Analysis
-
max time kernel
149s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
05/04/2024, 21:03
Behavioral task
behavioral1
Sample
4846e909d7b30362fcd5f63862db57a95af957aac890d86342bad7cc62b48499.exe
Resource
win7-20240220-en
windows7-x64
6 signatures
150 seconds
General
-
Target
4846e909d7b30362fcd5f63862db57a95af957aac890d86342bad7cc62b48499.exe
-
Size
408KB
-
MD5
068dd69f8e46929fa5752f77677eb95f
-
SHA1
a2f2327d68c4e7ddcb09880b464133ecb4b17e42
-
SHA256
4846e909d7b30362fcd5f63862db57a95af957aac890d86342bad7cc62b48499
-
SHA512
6b793a3879783d0456f0bebfb4ef7b5271903b92da889baaef51089233ee45ec7ca35b3927dbcb17fda8cb9fdfc84b8a87876c778f8fa900c23be542fb34eaa1
-
SSDEEP
12288:N4wFHoS/r4wnwFHoSv4R7OrxG4wFHoS/r4wFHoSPuulubE5:vOrx3g
Malware Config
Signatures
-
Detect Blackmoon payload 46 IoCs
resource yara_rule behavioral1/memory/2220-11-0x0000000000400000-0x000000000047B000-memory.dmp family_blackmoon behavioral1/memory/1748-21-0x0000000000400000-0x000000000047B000-memory.dmp family_blackmoon behavioral1/memory/1748-31-0x0000000000400000-0x000000000047B000-memory.dmp family_blackmoon behavioral1/memory/3028-41-0x0000000000400000-0x000000000047B000-memory.dmp family_blackmoon behavioral1/memory/2644-48-0x0000000000400000-0x000000000047B000-memory.dmp family_blackmoon behavioral1/memory/2544-60-0x0000000000400000-0x000000000047B000-memory.dmp family_blackmoon behavioral1/memory/2808-67-0x0000000000400000-0x000000000047B000-memory.dmp family_blackmoon behavioral1/memory/2348-79-0x0000000000400000-0x000000000047B000-memory.dmp family_blackmoon behavioral1/memory/2496-88-0x0000000000400000-0x000000000047B000-memory.dmp family_blackmoon behavioral1/memory/2560-98-0x0000000000400000-0x000000000047B000-memory.dmp family_blackmoon behavioral1/memory/2348-71-0x0000000000220000-0x000000000029B000-memory.dmp family_blackmoon behavioral1/memory/2352-108-0x0000000000400000-0x000000000047B000-memory.dmp family_blackmoon behavioral1/memory/1632-117-0x0000000000400000-0x000000000047B000-memory.dmp family_blackmoon behavioral1/memory/2784-124-0x0000000000400000-0x000000000047B000-memory.dmp family_blackmoon behavioral1/memory/2880-135-0x0000000000400000-0x000000000047B000-memory.dmp family_blackmoon behavioral1/memory/812-145-0x0000000000400000-0x000000000047B000-memory.dmp family_blackmoon behavioral1/memory/320-154-0x0000000000400000-0x000000000047B000-memory.dmp family_blackmoon behavioral1/memory/2224-165-0x0000000000400000-0x000000000047B000-memory.dmp family_blackmoon behavioral1/memory/1684-164-0x0000000000400000-0x000000000047B000-memory.dmp family_blackmoon behavioral1/memory/1684-175-0x0000000000400000-0x000000000047B000-memory.dmp family_blackmoon behavioral1/memory/2388-177-0x0000000001CD0000-0x0000000001D4B000-memory.dmp family_blackmoon behavioral1/memory/2076-195-0x0000000000400000-0x000000000047B000-memory.dmp family_blackmoon behavioral1/memory/2076-194-0x0000000000340000-0x00000000003BB000-memory.dmp family_blackmoon behavioral1/memory/2388-193-0x0000000000400000-0x000000000047B000-memory.dmp family_blackmoon behavioral1/memory/2276-206-0x0000000000400000-0x000000000047B000-memory.dmp family_blackmoon behavioral1/memory/1036-215-0x0000000000400000-0x000000000047B000-memory.dmp family_blackmoon behavioral1/memory/1100-225-0x0000000000480000-0x00000000004FB000-memory.dmp family_blackmoon behavioral1/memory/1100-222-0x0000000000400000-0x000000000047B000-memory.dmp family_blackmoon behavioral1/memory/1796-234-0x0000000000220000-0x000000000029B000-memory.dmp family_blackmoon behavioral1/memory/1796-236-0x0000000000400000-0x000000000047B000-memory.dmp family_blackmoon behavioral1/memory/700-235-0x0000000000400000-0x000000000047B000-memory.dmp family_blackmoon behavioral1/memory/2988-244-0x0000000000400000-0x000000000047B000-memory.dmp family_blackmoon behavioral1/memory/2988-254-0x0000000000400000-0x000000000047B000-memory.dmp family_blackmoon behavioral1/memory/1996-255-0x0000000000400000-0x000000000047B000-memory.dmp family_blackmoon behavioral1/memory/1996-262-0x0000000000400000-0x000000000047B000-memory.dmp family_blackmoon behavioral1/memory/844-280-0x0000000000400000-0x000000000047B000-memory.dmp family_blackmoon behavioral1/memory/992-299-0x0000000000400000-0x000000000047B000-memory.dmp family_blackmoon behavioral1/memory/992-309-0x0000000001CF0000-0x0000000001D6B000-memory.dmp family_blackmoon behavioral1/memory/1704-326-0x0000000000400000-0x000000000047B000-memory.dmp family_blackmoon behavioral1/memory/3016-319-0x0000000000400000-0x000000000047B000-memory.dmp family_blackmoon behavioral1/memory/3016-318-0x0000000001D10000-0x0000000001D8B000-memory.dmp family_blackmoon behavioral1/memory/1340-333-0x0000000000400000-0x000000000047B000-memory.dmp family_blackmoon behavioral1/memory/2712-340-0x0000000000400000-0x000000000047B000-memory.dmp family_blackmoon behavioral1/memory/844-346-0x0000000000220000-0x000000000029B000-memory.dmp family_blackmoon behavioral1/memory/2148-347-0x00000000002D0000-0x000000000034B000-memory.dmp family_blackmoon behavioral1/memory/2284-356-0x0000000000400000-0x000000000047B000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral1/files/0x000c000000013a3f-5.dat UPX behavioral1/memory/2220-11-0x0000000000400000-0x000000000047B000-memory.dmp UPX behavioral1/files/0x000c000000013a88-19.dat UPX behavioral1/memory/1748-21-0x0000000000400000-0x000000000047B000-memory.dmp UPX behavioral1/files/0x0032000000014251-28.dat UPX behavioral1/memory/1748-31-0x0000000000400000-0x000000000047B000-memory.dmp UPX behavioral1/memory/1748-27-0x0000000000480000-0x00000000004FB000-memory.dmp UPX behavioral1/memory/3028-41-0x0000000000400000-0x000000000047B000-memory.dmp UPX behavioral1/files/0x0007000000014457-38.dat UPX behavioral1/files/0x00070000000144e9-49.dat UPX behavioral1/memory/2644-48-0x0000000000400000-0x000000000047B000-memory.dmp UPX behavioral1/memory/2544-60-0x0000000000400000-0x000000000047B000-memory.dmp UPX behavioral1/files/0x00090000000144f1-58.dat UPX behavioral1/files/0x00090000000144f9-68.dat UPX behavioral1/memory/2808-67-0x0000000000400000-0x000000000047B000-memory.dmp UPX behavioral1/files/0x000700000001507a-77.dat UPX behavioral1/memory/2348-79-0x0000000000400000-0x000000000047B000-memory.dmp UPX behavioral1/files/0x0006000000015083-85.dat UPX behavioral1/memory/2496-88-0x0000000000400000-0x000000000047B000-memory.dmp UPX behavioral1/files/0x00060000000150d9-96.dat UPX behavioral1/memory/2560-98-0x0000000000400000-0x000000000047B000-memory.dmp UPX behavioral1/memory/2352-108-0x0000000000400000-0x000000000047B000-memory.dmp UPX behavioral1/files/0x00060000000153ee-106.dat UPX behavioral1/memory/1632-117-0x0000000000400000-0x000000000047B000-memory.dmp UPX behavioral1/files/0x000600000001565a-115.dat UPX behavioral1/files/0x0006000000015662-125.dat UPX behavioral1/memory/2784-124-0x0000000000400000-0x000000000047B000-memory.dmp UPX behavioral1/files/0x00060000000158d9-133.dat UPX behavioral1/memory/2880-135-0x0000000000400000-0x000000000047B000-memory.dmp UPX behavioral1/memory/812-145-0x0000000000400000-0x000000000047B000-memory.dmp UPX behavioral1/files/0x0006000000015ae3-143.dat UPX behavioral1/memory/320-154-0x0000000000400000-0x000000000047B000-memory.dmp UPX behavioral1/files/0x003200000001431b-152.dat UPX behavioral1/files/0x0006000000015b50-162.dat UPX behavioral1/memory/2224-165-0x0000000000400000-0x000000000047B000-memory.dmp UPX behavioral1/memory/1684-164-0x0000000000400000-0x000000000047B000-memory.dmp UPX behavioral1/memory/1684-175-0x0000000000400000-0x000000000047B000-memory.dmp UPX behavioral1/files/0x0006000000015b85-172.dat UPX behavioral1/files/0x0006000000015c9a-183.dat UPX behavioral1/memory/2076-195-0x0000000000400000-0x000000000047B000-memory.dmp UPX behavioral1/memory/2388-193-0x0000000000400000-0x000000000047B000-memory.dmp UPX behavioral1/files/0x0006000000015ca8-191.dat UPX behavioral1/files/0x0006000000015cb1-203.dat UPX behavioral1/memory/2276-206-0x0000000000400000-0x000000000047B000-memory.dmp UPX behavioral1/memory/1036-215-0x0000000000400000-0x000000000047B000-memory.dmp UPX behavioral1/files/0x0006000000015cc5-213.dat UPX behavioral1/files/0x0006000000015cd2-223.dat UPX behavioral1/memory/1100-225-0x0000000000480000-0x00000000004FB000-memory.dmp UPX behavioral1/memory/1100-222-0x0000000000400000-0x000000000047B000-memory.dmp UPX behavioral1/memory/1796-234-0x0000000000220000-0x000000000029B000-memory.dmp UPX behavioral1/memory/1796-236-0x0000000000400000-0x000000000047B000-memory.dmp UPX behavioral1/memory/700-235-0x0000000000400000-0x000000000047B000-memory.dmp UPX behavioral1/files/0x0006000000015ce3-232.dat UPX behavioral1/files/0x0006000000015cee-242.dat UPX behavioral1/memory/2988-244-0x0000000000400000-0x000000000047B000-memory.dmp UPX behavioral1/memory/2988-254-0x0000000000400000-0x000000000047B000-memory.dmp UPX behavioral1/files/0x0006000000015cf8-252.dat UPX behavioral1/memory/1996-255-0x0000000000400000-0x000000000047B000-memory.dmp UPX behavioral1/files/0x0006000000015d0a-263.dat UPX behavioral1/memory/1996-262-0x0000000000400000-0x000000000047B000-memory.dmp UPX behavioral1/files/0x0006000000015d21-271.dat UPX behavioral1/memory/1048-266-0x0000000000480000-0x00000000004FB000-memory.dmp UPX behavioral1/files/0x0006000000015d39-281.dat UPX behavioral1/memory/844-280-0x0000000000400000-0x000000000047B000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 852 hbthtb.exe 1748 9rllrxl.exe 3028 ffxflrl.exe 2644 hbbnbn.exe 2544 jpjvj.exe 2808 jpvjd.exe 2348 rxrfrxl.exe 2496 3tnbhn.exe 2560 rxrfxxl.exe 2352 9nhnbh.exe 1632 vppvj.exe 2784 jdddj.exe 2880 vvppv.exe 812 7bnhtn.exe 320 pjjpd.exe 2224 9jvjj.exe 1684 lfxxrrx.exe 2388 pjdjd.exe 2076 bhhthb.exe 2276 ffrrrfl.exe 1036 tttbnb.exe 1100 vpvvj.exe 1796 ffffrxr.exe 700 xlxxllx.exe 2988 hnbnnb.exe 1996 nnntbh.exe 1048 vdvpv.exe 844 1btbhn.exe 2300 hbhnbb.exe 2052 jjpjv.exe 992 bthtnt.exe 3016 7pjdj.exe 1704 ttnthh.exe 1340 rlxfrlr.exe 2712 dvjjd.exe 2148 lrlxffr.exe 2628 ttnbhh.exe 2284 lfrrffl.exe 2656 hbntbb.exe 2544 lllxfrl.exe 2612 3tnbbh.exe 2452 3vpvj.exe 2892 ttnnnn.exe 2552 5jjjj.exe 2428 nbttbb.exe 2352 ddpvv.exe 1972 htnhnn.exe 1976 tbtbnt.exe 1864 jdpvd.exe 2216 ttnntb.exe 2336 1lfflrx.exe 1636 xrlxlxl.exe 2172 vjdjp.exe 1952 5rrrlrf.exe 2956 ddpvv.exe 1260 ffffllr.exe 2232 dvjjj.exe 1036 7rflrxl.exe 1836 nnhnhh.exe 1128 9rflrrf.exe 1248 9xxxlrf.exe 3060 vpdpv.exe 840 btbbhh.exe 1728 1fxxxxr.exe -
resource yara_rule behavioral1/memory/2220-0-0x0000000000400000-0x000000000047B000-memory.dmp upx behavioral1/files/0x000c000000013a3f-5.dat upx behavioral1/memory/852-12-0x0000000000400000-0x000000000047B000-memory.dmp upx behavioral1/memory/2220-11-0x0000000000400000-0x000000000047B000-memory.dmp upx behavioral1/files/0x000c000000013a88-19.dat upx behavioral1/memory/1748-21-0x0000000000400000-0x000000000047B000-memory.dmp upx behavioral1/files/0x0032000000014251-28.dat upx behavioral1/memory/1748-31-0x0000000000400000-0x000000000047B000-memory.dmp upx behavioral1/memory/1748-27-0x0000000000480000-0x00000000004FB000-memory.dmp upx behavioral1/memory/3028-41-0x0000000000400000-0x000000000047B000-memory.dmp upx behavioral1/files/0x0007000000014457-38.dat upx behavioral1/files/0x00070000000144e9-49.dat upx behavioral1/memory/2644-48-0x0000000000400000-0x000000000047B000-memory.dmp upx behavioral1/memory/2544-60-0x0000000000400000-0x000000000047B000-memory.dmp upx behavioral1/files/0x00090000000144f1-58.dat upx behavioral1/files/0x00090000000144f9-68.dat upx behavioral1/memory/2808-67-0x0000000000400000-0x000000000047B000-memory.dmp upx behavioral1/files/0x000700000001507a-77.dat upx behavioral1/memory/2348-79-0x0000000000400000-0x000000000047B000-memory.dmp upx behavioral1/files/0x0006000000015083-85.dat upx behavioral1/memory/2496-88-0x0000000000400000-0x000000000047B000-memory.dmp upx behavioral1/files/0x00060000000150d9-96.dat upx behavioral1/memory/2560-98-0x0000000000400000-0x000000000047B000-memory.dmp upx behavioral1/memory/2352-108-0x0000000000400000-0x000000000047B000-memory.dmp upx behavioral1/files/0x00060000000153ee-106.dat upx behavioral1/memory/1632-117-0x0000000000400000-0x000000000047B000-memory.dmp upx behavioral1/files/0x000600000001565a-115.dat upx behavioral1/files/0x0006000000015662-125.dat upx behavioral1/memory/2784-124-0x0000000000400000-0x000000000047B000-memory.dmp upx behavioral1/files/0x00060000000158d9-133.dat upx behavioral1/memory/2880-135-0x0000000000400000-0x000000000047B000-memory.dmp upx behavioral1/memory/812-141-0x0000000000480000-0x00000000004FB000-memory.dmp upx behavioral1/memory/812-145-0x0000000000400000-0x000000000047B000-memory.dmp upx behavioral1/files/0x0006000000015ae3-143.dat upx behavioral1/memory/320-154-0x0000000000400000-0x000000000047B000-memory.dmp upx behavioral1/files/0x003200000001431b-152.dat upx behavioral1/memory/2224-155-0x0000000000400000-0x000000000047B000-memory.dmp upx behavioral1/files/0x0006000000015b50-162.dat upx behavioral1/memory/2224-165-0x0000000000400000-0x000000000047B000-memory.dmp upx behavioral1/memory/1684-164-0x0000000000400000-0x000000000047B000-memory.dmp upx behavioral1/memory/1684-175-0x0000000000400000-0x000000000047B000-memory.dmp upx behavioral1/memory/2388-173-0x0000000000400000-0x000000000047B000-memory.dmp upx behavioral1/files/0x0006000000015b85-172.dat upx behavioral1/files/0x0006000000015c9a-183.dat upx behavioral1/memory/2076-195-0x0000000000400000-0x000000000047B000-memory.dmp upx behavioral1/memory/2388-193-0x0000000000400000-0x000000000047B000-memory.dmp upx behavioral1/files/0x0006000000015ca8-191.dat upx behavioral1/files/0x0006000000015cb1-203.dat upx behavioral1/memory/2276-206-0x0000000000400000-0x000000000047B000-memory.dmp upx behavioral1/memory/1036-205-0x0000000000400000-0x000000000047B000-memory.dmp upx behavioral1/memory/2276-196-0x0000000000400000-0x000000000047B000-memory.dmp upx behavioral1/memory/1036-215-0x0000000000400000-0x000000000047B000-memory.dmp upx behavioral1/files/0x0006000000015cc5-213.dat upx behavioral1/files/0x0006000000015cd2-223.dat upx behavioral1/memory/1100-225-0x0000000000480000-0x00000000004FB000-memory.dmp upx behavioral1/memory/1100-222-0x0000000000400000-0x000000000047B000-memory.dmp upx behavioral1/memory/1796-234-0x0000000000220000-0x000000000029B000-memory.dmp upx behavioral1/memory/1796-236-0x0000000000400000-0x000000000047B000-memory.dmp upx behavioral1/memory/700-235-0x0000000000400000-0x000000000047B000-memory.dmp upx behavioral1/files/0x0006000000015ce3-232.dat upx behavioral1/files/0x0006000000015cee-242.dat upx behavioral1/memory/2988-244-0x0000000000400000-0x000000000047B000-memory.dmp upx behavioral1/memory/2988-254-0x0000000000400000-0x000000000047B000-memory.dmp upx behavioral1/files/0x0006000000015cf8-252.dat upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2220 wrote to memory of 852 2220 4846e909d7b30362fcd5f63862db57a95af957aac890d86342bad7cc62b48499.exe 28 PID 2220 wrote to memory of 852 2220 4846e909d7b30362fcd5f63862db57a95af957aac890d86342bad7cc62b48499.exe 28 PID 2220 wrote to memory of 852 2220 4846e909d7b30362fcd5f63862db57a95af957aac890d86342bad7cc62b48499.exe 28 PID 2220 wrote to memory of 852 2220 4846e909d7b30362fcd5f63862db57a95af957aac890d86342bad7cc62b48499.exe 28 PID 852 wrote to memory of 1748 852 hbthtb.exe 29 PID 852 wrote to memory of 1748 852 hbthtb.exe 29 PID 852 wrote to memory of 1748 852 hbthtb.exe 29 PID 852 wrote to memory of 1748 852 hbthtb.exe 29 PID 1748 wrote to memory of 3028 1748 9rllrxl.exe 30 PID 1748 wrote to memory of 3028 1748 9rllrxl.exe 30 PID 1748 wrote to memory of 3028 1748 9rllrxl.exe 30 PID 1748 wrote to memory of 3028 1748 9rllrxl.exe 30 PID 3028 wrote to memory of 2644 3028 ffxflrl.exe 31 PID 3028 wrote to memory of 2644 3028 ffxflrl.exe 31 PID 3028 wrote to memory of 2644 3028 ffxflrl.exe 31 PID 3028 wrote to memory of 2644 3028 ffxflrl.exe 31 PID 2644 wrote to memory of 2544 2644 hbbnbn.exe 32 PID 2644 wrote to memory of 2544 2644 hbbnbn.exe 32 PID 2644 wrote to memory of 2544 2644 hbbnbn.exe 32 PID 2644 wrote to memory of 2544 2644 hbbnbn.exe 32 PID 2544 wrote to memory of 2808 2544 jpjvj.exe 33 PID 2544 wrote to memory of 2808 2544 jpjvj.exe 33 PID 2544 wrote to memory of 2808 2544 jpjvj.exe 33 PID 2544 wrote to memory of 2808 2544 jpjvj.exe 33 PID 2808 wrote to memory of 2348 2808 jpvjd.exe 34 PID 2808 wrote to memory of 2348 2808 jpvjd.exe 34 PID 2808 wrote to memory of 2348 2808 jpvjd.exe 34 PID 2808 wrote to memory of 2348 2808 jpvjd.exe 34 PID 2348 wrote to memory of 2496 2348 rxrfrxl.exe 35 PID 2348 wrote to memory of 2496 2348 rxrfrxl.exe 35 PID 2348 wrote to memory of 2496 2348 rxrfrxl.exe 35 PID 2348 wrote to memory of 2496 2348 rxrfrxl.exe 35 PID 2496 wrote to memory of 2560 2496 3tnbhn.exe 36 PID 2496 wrote to memory of 2560 2496 3tnbhn.exe 36 PID 2496 wrote to memory of 2560 2496 3tnbhn.exe 36 PID 2496 wrote to memory of 2560 2496 3tnbhn.exe 36 PID 2560 wrote to memory of 2352 2560 rxrfxxl.exe 37 PID 2560 wrote to memory of 2352 2560 rxrfxxl.exe 37 PID 2560 wrote to memory of 2352 2560 rxrfxxl.exe 37 PID 2560 wrote to memory of 2352 2560 rxrfxxl.exe 37 PID 2352 wrote to memory of 1632 2352 9nhnbh.exe 38 PID 2352 wrote to memory of 1632 2352 9nhnbh.exe 38 PID 2352 wrote to memory of 1632 2352 9nhnbh.exe 38 PID 2352 wrote to memory of 1632 2352 9nhnbh.exe 38 PID 1632 wrote to memory of 2784 1632 vppvj.exe 39 PID 1632 wrote to memory of 2784 1632 vppvj.exe 39 PID 1632 wrote to memory of 2784 1632 vppvj.exe 39 PID 1632 wrote to memory of 2784 1632 vppvj.exe 39 PID 2784 wrote to memory of 2880 2784 jdddj.exe 40 PID 2784 wrote to memory of 2880 2784 jdddj.exe 40 PID 2784 wrote to memory of 2880 2784 jdddj.exe 40 PID 2784 wrote to memory of 2880 2784 jdddj.exe 40 PID 2880 wrote to memory of 812 2880 vvppv.exe 41 PID 2880 wrote to memory of 812 2880 vvppv.exe 41 PID 2880 wrote to memory of 812 2880 vvppv.exe 41 PID 2880 wrote to memory of 812 2880 vvppv.exe 41 PID 812 wrote to memory of 320 812 7bnhtn.exe 42 PID 812 wrote to memory of 320 812 7bnhtn.exe 42 PID 812 wrote to memory of 320 812 7bnhtn.exe 42 PID 812 wrote to memory of 320 812 7bnhtn.exe 42 PID 320 wrote to memory of 2224 320 pjjpd.exe 43 PID 320 wrote to memory of 2224 320 pjjpd.exe 43 PID 320 wrote to memory of 2224 320 pjjpd.exe 43 PID 320 wrote to memory of 2224 320 pjjpd.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\4846e909d7b30362fcd5f63862db57a95af957aac890d86342bad7cc62b48499.exe"C:\Users\Admin\AppData\Local\Temp\4846e909d7b30362fcd5f63862db57a95af957aac890d86342bad7cc62b48499.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2220 -
\??\c:\hbthtb.exec:\hbthtb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:852 -
\??\c:\9rllrxl.exec:\9rllrxl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1748 -
\??\c:\ffxflrl.exec:\ffxflrl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3028 -
\??\c:\hbbnbn.exec:\hbbnbn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2644 -
\??\c:\jpjvj.exec:\jpjvj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2544 -
\??\c:\jpvjd.exec:\jpvjd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2808 -
\??\c:\rxrfrxl.exec:\rxrfrxl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2348 -
\??\c:\3tnbhn.exec:\3tnbhn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2496 -
\??\c:\rxrfxxl.exec:\rxrfxxl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2560 -
\??\c:\9nhnbh.exec:\9nhnbh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2352 -
\??\c:\vppvj.exec:\vppvj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1632 -
\??\c:\jdddj.exec:\jdddj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2784 -
\??\c:\vvppv.exec:\vvppv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2880 -
\??\c:\7bnhtn.exec:\7bnhtn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:812 -
\??\c:\pjjpd.exec:\pjjpd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:320 -
\??\c:\9jvjj.exec:\9jvjj.exe17⤵
- Executes dropped EXE
PID:2224 -
\??\c:\lfxxrrx.exec:\lfxxrrx.exe18⤵
- Executes dropped EXE
PID:1684 -
\??\c:\pjdjd.exec:\pjdjd.exe19⤵
- Executes dropped EXE
PID:2388 -
\??\c:\bhhthb.exec:\bhhthb.exe20⤵
- Executes dropped EXE
PID:2076 -
\??\c:\ffrrrfl.exec:\ffrrrfl.exe21⤵
- Executes dropped EXE
PID:2276 -
\??\c:\tttbnb.exec:\tttbnb.exe22⤵
- Executes dropped EXE
PID:1036 -
\??\c:\vpvvj.exec:\vpvvj.exe23⤵
- Executes dropped EXE
PID:1100 -
\??\c:\ffffrxr.exec:\ffffrxr.exe24⤵
- Executes dropped EXE
PID:1796 -
\??\c:\xlxxllx.exec:\xlxxllx.exe25⤵
- Executes dropped EXE
PID:700 -
\??\c:\hnbnnb.exec:\hnbnnb.exe26⤵
- Executes dropped EXE
PID:2988 -
\??\c:\nnntbh.exec:\nnntbh.exe27⤵
- Executes dropped EXE
PID:1996 -
\??\c:\vdvpv.exec:\vdvpv.exe28⤵
- Executes dropped EXE
PID:1048 -
\??\c:\1btbhn.exec:\1btbhn.exe29⤵
- Executes dropped EXE
PID:844 -
\??\c:\hbhnbb.exec:\hbhnbb.exe30⤵
- Executes dropped EXE
PID:2300 -
\??\c:\jjpjv.exec:\jjpjv.exe31⤵
- Executes dropped EXE
PID:2052 -
\??\c:\bthtnt.exec:\bthtnt.exe32⤵
- Executes dropped EXE
PID:992 -
\??\c:\7pjdj.exec:\7pjdj.exe33⤵
- Executes dropped EXE
PID:3016 -
\??\c:\ttnthh.exec:\ttnthh.exe34⤵
- Executes dropped EXE
PID:1704 -
\??\c:\rlxfrlr.exec:\rlxfrlr.exe35⤵
- Executes dropped EXE
PID:1340 -
\??\c:\dvjjd.exec:\dvjjd.exe36⤵
- Executes dropped EXE
PID:2712 -
\??\c:\lrlxffr.exec:\lrlxffr.exe37⤵
- Executes dropped EXE
PID:2148 -
\??\c:\ttnbhh.exec:\ttnbhh.exe38⤵
- Executes dropped EXE
PID:2628 -
\??\c:\lfrrffl.exec:\lfrrffl.exe39⤵
- Executes dropped EXE
PID:2284 -
\??\c:\hbntbb.exec:\hbntbb.exe40⤵
- Executes dropped EXE
PID:2656 -
\??\c:\lllxfrl.exec:\lllxfrl.exe41⤵
- Executes dropped EXE
PID:2544 -
\??\c:\3tnbbh.exec:\3tnbbh.exe42⤵
- Executes dropped EXE
PID:2612 -
\??\c:\3vpvj.exec:\3vpvj.exe43⤵
- Executes dropped EXE
PID:2452 -
\??\c:\ttnnnn.exec:\ttnnnn.exe44⤵
- Executes dropped EXE
PID:2892 -
\??\c:\5jjjj.exec:\5jjjj.exe45⤵
- Executes dropped EXE
PID:2552 -
\??\c:\nbttbb.exec:\nbttbb.exe46⤵
- Executes dropped EXE
PID:2428 -
\??\c:\ddpvv.exec:\ddpvv.exe47⤵
- Executes dropped EXE
PID:2352 -
\??\c:\htnhnn.exec:\htnhnn.exe48⤵
- Executes dropped EXE
PID:1972 -
\??\c:\tbtbnt.exec:\tbtbnt.exe49⤵
- Executes dropped EXE
PID:1976 -
\??\c:\jdpvd.exec:\jdpvd.exe50⤵
- Executes dropped EXE
PID:1864 -
\??\c:\ttnntb.exec:\ttnntb.exe51⤵
- Executes dropped EXE
PID:2216 -
\??\c:\1lfflrx.exec:\1lfflrx.exe52⤵
- Executes dropped EXE
PID:2336 -
\??\c:\xrlxlxl.exec:\xrlxlxl.exe53⤵
- Executes dropped EXE
PID:1636 -
\??\c:\vjdjp.exec:\vjdjp.exe54⤵
- Executes dropped EXE
PID:2172 -
\??\c:\5rrrlrf.exec:\5rrrlrf.exe55⤵
- Executes dropped EXE
PID:1952 -
\??\c:\ddpvv.exec:\ddpvv.exe56⤵
- Executes dropped EXE
PID:2956 -
\??\c:\ffffllr.exec:\ffffllr.exe57⤵
- Executes dropped EXE
PID:1260 -
\??\c:\dvjjj.exec:\dvjjj.exe58⤵
- Executes dropped EXE
PID:2232 -
\??\c:\7rflrxl.exec:\7rflrxl.exe59⤵
- Executes dropped EXE
PID:1036 -
\??\c:\nnhnhh.exec:\nnhnhh.exe60⤵
- Executes dropped EXE
PID:1836 -
\??\c:\9rflrrf.exec:\9rflrrf.exe61⤵
- Executes dropped EXE
PID:1128 -
\??\c:\9xxxlrf.exec:\9xxxlrf.exe62⤵
- Executes dropped EXE
PID:1248 -
\??\c:\vpdpv.exec:\vpdpv.exe63⤵
- Executes dropped EXE
PID:3060 -
\??\c:\btbbhh.exec:\btbbhh.exe64⤵
- Executes dropped EXE
PID:840 -
\??\c:\1fxxxxr.exec:\1fxxxxr.exe65⤵
- Executes dropped EXE
PID:1728 -
\??\c:\9jdjp.exec:\9jdjp.exe66⤵PID:932
-
\??\c:\pdvjp.exec:\pdvjp.exe67⤵PID:3004
-
\??\c:\rlrxrxl.exec:\rlrxrxl.exe68⤵PID:2948
-
\??\c:\jdjjp.exec:\jdjjp.exe69⤵PID:2300
-
\??\c:\3jvdd.exec:\3jvdd.exe70⤵PID:1508
-
\??\c:\jdvdp.exec:\jdvdp.exe71⤵PID:2052
-
\??\c:\pjjpv.exec:\pjjpv.exe72⤵PID:1600
-
\??\c:\ttbbhh.exec:\ttbbhh.exe73⤵PID:1792
-
\??\c:\rfrxfxf.exec:\rfrxfxf.exe74⤵PID:2060
-
\??\c:\llxxlrf.exec:\llxxlrf.exe75⤵PID:1252
-
\??\c:\hhbntb.exec:\hhbntb.exe76⤵PID:2532
-
\??\c:\1xrxflx.exec:\1xrxflx.exe77⤵PID:2640
-
\??\c:\btnnbb.exec:\btnnbb.exe78⤵PID:2684
-
\??\c:\9ddpv.exec:\9ddpv.exe79⤵PID:2292
-
\??\c:\vpppp.exec:\vpppp.exe80⤵PID:2464
-
\??\c:\ffxxxfl.exec:\ffxxxfl.exe81⤵PID:2092
-
\??\c:\3vdvj.exec:\3vdvj.exe82⤵PID:2808
-
\??\c:\3jjjj.exec:\3jjjj.exe83⤵PID:2456
-
\??\c:\hhnhtn.exec:\hhnhtn.exe84⤵PID:2452
-
\??\c:\7pjvj.exec:\7pjvj.exe85⤵PID:340
-
\??\c:\tthntb.exec:\tthntb.exe86⤵PID:2896
-
\??\c:\rlffrrx.exec:\rlffrrx.exe87⤵PID:2912
-
\??\c:\1xffrxf.exec:\1xffrxf.exe88⤵PID:344
-
\??\c:\ppjjp.exec:\ppjjp.exe89⤵PID:2352
-
\??\c:\hbnntb.exec:\hbnntb.exe90⤵PID:2796
-
\??\c:\jjdjv.exec:\jjdjv.exe91⤵PID:1612
-
\??\c:\1dddj.exec:\1dddj.exe92⤵PID:1620
-
\??\c:\nhtnbb.exec:\nhtnbb.exe93⤵PID:2908
-
\??\c:\rllxflx.exec:\rllxflx.exe94⤵PID:1444
-
\??\c:\lfxlrrf.exec:\lfxlrrf.exe95⤵PID:2024
-
\??\c:\vvvjv.exec:\vvvjv.exe96⤵PID:2100
-
\??\c:\3ntbhb.exec:\3ntbhb.exe97⤵PID:2324
-
\??\c:\btnntt.exec:\btnntt.exe98⤵PID:784
-
\??\c:\btntbh.exec:\btntbh.exe99⤵PID:1484
-
\??\c:\5bbhtb.exec:\5bbhtb.exe100⤵PID:1744
-
\??\c:\5xlrxxf.exec:\5xlrxxf.exe101⤵PID:112
-
\??\c:\jvpvd.exec:\jvpvd.exe102⤵PID:2056
-
\??\c:\5thhnt.exec:\5thhnt.exe103⤵PID:3056
-
\??\c:\llfrrrx.exec:\llfrrrx.exe104⤵PID:1152
-
\??\c:\dvvjv.exec:\dvvjv.exe105⤵PID:964
-
\??\c:\nhtbbh.exec:\nhtbbh.exe106⤵PID:2404
-
\??\c:\9dppp.exec:\9dppp.exe107⤵PID:1776
-
\??\c:\3bnnbb.exec:\3bnnbb.exe108⤵PID:1996
-
\??\c:\xrxxfff.exec:\xrxxfff.exe109⤵PID:916
-
\??\c:\7tbbnh.exec:\7tbbnh.exe110⤵PID:2036
-
\??\c:\fxrxflx.exec:\fxrxflx.exe111⤵PID:1736
-
\??\c:\jpjpd.exec:\jpjpd.exe112⤵PID:2236
-
\??\c:\tntbbb.exec:\tntbbb.exe113⤵PID:848
-
\??\c:\pdvpd.exec:\pdvpd.exe114⤵PID:2020
-
\??\c:\htbbbh.exec:\htbbbh.exe115⤵PID:872
-
\??\c:\3ffrffr.exec:\3ffrffr.exe116⤵PID:2240
-
\??\c:\3nntnt.exec:\3nntnt.exe117⤵PID:2716
-
\??\c:\9frlrrx.exec:\9frlrrx.exe118⤵PID:1300
-
\??\c:\jdppd.exec:\jdppd.exe119⤵PID:2584
-
\??\c:\hbnhhh.exec:\hbnhhh.exe120⤵PID:1060
-
\??\c:\nhhnbb.exec:\nhhnbb.exe121⤵PID:2700
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-