Analysis
-
max time kernel
150s -
max time network
115s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
13/04/2024, 21:30
Behavioral task
behavioral1
Sample
5cb194668d91b88858fb48177646400c73ff82983059c7c3a8ba6b42168c010c.exe
Resource
win7-20240221-en
7 signatures
150 seconds
General
-
Target
5cb194668d91b88858fb48177646400c73ff82983059c7c3a8ba6b42168c010c.exe
-
Size
3.2MB
-
MD5
027d11c671038f5891a06f4d1f746ee1
-
SHA1
3442d3c940c5aceca321522f91c84f931031650e
-
SHA256
5cb194668d91b88858fb48177646400c73ff82983059c7c3a8ba6b42168c010c
-
SHA512
8968ee2c463d5189c944f2464014fe1700900c06305b22e29b1ae47e8c2e74e091f5ef9b486f2f05489abf31c7f466a8726d0b324b31651fbe06146703f82517
-
SSDEEP
49152:gCOfN6X5tLLQTg20ITS/PPs/1kS4eKRL/SRsj0Zuur1T75YL:U6XLq/qPPslzKx/dJg1K
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/4432-4-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3660-9-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4060-11-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1760-17-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3576-28-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/804-34-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1624-40-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3200-46-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4744-52-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2332-58-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2900-64-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4732-70-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4532-75-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3812-82-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4532-80-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2460-87-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3320-94-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4004-111-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3636-122-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5096-128-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3268-144-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4516-150-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1452-156-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2672-170-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4060-182-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/800-186-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3472-190-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3596-200-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3196-204-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3780-210-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2096-211-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4744-227-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5056-228-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3036-232-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5080-236-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1732-257-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/988-258-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5060-276-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2396-286-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/724-299-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3936-303-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4044-313-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3544-320-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2464-327-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1608-331-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2732-344-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2140-354-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3196-373-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1624-374-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1624-378-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1696-403-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1940-440-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3716-447-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3164-448-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4500-455-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/812-504-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3144-523-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2860-551-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3848-603-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3496-661-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2348-834-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1928-901-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3084-935-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2492-951-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/4432-0-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000300000001e97a-3.dat UPX behavioral2/memory/4432-4-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3660-9-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0008000000023414-10.dat UPX behavioral2/memory/4060-11-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0008000000023417-12.dat UPX behavioral2/memory/1760-17-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0008000000023415-21.dat UPX behavioral2/files/0x0007000000023419-25.dat UPX behavioral2/memory/3576-28-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002341a-31.dat UPX behavioral2/memory/804-34-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002341b-38.dat UPX behavioral2/memory/1624-40-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002341e-43.dat UPX behavioral2/memory/3200-46-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023421-49.dat UPX behavioral2/memory/4744-52-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023422-56.dat UPX behavioral2/memory/2332-58-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002342b-61.dat UPX behavioral2/memory/2900-64-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002342c-67.dat UPX behavioral2/memory/4732-70-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0009000000023369-74.dat UPX behavioral2/memory/4532-75-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0008000000023426-79.dat UPX behavioral2/memory/3812-82-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4532-80-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0009000000023429-85.dat UPX behavioral2/memory/2460-87-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023427-92.dat UPX behavioral2/memory/3320-94-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000d00000002337a-99.dat UPX behavioral2/files/0x000b00000002342f-102.dat UPX behavioral2/memory/2080-105-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023430-109.dat UPX behavioral2/memory/4004-111-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023431-114.dat UPX behavioral2/files/0x0007000000023432-120.dat UPX behavioral2/memory/3636-122-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023433-126.dat UPX behavioral2/memory/5096-128-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023434-133.dat UPX behavioral2/files/0x0007000000023435-136.dat UPX behavioral2/files/0x0007000000023436-142.dat UPX behavioral2/memory/3268-144-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023437-148.dat UPX behavioral2/memory/4516-150-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023438-154.dat UPX behavioral2/memory/1452-156-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023439-160.dat UPX behavioral2/files/0x000700000002343a-163.dat UPX behavioral2/files/0x000700000002343b-169.dat UPX behavioral2/memory/2672-170-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002343c-174.dat UPX behavioral2/files/0x000700000002343d-179.dat UPX behavioral2/memory/4060-182-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/800-186-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3472-190-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3596-200-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3196-204-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3780-210-0x0000000000400000-0x0000000000427000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 3660 bbhbbn.exe 4060 2808288.exe 1760 42804.exe 3172 htbtnh.exe 3576 hhbtbh.exe 804 frxffff.exe 1624 u422600.exe 3200 2460488.exe 4744 628648.exe 2332 4620448.exe 2900 3pjjd.exe 4732 488484.exe 4532 206600.exe 3812 42822.exe 2460 8840440.exe 3320 vvvvv.exe 4372 3tnttb.exe 2080 8866088.exe 4004 268222.exe 3188 s2488.exe 3636 bnnnhh.exe 5096 w86044.exe 4500 4686204.exe 720 1pvpj.exe 3268 dvvvp.exe 4516 rfffxxl.exe 1452 o804882.exe 4328 9vvjd.exe 2672 2408642.exe 2472 0060044.exe 2376 tbnhnn.exe 4060 202060.exe 800 6688666.exe 3472 5tbbtt.exe 2520 048800.exe 3144 nbhbbb.exe 3596 48648.exe 3196 8222666.exe 3780 26044.exe 2096 hnbthb.exe 5072 dpvpj.exe 868 2088626.exe 4552 rllflfl.exe 4744 bttntn.exe 5056 268400.exe 3036 680066.exe 5080 1bbbhn.exe 900 86006.exe 4512 k04044.exe 4736 vdjdv.exe 3812 rrrlfxx.exe 3512 htthtn.exe 1732 06482.exe 988 7nthnt.exe 3996 o426442.exe 3588 1xxllxl.exe 4240 k02648.exe 544 84064.exe 5060 fxlfxrl.exe 4132 5nnbtt.exe 4796 884262.exe 1928 hbbthn.exe 2396 o660044.exe 3684 244848.exe -
resource yara_rule behavioral2/memory/4432-0-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000300000001e97a-3.dat upx behavioral2/memory/4432-4-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3660-9-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0008000000023414-10.dat upx behavioral2/memory/4060-11-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0008000000023417-12.dat upx behavioral2/memory/1760-17-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0008000000023415-21.dat upx behavioral2/files/0x0007000000023419-25.dat upx behavioral2/memory/3576-28-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002341a-31.dat upx behavioral2/memory/804-34-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002341b-38.dat upx behavioral2/memory/1624-40-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002341e-43.dat upx behavioral2/memory/3200-46-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023421-49.dat upx behavioral2/memory/4744-52-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023422-56.dat upx behavioral2/memory/2332-58-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002342b-61.dat upx behavioral2/memory/2900-64-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002342c-67.dat upx behavioral2/memory/4732-70-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0009000000023369-74.dat upx behavioral2/memory/4532-75-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0008000000023426-79.dat upx behavioral2/memory/3812-82-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4532-80-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0009000000023429-85.dat upx behavioral2/memory/2460-87-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023427-92.dat upx behavioral2/memory/3320-94-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000d00000002337a-99.dat upx behavioral2/files/0x000b00000002342f-102.dat upx behavioral2/memory/2080-105-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023430-109.dat upx behavioral2/memory/4004-111-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023431-114.dat upx behavioral2/files/0x0007000000023432-120.dat upx behavioral2/memory/3636-122-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023433-126.dat upx behavioral2/memory/5096-128-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023434-133.dat upx behavioral2/files/0x0007000000023435-136.dat upx behavioral2/files/0x0007000000023436-142.dat upx behavioral2/memory/3268-144-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023437-148.dat upx behavioral2/memory/4516-150-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023438-154.dat upx behavioral2/memory/1452-156-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023439-160.dat upx behavioral2/files/0x000700000002343a-163.dat upx behavioral2/files/0x000700000002343b-169.dat upx behavioral2/memory/2672-170-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002343c-174.dat upx behavioral2/files/0x000700000002343d-179.dat upx behavioral2/memory/4060-182-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/800-186-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3472-190-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3596-200-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3196-204-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3780-210-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4432 wrote to memory of 3660 4432 5cb194668d91b88858fb48177646400c73ff82983059c7c3a8ba6b42168c010c.exe 84 PID 4432 wrote to memory of 3660 4432 5cb194668d91b88858fb48177646400c73ff82983059c7c3a8ba6b42168c010c.exe 84 PID 4432 wrote to memory of 3660 4432 5cb194668d91b88858fb48177646400c73ff82983059c7c3a8ba6b42168c010c.exe 84 PID 3660 wrote to memory of 4060 3660 bbhbbn.exe 86 PID 3660 wrote to memory of 4060 3660 bbhbbn.exe 86 PID 3660 wrote to memory of 4060 3660 bbhbbn.exe 86 PID 4060 wrote to memory of 1760 4060 2808288.exe 88 PID 4060 wrote to memory of 1760 4060 2808288.exe 88 PID 4060 wrote to memory of 1760 4060 2808288.exe 88 PID 1760 wrote to memory of 3172 1760 42804.exe 89 PID 1760 wrote to memory of 3172 1760 42804.exe 89 PID 1760 wrote to memory of 3172 1760 42804.exe 89 PID 3172 wrote to memory of 3576 3172 htbtnh.exe 91 PID 3172 wrote to memory of 3576 3172 htbtnh.exe 91 PID 3172 wrote to memory of 3576 3172 htbtnh.exe 91 PID 3576 wrote to memory of 804 3576 hhbtbh.exe 92 PID 3576 wrote to memory of 804 3576 hhbtbh.exe 92 PID 3576 wrote to memory of 804 3576 hhbtbh.exe 92 PID 804 wrote to memory of 1624 804 frxffff.exe 93 PID 804 wrote to memory of 1624 804 frxffff.exe 93 PID 804 wrote to memory of 1624 804 frxffff.exe 93 PID 1624 wrote to memory of 3200 1624 u422600.exe 94 PID 1624 wrote to memory of 3200 1624 u422600.exe 94 PID 1624 wrote to memory of 3200 1624 u422600.exe 94 PID 3200 wrote to memory of 4744 3200 2460488.exe 96 PID 3200 wrote to memory of 4744 3200 2460488.exe 96 PID 3200 wrote to memory of 4744 3200 2460488.exe 96 PID 4744 wrote to memory of 2332 4744 628648.exe 97 PID 4744 wrote to memory of 2332 4744 628648.exe 97 PID 4744 wrote to memory of 2332 4744 628648.exe 97 PID 2332 wrote to memory of 2900 2332 4620448.exe 99 PID 2332 wrote to memory of 2900 2332 4620448.exe 99 PID 2332 wrote to memory of 2900 2332 4620448.exe 99 PID 2900 wrote to memory of 4732 2900 3pjjd.exe 100 PID 2900 wrote to memory of 4732 2900 3pjjd.exe 100 PID 2900 wrote to memory of 4732 2900 3pjjd.exe 100 PID 4732 wrote to memory of 4532 4732 488484.exe 101 PID 4732 wrote to memory of 4532 4732 488484.exe 101 PID 4732 wrote to memory of 4532 4732 488484.exe 101 PID 4532 wrote to memory of 3812 4532 206600.exe 102 PID 4532 wrote to memory of 3812 4532 206600.exe 102 PID 4532 wrote to memory of 3812 4532 206600.exe 102 PID 3812 wrote to memory of 2460 3812 42822.exe 103 PID 3812 wrote to memory of 2460 3812 42822.exe 103 PID 3812 wrote to memory of 2460 3812 42822.exe 103 PID 2460 wrote to memory of 3320 2460 8840440.exe 104 PID 2460 wrote to memory of 3320 2460 8840440.exe 104 PID 2460 wrote to memory of 3320 2460 8840440.exe 104 PID 3320 wrote to memory of 4372 3320 vvvvv.exe 105 PID 3320 wrote to memory of 4372 3320 vvvvv.exe 105 PID 3320 wrote to memory of 4372 3320 vvvvv.exe 105 PID 4372 wrote to memory of 2080 4372 3tnttb.exe 106 PID 4372 wrote to memory of 2080 4372 3tnttb.exe 106 PID 4372 wrote to memory of 2080 4372 3tnttb.exe 106 PID 2080 wrote to memory of 4004 2080 8866088.exe 107 PID 2080 wrote to memory of 4004 2080 8866088.exe 107 PID 2080 wrote to memory of 4004 2080 8866088.exe 107 PID 4004 wrote to memory of 3188 4004 268222.exe 108 PID 4004 wrote to memory of 3188 4004 268222.exe 108 PID 4004 wrote to memory of 3188 4004 268222.exe 108 PID 3188 wrote to memory of 3636 3188 s2488.exe 109 PID 3188 wrote to memory of 3636 3188 s2488.exe 109 PID 3188 wrote to memory of 3636 3188 s2488.exe 109 PID 3636 wrote to memory of 5096 3636 bnnnhh.exe 110
Processes
-
C:\Users\Admin\AppData\Local\Temp\5cb194668d91b88858fb48177646400c73ff82983059c7c3a8ba6b42168c010c.exe"C:\Users\Admin\AppData\Local\Temp\5cb194668d91b88858fb48177646400c73ff82983059c7c3a8ba6b42168c010c.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4432 -
\??\c:\bbhbbn.exec:\bbhbbn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3660 -
\??\c:\2808288.exec:\2808288.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4060 -
\??\c:\42804.exec:\42804.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1760 -
\??\c:\htbtnh.exec:\htbtnh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3172 -
\??\c:\hhbtbh.exec:\hhbtbh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3576 -
\??\c:\frxffff.exec:\frxffff.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:804 -
\??\c:\u422600.exec:\u422600.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1624 -
\??\c:\2460488.exec:\2460488.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3200 -
\??\c:\628648.exec:\628648.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4744 -
\??\c:\4620448.exec:\4620448.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2332 -
\??\c:\3pjjd.exec:\3pjjd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2900 -
\??\c:\488484.exec:\488484.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4732 -
\??\c:\206600.exec:\206600.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4532 -
\??\c:\42822.exec:\42822.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3812 -
\??\c:\8840440.exec:\8840440.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2460 -
\??\c:\vvvvv.exec:\vvvvv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3320 -
\??\c:\3tnttb.exec:\3tnttb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4372 -
\??\c:\8866088.exec:\8866088.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2080 -
\??\c:\268222.exec:\268222.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4004 -
\??\c:\s2488.exec:\s2488.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3188 -
\??\c:\bnnnhh.exec:\bnnnhh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3636 -
\??\c:\w86044.exec:\w86044.exe23⤵
- Executes dropped EXE
PID:5096 -
\??\c:\4686204.exec:\4686204.exe24⤵
- Executes dropped EXE
PID:4500 -
\??\c:\1pvpj.exec:\1pvpj.exe25⤵
- Executes dropped EXE
PID:720 -
\??\c:\dvvvp.exec:\dvvvp.exe26⤵
- Executes dropped EXE
PID:3268 -
\??\c:\rfffxxl.exec:\rfffxxl.exe27⤵
- Executes dropped EXE
PID:4516 -
\??\c:\o804882.exec:\o804882.exe28⤵
- Executes dropped EXE
PID:1452 -
\??\c:\9vvjd.exec:\9vvjd.exe29⤵
- Executes dropped EXE
PID:4328 -
\??\c:\2408642.exec:\2408642.exe30⤵
- Executes dropped EXE
PID:2672 -
\??\c:\0060044.exec:\0060044.exe31⤵
- Executes dropped EXE
PID:2472 -
\??\c:\tbnhnn.exec:\tbnhnn.exe32⤵
- Executes dropped EXE
PID:2376 -
\??\c:\202060.exec:\202060.exe33⤵
- Executes dropped EXE
PID:4060 -
\??\c:\6688666.exec:\6688666.exe34⤵
- Executes dropped EXE
PID:800 -
\??\c:\5tbbtt.exec:\5tbbtt.exe35⤵
- Executes dropped EXE
PID:3472 -
\??\c:\048800.exec:\048800.exe36⤵
- Executes dropped EXE
PID:2520 -
\??\c:\nbhbbb.exec:\nbhbbb.exe37⤵
- Executes dropped EXE
PID:3144 -
\??\c:\48648.exec:\48648.exe38⤵
- Executes dropped EXE
PID:3596 -
\??\c:\8222666.exec:\8222666.exe39⤵
- Executes dropped EXE
PID:3196 -
\??\c:\26044.exec:\26044.exe40⤵
- Executes dropped EXE
PID:3780 -
\??\c:\hnbthb.exec:\hnbthb.exe41⤵
- Executes dropped EXE
PID:2096 -
\??\c:\dpvpj.exec:\dpvpj.exe42⤵
- Executes dropped EXE
PID:5072 -
\??\c:\2088626.exec:\2088626.exe43⤵
- Executes dropped EXE
PID:868 -
\??\c:\rllflfl.exec:\rllflfl.exe44⤵
- Executes dropped EXE
PID:4552 -
\??\c:\bttntn.exec:\bttntn.exe45⤵
- Executes dropped EXE
PID:4744 -
\??\c:\268400.exec:\268400.exe46⤵
- Executes dropped EXE
PID:5056 -
\??\c:\680066.exec:\680066.exe47⤵
- Executes dropped EXE
PID:3036 -
\??\c:\1bbbhn.exec:\1bbbhn.exe48⤵
- Executes dropped EXE
PID:5080 -
\??\c:\86006.exec:\86006.exe49⤵
- Executes dropped EXE
PID:900 -
\??\c:\k04044.exec:\k04044.exe50⤵
- Executes dropped EXE
PID:4512 -
\??\c:\vdjdv.exec:\vdjdv.exe51⤵
- Executes dropped EXE
PID:4736 -
\??\c:\rrrlfxx.exec:\rrrlfxx.exe52⤵
- Executes dropped EXE
PID:3812 -
\??\c:\htthtn.exec:\htthtn.exe53⤵
- Executes dropped EXE
PID:3512 -
\??\c:\06482.exec:\06482.exe54⤵
- Executes dropped EXE
PID:1732 -
\??\c:\7nthnt.exec:\7nthnt.exe55⤵
- Executes dropped EXE
PID:988 -
\??\c:\o426442.exec:\o426442.exe56⤵
- Executes dropped EXE
PID:3996 -
\??\c:\1xxllxl.exec:\1xxllxl.exe57⤵
- Executes dropped EXE
PID:3588 -
\??\c:\k02648.exec:\k02648.exe58⤵
- Executes dropped EXE
PID:4240 -
\??\c:\84064.exec:\84064.exe59⤵
- Executes dropped EXE
PID:544 -
\??\c:\fxlfxrl.exec:\fxlfxrl.exe60⤵
- Executes dropped EXE
PID:5060 -
\??\c:\5nnbtt.exec:\5nnbtt.exe61⤵
- Executes dropped EXE
PID:4132 -
\??\c:\884262.exec:\884262.exe62⤵
- Executes dropped EXE
PID:4796 -
\??\c:\hbbthn.exec:\hbbthn.exe63⤵
- Executes dropped EXE
PID:1928 -
\??\c:\o660044.exec:\o660044.exe64⤵
- Executes dropped EXE
PID:2396 -
\??\c:\244848.exec:\244848.exe65⤵
- Executes dropped EXE
PID:3684 -
\??\c:\4848226.exec:\4848226.exe66⤵PID:5048
-
\??\c:\42000.exec:\42000.exe67⤵PID:724
-
\??\c:\e46040.exec:\e46040.exe68⤵PID:3268
-
\??\c:\bhbbhb.exec:\bhbbhb.exe69⤵PID:3936
-
\??\c:\208288.exec:\208288.exe70⤵PID:1348
-
\??\c:\60226.exec:\60226.exe71⤵PID:4436
-
\??\c:\pjdjd.exec:\pjdjd.exe72⤵PID:4044
-
\??\c:\xffxrll.exec:\xffxrll.exe73⤵PID:4432
-
\??\c:\02208.exec:\02208.exe74⤵PID:3544
-
\??\c:\vpvjj.exec:\vpvjj.exe75⤵PID:4964
-
\??\c:\fffxxxr.exec:\fffxxxr.exe76⤵PID:2464
-
\??\c:\260400.exec:\260400.exe77⤵PID:1608
-
\??\c:\844826.exec:\844826.exe78⤵PID:4404
-
\??\c:\608866.exec:\608866.exe79⤵PID:3480
-
\??\c:\068266.exec:\068266.exe80⤵PID:2732
-
\??\c:\q40404.exec:\q40404.exe81⤵PID:2228
-
\??\c:\tntntt.exec:\tntntt.exe82⤵PID:4544
-
\??\c:\xrfxrlf.exec:\xrfxrlf.exe83⤵PID:2140
-
\??\c:\vdjdv.exec:\vdjdv.exe84⤵PID:3044
-
\??\c:\1lfxlfr.exec:\1lfxlfr.exe85⤵PID:1936
-
\??\c:\1ppdd.exec:\1ppdd.exe86⤵PID:1380
-
\??\c:\nbnhth.exec:\nbnhth.exe87⤵PID:3596
-
\??\c:\20600.exec:\20600.exe88⤵PID:1588
-
\??\c:\6844488.exec:\6844488.exe89⤵PID:3196
-
\??\c:\jvvvp.exec:\jvvvp.exe90⤵PID:1624
-
\??\c:\64826.exec:\64826.exe91⤵PID:4988
-
\??\c:\xxlxrrl.exec:\xxlxrrl.exe92⤵PID:4484
-
\??\c:\nnbthb.exec:\nnbthb.exe93⤵PID:4036
-
\??\c:\bnbnth.exec:\bnbnth.exe94⤵PID:3556
-
\??\c:\m4604.exec:\m4604.exe95⤵PID:3208
-
\??\c:\6808200.exec:\6808200.exe96⤵PID:2432
-
\??\c:\84044.exec:\84044.exe97⤵PID:1108
-
\??\c:\26404.exec:\26404.exe98⤵PID:4112
-
\??\c:\e00864.exec:\e00864.exe99⤵PID:1696
-
\??\c:\g8420.exec:\g8420.exe100⤵PID:4704
-
\??\c:\llrlxrx.exec:\llrlxrx.exe101⤵PID:4472
-
\??\c:\4064048.exec:\4064048.exe102⤵PID:2120
-
\??\c:\2404488.exec:\2404488.exe103⤵PID:2148
-
\??\c:\040426.exec:\040426.exe104⤵PID:2864
-
\??\c:\9pdvp.exec:\9pdvp.exe105⤵PID:3136
-
\??\c:\5rrfrrf.exec:\5rrfrrf.exe106⤵PID:4580
-
\??\c:\bnnnhh.exec:\bnnnhh.exe107⤵PID:1052
-
\??\c:\jvdvv.exec:\jvdvv.exe108⤵PID:3996
-
\??\c:\5dvvp.exec:\5dvvp.exe109⤵PID:3848
-
\??\c:\482424.exec:\482424.exe110⤵PID:4712
-
\??\c:\1jdpj.exec:\1jdpj.exe111⤵PID:1940
-
\??\c:\4284082.exec:\4284082.exe112⤵PID:3716
-
\??\c:\a2262.exec:\a2262.exe113⤵PID:3164
-
\??\c:\k80086.exec:\k80086.exe114⤵PID:3784
-
\??\c:\ffllfrr.exec:\ffllfrr.exe115⤵PID:4500
-
\??\c:\dddvp.exec:\dddvp.exe116⤵PID:1804
-
\??\c:\w06460.exec:\w06460.exe117⤵PID:4792
-
\??\c:\m2282.exec:\m2282.exe118⤵PID:3156
-
\??\c:\xfrlrxr.exec:\xfrlrxr.exe119⤵PID:872
-
\??\c:\004044.exec:\004044.exe120⤵PID:4340
-
\??\c:\jjppj.exec:\jjppj.exe121⤵PID:4356
-
\??\c:\284204.exec:\284204.exe122⤵PID:4328
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-