Analysis
-
max time kernel
121s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
24/04/2024, 18:45
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
92ca41a12352867f9946da4c98d992ec3775ad74ce32a2adebbc83b08fb2b09e.exe
Resource
win7-20240220-en
windows7-x64
6 signatures
150 seconds
General
-
Target
92ca41a12352867f9946da4c98d992ec3775ad74ce32a2adebbc83b08fb2b09e.exe
-
Size
350KB
-
MD5
7cf115cee35424771c4a305348d71ed3
-
SHA1
00aa1aeb6e22b26841cc16e55347bbf7a6c04cab
-
SHA256
92ca41a12352867f9946da4c98d992ec3775ad74ce32a2adebbc83b08fb2b09e
-
SHA512
9b44c4470fdc044ee0a70e0fe731550b6752c5df2cbb3a6d47cf9eeadc4c0d2aebf414f3d1c51c3ae3843bf0d1b7ac0bad8f96536f6434e3ec0ce17c60c8a1f2
-
SSDEEP
6144:4cm7ImGddXvJuzyy/SfVFKpU/sien7NuOpo0HmtDKe0wKyKqiOfm8RCfDK4TrH+:+7TcBuGy/Sa+/sie0OpncKe/KFBOfmzW
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/548-5-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4356-10-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1420-17-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4308-30-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3128-37-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2864-40-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/400-49-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4656-24-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3928-62-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1988-66-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3416-70-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1984-77-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/764-83-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4252-93-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4248-101-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4064-107-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4908-117-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3792-121-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4772-131-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3828-127-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3816-145-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3044-172-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1960-160-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/464-152-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1508-189-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4348-199-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1212-195-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1848-191-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1844-179-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4788-203-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2576-211-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1732-217-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/784-222-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2108-224-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4292-231-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1504-235-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/980-257-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3184-266-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4116-268-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1224-280-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2348-283-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4360-289-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/844-301-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3216-314-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1616-323-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3004-327-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1564-357-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4860-392-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3164-396-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1560-427-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3472-436-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3124-443-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2744-440-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/844-464-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3472-467-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2108-537-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1988-556-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/668-630-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4308-663-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1200-682-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4016-693-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1168-743-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4672-896-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/5040-1021-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/548-5-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/4356-10-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/1420-17-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/4308-30-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/3128-37-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/2864-40-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/400-49-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/4656-24-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/4656-21-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/3928-62-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/1988-66-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/3416-70-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/1984-77-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/764-83-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/4252-93-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/4248-101-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/4064-107-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/4908-117-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/3792-121-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/4772-131-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/3828-127-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/3816-145-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/3044-172-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/1960-160-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/464-152-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/1508-189-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/4348-199-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/1212-195-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/1848-191-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/1844-179-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/4788-203-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/2576-211-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/1732-217-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/784-222-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/2108-224-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/4292-231-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/1504-235-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/3632-238-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/4312-245-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/980-257-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/3184-266-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/4116-268-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/1224-280-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/2348-283-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/4360-289-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/3696-296-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/844-301-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/3216-314-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/1616-323-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/3004-327-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/2008-337-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/1564-357-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/4860-387-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/4860-392-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/3164-396-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/1560-427-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/3472-436-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/3124-443-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/2744-440-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/844-464-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/2108-537-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/1988-556-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/668-630-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/1688-636-0x0000000000400000-0x000000000042D000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 4356 frfrrlr.exe 2392 4084262.exe 1420 26260.exe 4656 260422.exe 4308 jjdpd.exe 3128 604204.exe 2864 8420820.exe 400 606642.exe 3928 rlflfrf.exe 1808 fxxlxrl.exe 1988 6242040.exe 3416 vdjdp.exe 1984 hhnnnn.exe 764 84484.exe 2080 446428.exe 4252 5xfxrrl.exe 4248 46244.exe 4064 880426.exe 952 a2824.exe 4908 8804006.exe 3792 tnhbnh.exe 3828 406482.exe 4772 9vdpp.exe 1628 2882048.exe 3816 ppjdv.exe 464 vvddv.exe 4088 80266.exe 1960 w80882.exe 4164 ppvpd.exe 3044 pvdpd.exe 1844 8626000.exe 2640 k88426.exe 2868 xflxlxr.exe 1508 24042.exe 1848 6620826.exe 1212 g6204.exe 4348 dpvjv.exe 4788 jdvjp.exe 3848 s8820.exe 2576 pvvjd.exe 3192 66642.exe 1732 9bbbtn.exe 784 846088.exe 2108 llfrlfr.exe 1420 8204826.exe 4292 nntnnn.exe 1504 466082.exe 3632 nbnbht.exe 3404 5nnhhh.exe 4312 g0608.exe 2852 m6820.exe 4916 9bbhbh.exe 980 5jpjv.exe 5040 bnbtbt.exe 2768 k84228.exe 3184 084280.exe 4116 08860.exe 4016 260426.exe 3144 3xxrlff.exe 1224 2244440.exe 2348 xxffllx.exe 4012 jjppp.exe 4360 nnhbtt.exe 692 ddvvv.exe -
resource yara_rule behavioral2/memory/548-5-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4356-10-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1420-17-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4308-30-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3128-37-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2864-40-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/400-49-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4656-24-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4656-21-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3928-62-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1988-66-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3416-70-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1984-77-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/764-83-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4252-93-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4248-101-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4064-107-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4908-117-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3792-121-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4772-131-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3828-127-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3816-145-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3044-172-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1960-160-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/464-152-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1508-189-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4348-199-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1212-195-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1848-191-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1844-179-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4788-203-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2576-211-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1732-217-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/784-222-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2108-224-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4292-231-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1504-235-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3632-238-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4312-245-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/980-257-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3184-266-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4116-268-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1224-280-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2348-283-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4360-289-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3696-296-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/844-301-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3216-314-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1616-323-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3004-327-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2008-337-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1564-357-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4860-387-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4860-392-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3164-396-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1560-427-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3472-436-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3124-443-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2744-440-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/844-464-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2108-537-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1988-556-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/668-630-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4308-663-0x0000000000400000-0x000000000042D000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 548 wrote to memory of 4356 548 92ca41a12352867f9946da4c98d992ec3775ad74ce32a2adebbc83b08fb2b09e.exe 87 PID 548 wrote to memory of 4356 548 92ca41a12352867f9946da4c98d992ec3775ad74ce32a2adebbc83b08fb2b09e.exe 87 PID 548 wrote to memory of 4356 548 92ca41a12352867f9946da4c98d992ec3775ad74ce32a2adebbc83b08fb2b09e.exe 87 PID 4356 wrote to memory of 2392 4356 frfrrlr.exe 88 PID 4356 wrote to memory of 2392 4356 frfrrlr.exe 88 PID 4356 wrote to memory of 2392 4356 frfrrlr.exe 88 PID 2392 wrote to memory of 1420 2392 4084262.exe 89 PID 2392 wrote to memory of 1420 2392 4084262.exe 89 PID 2392 wrote to memory of 1420 2392 4084262.exe 89 PID 1420 wrote to memory of 4656 1420 26260.exe 90 PID 1420 wrote to memory of 4656 1420 26260.exe 90 PID 1420 wrote to memory of 4656 1420 26260.exe 90 PID 4656 wrote to memory of 4308 4656 260422.exe 91 PID 4656 wrote to memory of 4308 4656 260422.exe 91 PID 4656 wrote to memory of 4308 4656 260422.exe 91 PID 4308 wrote to memory of 3128 4308 jjdpd.exe 92 PID 4308 wrote to memory of 3128 4308 jjdpd.exe 92 PID 4308 wrote to memory of 3128 4308 jjdpd.exe 92 PID 3128 wrote to memory of 2864 3128 604204.exe 93 PID 3128 wrote to memory of 2864 3128 604204.exe 93 PID 3128 wrote to memory of 2864 3128 604204.exe 93 PID 2864 wrote to memory of 400 2864 8420820.exe 94 PID 2864 wrote to memory of 400 2864 8420820.exe 94 PID 2864 wrote to memory of 400 2864 8420820.exe 94 PID 400 wrote to memory of 3928 400 606642.exe 95 PID 400 wrote to memory of 3928 400 606642.exe 95 PID 400 wrote to memory of 3928 400 606642.exe 95 PID 3928 wrote to memory of 1808 3928 rlflfrf.exe 96 PID 3928 wrote to memory of 1808 3928 rlflfrf.exe 96 PID 3928 wrote to memory of 1808 3928 rlflfrf.exe 96 PID 1808 wrote to memory of 1988 1808 fxxlxrl.exe 97 PID 1808 wrote to memory of 1988 1808 fxxlxrl.exe 97 PID 1808 wrote to memory of 1988 1808 fxxlxrl.exe 97 PID 1988 wrote to memory of 3416 1988 6242040.exe 98 PID 1988 wrote to memory of 3416 1988 6242040.exe 98 PID 1988 wrote to memory of 3416 1988 6242040.exe 98 PID 3416 wrote to memory of 1984 3416 vdjdp.exe 99 PID 3416 wrote to memory of 1984 3416 vdjdp.exe 99 PID 3416 wrote to memory of 1984 3416 vdjdp.exe 99 PID 1984 wrote to memory of 764 1984 hhnnnn.exe 100 PID 1984 wrote to memory of 764 1984 hhnnnn.exe 100 PID 1984 wrote to memory of 764 1984 hhnnnn.exe 100 PID 764 wrote to memory of 2080 764 84484.exe 101 PID 764 wrote to memory of 2080 764 84484.exe 101 PID 764 wrote to memory of 2080 764 84484.exe 101 PID 2080 wrote to memory of 4252 2080 446428.exe 102 PID 2080 wrote to memory of 4252 2080 446428.exe 102 PID 2080 wrote to memory of 4252 2080 446428.exe 102 PID 4252 wrote to memory of 4248 4252 5xfxrrl.exe 103 PID 4252 wrote to memory of 4248 4252 5xfxrrl.exe 103 PID 4252 wrote to memory of 4248 4252 5xfxrrl.exe 103 PID 4248 wrote to memory of 4064 4248 46244.exe 104 PID 4248 wrote to memory of 4064 4248 46244.exe 104 PID 4248 wrote to memory of 4064 4248 46244.exe 104 PID 4064 wrote to memory of 952 4064 880426.exe 105 PID 4064 wrote to memory of 952 4064 880426.exe 105 PID 4064 wrote to memory of 952 4064 880426.exe 105 PID 952 wrote to memory of 4908 952 a2824.exe 106 PID 952 wrote to memory of 4908 952 a2824.exe 106 PID 952 wrote to memory of 4908 952 a2824.exe 106 PID 4908 wrote to memory of 3792 4908 8804006.exe 107 PID 4908 wrote to memory of 3792 4908 8804006.exe 107 PID 4908 wrote to memory of 3792 4908 8804006.exe 107 PID 3792 wrote to memory of 3828 3792 tnhbnh.exe 108
Processes
-
C:\Users\Admin\AppData\Local\Temp\92ca41a12352867f9946da4c98d992ec3775ad74ce32a2adebbc83b08fb2b09e.exe"C:\Users\Admin\AppData\Local\Temp\92ca41a12352867f9946da4c98d992ec3775ad74ce32a2adebbc83b08fb2b09e.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:548 -
\??\c:\frfrrlr.exec:\frfrrlr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4356 -
\??\c:\4084262.exec:\4084262.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2392 -
\??\c:\26260.exec:\26260.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1420 -
\??\c:\260422.exec:\260422.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4656 -
\??\c:\jjdpd.exec:\jjdpd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4308 -
\??\c:\604204.exec:\604204.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3128 -
\??\c:\8420820.exec:\8420820.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2864 -
\??\c:\606642.exec:\606642.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:400 -
\??\c:\rlflfrf.exec:\rlflfrf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3928 -
\??\c:\fxxlxrl.exec:\fxxlxrl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1808 -
\??\c:\6242040.exec:\6242040.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1988 -
\??\c:\vdjdp.exec:\vdjdp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3416 -
\??\c:\hhnnnn.exec:\hhnnnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1984 -
\??\c:\84484.exec:\84484.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:764 -
\??\c:\446428.exec:\446428.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2080 -
\??\c:\5xfxrrl.exec:\5xfxrrl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4252 -
\??\c:\46244.exec:\46244.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4248 -
\??\c:\880426.exec:\880426.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4064 -
\??\c:\a2824.exec:\a2824.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:952 -
\??\c:\8804006.exec:\8804006.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4908 -
\??\c:\tnhbnh.exec:\tnhbnh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3792 -
\??\c:\406482.exec:\406482.exe23⤵
- Executes dropped EXE
PID:3828 -
\??\c:\9vdpp.exec:\9vdpp.exe24⤵
- Executes dropped EXE
PID:4772 -
\??\c:\2882048.exec:\2882048.exe25⤵
- Executes dropped EXE
PID:1628 -
\??\c:\ppjdv.exec:\ppjdv.exe26⤵
- Executes dropped EXE
PID:3816 -
\??\c:\vvddv.exec:\vvddv.exe27⤵
- Executes dropped EXE
PID:464 -
\??\c:\80266.exec:\80266.exe28⤵
- Executes dropped EXE
PID:4088 -
\??\c:\w80882.exec:\w80882.exe29⤵
- Executes dropped EXE
PID:1960 -
\??\c:\ppvpd.exec:\ppvpd.exe30⤵
- Executes dropped EXE
PID:4164 -
\??\c:\pvdpd.exec:\pvdpd.exe31⤵
- Executes dropped EXE
PID:3044 -
\??\c:\8626000.exec:\8626000.exe32⤵
- Executes dropped EXE
PID:1844 -
\??\c:\k88426.exec:\k88426.exe33⤵
- Executes dropped EXE
PID:2640 -
\??\c:\xflxlxr.exec:\xflxlxr.exe34⤵
- Executes dropped EXE
PID:2868 -
\??\c:\24042.exec:\24042.exe35⤵
- Executes dropped EXE
PID:1508 -
\??\c:\6620826.exec:\6620826.exe36⤵
- Executes dropped EXE
PID:1848 -
\??\c:\g6204.exec:\g6204.exe37⤵
- Executes dropped EXE
PID:1212 -
\??\c:\dpvjv.exec:\dpvjv.exe38⤵
- Executes dropped EXE
PID:4348 -
\??\c:\jdvjp.exec:\jdvjp.exe39⤵
- Executes dropped EXE
PID:4788 -
\??\c:\s8820.exec:\s8820.exe40⤵
- Executes dropped EXE
PID:3848 -
\??\c:\pvvjd.exec:\pvvjd.exe41⤵
- Executes dropped EXE
PID:2576 -
\??\c:\66642.exec:\66642.exe42⤵
- Executes dropped EXE
PID:3192 -
\??\c:\9bbbtn.exec:\9bbbtn.exe43⤵
- Executes dropped EXE
PID:1732 -
\??\c:\846088.exec:\846088.exe44⤵
- Executes dropped EXE
PID:784 -
\??\c:\llfrlfr.exec:\llfrlfr.exe45⤵
- Executes dropped EXE
PID:2108 -
\??\c:\8204826.exec:\8204826.exe46⤵
- Executes dropped EXE
PID:1420 -
\??\c:\nntnnn.exec:\nntnnn.exe47⤵
- Executes dropped EXE
PID:4292 -
\??\c:\466082.exec:\466082.exe48⤵
- Executes dropped EXE
PID:1504 -
\??\c:\nbnbht.exec:\nbnbht.exe49⤵
- Executes dropped EXE
PID:3632 -
\??\c:\5nnhhh.exec:\5nnhhh.exe50⤵
- Executes dropped EXE
PID:3404 -
\??\c:\g0608.exec:\g0608.exe51⤵
- Executes dropped EXE
PID:4312 -
\??\c:\m6820.exec:\m6820.exe52⤵
- Executes dropped EXE
PID:2852 -
\??\c:\9bbhbh.exec:\9bbhbh.exe53⤵
- Executes dropped EXE
PID:4916 -
\??\c:\5jpjv.exec:\5jpjv.exe54⤵
- Executes dropped EXE
PID:980 -
\??\c:\bnbtbt.exec:\bnbtbt.exe55⤵
- Executes dropped EXE
PID:5040 -
\??\c:\k84228.exec:\k84228.exe56⤵
- Executes dropped EXE
PID:2768 -
\??\c:\084280.exec:\084280.exe57⤵
- Executes dropped EXE
PID:3184 -
\??\c:\08860.exec:\08860.exe58⤵
- Executes dropped EXE
PID:4116 -
\??\c:\260426.exec:\260426.exe59⤵
- Executes dropped EXE
PID:4016 -
\??\c:\3xxrlff.exec:\3xxrlff.exe60⤵
- Executes dropped EXE
PID:3144 -
\??\c:\2244440.exec:\2244440.exe61⤵
- Executes dropped EXE
PID:1224 -
\??\c:\xxffllx.exec:\xxffllx.exe62⤵
- Executes dropped EXE
PID:2348 -
\??\c:\jjppp.exec:\jjppp.exe63⤵
- Executes dropped EXE
PID:4012 -
\??\c:\nnhbtt.exec:\nnhbtt.exe64⤵
- Executes dropped EXE
PID:4360 -
\??\c:\ddvvv.exec:\ddvvv.exe65⤵
- Executes dropped EXE
PID:692 -
\??\c:\bntnhh.exec:\bntnhh.exe66⤵PID:2476
-
\??\c:\u060482.exec:\u060482.exe67⤵PID:3696
-
\??\c:\frxxrrr.exec:\frxxrrr.exe68⤵PID:844
-
\??\c:\thhbtn.exec:\thhbtn.exe69⤵PID:3828
-
\??\c:\62822.exec:\62822.exe70⤵PID:3904
-
\??\c:\c248604.exec:\c248604.exe71⤵PID:1956
-
\??\c:\42486.exec:\42486.exe72⤵PID:3216
-
\??\c:\42488.exec:\42488.exe73⤵PID:1676
-
\??\c:\5rfrlfx.exec:\5rfrlfx.exe74⤵PID:1616
-
\??\c:\i460662.exec:\i460662.exe75⤵PID:3004
-
\??\c:\5tnhbb.exec:\5tnhbb.exe76⤵PID:4804
-
\??\c:\vjjvp.exec:\vjjvp.exe77⤵PID:1344
-
\??\c:\0642666.exec:\0642666.exe78⤵PID:4864
-
\??\c:\o004888.exec:\o004888.exe79⤵PID:2008
-
\??\c:\fxfxrrr.exec:\fxfxrrr.exe80⤵PID:3952
-
\??\c:\htbtnn.exec:\htbtnn.exe81⤵PID:4848
-
\??\c:\thhbnn.exec:\thhbnn.exe82⤵PID:2156
-
\??\c:\i660804.exec:\i660804.exe83⤵PID:2388
-
\??\c:\48400.exec:\48400.exe84⤵PID:3424
-
\??\c:\ntbthh.exec:\ntbthh.exe85⤵PID:1564
-
\??\c:\680660.exec:\680660.exe86⤵PID:2512
-
\??\c:\9vdvp.exec:\9vdvp.exe87⤵PID:2984
-
\??\c:\xxrlffx.exec:\xxrlffx.exe88⤵PID:1388
-
\??\c:\s8048.exec:\s8048.exe89⤵PID:4436
-
\??\c:\7vjdv.exec:\7vjdv.exe90⤵PID:652
-
\??\c:\vppjd.exec:\vppjd.exe91⤵PID:548
-
\??\c:\24482.exec:\24482.exe92⤵PID:2760
-
\??\c:\4882224.exec:\4882224.exe93⤵PID:1732
-
\??\c:\u688266.exec:\u688266.exe94⤵PID:4656
-
\??\c:\vpvpp.exec:\vpvpp.exe95⤵PID:4860
-
\??\c:\hhbtnn.exec:\hhbtnn.exe96⤵PID:4944
-
\??\c:\lfrlrll.exec:\lfrlrll.exe97⤵PID:3164
-
\??\c:\fxfrrrx.exec:\fxfrrrx.exe98⤵PID:2044
-
\??\c:\084822.exec:\084822.exe99⤵PID:1652
-
\??\c:\hnbnbb.exec:\hnbnbb.exe100⤵PID:4960
-
\??\c:\pvppj.exec:\pvppj.exe101⤵PID:3884
-
\??\c:\6440882.exec:\6440882.exe102⤵PID:4496
-
\??\c:\00660.exec:\00660.exe103⤵PID:1988
-
\??\c:\a4042.exec:\a4042.exe104⤵PID:5000
-
\??\c:\tttnhb.exec:\tttnhb.exe105⤵PID:4580
-
\??\c:\fxlfxxf.exec:\fxlfxxf.exe106⤵PID:3416
-
\??\c:\lxxrlff.exec:\lxxrlff.exe107⤵PID:1560
-
\??\c:\c882822.exec:\c882822.exe108⤵PID:4384
-
\??\c:\280660.exec:\280660.exe109⤵PID:3472
-
\??\c:\tnthtt.exec:\tnthtt.exe110⤵PID:2744
-
\??\c:\nhbbbb.exec:\nhbbbb.exe111⤵PID:3124
-
\??\c:\3jdvp.exec:\3jdvp.exe112⤵PID:636
-
\??\c:\w22204.exec:\w22204.exe113⤵PID:4248
-
\??\c:\84066.exec:\84066.exe114⤵PID:4880
-
\??\c:\60404.exec:\60404.exe115⤵PID:4920
-
\??\c:\44484.exec:\44484.exe116⤵PID:1196
-
\??\c:\0444888.exec:\0444888.exe117⤵PID:1840
-
\??\c:\2604884.exec:\2604884.exe118⤵PID:844
-
\??\c:\4626006.exec:\4626006.exe119⤵PID:2572
-
\??\c:\flxlxff.exec:\flxlxff.exe120⤵PID:3208
-
\??\c:\220624.exec:\220624.exe121⤵PID:3816
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-