Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
04-04-2024 18:08
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
02848ebce4b029f3e52e9e8970619c0926cc9873c41219b29a4d5b34aa3944ea.exe
Resource
win7-20231129-en
windows7-x64
6 signatures
150 seconds
General
-
Target
02848ebce4b029f3e52e9e8970619c0926cc9873c41219b29a4d5b34aa3944ea.exe
-
Size
391KB
-
MD5
4e548f5ac10e46c7bbe23a9f7a866943
-
SHA1
cc2aa4be784acdaf20ffe6d975ca5cf9329b17e5
-
SHA256
02848ebce4b029f3e52e9e8970619c0926cc9873c41219b29a4d5b34aa3944ea
-
SHA512
4fa5c7aa60bdbfdbcc5c23ff5ebdb97653a3eec52666a1c87e48791d187bce7823d4c4044353ad8f47aebcb0032854c334b2fe7a361fb0ed94abe7e853ed862c
-
SSDEEP
6144:Acm7ImGddX5WrXF5lpKGYV0aTk/BO0XJm4UEPOshN/xdKnvP48bmbn:m7TcJWjdpKGATTk/jYIOWN/KnnPqn
Malware Config
Signatures
-
Detect Blackmoon payload 59 IoCs
resource yara_rule behavioral2/memory/5008-4-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3136-7-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/436-25-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2472-21-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/672-13-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1012-60-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3564-66-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1112-49-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3516-43-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4820-37-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4628-31-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2956-78-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4308-75-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3268-86-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3148-105-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3132-102-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3276-111-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3544-121-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1820-116-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3308-132-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4928-127-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3944-136-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/932-146-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1724-165-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1948-171-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3540-175-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3780-183-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4932-185-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4644-195-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3620-199-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4684-201-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3892-204-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/996-209-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2532-213-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/5032-235-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4636-243-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3812-255-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4248-261-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2712-265-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3564-269-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1160-294-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3588-316-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1672-321-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2400-335-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1248-325-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4992-326-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4304-342-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4328-365-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/5096-377-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3388-400-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3688-404-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2472-414-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4600-436-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/5020-473-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1544-508-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/224-599-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3308-627-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/624-635-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4964-645-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/5008-4-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3136-7-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/436-25-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2472-21-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/672-13-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1012-60-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3564-66-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1112-49-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3516-43-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4820-37-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4628-31-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2956-78-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4308-75-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3268-82-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3268-86-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3148-105-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3132-102-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3276-111-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3544-121-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1820-116-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3308-132-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4928-127-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3944-136-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/932-146-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3336-157-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1724-165-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1948-171-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3540-175-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3780-183-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4932-185-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4644-195-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3620-196-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3620-199-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4684-201-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3892-204-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/996-209-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2532-213-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/5032-235-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4636-243-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3812-255-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4248-261-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2712-265-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3564-269-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/5112-287-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1160-294-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3588-316-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1672-321-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2400-335-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1248-325-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4992-326-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4304-342-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4328-365-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/5096-377-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3388-396-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3388-400-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3688-404-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2472-414-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4600-436-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/5020-473-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4780-470-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1544-508-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4032-515-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/452-561-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/224-599-0x0000000000400000-0x000000000042A000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 3136 lfffrff.exe 672 nhnhhh.exe 2472 jddpv.exe 436 lffxfxf.exe 4628 bnhhtn.exe 4820 xrfrfxr.exe 3516 nhbtht.exe 1112 rllfrlx.exe 4260 btnnbh.exe 1012 vdjvj.exe 3564 ffrllfx.exe 4308 9pjdp.exe 2956 bnntbb.exe 3268 jvdvp.exe 4664 vvddp.exe 1660 hhthtt.exe 3132 vpdvd.exe 3148 9rlxxrx.exe 3276 bbhbbh.exe 1820 pvdvd.exe 3544 rfxlrxl.exe 4928 dvvpp.exe 3308 hnthbt.exe 3944 dvvpp.exe 2400 hbbtnh.exe 932 1djdj.exe 1264 rrxlxxx.exe 3336 9thbbb.exe 1724 rxxlxrf.exe 1948 nhttbn.exe 3540 lrfflfx.exe 3780 tbbbnb.exe 4932 vpvpp.exe 3644 jpdpd.exe 4644 tnbbnh.exe 3620 hnnhtn.exe 4684 fxfxrrr.exe 3892 3thbnh.exe 996 3flrfxr.exe 2532 bnhbnt.exe 4428 dvdpd.exe 1992 xlfrxrf.exe 1728 nhthth.exe 4356 7pjvd.exe 3320 rfrflrl.exe 1440 bbnbth.exe 5032 1jdvj.exe 1872 vpdpd.exe 4636 fxfxrlr.exe 2500 hththt.exe 2392 pvdpd.exe 3764 7rxffxx.exe 3812 rflxrlr.exe 4536 jjjdd.exe 4248 btnbnh.exe 2712 hhnbhb.exe 3564 jvvjv.exe 1540 frlfrxr.exe 4404 7hnbbt.exe 832 frxrlxr.exe 312 frlxlfx.exe 2388 tbhthb.exe 5112 tththb.exe 1160 dppdp.exe -
resource yara_rule behavioral2/memory/5008-4-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3136-7-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/436-25-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2472-21-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/672-13-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1012-60-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3564-66-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1112-49-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3516-43-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4820-37-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4628-31-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2956-78-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4308-75-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3268-86-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3148-105-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3132-102-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3276-111-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3544-121-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1820-116-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3308-132-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4928-127-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3944-136-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/932-146-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3336-157-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1724-165-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1948-171-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3540-175-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3780-183-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4932-185-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4644-195-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3620-196-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3620-199-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4684-201-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3892-204-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/996-209-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2532-213-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/5032-235-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4636-243-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3812-255-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4248-261-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2712-265-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3564-269-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/5112-287-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1160-294-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3588-316-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1672-321-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2400-335-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1248-325-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4992-326-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4304-342-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4328-365-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/5096-377-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3388-396-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3388-400-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3688-404-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2472-414-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4600-436-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/5020-473-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4780-470-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1544-508-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4032-515-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/452-561-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3468-586-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/224-599-0x0000000000400000-0x000000000042A000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5008 wrote to memory of 3136 5008 02848ebce4b029f3e52e9e8970619c0926cc9873c41219b29a4d5b34aa3944ea.exe 85 PID 5008 wrote to memory of 3136 5008 02848ebce4b029f3e52e9e8970619c0926cc9873c41219b29a4d5b34aa3944ea.exe 85 PID 5008 wrote to memory of 3136 5008 02848ebce4b029f3e52e9e8970619c0926cc9873c41219b29a4d5b34aa3944ea.exe 85 PID 3136 wrote to memory of 672 3136 lfffrff.exe 86 PID 3136 wrote to memory of 672 3136 lfffrff.exe 86 PID 3136 wrote to memory of 672 3136 lfffrff.exe 86 PID 672 wrote to memory of 2472 672 nhnhhh.exe 87 PID 672 wrote to memory of 2472 672 nhnhhh.exe 87 PID 672 wrote to memory of 2472 672 nhnhhh.exe 87 PID 2472 wrote to memory of 436 2472 jddpv.exe 88 PID 2472 wrote to memory of 436 2472 jddpv.exe 88 PID 2472 wrote to memory of 436 2472 jddpv.exe 88 PID 436 wrote to memory of 4628 436 lffxfxf.exe 89 PID 436 wrote to memory of 4628 436 lffxfxf.exe 89 PID 436 wrote to memory of 4628 436 lffxfxf.exe 89 PID 4628 wrote to memory of 4820 4628 bnhhtn.exe 90 PID 4628 wrote to memory of 4820 4628 bnhhtn.exe 90 PID 4628 wrote to memory of 4820 4628 bnhhtn.exe 90 PID 4820 wrote to memory of 3516 4820 xrfrfxr.exe 91 PID 4820 wrote to memory of 3516 4820 xrfrfxr.exe 91 PID 4820 wrote to memory of 3516 4820 xrfrfxr.exe 91 PID 3516 wrote to memory of 1112 3516 nhbtht.exe 92 PID 3516 wrote to memory of 1112 3516 nhbtht.exe 92 PID 3516 wrote to memory of 1112 3516 nhbtht.exe 92 PID 1112 wrote to memory of 4260 1112 rllfrlx.exe 93 PID 1112 wrote to memory of 4260 1112 rllfrlx.exe 93 PID 1112 wrote to memory of 4260 1112 rllfrlx.exe 93 PID 4260 wrote to memory of 1012 4260 btnnbh.exe 94 PID 4260 wrote to memory of 1012 4260 btnnbh.exe 94 PID 4260 wrote to memory of 1012 4260 btnnbh.exe 94 PID 1012 wrote to memory of 3564 1012 vdjvj.exe 95 PID 1012 wrote to memory of 3564 1012 vdjvj.exe 95 PID 1012 wrote to memory of 3564 1012 vdjvj.exe 95 PID 3564 wrote to memory of 4308 3564 ffrllfx.exe 96 PID 3564 wrote to memory of 4308 3564 ffrllfx.exe 96 PID 3564 wrote to memory of 4308 3564 ffrllfx.exe 96 PID 4308 wrote to memory of 2956 4308 9pjdp.exe 97 PID 4308 wrote to memory of 2956 4308 9pjdp.exe 97 PID 4308 wrote to memory of 2956 4308 9pjdp.exe 97 PID 2956 wrote to memory of 3268 2956 bnntbb.exe 98 PID 2956 wrote to memory of 3268 2956 bnntbb.exe 98 PID 2956 wrote to memory of 3268 2956 bnntbb.exe 98 PID 3268 wrote to memory of 4664 3268 jvdvp.exe 99 PID 3268 wrote to memory of 4664 3268 jvdvp.exe 99 PID 3268 wrote to memory of 4664 3268 jvdvp.exe 99 PID 4664 wrote to memory of 1660 4664 vvddp.exe 101 PID 4664 wrote to memory of 1660 4664 vvddp.exe 101 PID 4664 wrote to memory of 1660 4664 vvddp.exe 101 PID 1660 wrote to memory of 3132 1660 hhthtt.exe 102 PID 1660 wrote to memory of 3132 1660 hhthtt.exe 102 PID 1660 wrote to memory of 3132 1660 hhthtt.exe 102 PID 3132 wrote to memory of 3148 3132 vpdvd.exe 104 PID 3132 wrote to memory of 3148 3132 vpdvd.exe 104 PID 3132 wrote to memory of 3148 3132 vpdvd.exe 104 PID 3148 wrote to memory of 3276 3148 9rlxxrx.exe 105 PID 3148 wrote to memory of 3276 3148 9rlxxrx.exe 105 PID 3148 wrote to memory of 3276 3148 9rlxxrx.exe 105 PID 3276 wrote to memory of 1820 3276 bbhbbh.exe 106 PID 3276 wrote to memory of 1820 3276 bbhbbh.exe 106 PID 3276 wrote to memory of 1820 3276 bbhbbh.exe 106 PID 1820 wrote to memory of 3544 1820 pvdvd.exe 107 PID 1820 wrote to memory of 3544 1820 pvdvd.exe 107 PID 1820 wrote to memory of 3544 1820 pvdvd.exe 107 PID 3544 wrote to memory of 4928 3544 rfxlrxl.exe 108
Processes
-
C:\Users\Admin\AppData\Local\Temp\02848ebce4b029f3e52e9e8970619c0926cc9873c41219b29a4d5b34aa3944ea.exe"C:\Users\Admin\AppData\Local\Temp\02848ebce4b029f3e52e9e8970619c0926cc9873c41219b29a4d5b34aa3944ea.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:5008 -
\??\c:\lfffrff.exec:\lfffrff.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3136 -
\??\c:\nhnhhh.exec:\nhnhhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:672 -
\??\c:\jddpv.exec:\jddpv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2472 -
\??\c:\lffxfxf.exec:\lffxfxf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:436 -
\??\c:\bnhhtn.exec:\bnhhtn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4628 -
\??\c:\xrfrfxr.exec:\xrfrfxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4820 -
\??\c:\nhbtht.exec:\nhbtht.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3516 -
\??\c:\rllfrlx.exec:\rllfrlx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1112 -
\??\c:\btnnbh.exec:\btnnbh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4260 -
\??\c:\vdjvj.exec:\vdjvj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1012 -
\??\c:\ffrllfx.exec:\ffrllfx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3564 -
\??\c:\9pjdp.exec:\9pjdp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4308 -
\??\c:\bnntbb.exec:\bnntbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2956 -
\??\c:\jvdvp.exec:\jvdvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3268 -
\??\c:\vvddp.exec:\vvddp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4664 -
\??\c:\hhthtt.exec:\hhthtt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1660 -
\??\c:\vpdvd.exec:\vpdvd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3132 -
\??\c:\9rlxxrx.exec:\9rlxxrx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3148 -
\??\c:\bbhbbh.exec:\bbhbbh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3276 -
\??\c:\pvdvd.exec:\pvdvd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1820 -
\??\c:\rfxlrxl.exec:\rfxlrxl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3544 -
\??\c:\dvvpp.exec:\dvvpp.exe23⤵
- Executes dropped EXE
PID:4928 -
\??\c:\hnthbt.exec:\hnthbt.exe24⤵
- Executes dropped EXE
PID:3308 -
\??\c:\dvvpp.exec:\dvvpp.exe25⤵
- Executes dropped EXE
PID:3944 -
\??\c:\hbbtnh.exec:\hbbtnh.exe26⤵
- Executes dropped EXE
PID:2400 -
\??\c:\1djdj.exec:\1djdj.exe27⤵
- Executes dropped EXE
PID:932 -
\??\c:\rrxlxxx.exec:\rrxlxxx.exe28⤵
- Executes dropped EXE
PID:1264 -
\??\c:\9thbbb.exec:\9thbbb.exe29⤵
- Executes dropped EXE
PID:3336 -
\??\c:\rxxlxrf.exec:\rxxlxrf.exe30⤵
- Executes dropped EXE
PID:1724 -
\??\c:\nhttbn.exec:\nhttbn.exe31⤵
- Executes dropped EXE
PID:1948 -
\??\c:\lrfflfx.exec:\lrfflfx.exe32⤵
- Executes dropped EXE
PID:3540 -
\??\c:\tbbbnb.exec:\tbbbnb.exe33⤵
- Executes dropped EXE
PID:3780 -
\??\c:\vpvpp.exec:\vpvpp.exe34⤵
- Executes dropped EXE
PID:4932 -
\??\c:\jpdpd.exec:\jpdpd.exe35⤵
- Executes dropped EXE
PID:3644 -
\??\c:\tnbbnh.exec:\tnbbnh.exe36⤵
- Executes dropped EXE
PID:4644 -
\??\c:\hnnhtn.exec:\hnnhtn.exe37⤵
- Executes dropped EXE
PID:3620 -
\??\c:\fxfxrrr.exec:\fxfxrrr.exe38⤵
- Executes dropped EXE
PID:4684 -
\??\c:\3thbnh.exec:\3thbnh.exe39⤵
- Executes dropped EXE
PID:3892 -
\??\c:\3flrfxr.exec:\3flrfxr.exe40⤵
- Executes dropped EXE
PID:996 -
\??\c:\bnhbnt.exec:\bnhbnt.exe41⤵
- Executes dropped EXE
PID:2532 -
\??\c:\dvdpd.exec:\dvdpd.exe42⤵
- Executes dropped EXE
PID:4428 -
\??\c:\xlfrxrf.exec:\xlfrxrf.exe43⤵
- Executes dropped EXE
PID:1992 -
\??\c:\nhthth.exec:\nhthth.exe44⤵
- Executes dropped EXE
PID:1728 -
\??\c:\7pjvd.exec:\7pjvd.exe45⤵
- Executes dropped EXE
PID:4356 -
\??\c:\rfrflrl.exec:\rfrflrl.exe46⤵
- Executes dropped EXE
PID:3320 -
\??\c:\bbnbth.exec:\bbnbth.exe47⤵
- Executes dropped EXE
PID:1440 -
\??\c:\1jdvj.exec:\1jdvj.exe48⤵
- Executes dropped EXE
PID:5032 -
\??\c:\vpdpd.exec:\vpdpd.exe49⤵
- Executes dropped EXE
PID:1872 -
\??\c:\fxfxrlr.exec:\fxfxrlr.exe50⤵
- Executes dropped EXE
PID:4636 -
\??\c:\hththt.exec:\hththt.exe51⤵
- Executes dropped EXE
PID:2500 -
\??\c:\pvdpd.exec:\pvdpd.exe52⤵
- Executes dropped EXE
PID:2392 -
\??\c:\7rxffxx.exec:\7rxffxx.exe53⤵
- Executes dropped EXE
PID:3764 -
\??\c:\rflxrlr.exec:\rflxrlr.exe54⤵
- Executes dropped EXE
PID:3812 -
\??\c:\jjjdd.exec:\jjjdd.exe55⤵
- Executes dropped EXE
PID:4536 -
\??\c:\btnbnh.exec:\btnbnh.exe56⤵
- Executes dropped EXE
PID:4248 -
\??\c:\hhnbhb.exec:\hhnbhb.exe57⤵
- Executes dropped EXE
PID:2712 -
\??\c:\jvvjv.exec:\jvvjv.exe58⤵
- Executes dropped EXE
PID:3564 -
\??\c:\frlfrxr.exec:\frlfrxr.exe59⤵
- Executes dropped EXE
PID:1540 -
\??\c:\7hnbbt.exec:\7hnbbt.exe60⤵
- Executes dropped EXE
PID:4404 -
\??\c:\frxrlxr.exec:\frxrlxr.exe61⤵
- Executes dropped EXE
PID:832 -
\??\c:\frlxlfx.exec:\frlxlfx.exe62⤵
- Executes dropped EXE
PID:312 -
\??\c:\tbhthb.exec:\tbhthb.exe63⤵
- Executes dropped EXE
PID:2388 -
\??\c:\tththb.exec:\tththb.exe64⤵
- Executes dropped EXE
PID:5112 -
\??\c:\dppdp.exec:\dppdp.exe65⤵
- Executes dropped EXE
PID:1160 -
\??\c:\rflxllx.exec:\rflxllx.exe66⤵PID:1336
-
\??\c:\htbtbt.exec:\htbtbt.exe67⤵PID:3956
-
\??\c:\dpvjd.exec:\dpvjd.exe68⤵PID:1804
-
\??\c:\ttbnhb.exec:\ttbnhb.exe69⤵PID:3148
-
\??\c:\dppdp.exec:\dppdp.exe70⤵PID:5020
-
\??\c:\jvdpp.exec:\jvdpp.exe71⤵PID:3728
-
\??\c:\9tthtt.exec:\9tthtt.exe72⤵PID:3588
-
\??\c:\tnthnh.exec:\tnthnh.exe73⤵PID:1672
-
\??\c:\lffxlff.exec:\lffxlff.exe74⤵PID:1248
-
\??\c:\7nbthb.exec:\7nbthb.exe75⤵PID:4992
-
\??\c:\vjvjd.exec:\vjvjd.exe76⤵PID:3096
-
\??\c:\1bbthb.exec:\1bbthb.exe77⤵PID:2400
-
\??\c:\tnhnbb.exec:\tnhnbb.exe78⤵PID:4532
-
\??\c:\5rfrffr.exec:\5rfrffr.exe79⤵PID:4304
-
\??\c:\hhbbnn.exec:\hhbbnn.exe80⤵PID:5052
-
\??\c:\llfxrrl.exec:\llfxrrl.exe81⤵PID:2664
-
\??\c:\bhbtnn.exec:\bhbtnn.exe82⤵PID:1544
-
\??\c:\7ppdv.exec:\7ppdv.exe83⤵PID:5084
-
\??\c:\xrrxlxl.exec:\xrrxlxl.exe84⤵PID:3780
-
\??\c:\htthtn.exec:\htthtn.exe85⤵PID:2300
-
\??\c:\1nnbht.exec:\1nnbht.exe86⤵PID:1344
-
\??\c:\dvvpd.exec:\dvvpd.exe87⤵PID:4328
-
\??\c:\3rrrlrr.exec:\3rrrlrr.exe88⤵PID:3600
-
\??\c:\5ttnhb.exec:\5ttnhb.exe89⤵PID:4020
-
\??\c:\pddpj.exec:\pddpj.exe90⤵PID:3348
-
\??\c:\jvpjp.exec:\jvpjp.exe91⤵PID:5096
-
\??\c:\lfrrxfl.exec:\lfrrxfl.exe92⤵PID:4524
-
\??\c:\jjjvj.exec:\jjjvj.exe93⤵PID:4028
-
\??\c:\pjpjd.exec:\pjpjd.exe94⤵PID:996
-
\??\c:\rxflxrf.exec:\rxflxrf.exe95⤵PID:3864
-
\??\c:\7bhtnh.exec:\7bhtnh.exe96⤵PID:1880
-
\??\c:\7vvpj.exec:\7vvpj.exe97⤵PID:3388
-
\??\c:\5jdpd.exec:\5jdpd.exe98⤵PID:4364
-
\??\c:\dvdpd.exec:\dvdpd.exe99⤵PID:3688
-
\??\c:\frxrrxr.exec:\frxrrxr.exe100⤵PID:2848
-
\??\c:\xffrfxr.exec:\xffrfxr.exe101⤵PID:672
-
\??\c:\1djvj.exec:\1djvj.exe102⤵PID:2472
-
\??\c:\1lxrflx.exec:\1lxrflx.exe103⤵PID:4636
-
\??\c:\3flffff.exec:\3flffff.exe104⤵PID:4820
-
\??\c:\thnhhb.exec:\thnhhb.exe105⤵PID:2992
-
\??\c:\1tnbnn.exec:\1tnbnn.exe106⤵PID:1112
-
\??\c:\jjvvp.exec:\jjvvp.exe107⤵PID:4956
-
\??\c:\lrrfrxl.exec:\lrrfrxl.exe108⤵PID:4368
-
\??\c:\1xrfxrf.exec:\1xrfxrf.exe109⤵PID:4600
-
\??\c:\bbnbth.exec:\bbnbth.exe110⤵PID:2996
-
\??\c:\vppdd.exec:\vppdd.exe111⤵PID:2268
-
\??\c:\lrxlxrf.exec:\lrxlxrf.exe112⤵PID:2684
-
\??\c:\1llffxl.exec:\1llffxl.exe113⤵PID:2184
-
\??\c:\tnhbnh.exec:\tnhbnh.exe114⤵PID:1788
-
\??\c:\jddpd.exec:\jddpd.exe115⤵PID:1732
-
\??\c:\fllxfxl.exec:\fllxfxl.exe116⤵PID:3956
-
\??\c:\rxxrlfl.exec:\rxxrlfl.exe117⤵PID:1804
-
\??\c:\tnhbnh.exec:\tnhbnh.exe118⤵PID:4872
-
\??\c:\pddvj.exec:\pddvj.exe119⤵PID:5020
-
\??\c:\frfrlxl.exec:\frfrlxl.exe120⤵PID:4780
-
\??\c:\dvdpd.exec:\dvdpd.exe121⤵PID:5080
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-