Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
30-04-2024 23:39
Behavioral task
behavioral1
Sample
754d4bfc3aa8ae635116dc21a6968e24395663e2d8be2faf99691262b002e342.exe
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
General
-
Target
754d4bfc3aa8ae635116dc21a6968e24395663e2d8be2faf99691262b002e342.exe
-
Size
78KB
-
MD5
51e1e818b3bfd345189bae84325c9146
-
SHA1
f75fa626d5c649bb78df59a1ea22e68981de4c9c
-
SHA256
754d4bfc3aa8ae635116dc21a6968e24395663e2d8be2faf99691262b002e342
-
SHA512
f2c53c0516e9c9eb88150b4edc49e36edc6bc248911714a8e99a2340cc194bb686e1507596b2f1f9a6d1e858223c37beb5912092ec28b06ac857702105defaa8
-
SSDEEP
1536:zvQBeOGtrYS3srx93UBWfwC6Ggnouy8iT4+C2HVM1p6TV1:zhOmTsF93UYfwC6GIoutiTU2HVS6D
Malware Config
Signatures
-
Detect Blackmoon payload 51 IoCs
resource yara_rule behavioral1/memory/1676-6-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1948-15-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2344-19-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1788-32-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2620-35-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2580-49-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2280-58-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2460-65-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2496-88-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2784-105-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2936-112-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1032-125-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1812-134-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1412-149-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/2600-193-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1528-208-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1084-216-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1028-231-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1608-239-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2404-247-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2264-255-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2220-261-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1720-284-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1948-295-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2668-343-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2960-366-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2800-382-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2844-389-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2828-388-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2936-400-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/2936-401-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1412-427-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2656-438-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2116-457-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/2116-456-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1944-466-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2752-729-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/420-751-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/2324-827-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1956-848-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1676-1077-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/3020-1085-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/2648-1111-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/2184-7228-0x0000000076FB0000-0x00000000770AA000-memory.dmp family_blackmoon behavioral1/memory/2184-7227-0x00000000770B0000-0x00000000771CF000-memory.dmp family_blackmoon behavioral1/memory/2184-8838-0x00000000770B0000-0x00000000771CF000-memory.dmp family_blackmoon behavioral1/memory/2184-14797-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/2184-21961-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/2184-21959-0x00000000770B0000-0x00000000771CF000-memory.dmp family_blackmoon behavioral1/memory/2184-27151-0x00000000770B0000-0x00000000771CF000-memory.dmp family_blackmoon behavioral1/memory/2184-28597-0x00000000770B0000-0x00000000771CF000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral1/memory/1676-0-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1676-6-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x000d000000012327-5.dat UPX behavioral1/memory/1948-8-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1948-15-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0031000000014230-16.dat UPX behavioral1/memory/2344-19-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x00080000000143b6-24.dat UPX behavioral1/files/0x00070000000143fd-31.dat UPX behavioral1/memory/1788-32-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2620-35-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0007000000014454-40.dat UPX behavioral1/memory/2580-41-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x00070000000144e4-48.dat UPX behavioral1/memory/2580-49-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2280-50-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x00070000000144f0-57.dat UPX behavioral1/memory/2280-58-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x000900000001459f-66.dat UPX behavioral1/memory/2460-65-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0008000000014f71-73.dat UPX behavioral1/files/0x0006000000015653-80.dat UPX behavioral1/files/0x0006000000015659-87.dat UPX behavioral1/memory/2496-88-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0006000000015661-95.dat UPX behavioral1/files/0x000600000001566b-103.dat UPX behavioral1/memory/2784-105-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x000600000001567f-111.dat UPX behavioral1/memory/2936-112-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x000600000001568c-118.dat UPX behavioral1/memory/1032-125-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0006000000015be6-126.dat UPX behavioral1/files/0x0006000000015ca6-133.dat UPX behavioral1/memory/1812-134-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0006000000015cba-141.dat UPX behavioral1/files/0x0006000000015cd5-150.dat UPX behavioral1/files/0x0006000000015ce1-158.dat UPX behavioral1/files/0x0006000000015ceb-165.dat UPX behavioral1/files/0x0006000000015d07-172.dat UPX behavioral1/files/0x0006000000015d28-178.dat UPX behavioral1/files/0x0006000000015d4a-186.dat UPX behavioral1/files/0x0006000000015d56-194.dat UPX behavioral1/memory/2600-193-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0006000000015d5e-201.dat UPX behavioral1/memory/1528-208-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x003100000001424e-209.dat UPX behavioral1/memory/1084-216-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0006000000015d67-217.dat UPX behavioral1/files/0x0006000000015d6f-224.dat UPX behavioral1/files/0x0006000000015d79-232.dat UPX behavioral1/memory/1028-231-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1608-239-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0006000000015d87-240.dat UPX behavioral1/memory/2404-247-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0006000000015d8f-248.dat UPX behavioral1/memory/2264-255-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2220-261-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/880-272-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1720-284-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1948-289-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1948-295-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2912-301-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2668-343-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2536-349-0x0000000000400000-0x0000000000427000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 1948 82840.exe 2344 64660.exe 1788 u282606.exe 2620 602222.exe 2580 rlfflrx.exe 2280 s6866.exe 2460 006282.exe 2560 a0244.exe 2428 064624.exe 2496 nbntbb.exe 1972 bnbnnt.exe 1488 022626.exe 2784 006848.exe 2936 64600.exe 1032 606826.exe 1812 hbnntn.exe 1784 0602062.exe 1412 6284008.exe 2720 ffrrffr.exe 2772 lfxrxrx.exe 1264 9thntn.exe 1068 80624.exe 2084 pjpjv.exe 2600 208288.exe 1836 820684.exe 1528 e04466.exe 1084 4244444.exe 2024 4206224.exe 1028 rflrlrr.exe 1608 424000.exe 2404 9jpdv.exe 2264 400620.exe 2220 m6484.exe 1672 o222660.exe 2028 6028028.exe 880 208466.exe 2704 w20222.exe 1720 bnbhtn.exe 1948 k42846.exe 2344 jvdpj.exe 2912 0422444.exe 1060 606282.exe 2572 xrffllr.exe 2640 3dpdj.exe 2872 u422884.exe 2556 vjjjp.exe 2684 pjvdv.exe 2448 hnbbbt.exe 2668 64262.exe 2536 2468446.exe 2664 8682828.exe 2960 i860040.exe 2496 282882.exe 2796 bntnnh.exe 2800 xlffxrx.exe 2828 nhnbbn.exe 2844 tntthh.exe 2936 6462226.exe 1696 nhbhtb.exe 1656 vppvj.exe 2732 rflrffr.exe 1424 thntbb.exe 1412 64668.exe 360 6800044.exe -
resource yara_rule behavioral1/memory/1676-0-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1676-6-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x000d000000012327-5.dat upx behavioral1/memory/1948-8-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1948-15-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0031000000014230-16.dat upx behavioral1/memory/2344-19-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x00080000000143b6-24.dat upx behavioral1/files/0x00070000000143fd-31.dat upx behavioral1/memory/1788-32-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2620-35-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0007000000014454-40.dat upx behavioral1/memory/2580-41-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x00070000000144e4-48.dat upx behavioral1/memory/2580-49-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2280-50-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x00070000000144f0-57.dat upx behavioral1/memory/2280-58-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x000900000001459f-66.dat upx behavioral1/memory/2460-65-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0008000000014f71-73.dat upx behavioral1/files/0x0006000000015653-80.dat upx behavioral1/files/0x0006000000015659-87.dat upx behavioral1/memory/2496-88-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015661-95.dat upx behavioral1/files/0x000600000001566b-103.dat upx behavioral1/memory/2784-105-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x000600000001567f-111.dat upx behavioral1/memory/2936-112-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x000600000001568c-118.dat upx behavioral1/memory/1032-125-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015be6-126.dat upx behavioral1/files/0x0006000000015ca6-133.dat upx behavioral1/memory/1812-134-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015cba-141.dat upx behavioral1/files/0x0006000000015cd5-150.dat upx behavioral1/files/0x0006000000015ce1-158.dat upx behavioral1/files/0x0006000000015ceb-165.dat upx behavioral1/files/0x0006000000015d07-172.dat upx behavioral1/files/0x0006000000015d28-178.dat upx behavioral1/files/0x0006000000015d4a-186.dat upx behavioral1/files/0x0006000000015d56-194.dat upx behavioral1/memory/2600-193-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015d5e-201.dat upx behavioral1/memory/1528-208-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x003100000001424e-209.dat upx behavioral1/memory/1084-216-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015d67-217.dat upx behavioral1/files/0x0006000000015d6f-224.dat upx behavioral1/files/0x0006000000015d79-232.dat upx behavioral1/memory/1028-231-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1608-239-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015d87-240.dat upx behavioral1/memory/2404-247-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015d8f-248.dat upx behavioral1/memory/2264-255-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2220-261-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/880-272-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1720-284-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1948-289-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1948-295-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2912-301-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2668-343-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2536-349-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1676 wrote to memory of 1948 1676 754d4bfc3aa8ae635116dc21a6968e24395663e2d8be2faf99691262b002e342.exe 28 PID 1676 wrote to memory of 1948 1676 754d4bfc3aa8ae635116dc21a6968e24395663e2d8be2faf99691262b002e342.exe 28 PID 1676 wrote to memory of 1948 1676 754d4bfc3aa8ae635116dc21a6968e24395663e2d8be2faf99691262b002e342.exe 28 PID 1676 wrote to memory of 1948 1676 754d4bfc3aa8ae635116dc21a6968e24395663e2d8be2faf99691262b002e342.exe 28 PID 1948 wrote to memory of 2344 1948 82840.exe 29 PID 1948 wrote to memory of 2344 1948 82840.exe 29 PID 1948 wrote to memory of 2344 1948 82840.exe 29 PID 1948 wrote to memory of 2344 1948 82840.exe 29 PID 2344 wrote to memory of 1788 2344 64660.exe 30 PID 2344 wrote to memory of 1788 2344 64660.exe 30 PID 2344 wrote to memory of 1788 2344 64660.exe 30 PID 2344 wrote to memory of 1788 2344 64660.exe 30 PID 1788 wrote to memory of 2620 1788 u282606.exe 31 PID 1788 wrote to memory of 2620 1788 u282606.exe 31 PID 1788 wrote to memory of 2620 1788 u282606.exe 31 PID 1788 wrote to memory of 2620 1788 u282606.exe 31 PID 2620 wrote to memory of 2580 2620 602222.exe 32 PID 2620 wrote to memory of 2580 2620 602222.exe 32 PID 2620 wrote to memory of 2580 2620 602222.exe 32 PID 2620 wrote to memory of 2580 2620 602222.exe 32 PID 2580 wrote to memory of 2280 2580 rlfflrx.exe 33 PID 2580 wrote to memory of 2280 2580 rlfflrx.exe 33 PID 2580 wrote to memory of 2280 2580 rlfflrx.exe 33 PID 2580 wrote to memory of 2280 2580 rlfflrx.exe 33 PID 2280 wrote to memory of 2460 2280 s6866.exe 34 PID 2280 wrote to memory of 2460 2280 s6866.exe 34 PID 2280 wrote to memory of 2460 2280 s6866.exe 34 PID 2280 wrote to memory of 2460 2280 s6866.exe 34 PID 2460 wrote to memory of 2560 2460 006282.exe 35 PID 2460 wrote to memory of 2560 2460 006282.exe 35 PID 2460 wrote to memory of 2560 2460 006282.exe 35 PID 2460 wrote to memory of 2560 2460 006282.exe 35 PID 2560 wrote to memory of 2428 2560 a0244.exe 36 PID 2560 wrote to memory of 2428 2560 a0244.exe 36 PID 2560 wrote to memory of 2428 2560 a0244.exe 36 PID 2560 wrote to memory of 2428 2560 a0244.exe 36 PID 2428 wrote to memory of 2496 2428 064624.exe 37 PID 2428 wrote to memory of 2496 2428 064624.exe 37 PID 2428 wrote to memory of 2496 2428 064624.exe 37 PID 2428 wrote to memory of 2496 2428 064624.exe 37 PID 2496 wrote to memory of 1972 2496 nbntbb.exe 38 PID 2496 wrote to memory of 1972 2496 nbntbb.exe 38 PID 2496 wrote to memory of 1972 2496 nbntbb.exe 38 PID 2496 wrote to memory of 1972 2496 nbntbb.exe 38 PID 1972 wrote to memory of 1488 1972 bnbnnt.exe 39 PID 1972 wrote to memory of 1488 1972 bnbnnt.exe 39 PID 1972 wrote to memory of 1488 1972 bnbnnt.exe 39 PID 1972 wrote to memory of 1488 1972 bnbnnt.exe 39 PID 1488 wrote to memory of 2784 1488 022626.exe 40 PID 1488 wrote to memory of 2784 1488 022626.exe 40 PID 1488 wrote to memory of 2784 1488 022626.exe 40 PID 1488 wrote to memory of 2784 1488 022626.exe 40 PID 2784 wrote to memory of 2936 2784 006848.exe 41 PID 2784 wrote to memory of 2936 2784 006848.exe 41 PID 2784 wrote to memory of 2936 2784 006848.exe 41 PID 2784 wrote to memory of 2936 2784 006848.exe 41 PID 2936 wrote to memory of 1032 2936 64600.exe 42 PID 2936 wrote to memory of 1032 2936 64600.exe 42 PID 2936 wrote to memory of 1032 2936 64600.exe 42 PID 2936 wrote to memory of 1032 2936 64600.exe 42 PID 1032 wrote to memory of 1812 1032 606826.exe 43 PID 1032 wrote to memory of 1812 1032 606826.exe 43 PID 1032 wrote to memory of 1812 1032 606826.exe 43 PID 1032 wrote to memory of 1812 1032 606826.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\754d4bfc3aa8ae635116dc21a6968e24395663e2d8be2faf99691262b002e342.exe"C:\Users\Admin\AppData\Local\Temp\754d4bfc3aa8ae635116dc21a6968e24395663e2d8be2faf99691262b002e342.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1676 -
\??\c:\82840.exec:\82840.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1948 -
\??\c:\64660.exec:\64660.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2344 -
\??\c:\u282606.exec:\u282606.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1788 -
\??\c:\602222.exec:\602222.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2620 -
\??\c:\rlfflrx.exec:\rlfflrx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2580 -
\??\c:\s6866.exec:\s6866.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2280 -
\??\c:\006282.exec:\006282.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2460 -
\??\c:\a0244.exec:\a0244.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2560 -
\??\c:\064624.exec:\064624.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2428 -
\??\c:\nbntbb.exec:\nbntbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2496 -
\??\c:\bnbnnt.exec:\bnbnnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1972 -
\??\c:\022626.exec:\022626.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1488 -
\??\c:\006848.exec:\006848.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2784 -
\??\c:\64600.exec:\64600.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2936 -
\??\c:\606826.exec:\606826.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1032 -
\??\c:\hbnntn.exec:\hbnntn.exe17⤵
- Executes dropped EXE
PID:1812 -
\??\c:\0602062.exec:\0602062.exe18⤵
- Executes dropped EXE
PID:1784 -
\??\c:\6284008.exec:\6284008.exe19⤵
- Executes dropped EXE
PID:1412 -
\??\c:\ffrrffr.exec:\ffrrffr.exe20⤵
- Executes dropped EXE
PID:2720 -
\??\c:\lfxrxrx.exec:\lfxrxrx.exe21⤵
- Executes dropped EXE
PID:2772 -
\??\c:\9thntn.exec:\9thntn.exe22⤵
- Executes dropped EXE
PID:1264 -
\??\c:\80624.exec:\80624.exe23⤵
- Executes dropped EXE
PID:1068 -
\??\c:\pjpjv.exec:\pjpjv.exe24⤵
- Executes dropped EXE
PID:2084 -
\??\c:\208288.exec:\208288.exe25⤵
- Executes dropped EXE
PID:2600 -
\??\c:\820684.exec:\820684.exe26⤵
- Executes dropped EXE
PID:1836 -
\??\c:\e04466.exec:\e04466.exe27⤵
- Executes dropped EXE
PID:1528 -
\??\c:\4244444.exec:\4244444.exe28⤵
- Executes dropped EXE
PID:1084 -
\??\c:\4206224.exec:\4206224.exe29⤵
- Executes dropped EXE
PID:2024 -
\??\c:\rflrlrr.exec:\rflrlrr.exe30⤵
- Executes dropped EXE
PID:1028 -
\??\c:\424000.exec:\424000.exe31⤵
- Executes dropped EXE
PID:1608 -
\??\c:\9jpdv.exec:\9jpdv.exe32⤵
- Executes dropped EXE
PID:2404 -
\??\c:\400620.exec:\400620.exe33⤵
- Executes dropped EXE
PID:2264 -
\??\c:\m6484.exec:\m6484.exe34⤵
- Executes dropped EXE
PID:2220 -
\??\c:\o222660.exec:\o222660.exe35⤵
- Executes dropped EXE
PID:1672 -
\??\c:\6028028.exec:\6028028.exe36⤵
- Executes dropped EXE
PID:2028 -
\??\c:\208466.exec:\208466.exe37⤵
- Executes dropped EXE
PID:880 -
\??\c:\w20222.exec:\w20222.exe38⤵
- Executes dropped EXE
PID:2704 -
\??\c:\bnbhtn.exec:\bnbhtn.exe39⤵
- Executes dropped EXE
PID:1720 -
\??\c:\k42846.exec:\k42846.exe40⤵
- Executes dropped EXE
PID:1948 -
\??\c:\jvdpj.exec:\jvdpj.exe41⤵
- Executes dropped EXE
PID:2344 -
\??\c:\0422444.exec:\0422444.exe42⤵
- Executes dropped EXE
PID:2912 -
\??\c:\606282.exec:\606282.exe43⤵
- Executes dropped EXE
PID:1060 -
\??\c:\xrffllr.exec:\xrffllr.exe44⤵
- Executes dropped EXE
PID:2572 -
\??\c:\3dpdj.exec:\3dpdj.exe45⤵
- Executes dropped EXE
PID:2640 -
\??\c:\u422884.exec:\u422884.exe46⤵
- Executes dropped EXE
PID:2872 -
\??\c:\vjjjp.exec:\vjjjp.exe47⤵
- Executes dropped EXE
PID:2556 -
\??\c:\pjvdv.exec:\pjvdv.exe48⤵
- Executes dropped EXE
PID:2684 -
\??\c:\hnbbbt.exec:\hnbbbt.exe49⤵
- Executes dropped EXE
PID:2448 -
\??\c:\64262.exec:\64262.exe50⤵
- Executes dropped EXE
PID:2668 -
\??\c:\2468446.exec:\2468446.exe51⤵
- Executes dropped EXE
PID:2536 -
\??\c:\8682828.exec:\8682828.exe52⤵
- Executes dropped EXE
PID:2664 -
\??\c:\i860040.exec:\i860040.exe53⤵
- Executes dropped EXE
PID:2960 -
\??\c:\282882.exec:\282882.exe54⤵
- Executes dropped EXE
PID:2496 -
\??\c:\bntnnh.exec:\bntnnh.exe55⤵
- Executes dropped EXE
PID:2796 -
\??\c:\xlffxrx.exec:\xlffxrx.exe56⤵
- Executes dropped EXE
PID:2800 -
\??\c:\nhnbbn.exec:\nhnbbn.exe57⤵
- Executes dropped EXE
PID:2828 -
\??\c:\tntthh.exec:\tntthh.exe58⤵
- Executes dropped EXE
PID:2844 -
\??\c:\6462226.exec:\6462226.exe59⤵
- Executes dropped EXE
PID:2936 -
\??\c:\nhbhtb.exec:\nhbhtb.exe60⤵
- Executes dropped EXE
PID:1696 -
\??\c:\vppvj.exec:\vppvj.exe61⤵
- Executes dropped EXE
PID:1656 -
\??\c:\rflrffr.exec:\rflrffr.exe62⤵
- Executes dropped EXE
PID:2732 -
\??\c:\thntbb.exec:\thntbb.exe63⤵
- Executes dropped EXE
PID:1424 -
\??\c:\64668.exec:\64668.exe64⤵
- Executes dropped EXE
PID:1412 -
\??\c:\6800044.exec:\6800044.exe65⤵
- Executes dropped EXE
PID:360 -
\??\c:\frflrrx.exec:\frflrrx.exe66⤵PID:2656
-
\??\c:\02880.exec:\02880.exe67⤵PID:2772
-
\??\c:\s2802.exec:\s2802.exe68⤵PID:1228
-
\??\c:\468242.exec:\468242.exe69⤵PID:2248
-
\??\c:\3pjjp.exec:\3pjjp.exe70⤵PID:2116
-
\??\c:\s8880.exec:\s8880.exe71⤵PID:2300
-
\??\c:\7pjpp.exec:\7pjpp.exe72⤵PID:1944
-
\??\c:\g6840.exec:\g6840.exe73⤵PID:1936
-
\??\c:\thtbnh.exec:\thtbnh.exe74⤵PID:420
-
\??\c:\4622228.exec:\4622228.exe75⤵PID:2052
-
\??\c:\7rfllfr.exec:\7rfllfr.exe76⤵PID:1540
-
\??\c:\244448.exec:\244448.exe77⤵PID:1320
-
\??\c:\frxflff.exec:\frxflff.exe78⤵PID:1856
-
\??\c:\htbbtn.exec:\htbbtn.exe79⤵PID:948
-
\??\c:\8424404.exec:\8424404.exe80⤵PID:1012
-
\??\c:\0646044.exec:\0646044.exe81⤵PID:2128
-
\??\c:\4686846.exec:\4686846.exe82⤵PID:2896
-
\??\c:\4622828.exec:\4622828.exe83⤵PID:2156
-
\??\c:\2024606.exec:\2024606.exe84⤵PID:2220
-
\??\c:\1djdj.exec:\1djdj.exe85⤵PID:2256
-
\??\c:\bhnthn.exec:\bhnthn.exe86⤵PID:2908
-
\??\c:\g6824.exec:\g6824.exe87⤵PID:2192
-
\??\c:\1pppd.exec:\1pppd.exe88⤵PID:3020
-
\??\c:\7tbttn.exec:\7tbttn.exe89⤵PID:2324
-
\??\c:\646688.exec:\646688.exe90⤵PID:1592
-
\??\c:\024848.exec:\024848.exe91⤵PID:1704
-
\??\c:\q48284.exec:\q48284.exe92⤵PID:2712
-
\??\c:\xflllfx.exec:\xflllfx.exe93⤵PID:1956
-
\??\c:\dvpdd.exec:\dvpdd.exe94⤵PID:2644
-
\??\c:\vjjvj.exec:\vjjvj.exe95⤵PID:2640
-
\??\c:\o422884.exec:\o422884.exe96⤵PID:2672
-
\??\c:\4628888.exec:\4628888.exe97⤵PID:2540
-
\??\c:\pdppv.exec:\pdppv.exe98⤵PID:2452
-
\??\c:\o240062.exec:\o240062.exe99⤵PID:1536
-
\??\c:\60284.exec:\60284.exe100⤵PID:2424
-
\??\c:\806666.exec:\806666.exe101⤵PID:2444
-
\??\c:\862682.exec:\862682.exe102⤵PID:2500
-
\??\c:\64000.exec:\64000.exe103⤵PID:2440
-
\??\c:\rrxfrrr.exec:\rrxfrrr.exe104⤵PID:2476
-
\??\c:\9nbnnn.exec:\9nbnnn.exe105⤵PID:2252
-
\??\c:\xfxxrll.exec:\xfxxrll.exe106⤵PID:2824
-
\??\c:\60606.exec:\60606.exe107⤵PID:2968
-
\??\c:\2088406.exec:\2088406.exe108⤵PID:2932
-
\??\c:\9lxffff.exec:\9lxffff.exe109⤵PID:1016
-
\??\c:\6466880.exec:\6466880.exe110⤵PID:2936
-
\??\c:\48024.exec:\48024.exe111⤵PID:1056
-
\??\c:\thhhnh.exec:\thhhnh.exe112⤵PID:1812
-
\??\c:\0444826.exec:\0444826.exe113⤵PID:1312
-
\??\c:\1pvvj.exec:\1pvvj.exe114⤵PID:628
-
\??\c:\pjvjp.exec:\pjvjp.exe115⤵PID:2720
-
\??\c:\jvjpj.exec:\jvjpj.exe116⤵PID:360
-
\??\c:\vpppp.exec:\vpppp.exe117⤵PID:2656
-
\??\c:\642244.exec:\642244.exe118⤵PID:1984
-
\??\c:\2622206.exec:\2622206.exe119⤵PID:1228
-
\??\c:\o466260.exec:\o466260.exe120⤵PID:2080
-
\??\c:\httbbn.exec:\httbbn.exe121⤵PID:2752
-
\??\c:\1fxxxxf.exec:\1fxxxxf.exe122⤵PID:2876
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-