrxxl.exec:\rlxrxxl.exe111⤵PID:5052
-
\??\c:\hbhbtn.exec:\hbhbtn.exe112⤵PID:220
-
\??\c:\ppjdd.exec:\ppjdd.exe113⤵PID:964
-
\??\c:\xrfxrlx.exec:\xrfxrlx.exe114⤵PID:3728
-
\??\c:\nthhnn.exec:\nthhnn.exe115⤵PID:2808
-
\??\c:\1jjvj.exec:\1jjvj.exe116⤵PID:4268
-
\??\c:\frfffff.exec:\frfffff.exe117⤵PID:4100
-
\??\c:\rfrflxr.exec:\rfrflxr.exe118⤵PID:4092
-
\??\c:\ntttnh.exec:\ntttnh.exe119⤵PID:2888
-
\??\c:\7jdvp.exec:\7jdvp.exe120⤵PID:4704
-
\??\c:\fxrxrxf.exec:\fxrxrxf.exe121⤵PID:832
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-