Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
15-04-2024 04:24
Behavioral task
behavioral1
Sample
ef47db5f1c62152bfafa83eae2cf4cbe2e67b28c4c501d37cd5f454f7814b9ac.exe
Resource
win7-20231129-en
windows7-x64
6 signatures
150 seconds
General
-
Target
ef47db5f1c62152bfafa83eae2cf4cbe2e67b28c4c501d37cd5f454f7814b9ac.exe
-
Size
232KB
-
MD5
e55b95c0ae2e9d07f1b3a6063dceaa80
-
SHA1
139a3a83d54fa40106d413d7be0a8c7c89cfaab6
-
SHA256
ef47db5f1c62152bfafa83eae2cf4cbe2e67b28c4c501d37cd5f454f7814b9ac
-
SHA512
8a9b479e3122a1c9deb63e3f5df673439e7440be923744f1554b4b338582d06dfb5c59c2ecea253d49edc6c714c97eb510e08a0127f97adca4cdb76d319c16f5
-
SSDEEP
6144:kcm4FmowdHoSSGpJw4PqhraHcpOmFTHDGYhEf5X2aY:y4wFHoSSGpJwGeeFmFTNAp2F
Malware Config
Signatures
-
Detect Blackmoon payload 60 IoCs
resource yara_rule behavioral2/memory/3544-7-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/4048-6-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/4956-13-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/1440-20-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/2904-24-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/3620-32-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/4904-37-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/3664-40-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/4472-52-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/4996-60-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/2536-56-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/4952-65-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/2684-74-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/2568-81-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/772-87-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/3724-92-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/464-95-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/896-107-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/3972-125-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/2080-129-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/5080-140-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/3476-151-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/716-119-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/2964-184-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/4468-188-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/4332-190-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/316-195-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/2148-211-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/4408-216-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/2420-223-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/1176-232-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/3568-233-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/3568-236-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/1476-240-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/884-245-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/3652-250-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/4556-256-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/3352-270-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/2256-275-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/2624-307-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/2504-331-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/2528-333-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/4864-356-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/1128-371-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/4408-370-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/3652-404-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/3240-428-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/1316-439-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/1696-474-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/1152-509-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/4904-520-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/4320-543-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/1416-560-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/3960-571-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/716-585-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/3444-665-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/4864-669-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/2800-679-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/3316-707-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon behavioral2/memory/5036-734-0x0000000000400000-0x0000000000437000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/4048-0-0x0000000000400000-0x0000000000437000-memory.dmp UPX behavioral2/files/0x000800000002323e-3.dat UPX behavioral2/memory/3544-7-0x0000000000400000-0x0000000000437000-memory.dmp UPX behavioral2/files/0x00080000000233b8-9.dat UPX behavioral2/memory/4048-6-0x0000000000400000-0x0000000000437000-memory.dmp UPX behavioral2/memory/4956-13-0x0000000000400000-0x0000000000437000-memory.dmp UPX behavioral2/files/0x00080000000233bb-12.dat UPX behavioral2/memory/1440-20-0x0000000000400000-0x0000000000437000-memory.dmp UPX behavioral2/memory/2904-24-0x0000000000400000-0x0000000000437000-memory.dmp UPX behavioral2/files/0x00070000000233bc-21.dat UPX behavioral2/files/0x00070000000233bd-27.dat UPX behavioral2/files/0x00070000000233be-31.dat UPX behavioral2/memory/3620-32-0x0000000000400000-0x0000000000437000-memory.dmp UPX behavioral2/memory/4904-37-0x0000000000400000-0x0000000000437000-memory.dmp UPX behavioral2/files/0x00070000000233bf-36.dat UPX behavioral2/files/0x00070000000233c0-42.dat UPX behavioral2/memory/3664-40-0x0000000000400000-0x0000000000437000-memory.dmp UPX behavioral2/memory/2536-50-0x0000000000400000-0x0000000000437000-memory.dmp UPX behavioral2/memory/4472-52-0x0000000000400000-0x0000000000437000-memory.dmp UPX behavioral2/files/0x00070000000233c2-55.dat UPX behavioral2/files/0x00070000000233c1-49.dat UPX behavioral2/memory/4472-44-0x0000000000400000-0x0000000000437000-memory.dmp UPX behavioral2/memory/4996-60-0x0000000000400000-0x0000000000437000-memory.dmp UPX behavioral2/files/0x00070000000233c4-59.dat UPX behavioral2/memory/2536-56-0x0000000000400000-0x0000000000437000-memory.dmp UPX behavioral2/memory/4952-65-0x0000000000400000-0x0000000000437000-memory.dmp UPX behavioral2/files/0x00080000000233b9-66.dat UPX behavioral2/files/0x00070000000233c5-70.dat UPX behavioral2/files/0x00070000000233c6-76.dat UPX behavioral2/memory/2684-74-0x0000000000400000-0x0000000000437000-memory.dmp UPX behavioral2/files/0x00070000000233c7-82.dat UPX behavioral2/memory/2568-81-0x0000000000400000-0x0000000000437000-memory.dmp UPX behavioral2/files/0x00070000000233c9-86.dat UPX behavioral2/memory/772-87-0x0000000000400000-0x0000000000437000-memory.dmp UPX behavioral2/files/0x00070000000233d0-91.dat UPX behavioral2/memory/3724-92-0x0000000000400000-0x0000000000437000-memory.dmp UPX behavioral2/memory/464-95-0x0000000000400000-0x0000000000437000-memory.dmp UPX behavioral2/files/0x00070000000233d1-98.dat UPX behavioral2/memory/3472-99-0x0000000000400000-0x0000000000437000-memory.dmp UPX behavioral2/memory/896-107-0x0000000000400000-0x0000000000437000-memory.dmp UPX behavioral2/files/0x00070000000233d3-110.dat UPX behavioral2/files/0x00070000000233d4-115.dat UPX behavioral2/files/0x00070000000233d2-105.dat UPX behavioral2/files/0x00070000000233d5-121.dat UPX behavioral2/memory/3972-125-0x0000000000400000-0x0000000000437000-memory.dmp UPX behavioral2/memory/3972-122-0x0000000000400000-0x0000000000437000-memory.dmp UPX behavioral2/memory/2080-129-0x0000000000400000-0x0000000000437000-memory.dmp UPX behavioral2/files/0x00070000000233d7-132.dat UPX behavioral2/files/0x00070000000233d8-136.dat UPX behavioral2/memory/5080-140-0x0000000000400000-0x0000000000437000-memory.dmp UPX behavioral2/files/0x00070000000233d9-143.dat UPX behavioral2/files/0x00070000000233da-147.dat UPX behavioral2/files/0x00070000000233db-155.dat UPX behavioral2/files/0x00070000000233dc-158.dat UPX behavioral2/files/0x00070000000233dd-163.dat UPX behavioral2/memory/3476-151-0x0000000000400000-0x0000000000437000-memory.dmp UPX behavioral2/files/0x00070000000233d6-127.dat UPX behavioral2/memory/716-119-0x0000000000400000-0x0000000000437000-memory.dmp UPX behavioral2/files/0x00080000000233de-170.dat UPX behavioral2/files/0x00080000000233e0-174.dat UPX behavioral2/memory/2964-184-0x0000000000400000-0x0000000000437000-memory.dmp UPX behavioral2/memory/4468-185-0x0000000000400000-0x0000000000437000-memory.dmp UPX behavioral2/memory/4468-188-0x0000000000400000-0x0000000000437000-memory.dmp UPX behavioral2/memory/4332-190-0x0000000000400000-0x0000000000437000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 3544 08xi6.exe 4956 31ki46.exe 1440 sa7x19.exe 2904 x75vlo.exe 3620 g5kwg3o.exe 4904 c321ax.exe 3664 1t15qg.exe 4472 oe3w11.exe 2536 tle43.exe 4996 7tisa.exe 4952 tg95i1.exe 4228 6a5w7e.exe 2684 986e86m.exe 2568 r81m5c.exe 772 2x3ik9i.exe 3724 bta7nmm.exe 464 391ffc9.exe 3472 j9ks1.exe 896 87cwk.exe 2460 egj2t.exe 716 9ldo7pa.exe 3972 m09ac.exe 2080 w5ee8a5.exe 1884 5pdqe.exe 5080 xq1g5.exe 3800 986o1c7.exe 3476 qe59au.exe 3548 ga77q5i.exe 4636 ia9tp6a.exe 3332 vwe47b.exe 4152 8a5v7j.exe 2500 fml72.exe 640 s3so9.exe 2964 9vlu79i.exe 4468 39bgu58.exe 4332 sk7ol5.exe 316 hhf60.exe 4796 1vq19v.exe 4192 3a707a.exe 224 9ve1k1.exe 4364 3u3e9e.exe 2148 q64sna.exe 988 77m25.exe 4408 03kuac1.exe 4508 1rs6w7c.exe 2420 4713bg7.exe 4456 so9s7q.exe 652 rgc37em.exe 1176 1g1w9s.exe 3568 75hucsc.exe 1160 g272t.exe 1476 pq22dr.exe 884 a37g7.exe 3652 a407k.exe 5084 g5e9c7a.exe 4556 m47lvk8.exe 2336 dc9ju1i.exe 1088 tg3o96.exe 3220 ru1q3o5.exe 3960 tw91c9.exe 3352 je3ej.exe 2256 152g5.exe 2916 0212a.exe 2560 wmwe4.exe -
resource yara_rule behavioral2/memory/4048-0-0x0000000000400000-0x0000000000437000-memory.dmp upx behavioral2/files/0x000800000002323e-3.dat upx behavioral2/memory/3544-7-0x0000000000400000-0x0000000000437000-memory.dmp upx behavioral2/files/0x00080000000233b8-9.dat upx behavioral2/memory/4048-6-0x0000000000400000-0x0000000000437000-memory.dmp upx behavioral2/memory/4956-13-0x0000000000400000-0x0000000000437000-memory.dmp upx behavioral2/files/0x00080000000233bb-12.dat upx behavioral2/memory/1440-20-0x0000000000400000-0x0000000000437000-memory.dmp upx behavioral2/memory/2904-24-0x0000000000400000-0x0000000000437000-memory.dmp upx behavioral2/files/0x00070000000233bc-21.dat upx behavioral2/files/0x00070000000233bd-27.dat upx behavioral2/files/0x00070000000233be-31.dat upx behavioral2/memory/3620-32-0x0000000000400000-0x0000000000437000-memory.dmp upx behavioral2/memory/4904-37-0x0000000000400000-0x0000000000437000-memory.dmp upx behavioral2/files/0x00070000000233bf-36.dat upx behavioral2/files/0x00070000000233c0-42.dat upx behavioral2/memory/3664-40-0x0000000000400000-0x0000000000437000-memory.dmp upx behavioral2/memory/2536-50-0x0000000000400000-0x0000000000437000-memory.dmp upx behavioral2/memory/4472-52-0x0000000000400000-0x0000000000437000-memory.dmp upx behavioral2/files/0x00070000000233c2-55.dat upx behavioral2/files/0x00070000000233c1-49.dat upx behavioral2/memory/4472-44-0x0000000000400000-0x0000000000437000-memory.dmp upx behavioral2/memory/4996-60-0x0000000000400000-0x0000000000437000-memory.dmp upx behavioral2/files/0x00070000000233c4-59.dat upx behavioral2/memory/2536-56-0x0000000000400000-0x0000000000437000-memory.dmp upx behavioral2/memory/4952-65-0x0000000000400000-0x0000000000437000-memory.dmp upx behavioral2/files/0x00080000000233b9-66.dat upx behavioral2/files/0x00070000000233c5-70.dat upx behavioral2/files/0x00070000000233c6-76.dat upx behavioral2/memory/2684-74-0x0000000000400000-0x0000000000437000-memory.dmp upx behavioral2/files/0x00070000000233c7-82.dat upx behavioral2/memory/2568-81-0x0000000000400000-0x0000000000437000-memory.dmp upx behavioral2/files/0x00070000000233c9-86.dat upx behavioral2/memory/772-87-0x0000000000400000-0x0000000000437000-memory.dmp upx behavioral2/files/0x00070000000233d0-91.dat upx behavioral2/memory/3724-92-0x0000000000400000-0x0000000000437000-memory.dmp upx behavioral2/memory/464-95-0x0000000000400000-0x0000000000437000-memory.dmp upx behavioral2/files/0x00070000000233d1-98.dat upx behavioral2/memory/3472-99-0x0000000000400000-0x0000000000437000-memory.dmp upx behavioral2/memory/896-107-0x0000000000400000-0x0000000000437000-memory.dmp upx behavioral2/files/0x00070000000233d3-110.dat upx behavioral2/files/0x00070000000233d4-115.dat upx behavioral2/files/0x00070000000233d2-105.dat upx behavioral2/files/0x00070000000233d5-121.dat upx behavioral2/memory/3972-125-0x0000000000400000-0x0000000000437000-memory.dmp upx behavioral2/memory/3972-122-0x0000000000400000-0x0000000000437000-memory.dmp upx behavioral2/memory/2080-129-0x0000000000400000-0x0000000000437000-memory.dmp upx behavioral2/files/0x00070000000233d7-132.dat upx behavioral2/files/0x00070000000233d8-136.dat upx behavioral2/memory/5080-140-0x0000000000400000-0x0000000000437000-memory.dmp upx behavioral2/files/0x00070000000233d9-143.dat upx behavioral2/files/0x00070000000233da-147.dat upx behavioral2/files/0x00070000000233db-155.dat upx behavioral2/files/0x00070000000233dc-158.dat upx behavioral2/files/0x00070000000233dd-163.dat upx behavioral2/memory/3476-151-0x0000000000400000-0x0000000000437000-memory.dmp upx behavioral2/files/0x00070000000233d6-127.dat upx behavioral2/memory/716-119-0x0000000000400000-0x0000000000437000-memory.dmp upx behavioral2/files/0x00080000000233de-170.dat upx behavioral2/files/0x00080000000233e0-174.dat upx behavioral2/memory/2964-184-0x0000000000400000-0x0000000000437000-memory.dmp upx behavioral2/memory/4468-185-0x0000000000400000-0x0000000000437000-memory.dmp upx behavioral2/memory/4468-188-0x0000000000400000-0x0000000000437000-memory.dmp upx behavioral2/memory/4332-190-0x0000000000400000-0x0000000000437000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4048 wrote to memory of 3544 4048 ef47db5f1c62152bfafa83eae2cf4cbe2e67b28c4c501d37cd5f454f7814b9ac.exe 86 PID 4048 wrote to memory of 3544 4048 ef47db5f1c62152bfafa83eae2cf4cbe2e67b28c4c501d37cd5f454f7814b9ac.exe 86 PID 4048 wrote to memory of 3544 4048 ef47db5f1c62152bfafa83eae2cf4cbe2e67b28c4c501d37cd5f454f7814b9ac.exe 86 PID 3544 wrote to memory of 4956 3544 08xi6.exe 87 PID 3544 wrote to memory of 4956 3544 08xi6.exe 87 PID 3544 wrote to memory of 4956 3544 08xi6.exe 87 PID 4956 wrote to memory of 1440 4956 31ki46.exe 88 PID 4956 wrote to memory of 1440 4956 31ki46.exe 88 PID 4956 wrote to memory of 1440 4956 31ki46.exe 88 PID 1440 wrote to memory of 2904 1440 sa7x19.exe 89 PID 1440 wrote to memory of 2904 1440 sa7x19.exe 89 PID 1440 wrote to memory of 2904 1440 sa7x19.exe 89 PID 2904 wrote to memory of 3620 2904 x75vlo.exe 90 PID 2904 wrote to memory of 3620 2904 x75vlo.exe 90 PID 2904 wrote to memory of 3620 2904 x75vlo.exe 90 PID 3620 wrote to memory of 4904 3620 g5kwg3o.exe 91 PID 3620 wrote to memory of 4904 3620 g5kwg3o.exe 91 PID 3620 wrote to memory of 4904 3620 g5kwg3o.exe 91 PID 4904 wrote to memory of 3664 4904 c321ax.exe 92 PID 4904 wrote to memory of 3664 4904 c321ax.exe 92 PID 4904 wrote to memory of 3664 4904 c321ax.exe 92 PID 3664 wrote to memory of 4472 3664 1t15qg.exe 93 PID 3664 wrote to memory of 4472 3664 1t15qg.exe 93 PID 3664 wrote to memory of 4472 3664 1t15qg.exe 93 PID 4472 wrote to memory of 2536 4472 oe3w11.exe 94 PID 4472 wrote to memory of 2536 4472 oe3w11.exe 94 PID 4472 wrote to memory of 2536 4472 oe3w11.exe 94 PID 2536 wrote to memory of 4996 2536 tle43.exe 95 PID 2536 wrote to memory of 4996 2536 tle43.exe 95 PID 2536 wrote to memory of 4996 2536 tle43.exe 95 PID 4996 wrote to memory of 4952 4996 7tisa.exe 96 PID 4996 wrote to memory of 4952 4996 7tisa.exe 96 PID 4996 wrote to memory of 4952 4996 7tisa.exe 96 PID 4952 wrote to memory of 4228 4952 tg95i1.exe 97 PID 4952 wrote to memory of 4228 4952 tg95i1.exe 97 PID 4952 wrote to memory of 4228 4952 tg95i1.exe 97 PID 4228 wrote to memory of 2684 4228 6a5w7e.exe 99 PID 4228 wrote to memory of 2684 4228 6a5w7e.exe 99 PID 4228 wrote to memory of 2684 4228 6a5w7e.exe 99 PID 2684 wrote to memory of 2568 2684 986e86m.exe 100 PID 2684 wrote to memory of 2568 2684 986e86m.exe 100 PID 2684 wrote to memory of 2568 2684 986e86m.exe 100 PID 2568 wrote to memory of 772 2568 r81m5c.exe 102 PID 2568 wrote to memory of 772 2568 r81m5c.exe 102 PID 2568 wrote to memory of 772 2568 r81m5c.exe 102 PID 772 wrote to memory of 3724 772 2x3ik9i.exe 104 PID 772 wrote to memory of 3724 772 2x3ik9i.exe 104 PID 772 wrote to memory of 3724 772 2x3ik9i.exe 104 PID 3724 wrote to memory of 464 3724 bta7nmm.exe 105 PID 3724 wrote to memory of 464 3724 bta7nmm.exe 105 PID 3724 wrote to memory of 464 3724 bta7nmm.exe 105 PID 464 wrote to memory of 3472 464 391ffc9.exe 107 PID 464 wrote to memory of 3472 464 391ffc9.exe 107 PID 464 wrote to memory of 3472 464 391ffc9.exe 107 PID 3472 wrote to memory of 896 3472 j9ks1.exe 108 PID 3472 wrote to memory of 896 3472 j9ks1.exe 108 PID 3472 wrote to memory of 896 3472 j9ks1.exe 108 PID 896 wrote to memory of 2460 896 87cwk.exe 109 PID 896 wrote to memory of 2460 896 87cwk.exe 109 PID 896 wrote to memory of 2460 896 87cwk.exe 109 PID 2460 wrote to memory of 716 2460 egj2t.exe 110 PID 2460 wrote to memory of 716 2460 egj2t.exe 110 PID 2460 wrote to memory of 716 2460 egj2t.exe 110 PID 716 wrote to memory of 3972 716 9ldo7pa.exe 111
Processes
-
C:\Users\Admin\AppData\Local\Temp\ef47db5f1c62152bfafa83eae2cf4cbe2e67b28c4c501d37cd5f454f7814b9ac.exe"C:\Users\Admin\AppData\Local\Temp\ef47db5f1c62152bfafa83eae2cf4cbe2e67b28c4c501d37cd5f454f7814b9ac.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4048 -
\??\c:\08xi6.exec:\08xi6.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3544 -
\??\c:\31ki46.exec:\31ki46.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4956 -
\??\c:\sa7x19.exec:\sa7x19.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1440 -
\??\c:\x75vlo.exec:\x75vlo.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2904 -
\??\c:\g5kwg3o.exec:\g5kwg3o.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3620 -
\??\c:\c321ax.exec:\c321ax.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4904 -
\??\c:\1t15qg.exec:\1t15qg.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3664 -
\??\c:\oe3w11.exec:\oe3w11.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4472 -
\??\c:\tle43.exec:\tle43.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2536 -
\??\c:\7tisa.exec:\7tisa.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4996 -
\??\c:\tg95i1.exec:\tg95i1.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4952 -
\??\c:\6a5w7e.exec:\6a5w7e.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4228 -
\??\c:\986e86m.exec:\986e86m.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2684 -
\??\c:\r81m5c.exec:\r81m5c.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2568 -
\??\c:\2x3ik9i.exec:\2x3ik9i.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:772 -
\??\c:\bta7nmm.exec:\bta7nmm.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3724 -
\??\c:\391ffc9.exec:\391ffc9.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:464 -
\??\c:\j9ks1.exec:\j9ks1.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3472 -
\??\c:\87cwk.exec:\87cwk.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:896 -
\??\c:\egj2t.exec:\egj2t.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2460 -
\??\c:\9ldo7pa.exec:\9ldo7pa.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:716 -
\??\c:\m09ac.exec:\m09ac.exe23⤵
- Executes dropped EXE
PID:3972 -
\??\c:\w5ee8a5.exec:\w5ee8a5.exe24⤵
- Executes dropped EXE
PID:2080 -
\??\c:\5pdqe.exec:\5pdqe.exe25⤵
- Executes dropped EXE
PID:1884 -
\??\c:\xq1g5.exec:\xq1g5.exe26⤵
- Executes dropped EXE
PID:5080 -
\??\c:\986o1c7.exec:\986o1c7.exe27⤵
- Executes dropped EXE
PID:3800 -
\??\c:\qe59au.exec:\qe59au.exe28⤵
- Executes dropped EXE
PID:3476 -
\??\c:\ga77q5i.exec:\ga77q5i.exe29⤵
- Executes dropped EXE
PID:3548 -
\??\c:\ia9tp6a.exec:\ia9tp6a.exe30⤵
- Executes dropped EXE
PID:4636 -
\??\c:\vwe47b.exec:\vwe47b.exe31⤵
- Executes dropped EXE
PID:3332 -
\??\c:\8a5v7j.exec:\8a5v7j.exe32⤵
- Executes dropped EXE
PID:4152 -
\??\c:\fml72.exec:\fml72.exe33⤵
- Executes dropped EXE
PID:2500 -
\??\c:\s3so9.exec:\s3so9.exe34⤵
- Executes dropped EXE
PID:640 -
\??\c:\9vlu79i.exec:\9vlu79i.exe35⤵
- Executes dropped EXE
PID:2964 -
\??\c:\39bgu58.exec:\39bgu58.exe36⤵
- Executes dropped EXE
PID:4468 -
\??\c:\sk7ol5.exec:\sk7ol5.exe37⤵
- Executes dropped EXE
PID:4332 -
\??\c:\hhf60.exec:\hhf60.exe38⤵
- Executes dropped EXE
PID:316 -
\??\c:\1vq19v.exec:\1vq19v.exe39⤵
- Executes dropped EXE
PID:4796 -
\??\c:\3a707a.exec:\3a707a.exe40⤵
- Executes dropped EXE
PID:4192 -
\??\c:\9ve1k1.exec:\9ve1k1.exe41⤵
- Executes dropped EXE
PID:224 -
\??\c:\3u3e9e.exec:\3u3e9e.exe42⤵
- Executes dropped EXE
PID:4364 -
\??\c:\q64sna.exec:\q64sna.exe43⤵
- Executes dropped EXE
PID:2148 -
\??\c:\77m25.exec:\77m25.exe44⤵
- Executes dropped EXE
PID:988 -
\??\c:\03kuac1.exec:\03kuac1.exe45⤵
- Executes dropped EXE
PID:4408 -
\??\c:\1rs6w7c.exec:\1rs6w7c.exe46⤵
- Executes dropped EXE
PID:4508 -
\??\c:\4713bg7.exec:\4713bg7.exe47⤵
- Executes dropped EXE
PID:2420 -
\??\c:\so9s7q.exec:\so9s7q.exe48⤵
- Executes dropped EXE
PID:4456 -
\??\c:\rgc37em.exec:\rgc37em.exe49⤵
- Executes dropped EXE
PID:652 -
\??\c:\1g1w9s.exec:\1g1w9s.exe50⤵
- Executes dropped EXE
PID:1176 -
\??\c:\75hucsc.exec:\75hucsc.exe51⤵
- Executes dropped EXE
PID:3568 -
\??\c:\g272t.exec:\g272t.exe52⤵
- Executes dropped EXE
PID:1160 -
\??\c:\pq22dr.exec:\pq22dr.exe53⤵
- Executes dropped EXE
PID:1476 -
\??\c:\a37g7.exec:\a37g7.exe54⤵
- Executes dropped EXE
PID:884 -
\??\c:\a407k.exec:\a407k.exe55⤵
- Executes dropped EXE
PID:3652 -
\??\c:\g5e9c7a.exec:\g5e9c7a.exe56⤵
- Executes dropped EXE
PID:5084 -
\??\c:\m47lvk8.exec:\m47lvk8.exe57⤵
- Executes dropped EXE
PID:4556 -
\??\c:\dc9ju1i.exec:\dc9ju1i.exe58⤵
- Executes dropped EXE
PID:2336 -
\??\c:\tg3o96.exec:\tg3o96.exe59⤵
- Executes dropped EXE
PID:1088 -
\??\c:\ru1q3o5.exec:\ru1q3o5.exe60⤵
- Executes dropped EXE
PID:3220 -
\??\c:\tw91c9.exec:\tw91c9.exe61⤵
- Executes dropped EXE
PID:3960 -
\??\c:\je3ej.exec:\je3ej.exe62⤵
- Executes dropped EXE
PID:3352 -
\??\c:\152g5.exec:\152g5.exe63⤵
- Executes dropped EXE
PID:2256 -
\??\c:\0212a.exec:\0212a.exe64⤵
- Executes dropped EXE
PID:2916 -
\??\c:\wmwe4.exec:\wmwe4.exe65⤵
- Executes dropped EXE
PID:2560 -
\??\c:\1a1dx9u.exec:\1a1dx9u.exe66⤵PID:1824
-
\??\c:\8kas5.exec:\8kas5.exe67⤵PID:3972
-
\??\c:\33w5k.exec:\33w5k.exe68⤵PID:3208
-
\??\c:\8dg7uwq.exec:\8dg7uwq.exe69⤵PID:2796
-
\??\c:\fg91nt.exec:\fg91nt.exe70⤵PID:3348
-
\??\c:\grd4b36.exec:\grd4b36.exe71⤵PID:832
-
\??\c:\3e37n.exec:\3e37n.exe72⤵PID:1960
-
\??\c:\w7ce1g3.exec:\w7ce1g3.exe73⤵PID:3820
-
\??\c:\7b8a9.exec:\7b8a9.exe74⤵PID:2624
-
\??\c:\2g3a5ge.exec:\2g3a5ge.exe75⤵PID:2376
-
\??\c:\p5w7lx.exec:\p5w7lx.exe76⤵PID:792
-
\??\c:\9i5n1v.exec:\9i5n1v.exe77⤵PID:2192
-
\??\c:\m121fr8.exec:\m121fr8.exe78⤵PID:3668
-
\??\c:\27o3gq.exec:\27o3gq.exe79⤵PID:4152
-
\??\c:\3o4rs.exec:\3o4rs.exe80⤵PID:2504
-
\??\c:\dnh179.exec:\dnh179.exe81⤵PID:2528
-
\??\c:\0wjg5.exec:\0wjg5.exe82⤵PID:2964
-
\??\c:\43k9qi7.exec:\43k9qi7.exe83⤵PID:4132
-
\??\c:\03819j5.exec:\03819j5.exe84⤵PID:2452
-
\??\c:\9s9r1.exec:\9s9r1.exe85⤵PID:5052
-
\??\c:\5i85a44.exec:\5i85a44.exe86⤵PID:3296
-
\??\c:\le7ds79.exec:\le7ds79.exe87⤵PID:3448
-
\??\c:\pkg7o.exec:\pkg7o.exe88⤵PID:4864
-
\??\c:\039m5e.exec:\039m5e.exe89⤵PID:1440
-
\??\c:\29m9w3.exec:\29m9w3.exe90⤵PID:1576
-
\??\c:\c9tmu49.exec:\c9tmu49.exe91⤵PID:1128
-
\??\c:\bw3re21.exec:\bw3re21.exe92⤵PID:4408
-
\??\c:\mw9sw3w.exec:\mw9sw3w.exe93⤵PID:2396
-
\??\c:\g0fx3.exec:\g0fx3.exe94⤵PID:4472
-
\??\c:\do90fb.exec:\do90fb.exe95⤵PID:3140
-
\??\c:\8o1ek.exec:\8o1ek.exe96⤵PID:2536
-
\??\c:\w3rbr9.exec:\w3rbr9.exe97⤵PID:3956
-
\??\c:\717d737.exec:\717d737.exe98⤵PID:4156
-
\??\c:\475fw85.exec:\475fw85.exe99⤵PID:1160
-
\??\c:\833q5.exec:\833q5.exe100⤵PID:4688
-
\??\c:\dqj2o7.exec:\dqj2o7.exe101⤵PID:1592
-
\??\c:\52s8ss.exec:\52s8ss.exe102⤵PID:3652
-
\??\c:\829o50.exec:\829o50.exe103⤵PID:5084
-
\??\c:\t0fa1.exec:\t0fa1.exe104⤵PID:4556
-
\??\c:\w8ok27a.exec:\w8ok27a.exe105⤵PID:1760
-
\??\c:\4t1w1.exec:\4t1w1.exe106⤵PID:696
-
\??\c:\x89ge.exec:\x89ge.exe107⤵PID:3960
-
\??\c:\77e03u3.exec:\77e03u3.exe108⤵PID:744
-
\??\c:\c9ki653.exec:\c9ki653.exe109⤵PID:3240
-
\??\c:\3p44p.exec:\3p44p.exe110⤵PID:3828
-
\??\c:\19qps.exec:\19qps.exe111⤵PID:716
-
\??\c:\wk191.exec:\wk191.exe112⤵PID:1316
-
\??\c:\m5i7n.exec:\m5i7n.exe113⤵PID:2080
-
\??\c:\gh3lu.exec:\gh3lu.exe114⤵PID:3108
-
\??\c:\07s9o.exec:\07s9o.exe115⤵PID:5008
-
\??\c:\m0616pt.exec:\m0616pt.exe116⤵PID:1888
-
\??\c:\2vxq7.exec:\2vxq7.exe117⤵PID:5080
-
\??\c:\5cw1q.exec:\5cw1q.exe118⤵PID:1960
-
\??\c:\l3em21.exec:\l3em21.exe119⤵PID:3984
-
\??\c:\34s1m.exec:\34s1m.exe120⤵PID:2912
-
\??\c:\135c5c9.exec:\135c5c9.exe121⤵PID:2376
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-