Analysis
-
max time kernel
148s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
25-04-2024 02:14
Behavioral task
behavioral1
Sample
b44be7d586ec7609a58af960fcb696fd0741f96c53796d0079ed02a9d40db060.exe
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
General
-
Target
b44be7d586ec7609a58af960fcb696fd0741f96c53796d0079ed02a9d40db060.exe
-
Size
198KB
-
MD5
b1c62e6625ffced9194d70f6ccb471da
-
SHA1
474b3888910fc9c10cccf06dd3129b062c3c8ccf
-
SHA256
b44be7d586ec7609a58af960fcb696fd0741f96c53796d0079ed02a9d40db060
-
SHA512
950f04f3ceceb9745a882edc8c8f13e9abcd43b3fc33841eb7841d1d310b2625dce8e2020bfd7c5012b5b757aedf6f9aa32f4cf18852abe65132f27de03e2a99
-
SSDEEP
3072:xhOmTsF93UYfwC6GIout3WVi/8HCpi8rY9AABa1YRMxl1522cJ1uIt:xcm4FmowdHoS3WV28HCddWhRO1Lc9t
Malware Config
Signatures
-
Detect Blackmoon payload 52 IoCs
resource yara_rule behavioral1/memory/2788-44-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2552-53-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2192-75-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2476-84-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/1492-143-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/1304-179-0x0000000000220000-0x0000000000256000-memory.dmp family_blackmoon behavioral1/memory/1304-178-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2156-210-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2804-192-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/688-220-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/1492-237-0x0000000000220000-0x0000000000256000-memory.dmp family_blackmoon behavioral1/memory/1304-253-0x0000000000220000-0x0000000000256000-memory.dmp family_blackmoon behavioral1/memory/1712-272-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2804-274-0x00000000002C0000-0x00000000002F6000-memory.dmp family_blackmoon behavioral1/memory/1644-165-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/1852-149-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/1492-145-0x0000000000220000-0x0000000000256000-memory.dmp family_blackmoon behavioral1/memory/2552-130-0x0000000000220000-0x0000000000256000-memory.dmp family_blackmoon behavioral1/memory/1188-121-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2552-62-0x0000000000220000-0x0000000000256000-memory.dmp family_blackmoon behavioral1/memory/2636-35-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2332-23-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2984-31-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2612-6-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2380-14-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2944-306-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/1184-308-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/1184-315-0x0000000000250000-0x0000000000286000-memory.dmp family_blackmoon behavioral1/memory/1800-329-0x0000000000220000-0x0000000000256000-memory.dmp family_blackmoon behavioral1/memory/1800-328-0x0000000000220000-0x0000000000256000-memory.dmp family_blackmoon behavioral1/memory/2068-330-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2752-344-0x0000000000440000-0x0000000000476000-memory.dmp family_blackmoon behavioral1/memory/2996-345-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2316-365-0x0000000000220000-0x0000000000256000-memory.dmp family_blackmoon behavioral1/memory/1184-363-0x0000000000250000-0x0000000000286000-memory.dmp family_blackmoon behavioral1/memory/2620-370-0x0000000000220000-0x0000000000256000-memory.dmp family_blackmoon behavioral1/memory/2472-374-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2492-381-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2444-387-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2772-400-0x00000000003C0000-0x00000000003F6000-memory.dmp family_blackmoon behavioral1/memory/2884-414-0x0000000000220000-0x0000000000256000-memory.dmp family_blackmoon behavioral1/memory/2896-421-0x00000000003C0000-0x00000000003F6000-memory.dmp family_blackmoon behavioral1/memory/2528-439-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2528-447-0x00000000002B0000-0x00000000002E6000-memory.dmp family_blackmoon behavioral1/memory/1836-455-0x0000000000220000-0x0000000000256000-memory.dmp family_blackmoon behavioral1/memory/2304-469-0x00000000001B0000-0x00000000001E6000-memory.dmp family_blackmoon behavioral1/memory/3040-515-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/1044-529-0x00000000001B0000-0x00000000001E6000-memory.dmp family_blackmoon behavioral1/memory/2968-536-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/1044-570-0x00000000001B0000-0x00000000001E6000-memory.dmp family_blackmoon behavioral1/memory/1916-577-0x0000000000220000-0x0000000000256000-memory.dmp family_blackmoon behavioral1/memory/1724-589-0x0000000001B80000-0x0000000001BB6000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral1/memory/2612-0-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/files/0x0037000000014712-25.dat UPX behavioral1/memory/2788-44-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/files/0x0007000000014b4c-42.dat UPX behavioral1/memory/2552-53-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/files/0x0007000000014bbc-51.dat UPX behavioral1/files/0x0007000000014e71-58.dat UPX behavioral1/memory/2192-75-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/files/0x0007000000015d20-78.dat UPX behavioral1/files/0x0006000000015d42-85.dat UPX behavioral1/memory/2476-84-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/files/0x0006000000015d4e-94.dat UPX behavioral1/files/0x0006000000015d56-102.dat UPX behavioral1/files/0x0006000000015d5f-109.dat UPX behavioral1/files/0x0006000000015d6b-119.dat UPX behavioral1/files/0x0006000000015d87-137.dat UPX behavioral1/memory/1492-143-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/files/0x0006000000015d93-146.dat UPX behavioral1/files/0x0006000000015e32-155.dat UPX behavioral1/files/0x0006000000015f65-172.dat UPX behavioral1/memory/1304-178-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/files/0x000600000001610f-190.dat UPX behavioral1/files/0x000600000001621e-198.dat UPX behavioral1/files/0x000600000001630a-208.dat UPX behavioral1/memory/2156-210-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/memory/2804-192-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/files/0x0006000000015fe5-181.dat UPX behavioral1/files/0x00060000000164aa-216.dat UPX behavioral1/memory/688-220-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/files/0x003700000001471a-227.dat UPX behavioral1/files/0x000600000001658a-234.dat UPX behavioral1/files/0x0006000000016616-244.dat UPX behavioral1/files/0x0006000000016851-252.dat UPX behavioral1/files/0x0006000000016adc-261.dat UPX behavioral1/files/0x0006000000016c44-270.dat UPX behavioral1/memory/1712-272-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/files/0x0006000000016c5e-280.dat UPX behavioral1/memory/1644-165-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/files/0x0006000000015ecc-163.dat UPX behavioral1/memory/1852-149-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/files/0x0006000000015d7f-128.dat UPX behavioral1/memory/1188-121-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/memory/2896-110-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/memory/2476-77-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/files/0x0008000000015cff-69.dat UPX behavioral1/memory/2636-35-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/files/0x0007000000014b18-33.dat UPX behavioral1/memory/2332-23-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/files/0x000a00000001224d-8.dat UPX behavioral1/memory/2984-31-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/files/0x000d000000012350-17.dat UPX behavioral1/memory/2612-6-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/memory/2380-14-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/memory/2944-300-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/memory/2944-306-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/memory/1184-308-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/memory/2068-330-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/memory/2996-345-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/memory/2472-374-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/memory/2492-381-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/memory/2444-387-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/memory/2528-439-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/memory/3040-515-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral1/memory/2968-536-0x0000000000400000-0x0000000000436000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 2380 vpjpv.exe 2332 vjvvj.exe 2984 rlrrrxl.exe 2636 bbtnhh.exe 2788 pjvdp.exe 2552 lxfflrr.exe 2960 hbnntt.exe 2192 dvppd.exe 2476 xrrrrrf.exe 2888 7bnntb.exe 1820 tnntbh.exe 2748 dvjvv.exe 2896 vpvdp.exe 1188 frfllrx.exe 1908 xrxxffx.exe 1492 thtthh.exe 1852 nntthh.exe 2716 vpddp.exe 1644 3rlxffx.exe 1304 dpdvv.exe 2208 dvpdp.exe 2804 fllffxx.exe 2816 ddpvd.exe 2156 vdjjv.exe 688 7pdjp.exe 3048 5bnttt.exe 1264 1vjpv.exe 1336 pjpvd.exe 2060 5xlfxxf.exe 1616 lrxxxfx.exe 1712 9nnthb.exe 2824 xlrrrxr.exe 2980 btnbbh.exe 1964 3jdjv.exe 2944 vpdjv.exe 1184 rflfxrr.exe 1572 tnnthh.exe 1800 tnbtbt.exe 2068 dvpvd.exe 2752 dppvj.exe 2996 5bthnt.exe 2692 3pjpp.exe 2316 hbtbnn.exe 2620 vjvvp.exe 2472 9rrrxxr.exe 2492 thhhnn.exe 2444 frfxfll.exe 2772 nhntnt.exe 2920 jddvj.exe 2884 jvdjj.exe 2896 fxfxflr.exe 1528 hthnbb.exe 2668 bttbnt.exe 2864 pjvvd.exe 2528 9frxfxf.exe 1836 7bbbbb.exe 2112 jdppd.exe 2304 rffrrll.exe 1288 tnhhnn.exe 1440 ntbntt.exe 2080 9pdjv.exe 2808 3lfffff.exe 668 xrllxxf.exe 2256 htbhhh.exe -
resource yara_rule behavioral1/memory/2612-0-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0037000000014712-25.dat upx behavioral1/memory/2788-44-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0007000000014b4c-42.dat upx behavioral1/memory/2552-53-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0007000000014bbc-51.dat upx behavioral1/files/0x0007000000014e71-58.dat upx behavioral1/memory/2192-75-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0007000000015d20-78.dat upx behavioral1/files/0x0006000000015d42-85.dat upx behavioral1/memory/2476-84-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0006000000015d4e-94.dat upx behavioral1/files/0x0006000000015d56-102.dat upx behavioral1/files/0x0006000000015d5f-109.dat upx behavioral1/files/0x0006000000015d6b-119.dat upx behavioral1/files/0x0006000000015d87-137.dat upx behavioral1/memory/1492-143-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0006000000015d93-146.dat upx behavioral1/files/0x0006000000015e32-155.dat upx behavioral1/files/0x0006000000015f65-172.dat upx behavioral1/memory/1304-178-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x000600000001610f-190.dat upx behavioral1/files/0x000600000001621e-198.dat upx behavioral1/files/0x000600000001630a-208.dat upx behavioral1/memory/2156-210-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/memory/2804-192-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0006000000015fe5-181.dat upx behavioral1/files/0x00060000000164aa-216.dat upx behavioral1/memory/688-220-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x003700000001471a-227.dat upx behavioral1/files/0x000600000001658a-234.dat upx behavioral1/files/0x0006000000016616-244.dat upx behavioral1/files/0x0006000000016851-252.dat upx behavioral1/files/0x0006000000016adc-261.dat upx behavioral1/files/0x0006000000016c44-270.dat upx behavioral1/memory/1712-272-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0006000000016c5e-280.dat upx behavioral1/memory/1644-165-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0006000000015ecc-163.dat upx behavioral1/memory/1852-149-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0006000000015d7f-128.dat upx behavioral1/memory/1188-121-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/memory/2896-110-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/memory/2476-77-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0008000000015cff-69.dat upx behavioral1/memory/2636-35-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0007000000014b18-33.dat upx behavioral1/memory/2332-23-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x000a00000001224d-8.dat upx behavioral1/memory/2984-31-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x000d000000012350-17.dat upx behavioral1/memory/2612-6-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/memory/2380-14-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/memory/2944-300-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/memory/2944-306-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/memory/1184-308-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/memory/2068-330-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/memory/2996-345-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/memory/2472-374-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/memory/2492-381-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/memory/2444-387-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/memory/2528-439-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/memory/3040-515-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/memory/2968-536-0x0000000000400000-0x0000000000436000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2612 wrote to memory of 2380 2612 b44be7d586ec7609a58af960fcb696fd0741f96c53796d0079ed02a9d40db060.exe 28 PID 2612 wrote to memory of 2380 2612 b44be7d586ec7609a58af960fcb696fd0741f96c53796d0079ed02a9d40db060.exe 28 PID 2612 wrote to memory of 2380 2612 b44be7d586ec7609a58af960fcb696fd0741f96c53796d0079ed02a9d40db060.exe 28 PID 2612 wrote to memory of 2380 2612 b44be7d586ec7609a58af960fcb696fd0741f96c53796d0079ed02a9d40db060.exe 28 PID 2380 wrote to memory of 2332 2380 vpjpv.exe 29 PID 2380 wrote to memory of 2332 2380 vpjpv.exe 29 PID 2380 wrote to memory of 2332 2380 vpjpv.exe 29 PID 2380 wrote to memory of 2332 2380 vpjpv.exe 29 PID 2332 wrote to memory of 2984 2332 vjvvj.exe 30 PID 2332 wrote to memory of 2984 2332 vjvvj.exe 30 PID 2332 wrote to memory of 2984 2332 vjvvj.exe 30 PID 2332 wrote to memory of 2984 2332 vjvvj.exe 30 PID 2984 wrote to memory of 2636 2984 rlrrrxl.exe 31 PID 2984 wrote to memory of 2636 2984 rlrrrxl.exe 31 PID 2984 wrote to memory of 2636 2984 rlrrrxl.exe 31 PID 2984 wrote to memory of 2636 2984 rlrrrxl.exe 31 PID 2636 wrote to memory of 2788 2636 bbtnhh.exe 32 PID 2636 wrote to memory of 2788 2636 bbtnhh.exe 32 PID 2636 wrote to memory of 2788 2636 bbtnhh.exe 32 PID 2636 wrote to memory of 2788 2636 bbtnhh.exe 32 PID 2788 wrote to memory of 2552 2788 pjvdp.exe 33 PID 2788 wrote to memory of 2552 2788 pjvdp.exe 33 PID 2788 wrote to memory of 2552 2788 pjvdp.exe 33 PID 2788 wrote to memory of 2552 2788 pjvdp.exe 33 PID 2552 wrote to memory of 2960 2552 lxfflrr.exe 34 PID 2552 wrote to memory of 2960 2552 lxfflrr.exe 34 PID 2552 wrote to memory of 2960 2552 lxfflrr.exe 34 PID 2552 wrote to memory of 2960 2552 lxfflrr.exe 34 PID 2960 wrote to memory of 2192 2960 hbnntt.exe 35 PID 2960 wrote to memory of 2192 2960 hbnntt.exe 35 PID 2960 wrote to memory of 2192 2960 hbnntt.exe 35 PID 2960 wrote to memory of 2192 2960 hbnntt.exe 35 PID 2192 wrote to memory of 2476 2192 dvppd.exe 36 PID 2192 wrote to memory of 2476 2192 dvppd.exe 36 PID 2192 wrote to memory of 2476 2192 dvppd.exe 36 PID 2192 wrote to memory of 2476 2192 dvppd.exe 36 PID 2476 wrote to memory of 2888 2476 xrrrrrf.exe 37 PID 2476 wrote to memory of 2888 2476 xrrrrrf.exe 37 PID 2476 wrote to memory of 2888 2476 xrrrrrf.exe 37 PID 2476 wrote to memory of 2888 2476 xrrrrrf.exe 37 PID 2888 wrote to memory of 1820 2888 7bnntb.exe 38 PID 2888 wrote to memory of 1820 2888 7bnntb.exe 38 PID 2888 wrote to memory of 1820 2888 7bnntb.exe 38 PID 2888 wrote to memory of 1820 2888 7bnntb.exe 38 PID 1820 wrote to memory of 2748 1820 tnntbh.exe 39 PID 1820 wrote to memory of 2748 1820 tnntbh.exe 39 PID 1820 wrote to memory of 2748 1820 tnntbh.exe 39 PID 1820 wrote to memory of 2748 1820 tnntbh.exe 39 PID 2748 wrote to memory of 2896 2748 dvjvv.exe 40 PID 2748 wrote to memory of 2896 2748 dvjvv.exe 40 PID 2748 wrote to memory of 2896 2748 dvjvv.exe 40 PID 2748 wrote to memory of 2896 2748 dvjvv.exe 40 PID 2896 wrote to memory of 1188 2896 vpvdp.exe 41 PID 2896 wrote to memory of 1188 2896 vpvdp.exe 41 PID 2896 wrote to memory of 1188 2896 vpvdp.exe 41 PID 2896 wrote to memory of 1188 2896 vpvdp.exe 41 PID 1188 wrote to memory of 1908 1188 frfllrx.exe 42 PID 1188 wrote to memory of 1908 1188 frfllrx.exe 42 PID 1188 wrote to memory of 1908 1188 frfllrx.exe 42 PID 1188 wrote to memory of 1908 1188 frfllrx.exe 42 PID 1908 wrote to memory of 1492 1908 xrxxffx.exe 43 PID 1908 wrote to memory of 1492 1908 xrxxffx.exe 43 PID 1908 wrote to memory of 1492 1908 xrxxffx.exe 43 PID 1908 wrote to memory of 1492 1908 xrxxffx.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\b44be7d586ec7609a58af960fcb696fd0741f96c53796d0079ed02a9d40db060.exe"C:\Users\Admin\AppData\Local\Temp\b44be7d586ec7609a58af960fcb696fd0741f96c53796d0079ed02a9d40db060.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2612 -
\??\c:\vpjpv.exec:\vpjpv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2380 -
\??\c:\vjvvj.exec:\vjvvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2332 -
\??\c:\rlrrrxl.exec:\rlrrrxl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2984 -
\??\c:\bbtnhh.exec:\bbtnhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2636 -
\??\c:\pjvdp.exec:\pjvdp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2788 -
\??\c:\lxfflrr.exec:\lxfflrr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2552 -
\??\c:\hbnntt.exec:\hbnntt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2960 -
\??\c:\dvppd.exec:\dvppd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2192 -
\??\c:\xrrrrrf.exec:\xrrrrrf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2476 -
\??\c:\7bnntb.exec:\7bnntb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2888 -
\??\c:\tnntbh.exec:\tnntbh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1820 -
\??\c:\dvjvv.exec:\dvjvv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2748 -
\??\c:\vpvdp.exec:\vpvdp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2896 -
\??\c:\frfllrx.exec:\frfllrx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1188 -
\??\c:\xrxxffx.exec:\xrxxffx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1908 -
\??\c:\thtthh.exec:\thtthh.exe17⤵
- Executes dropped EXE
PID:1492 -
\??\c:\nntthh.exec:\nntthh.exe18⤵
- Executes dropped EXE
PID:1852 -
\??\c:\vpddp.exec:\vpddp.exe19⤵
- Executes dropped EXE
PID:2716 -
\??\c:\3rlxffx.exec:\3rlxffx.exe20⤵
- Executes dropped EXE
PID:1644 -
\??\c:\dpdvv.exec:\dpdvv.exe21⤵
- Executes dropped EXE
PID:1304 -
\??\c:\dvpdp.exec:\dvpdp.exe22⤵
- Executes dropped EXE
PID:2208 -
\??\c:\fllffxx.exec:\fllffxx.exe23⤵
- Executes dropped EXE
PID:2804 -
\??\c:\ddpvd.exec:\ddpvd.exe24⤵
- Executes dropped EXE
PID:2816 -
\??\c:\vdjjv.exec:\vdjjv.exe25⤵
- Executes dropped EXE
PID:2156 -
\??\c:\7pdjp.exec:\7pdjp.exe26⤵
- Executes dropped EXE
PID:688 -
\??\c:\5bnttt.exec:\5bnttt.exe27⤵
- Executes dropped EXE
PID:3048 -
\??\c:\1vjpv.exec:\1vjpv.exe28⤵
- Executes dropped EXE
PID:1264 -
\??\c:\pjpvd.exec:\pjpvd.exe29⤵
- Executes dropped EXE
PID:1336 -
\??\c:\5xlfxxf.exec:\5xlfxxf.exe30⤵
- Executes dropped EXE
PID:2060 -
\??\c:\lrxxxfx.exec:\lrxxxfx.exe31⤵
- Executes dropped EXE
PID:1616 -
\??\c:\9nnthb.exec:\9nnthb.exe32⤵
- Executes dropped EXE
PID:1712 -
\??\c:\xlrrrxr.exec:\xlrrrxr.exe33⤵
- Executes dropped EXE
PID:2824 -
\??\c:\btnbbh.exec:\btnbbh.exe34⤵
- Executes dropped EXE
PID:2980 -
\??\c:\3jdjv.exec:\3jdjv.exe35⤵
- Executes dropped EXE
PID:1964 -
\??\c:\vpdjv.exec:\vpdjv.exe36⤵
- Executes dropped EXE
PID:2944 -
\??\c:\rflfxrr.exec:\rflfxrr.exe37⤵
- Executes dropped EXE
PID:1184 -
\??\c:\tnnthh.exec:\tnnthh.exe38⤵
- Executes dropped EXE
PID:1572 -
\??\c:\tnbtbt.exec:\tnbtbt.exe39⤵
- Executes dropped EXE
PID:1800 -
\??\c:\dvpvd.exec:\dvpvd.exe40⤵
- Executes dropped EXE
PID:2068 -
\??\c:\dppvj.exec:\dppvj.exe41⤵
- Executes dropped EXE
PID:2752 -
\??\c:\5bthnt.exec:\5bthnt.exe42⤵
- Executes dropped EXE
PID:2996 -
\??\c:\3pjpp.exec:\3pjpp.exe43⤵
- Executes dropped EXE
PID:2692 -
\??\c:\hbtbnn.exec:\hbtbnn.exe44⤵
- Executes dropped EXE
PID:2316 -
\??\c:\vjvvp.exec:\vjvvp.exe45⤵
- Executes dropped EXE
PID:2620 -
\??\c:\9rrrxxr.exec:\9rrrxxr.exe46⤵
- Executes dropped EXE
PID:2472 -
\??\c:\thhhnn.exec:\thhhnn.exe47⤵
- Executes dropped EXE
PID:2492 -
\??\c:\frfxfll.exec:\frfxfll.exe48⤵
- Executes dropped EXE
PID:2444 -
\??\c:\nhntnt.exec:\nhntnt.exe49⤵
- Executes dropped EXE
PID:2772 -
\??\c:\jddvj.exec:\jddvj.exe50⤵
- Executes dropped EXE
PID:2920 -
\??\c:\jvdjj.exec:\jvdjj.exe51⤵
- Executes dropped EXE
PID:2884 -
\??\c:\fxfxflr.exec:\fxfxflr.exe52⤵
- Executes dropped EXE
PID:2896 -
\??\c:\hthnbb.exec:\hthnbb.exe53⤵
- Executes dropped EXE
PID:1528 -
\??\c:\bttbnt.exec:\bttbnt.exe54⤵
- Executes dropped EXE
PID:2668 -
\??\c:\pjvvd.exec:\pjvvd.exe55⤵
- Executes dropped EXE
PID:2864 -
\??\c:\9frxfxf.exec:\9frxfxf.exe56⤵
- Executes dropped EXE
PID:2528 -
\??\c:\7bbbbb.exec:\7bbbbb.exe57⤵
- Executes dropped EXE
PID:1836 -
\??\c:\jdppd.exec:\jdppd.exe58⤵
- Executes dropped EXE
PID:2112 -
\??\c:\rffrrll.exec:\rffrrll.exe59⤵
- Executes dropped EXE
PID:2304 -
\??\c:\tnhhnn.exec:\tnhhnn.exe60⤵
- Executes dropped EXE
PID:1288 -
\??\c:\ntbntt.exec:\ntbntt.exe61⤵
- Executes dropped EXE
PID:1440 -
\??\c:\9pdjv.exec:\9pdjv.exe62⤵
- Executes dropped EXE
PID:2080 -
\??\c:\3lfffff.exec:\3lfffff.exe63⤵
- Executes dropped EXE
PID:2808 -
\??\c:\xrllxxf.exec:\xrllxxf.exe64⤵
- Executes dropped EXE
PID:668 -
\??\c:\htbhhh.exec:\htbhhh.exe65⤵
- Executes dropped EXE
PID:2256 -
\??\c:\djppd.exec:\djppd.exe66⤵PID:2388
-
\??\c:\tntnnb.exec:\tntnnb.exe67⤵PID:3040
-
\??\c:\thhhhn.exec:\thhhhn.exe68⤵PID:1044
-
\??\c:\jpvpj.exec:\jpvpj.exe69⤵PID:1536
-
\??\c:\5rfxffl.exec:\5rfxffl.exe70⤵PID:2968
-
\??\c:\5vjdj.exec:\5vjdj.exe71⤵PID:3068
-
\??\c:\lfrrxxl.exec:\lfrrxxl.exe72⤵PID:3028
-
\??\c:\thnntt.exec:\thnntt.exe73⤵PID:932
-
\??\c:\tnhbnt.exec:\tnhbnt.exe74⤵PID:2972
-
\??\c:\vjvpv.exec:\vjvpv.exe75⤵PID:1916
-
\??\c:\5lfflfl.exec:\5lfflfl.exe76⤵PID:2956
-
\??\c:\bhnntn.exec:\bhnntn.exe77⤵PID:1724
-
\??\c:\7htntt.exec:\7htntt.exe78⤵PID:2076
-
\??\c:\djjjp.exec:\djjjp.exe79⤵PID:1596
-
\??\c:\rfrxffl.exec:\rfrxffl.exe80⤵PID:2020
-
\??\c:\5hhnnn.exec:\5hhnnn.exe81⤵PID:2640
-
\??\c:\jjddp.exec:\jjddp.exe82⤵PID:2204
-
\??\c:\1dpjj.exec:\1dpjj.exe83⤵PID:2572
-
\??\c:\xrxxxfl.exec:\xrxxxfl.exe84⤵PID:2452
-
\??\c:\lrllllr.exec:\lrllllr.exe85⤵PID:2064
-
\??\c:\5hbhhn.exec:\5hbhhn.exe86⤵PID:2784
-
\??\c:\vpddp.exec:\vpddp.exe87⤵PID:2320
-
\??\c:\fflllrx.exec:\fflllrx.exe88⤵PID:2192
-
\??\c:\tnbhnn.exec:\tnbhnn.exe89⤵PID:2548
-
\??\c:\7bnttt.exec:\7bnttt.exe90⤵PID:2700
-
\??\c:\vjpdd.exec:\vjpdd.exe91⤵PID:2456
-
\??\c:\ppdvj.exec:\ppdvj.exe92⤵PID:1820
-
\??\c:\5xrrllx.exec:\5xrrllx.exe93⤵PID:2900
-
\??\c:\ttbnbh.exec:\ttbnbh.exe94⤵PID:1940
-
\??\c:\dvdvv.exec:\dvdvv.exe95⤵PID:1668
-
\??\c:\3fxxffl.exec:\3fxxffl.exe96⤵PID:1908
-
\??\c:\fxflrlr.exec:\fxflrlr.exe97⤵PID:1772
-
\??\c:\9nbbbb.exec:\9nbbbb.exe98⤵PID:624
-
\??\c:\3ddjd.exec:\3ddjd.exe99⤵PID:1852
-
\??\c:\fxfrrxl.exec:\fxfrrxl.exe100⤵PID:2672
-
\??\c:\xrlrxrr.exec:\xrlrxrr.exe101⤵PID:1276
-
\??\c:\hhbbtt.exec:\hhbbtt.exe102⤵PID:1304
-
\??\c:\bnbnnn.exec:\bnbnnn.exe103⤵PID:2304
-
\??\c:\3dvdp.exec:\3dvdp.exe104⤵PID:1424
-
\??\c:\xlxrrrr.exec:\xlxrrrr.exe105⤵PID:2408
-
\??\c:\bntbnt.exec:\bntbnt.exe106⤵PID:1900
-
\??\c:\htntbb.exec:\htntbb.exe107⤵PID:772
-
\??\c:\7pddd.exec:\7pddd.exe108⤵PID:1996
-
\??\c:\7jdpj.exec:\7jdpj.exe109⤵PID:2232
-
\??\c:\lflflfl.exec:\lflflfl.exe110⤵PID:1144
-
\??\c:\9fxxlfl.exec:\9fxxlfl.exe111⤵PID:1340
-
\??\c:\bnhthh.exec:\bnhthh.exe112⤵PID:2976
-
\??\c:\dpjjv.exec:\dpjjv.exe113⤵PID:320
-
\??\c:\vjvjv.exec:\vjvjv.exe114⤵PID:3064
-
\??\c:\7frrlff.exec:\7frrlff.exe115⤵PID:672
-
\??\c:\xrxfrrx.exec:\xrxfrrx.exe116⤵PID:3068
-
\??\c:\5hbbbt.exec:\5hbbbt.exe117⤵PID:768
-
\??\c:\dvdjd.exec:\dvdjd.exe118⤵PID:1984
-
\??\c:\jvvjp.exec:\jvvjp.exe119⤵PID:2940
-
\??\c:\pjpvj.exec:\pjpvj.exe120⤵PID:2848
-
\??\c:\xllfffl.exec:\xllfffl.exe121⤵PID:1752
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-