Analysis
-
max time kernel
151s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
25/04/2024, 02:14
Behavioral task
behavioral1
Sample
b44be7d586ec7609a58af960fcb696fd0741f96c53796d0079ed02a9d40db060.exe
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
General
-
Target
b44be7d586ec7609a58af960fcb696fd0741f96c53796d0079ed02a9d40db060.exe
-
Size
198KB
-
MD5
b1c62e6625ffced9194d70f6ccb471da
-
SHA1
474b3888910fc9c10cccf06dd3129b062c3c8ccf
-
SHA256
b44be7d586ec7609a58af960fcb696fd0741f96c53796d0079ed02a9d40db060
-
SHA512
950f04f3ceceb9745a882edc8c8f13e9abcd43b3fc33841eb7841d1d310b2625dce8e2020bfd7c5012b5b757aedf6f9aa32f4cf18852abe65132f27de03e2a99
-
SSDEEP
3072:xhOmTsF93UYfwC6GIout3WVi/8HCpi8rY9AABa1YRMxl1522cJ1uIt:xcm4FmowdHoS3WV28HCddWhRO1Lc9t
Malware Config
Signatures
-
Detect Blackmoon payload 61 IoCs
resource yara_rule behavioral2/memory/1476-5-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/836-9-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3980-14-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4180-17-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3956-23-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1344-29-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/5108-47-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4876-41-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4664-53-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4452-62-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/416-69-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2184-67-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4996-103-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3208-109-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3660-115-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1376-156-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1568-185-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3824-191-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3756-214-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3108-227-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2184-238-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4952-259-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/212-270-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2440-278-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4980-304-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3152-309-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4424-323-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2808-338-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1476-356-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1480-380-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3108-383-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2316-450-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2980-474-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4808-495-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4536-552-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1620-723-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4804-775-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3984-806-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1144-693-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2400-608-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/212-581-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3368-402-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4804-255-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/232-249-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3548-210-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4800-206-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4180-201-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2528-200-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3896-176-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/5092-170-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1432-158-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2400-148-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2456-145-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4216-132-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1752-126-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4644-123-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3128-97-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2776-91-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3992-85-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2224-82-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1016-35-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/1476-0-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x0008000000023252-3.dat UPX behavioral2/memory/1476-5-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x0008000000023255-8.dat UPX behavioral2/memory/836-9-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x0008000000023256-11.dat UPX behavioral2/memory/3980-14-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/4180-17-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x0007000000023258-21.dat UPX behavioral2/memory/3956-23-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x0007000000023259-27.dat UPX behavioral2/memory/1344-29-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x000700000002325a-31.dat UPX behavioral2/files/0x000700000002325b-39.dat UPX behavioral2/files/0x000700000002325c-43.dat UPX behavioral2/memory/5108-47-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/4876-41-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x000700000002325d-51.dat UPX behavioral2/memory/4664-53-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x000700000002325e-57.dat UPX behavioral2/memory/4452-62-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x0007000000023260-61.dat UPX behavioral2/files/0x0007000000023261-65.dat UPX behavioral2/memory/416-69-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/2184-67-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x0007000000023262-71.dat UPX behavioral2/files/0x0007000000023263-78.dat UPX behavioral2/files/0x0007000000023264-81.dat UPX behavioral2/files/0x0007000000023265-87.dat UPX behavioral2/files/0x0007000000023266-95.dat UPX behavioral2/files/0x0007000000023267-99.dat UPX behavioral2/memory/4996-103-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x0007000000023268-107.dat UPX behavioral2/memory/3208-109-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x0007000000023269-111.dat UPX behavioral2/memory/3660-115-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x000700000002326a-117.dat UPX behavioral2/files/0x000700000002326b-124.dat UPX behavioral2/files/0x000700000002326c-128.dat UPX behavioral2/files/0x000700000002326d-134.dat UPX behavioral2/files/0x000700000002326e-141.dat UPX behavioral2/files/0x000700000002326f-146.dat UPX behavioral2/files/0x0007000000023271-152.dat UPX behavioral2/files/0x0007000000023272-157.dat UPX behavioral2/memory/1376-156-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x000a000000016fa5-163.dat UPX behavioral2/files/0x0007000000023273-167.dat UPX behavioral2/files/0x0007000000023275-174.dat UPX behavioral2/files/0x0007000000023276-180.dat UPX behavioral2/memory/1568-185-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/3824-188-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/3824-191-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/3756-214-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/3108-227-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/2184-238-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/4952-256-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/4952-259-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/212-270-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/2440-278-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/4980-304-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/2012-294-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/3152-309-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/4424-323-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/2808-338-0x0000000000400000-0x0000000000436000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 836 jq2pf.exe 3980 14el19.exe 4180 6s51bb.exe 3956 ddtppdd.exe 1344 67ool.exe 1016 5646j2.exe 4876 t8pqe.exe 5108 01ldk5t.exe 4664 f0j21w.exe 4452 6m134.exe 2184 ivm12r.exe 416 9hn16.exe 4756 2h9p88.exe 2224 e5jh5o.exe 3992 n1f9q.exe 2776 46nbrjx.exe 3128 w2u381.exe 4996 m07useh.exe 3208 d9n11.exe 3660 j8aa99.exe 4644 p79dx.exe 1752 70sos4.exe 4216 is5m2.exe 2500 t04oit.exe 2456 0q42h.exe 2400 dmmk5.exe 1376 1lx33.exe 1432 lxf5l.exe 4284 n953329.exe 5092 27im5bn.exe 3896 urd83t.exe 1380 8o952ka.exe 1568 3alo8.exe 3824 sq8u7.exe 4464 n240884.exe 2464 k4nq9.exe 2528 2w9uf.exe 4180 tq6txa.exe 4800 jt1e7d.exe 3548 mh743i5.exe 3756 i2h05k5.exe 4000 26no3.exe 3492 t6h2ur3.exe 1956 lgwo5c.exe 3108 dqbo8.exe 1648 wodt3.exe 3564 dp802u4.exe 2184 74v2mba.exe 416 8q32l.exe 4536 hx2ir.exe 232 ndir1.exe 4268 wxg107.exe 4804 hn20i0.exe 4952 s74tc.exe 1100 clov8at.exe 3616 0l8u376.exe 2872 7wf9g36.exe 212 8g63l2g.exe 1584 p5x4lk.exe 2440 q53dmtc.exe 4916 i7ocak.exe 4992 979qrp.exe 3296 f5vg390.exe 4612 e690pp.exe -
resource yara_rule behavioral2/memory/1476-0-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0008000000023252-3.dat upx behavioral2/memory/1476-5-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0008000000023255-8.dat upx behavioral2/memory/836-9-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0008000000023256-11.dat upx behavioral2/memory/3980-14-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/4180-17-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023258-21.dat upx behavioral2/memory/3956-23-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023259-27.dat upx behavioral2/memory/1344-29-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x000700000002325a-31.dat upx behavioral2/files/0x000700000002325b-39.dat upx behavioral2/files/0x000700000002325c-43.dat upx behavioral2/memory/5108-47-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/4876-41-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x000700000002325d-51.dat upx behavioral2/memory/4664-53-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x000700000002325e-57.dat upx behavioral2/memory/4452-62-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023260-61.dat upx behavioral2/files/0x0007000000023261-65.dat upx behavioral2/memory/416-69-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/2184-67-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023262-71.dat upx behavioral2/files/0x0007000000023263-78.dat upx behavioral2/files/0x0007000000023264-81.dat upx behavioral2/files/0x0007000000023265-87.dat upx behavioral2/files/0x0007000000023266-95.dat upx behavioral2/files/0x0007000000023267-99.dat upx behavioral2/memory/4996-103-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023268-107.dat upx behavioral2/memory/3208-109-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023269-111.dat upx behavioral2/memory/3660-115-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x000700000002326a-117.dat upx behavioral2/files/0x000700000002326b-124.dat upx behavioral2/files/0x000700000002326c-128.dat upx behavioral2/files/0x000700000002326d-134.dat upx behavioral2/files/0x000700000002326e-141.dat upx behavioral2/files/0x000700000002326f-146.dat upx behavioral2/files/0x0007000000023271-152.dat upx behavioral2/files/0x0007000000023272-157.dat upx behavioral2/memory/1376-156-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x000a000000016fa5-163.dat upx behavioral2/files/0x0007000000023273-167.dat upx behavioral2/files/0x0007000000023275-174.dat upx behavioral2/files/0x0007000000023276-180.dat upx behavioral2/memory/1568-185-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/3824-188-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/3824-191-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/3756-214-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/3108-227-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/2184-238-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/4952-256-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/4952-259-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/212-270-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/2440-278-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/4980-304-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/2012-294-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/3152-309-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/4424-323-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/2808-338-0x0000000000400000-0x0000000000436000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1476 wrote to memory of 836 1476 b44be7d586ec7609a58af960fcb696fd0741f96c53796d0079ed02a9d40db060.exe 91 PID 1476 wrote to memory of 836 1476 b44be7d586ec7609a58af960fcb696fd0741f96c53796d0079ed02a9d40db060.exe 91 PID 1476 wrote to memory of 836 1476 b44be7d586ec7609a58af960fcb696fd0741f96c53796d0079ed02a9d40db060.exe 91 PID 836 wrote to memory of 3980 836 jq2pf.exe 92 PID 836 wrote to memory of 3980 836 jq2pf.exe 92 PID 836 wrote to memory of 3980 836 jq2pf.exe 92 PID 3980 wrote to memory of 4180 3980 14el19.exe 128 PID 3980 wrote to memory of 4180 3980 14el19.exe 128 PID 3980 wrote to memory of 4180 3980 14el19.exe 128 PID 4180 wrote to memory of 3956 4180 6s51bb.exe 271 PID 4180 wrote to memory of 3956 4180 6s51bb.exe 271 PID 4180 wrote to memory of 3956 4180 6s51bb.exe 271 PID 3956 wrote to memory of 1344 3956 ddtppdd.exe 398 PID 3956 wrote to memory of 1344 3956 ddtppdd.exe 398 PID 3956 wrote to memory of 1344 3956 ddtppdd.exe 398 PID 1344 wrote to memory of 1016 1344 67ool.exe 96 PID 1344 wrote to memory of 1016 1344 67ool.exe 96 PID 1344 wrote to memory of 1016 1344 67ool.exe 96 PID 1016 wrote to memory of 4876 1016 5646j2.exe 97 PID 1016 wrote to memory of 4876 1016 5646j2.exe 97 PID 1016 wrote to memory of 4876 1016 5646j2.exe 97 PID 4876 wrote to memory of 5108 4876 t8pqe.exe 322 PID 4876 wrote to memory of 5108 4876 t8pqe.exe 322 PID 4876 wrote to memory of 5108 4876 t8pqe.exe 322 PID 5108 wrote to memory of 4664 5108 01ldk5t.exe 99 PID 5108 wrote to memory of 4664 5108 01ldk5t.exe 99 PID 5108 wrote to memory of 4664 5108 01ldk5t.exe 99 PID 4664 wrote to memory of 4452 4664 f0j21w.exe 100 PID 4664 wrote to memory of 4452 4664 f0j21w.exe 100 PID 4664 wrote to memory of 4452 4664 f0j21w.exe 100 PID 4452 wrote to memory of 2184 4452 6m134.exe 138 PID 4452 wrote to memory of 2184 4452 6m134.exe 138 PID 4452 wrote to memory of 2184 4452 6m134.exe 138 PID 2184 wrote to memory of 416 2184 ivm12r.exe 102 PID 2184 wrote to memory of 416 2184 ivm12r.exe 102 PID 2184 wrote to memory of 416 2184 ivm12r.exe 102 PID 416 wrote to memory of 4756 416 9hn16.exe 103 PID 416 wrote to memory of 4756 416 9hn16.exe 103 PID 416 wrote to memory of 4756 416 9hn16.exe 103 PID 4756 wrote to memory of 2224 4756 2h9p88.exe 190 PID 4756 wrote to memory of 2224 4756 2h9p88.exe 190 PID 4756 wrote to memory of 2224 4756 2h9p88.exe 190 PID 2224 wrote to memory of 3992 2224 e5jh5o.exe 105 PID 2224 wrote to memory of 3992 2224 e5jh5o.exe 105 PID 2224 wrote to memory of 3992 2224 e5jh5o.exe 105 PID 3992 wrote to memory of 2776 3992 n1f9q.exe 106 PID 3992 wrote to memory of 2776 3992 n1f9q.exe 106 PID 3992 wrote to memory of 2776 3992 n1f9q.exe 106 PID 2776 wrote to memory of 3128 2776 46nbrjx.exe 107 PID 2776 wrote to memory of 3128 2776 46nbrjx.exe 107 PID 2776 wrote to memory of 3128 2776 46nbrjx.exe 107 PID 3128 wrote to memory of 4996 3128 w2u381.exe 108 PID 3128 wrote to memory of 4996 3128 w2u381.exe 108 PID 3128 wrote to memory of 4996 3128 w2u381.exe 108 PID 4996 wrote to memory of 3208 4996 m07useh.exe 109 PID 4996 wrote to memory of 3208 4996 m07useh.exe 109 PID 4996 wrote to memory of 3208 4996 m07useh.exe 109 PID 3208 wrote to memory of 3660 3208 d9n11.exe 197 PID 3208 wrote to memory of 3660 3208 d9n11.exe 197 PID 3208 wrote to memory of 3660 3208 d9n11.exe 197 PID 3660 wrote to memory of 4644 3660 j8aa99.exe 111 PID 3660 wrote to memory of 4644 3660 j8aa99.exe 111 PID 3660 wrote to memory of 4644 3660 j8aa99.exe 111 PID 4644 wrote to memory of 1752 4644 p79dx.exe 112
Processes
-
C:\Users\Admin\AppData\Local\Temp\b44be7d586ec7609a58af960fcb696fd0741f96c53796d0079ed02a9d40db060.exe"C:\Users\Admin\AppData\Local\Temp\b44be7d586ec7609a58af960fcb696fd0741f96c53796d0079ed02a9d40db060.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1476 -
\??\c:\jq2pf.exec:\jq2pf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:836 -
\??\c:\14el19.exec:\14el19.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3980 -
\??\c:\6s51bb.exec:\6s51bb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4180 -
\??\c:\ddtppdd.exec:\ddtppdd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3956 -
\??\c:\67ool.exec:\67ool.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1344 -
\??\c:\5646j2.exec:\5646j2.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1016 -
\??\c:\t8pqe.exec:\t8pqe.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4876 -
\??\c:\01ldk5t.exec:\01ldk5t.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5108 -
\??\c:\f0j21w.exec:\f0j21w.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4664 -
\??\c:\6m134.exec:\6m134.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4452 -
\??\c:\ivm12r.exec:\ivm12r.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2184 -
\??\c:\9hn16.exec:\9hn16.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:416 -
\??\c:\2h9p88.exec:\2h9p88.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4756 -
\??\c:\e5jh5o.exec:\e5jh5o.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2224 -
\??\c:\n1f9q.exec:\n1f9q.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3992 -
\??\c:\46nbrjx.exec:\46nbrjx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2776 -
\??\c:\w2u381.exec:\w2u381.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3128 -
\??\c:\m07useh.exec:\m07useh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4996 -
\??\c:\d9n11.exec:\d9n11.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3208 -
\??\c:\j8aa99.exec:\j8aa99.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3660 -
\??\c:\p79dx.exec:\p79dx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4644 -
\??\c:\70sos4.exec:\70sos4.exe23⤵
- Executes dropped EXE
PID:1752 -
\??\c:\is5m2.exec:\is5m2.exe24⤵
- Executes dropped EXE
PID:4216 -
\??\c:\t04oit.exec:\t04oit.exe25⤵
- Executes dropped EXE
PID:2500 -
\??\c:\0q42h.exec:\0q42h.exe26⤵
- Executes dropped EXE
PID:2456 -
\??\c:\dmmk5.exec:\dmmk5.exe27⤵
- Executes dropped EXE
PID:2400 -
\??\c:\1lx33.exec:\1lx33.exe28⤵
- Executes dropped EXE
PID:1376 -
\??\c:\lxf5l.exec:\lxf5l.exe29⤵
- Executes dropped EXE
PID:1432 -
\??\c:\n953329.exec:\n953329.exe30⤵
- Executes dropped EXE
PID:4284 -
\??\c:\27im5bn.exec:\27im5bn.exe31⤵
- Executes dropped EXE
PID:5092 -
\??\c:\urd83t.exec:\urd83t.exe32⤵
- Executes dropped EXE
PID:3896 -
\??\c:\8o952ka.exec:\8o952ka.exe33⤵
- Executes dropped EXE
PID:1380 -
\??\c:\3alo8.exec:\3alo8.exe34⤵
- Executes dropped EXE
PID:1568 -
\??\c:\sq8u7.exec:\sq8u7.exe35⤵
- Executes dropped EXE
PID:3824 -
\??\c:\n240884.exec:\n240884.exe36⤵
- Executes dropped EXE
PID:4464 -
\??\c:\k4nq9.exec:\k4nq9.exe37⤵
- Executes dropped EXE
PID:2464 -
\??\c:\2w9uf.exec:\2w9uf.exe38⤵
- Executes dropped EXE
PID:2528 -
\??\c:\tq6txa.exec:\tq6txa.exe39⤵
- Executes dropped EXE
PID:4180 -
\??\c:\jt1e7d.exec:\jt1e7d.exe40⤵
- Executes dropped EXE
PID:4800 -
\??\c:\mh743i5.exec:\mh743i5.exe41⤵
- Executes dropped EXE
PID:3548 -
\??\c:\i2h05k5.exec:\i2h05k5.exe42⤵
- Executes dropped EXE
PID:3756 -
\??\c:\26no3.exec:\26no3.exe43⤵
- Executes dropped EXE
PID:4000 -
\??\c:\t6h2ur3.exec:\t6h2ur3.exe44⤵
- Executes dropped EXE
PID:3492 -
\??\c:\lgwo5c.exec:\lgwo5c.exe45⤵
- Executes dropped EXE
PID:1956 -
\??\c:\dqbo8.exec:\dqbo8.exe46⤵
- Executes dropped EXE
PID:3108 -
\??\c:\wodt3.exec:\wodt3.exe47⤵
- Executes dropped EXE
PID:1648 -
\??\c:\dp802u4.exec:\dp802u4.exe48⤵
- Executes dropped EXE
PID:3564 -
\??\c:\74v2mba.exec:\74v2mba.exe49⤵
- Executes dropped EXE
PID:2184 -
\??\c:\8q32l.exec:\8q32l.exe50⤵
- Executes dropped EXE
PID:416 -
\??\c:\hx2ir.exec:\hx2ir.exe51⤵
- Executes dropped EXE
PID:4536 -
\??\c:\ndir1.exec:\ndir1.exe52⤵
- Executes dropped EXE
PID:232 -
\??\c:\wxg107.exec:\wxg107.exe53⤵
- Executes dropped EXE
PID:4268 -
\??\c:\hn20i0.exec:\hn20i0.exe54⤵
- Executes dropped EXE
PID:4804 -
\??\c:\s74tc.exec:\s74tc.exe55⤵
- Executes dropped EXE
PID:4952 -
\??\c:\clov8at.exec:\clov8at.exe56⤵
- Executes dropped EXE
PID:1100 -
\??\c:\0l8u376.exec:\0l8u376.exe57⤵
- Executes dropped EXE
PID:3616 -
\??\c:\7wf9g36.exec:\7wf9g36.exe58⤵
- Executes dropped EXE
PID:2872 -
\??\c:\8g63l2g.exec:\8g63l2g.exe59⤵
- Executes dropped EXE
PID:212 -
\??\c:\p5x4lk.exec:\p5x4lk.exe60⤵
- Executes dropped EXE
PID:1584 -
\??\c:\q53dmtc.exec:\q53dmtc.exe61⤵
- Executes dropped EXE
PID:2440 -
\??\c:\i7ocak.exec:\i7ocak.exe62⤵
- Executes dropped EXE
PID:4916 -
\??\c:\979qrp.exec:\979qrp.exe63⤵
- Executes dropped EXE
PID:4992 -
\??\c:\f5vg390.exec:\f5vg390.exe64⤵
- Executes dropped EXE
PID:3296 -
\??\c:\e690pp.exec:\e690pp.exe65⤵
- Executes dropped EXE
PID:4612 -
\??\c:\j5io19f.exec:\j5io19f.exe66⤵PID:2500
-
\??\c:\0n12x2.exec:\0n12x2.exe67⤵PID:2012
-
\??\c:\nl39l.exec:\nl39l.exe68⤵PID:4328
-
\??\c:\wox16.exec:\wox16.exe69⤵PID:4980
-
\??\c:\eq19tb2.exec:\eq19tb2.exe70⤵PID:3152
-
\??\c:\c00c2e.exec:\c00c2e.exe71⤵PID:2352
-
\??\c:\i6x009.exec:\i6x009.exe72⤵PID:1464
-
\??\c:\ko11en.exec:\ko11en.exe73⤵PID:4436
-
\??\c:\dknis.exec:\dknis.exe74⤵PID:2980
-
\??\c:\1q6w719.exec:\1q6w719.exe75⤵PID:4424
-
\??\c:\w3c15.exec:\w3c15.exe76⤵PID:4332
-
\??\c:\d50lr.exec:\d50lr.exe77⤵PID:1692
-
\??\c:\9h6o8.exec:\9h6o8.exe78⤵PID:4700
-
\??\c:\1t6062x.exec:\1t6062x.exe79⤵PID:2808
-
\??\c:\t0u5fgq.exec:\t0u5fgq.exe80⤵PID:4864
-
\??\c:\1xgk3.exec:\1xgk3.exe81⤵PID:948
-
\??\c:\4co095v.exec:\4co095v.exe82⤵PID:1704
-
\??\c:\vqve8.exec:\vqve8.exe83⤵PID:1548
-
\??\c:\n5olb5.exec:\n5olb5.exe84⤵PID:4464
-
\??\c:\1xu8d5.exec:\1xu8d5.exe85⤵PID:1476
-
\??\c:\i3a16u.exec:\i3a16u.exe86⤵PID:2528
-
\??\c:\r9k98o.exec:\r9k98o.exe87⤵PID:4560
-
\??\c:\v4r4cv7.exec:\v4r4cv7.exe88⤵PID:1052
-
\??\c:\3lp0k96.exec:\3lp0k96.exe89⤵PID:3984
-
\??\c:\t9103.exec:\t9103.exe90⤵PID:3812
-
\??\c:\fp62n.exec:\fp62n.exe91⤵PID:5108
-
\??\c:\09f9smu.exec:\09f9smu.exe92⤵PID:1480
-
\??\c:\q6r2la.exec:\q6r2la.exe93⤵PID:3848
-
\??\c:\nnrus.exec:\nnrus.exe94⤵PID:3108
-
\??\c:\n2cof.exec:\n2cof.exe95⤵PID:3720
-
\??\c:\41q17.exec:\41q17.exe96⤵PID:412
-
\??\c:\5962482.exec:\5962482.exe97⤵PID:4608
-
\??\c:\5t7f7.exec:\5t7f7.exe98⤵PID:4756
-
\??\c:\0d8679.exec:\0d8679.exe99⤵PID:3368
-
\??\c:\5cm2q.exec:\5cm2q.exe100⤵PID:848
-
\??\c:\07k7r.exec:\07k7r.exe101⤵PID:2224
-
\??\c:\o067rl.exec:\o067rl.exe102⤵PID:4396
-
\??\c:\38g98.exec:\38g98.exe103⤵PID:4376
-
\??\c:\lj9gur6.exec:\lj9gur6.exe104⤵PID:4136
-
\??\c:\14r90dg.exec:\14r90dg.exe105⤵PID:1104
-
\??\c:\507ib.exec:\507ib.exe106⤵PID:1060
-
\??\c:\r98r19.exec:\r98r19.exe107⤵PID:4456
-
\??\c:\7wi7s.exec:\7wi7s.exe108⤵PID:3660
-
\??\c:\6aben8.exec:\6aben8.exe109⤵PID:2988
-
\??\c:\huct43.exec:\huct43.exe110⤵PID:2776
-
\??\c:\kl14v7p.exec:\kl14v7p.exe111⤵PID:2060
-
\??\c:\kxka4.exec:\kxka4.exe112⤵PID:4992
-
\??\c:\0hn09mq.exec:\0hn09mq.exe113⤵PID:3296
-
\??\c:\8s99t0.exec:\8s99t0.exe114⤵PID:4612
-
\??\c:\8h8tiaj.exec:\8h8tiaj.exe115⤵PID:2316
-
\??\c:\h47x2.exec:\h47x2.exe116⤵PID:4916
-
\??\c:\5nv2464.exec:\5nv2464.exe117⤵PID:1288
-
\??\c:\42ec00i.exec:\42ec00i.exe118⤵PID:524
-
\??\c:\57f41.exec:\57f41.exe119⤵PID:3152
-
\??\c:\q25c1k.exec:\q25c1k.exe120⤵PID:4404
-
\??\c:\a1w314.exec:\a1w314.exe121⤵PID:216
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-