Analysis
-
max time kernel
151s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
01-05-2024 04:07
Behavioral task
behavioral1
Sample
dd9fed63d002946d36344b00681be29e53cadfaa64f1fe47794c60705204b9b5.exe
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
General
-
Target
dd9fed63d002946d36344b00681be29e53cadfaa64f1fe47794c60705204b9b5.exe
-
Size
275KB
-
MD5
3da3150a505252aee5fecf958daaedaa
-
SHA1
8d51a5ba51740a99e699d6fa16e0b262785011d0
-
SHA256
dd9fed63d002946d36344b00681be29e53cadfaa64f1fe47794c60705204b9b5
-
SHA512
39e6ec6811de36127337a7781fb713cb87ef1687434cffa6a8505d8d660b4a4db46683d125888ebf8ddbb4303a98bde4abe44025af90022fe5b8e9da85998ffd
-
SSDEEP
6144:ncm4FmowdHoS6rW3NNTvBu6wo2J4JAgNXkArR/rtXOLtu4J6KvvLp3OKtUuuuTE/:14wFHoSeM/Tpu6w14JAOkIRhOBu4Jhvc
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/652-7-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1656-10-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1364-17-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2860-23-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3768-29-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2656-32-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3184-42-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3804-47-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2748-53-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/432-60-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2112-76-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5048-83-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2932-88-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1864-94-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2892-99-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4560-108-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3632-121-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1844-119-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1780-131-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/640-133-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1624-152-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2532-159-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/364-164-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/388-170-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3352-181-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3204-187-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3356-201-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3548-203-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5084-209-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1004-213-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4860-217-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2188-222-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1408-229-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2976-238-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3920-242-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/820-246-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/868-250-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3016-257-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3620-288-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1256-292-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3108-296-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1948-312-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2956-314-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3616-320-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5096-322-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/388-328-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4196-365-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4460-400-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3224-407-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4760-414-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1604-445-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4048-458-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1712-468-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/224-481-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4452-521-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2244-567-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1948-610-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/764-650-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4444-712-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4028-749-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4752-790-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4840-960-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2676-1033-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2984-1037-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/652-0-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000800000002323c-3.dat UPX behavioral2/memory/652-7-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000800000002323f-9.dat UPX behavioral2/memory/1656-10-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x0008000000023240-12.dat UPX behavioral2/memory/1364-17-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2860-18-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x0008000000023242-21.dat UPX behavioral2/memory/2860-23-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x0008000000023244-27.dat UPX behavioral2/memory/3768-29-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2656-32-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x0007000000023245-34.dat UPX behavioral2/memory/3184-42-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x0007000000023246-40.dat UPX behavioral2/files/0x0007000000023247-45.dat UPX behavioral2/memory/3804-47-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x0007000000023248-54.dat UPX behavioral2/memory/2748-53-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x0007000000023249-59.dat UPX behavioral2/memory/432-60-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2492-66-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000700000002324a-64.dat UPX behavioral2/files/0x000700000002324b-71.dat UPX behavioral2/memory/2112-76-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000700000002324c-77.dat UPX behavioral2/memory/5048-83-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000700000002324d-82.dat UPX behavioral2/files/0x000700000002324f-86.dat UPX behavioral2/memory/2932-88-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1864-94-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x0007000000023250-92.dat UPX behavioral2/files/0x0007000000023251-101.dat UPX behavioral2/memory/4560-102-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2892-99-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x0007000000023252-107.dat UPX behavioral2/memory/4560-108-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x0007000000023253-113.dat UPX behavioral2/memory/3632-121-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1844-119-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x0007000000023254-117.dat UPX behavioral2/files/0x0007000000023255-125.dat UPX behavioral2/files/0x0007000000023256-128.dat UPX behavioral2/memory/1780-131-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/640-133-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x0007000000023257-137.dat UPX behavioral2/files/0x0007000000023258-142.dat UPX behavioral2/files/0x0007000000023259-147.dat UPX behavioral2/files/0x000700000002325a-150.dat UPX behavioral2/memory/1624-152-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000700000002325b-156.dat UPX behavioral2/memory/2532-159-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000700000002325c-162.dat UPX behavioral2/memory/364-164-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000700000002325d-168.dat UPX behavioral2/memory/388-170-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000700000002325e-174.dat UPX behavioral2/files/0x0007000000023260-180.dat UPX behavioral2/memory/3352-181-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3204-187-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x0007000000023262-186.dat UPX behavioral2/files/0x0007000000023263-191.dat UPX behavioral2/memory/3144-192-0x0000000000400000-0x0000000000429000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 1656 6tc03w.exe 1364 57flgk3.exe 2860 2c6g1c6.exe 3768 v3usho.exe 2656 20448.exe 3184 1p69ea.exe 3804 41bfg6.exe 2748 x2tb2ah.exe 3488 i2a1j46.exe 432 7cv3e.exe 2492 59i3a2w.exe 2112 j4l5h16.exe 5048 4px9bq0.exe 2932 7iisnan.exe 1864 e07d7d2.exe 2892 46sa4j7.exe 4560 kre6f.exe 4736 q6spxa.exe 1844 l5x5k.exe 3632 26f95.exe 1780 74gv4um.exe 640 694ua2.exe 3464 f83738.exe 1440 14sm3qf.exe 1624 84vpea.exe 2532 e06qqr2.exe 364 i0pt6a.exe 388 qiqa8.exe 1956 05u3ogp.exe 2404 9417c.exe 3352 e7o8h.exe 4668 xxg7138.exe 3144 xr4o69.exe 3628 0pvqlj.exe 3356 lhjmt4.exe 3548 784q30.exe 5084 4a829.exe 1004 t8pv9.exe 4860 9204k.exe 2188 du2871.exe 3928 26hfxj.exe 1408 6calmf4.exe 2748 6973o.exe 3792 608040.exe 2976 2006064.exe 3920 2k0hi.exe 820 w4c52.exe 4460 1778dm.exe 868 9u08f6.exe 3016 jstf89.exe 3476 wj00c.exe 2348 dsg2x2.exe 4904 14d0dxp.exe 1672 4k83c35.exe 3136 9cc8wx2.exe 3728 i4eu22.exe 4192 m7lb2.exe 1460 qf8na6.exe 3372 8lx3f.exe 3620 51lae6g.exe 1256 9bj9m82.exe 3108 3mbf23.exe 4748 7x25x2.exe 2516 326028.exe -
resource yara_rule behavioral2/memory/652-0-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000800000002323c-3.dat upx behavioral2/memory/652-7-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000800000002323f-9.dat upx behavioral2/memory/1656-10-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x0008000000023240-12.dat upx behavioral2/memory/1364-17-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2860-18-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x0008000000023242-21.dat upx behavioral2/memory/2860-23-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x0008000000023244-27.dat upx behavioral2/memory/3768-29-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2656-32-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x0007000000023245-34.dat upx behavioral2/memory/3184-42-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x0007000000023246-40.dat upx behavioral2/files/0x0007000000023247-45.dat upx behavioral2/memory/3804-47-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x0007000000023248-54.dat upx behavioral2/memory/2748-53-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x0007000000023249-59.dat upx behavioral2/memory/432-60-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2492-66-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000700000002324a-64.dat upx behavioral2/files/0x000700000002324b-71.dat upx behavioral2/memory/2112-76-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000700000002324c-77.dat upx behavioral2/memory/5048-83-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000700000002324d-82.dat upx behavioral2/files/0x000700000002324f-86.dat upx behavioral2/memory/2932-88-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1864-94-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x0007000000023250-92.dat upx behavioral2/files/0x0007000000023251-101.dat upx behavioral2/memory/4560-102-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2892-99-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x0007000000023252-107.dat upx behavioral2/memory/4560-108-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x0007000000023253-113.dat upx behavioral2/memory/3632-121-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1844-119-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x0007000000023254-117.dat upx behavioral2/files/0x0007000000023255-125.dat upx behavioral2/files/0x0007000000023256-128.dat upx behavioral2/memory/1780-131-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/640-133-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x0007000000023257-137.dat upx behavioral2/files/0x0007000000023258-142.dat upx behavioral2/files/0x0007000000023259-147.dat upx behavioral2/files/0x000700000002325a-150.dat upx behavioral2/memory/1624-152-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000700000002325b-156.dat upx behavioral2/memory/2532-159-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000700000002325c-162.dat upx behavioral2/memory/364-164-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000700000002325d-168.dat upx behavioral2/memory/388-170-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000700000002325e-174.dat upx behavioral2/files/0x0007000000023260-180.dat upx behavioral2/memory/3352-181-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3204-187-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x0007000000023262-186.dat upx behavioral2/files/0x0007000000023263-191.dat upx behavioral2/memory/3144-192-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 652 wrote to memory of 1656 652 dd9fed63d002946d36344b00681be29e53cadfaa64f1fe47794c60705204b9b5.exe 90 PID 652 wrote to memory of 1656 652 dd9fed63d002946d36344b00681be29e53cadfaa64f1fe47794c60705204b9b5.exe 90 PID 652 wrote to memory of 1656 652 dd9fed63d002946d36344b00681be29e53cadfaa64f1fe47794c60705204b9b5.exe 90 PID 1656 wrote to memory of 1364 1656 6tc03w.exe 91 PID 1656 wrote to memory of 1364 1656 6tc03w.exe 91 PID 1656 wrote to memory of 1364 1656 6tc03w.exe 91 PID 1364 wrote to memory of 2860 1364 57flgk3.exe 92 PID 1364 wrote to memory of 2860 1364 57flgk3.exe 92 PID 1364 wrote to memory of 2860 1364 57flgk3.exe 92 PID 2860 wrote to memory of 3768 2860 2c6g1c6.exe 93 PID 2860 wrote to memory of 3768 2860 2c6g1c6.exe 93 PID 2860 wrote to memory of 3768 2860 2c6g1c6.exe 93 PID 3768 wrote to memory of 2656 3768 v3usho.exe 94 PID 3768 wrote to memory of 2656 3768 v3usho.exe 94 PID 3768 wrote to memory of 2656 3768 v3usho.exe 94 PID 2656 wrote to memory of 3184 2656 20448.exe 95 PID 2656 wrote to memory of 3184 2656 20448.exe 95 PID 2656 wrote to memory of 3184 2656 20448.exe 95 PID 3184 wrote to memory of 3804 3184 1p69ea.exe 96 PID 3184 wrote to memory of 3804 3184 1p69ea.exe 96 PID 3184 wrote to memory of 3804 3184 1p69ea.exe 96 PID 3804 wrote to memory of 2748 3804 41bfg6.exe 97 PID 3804 wrote to memory of 2748 3804 41bfg6.exe 97 PID 3804 wrote to memory of 2748 3804 41bfg6.exe 97 PID 2748 wrote to memory of 3488 2748 x2tb2ah.exe 98 PID 2748 wrote to memory of 3488 2748 x2tb2ah.exe 98 PID 2748 wrote to memory of 3488 2748 x2tb2ah.exe 98 PID 3488 wrote to memory of 432 3488 i2a1j46.exe 99 PID 3488 wrote to memory of 432 3488 i2a1j46.exe 99 PID 3488 wrote to memory of 432 3488 i2a1j46.exe 99 PID 432 wrote to memory of 2492 432 7cv3e.exe 100 PID 432 wrote to memory of 2492 432 7cv3e.exe 100 PID 432 wrote to memory of 2492 432 7cv3e.exe 100 PID 2492 wrote to memory of 2112 2492 59i3a2w.exe 101 PID 2492 wrote to memory of 2112 2492 59i3a2w.exe 101 PID 2492 wrote to memory of 2112 2492 59i3a2w.exe 101 PID 2112 wrote to memory of 5048 2112 j4l5h16.exe 102 PID 2112 wrote to memory of 5048 2112 j4l5h16.exe 102 PID 2112 wrote to memory of 5048 2112 j4l5h16.exe 102 PID 5048 wrote to memory of 2932 5048 4px9bq0.exe 103 PID 5048 wrote to memory of 2932 5048 4px9bq0.exe 103 PID 5048 wrote to memory of 2932 5048 4px9bq0.exe 103 PID 2932 wrote to memory of 1864 2932 7iisnan.exe 104 PID 2932 wrote to memory of 1864 2932 7iisnan.exe 104 PID 2932 wrote to memory of 1864 2932 7iisnan.exe 104 PID 1864 wrote to memory of 2892 1864 e07d7d2.exe 105 PID 1864 wrote to memory of 2892 1864 e07d7d2.exe 105 PID 1864 wrote to memory of 2892 1864 e07d7d2.exe 105 PID 2892 wrote to memory of 4560 2892 46sa4j7.exe 106 PID 2892 wrote to memory of 4560 2892 46sa4j7.exe 106 PID 2892 wrote to memory of 4560 2892 46sa4j7.exe 106 PID 4560 wrote to memory of 4736 4560 kre6f.exe 107 PID 4560 wrote to memory of 4736 4560 kre6f.exe 107 PID 4560 wrote to memory of 4736 4560 kre6f.exe 107 PID 4736 wrote to memory of 1844 4736 q6spxa.exe 108 PID 4736 wrote to memory of 1844 4736 q6spxa.exe 108 PID 4736 wrote to memory of 1844 4736 q6spxa.exe 108 PID 1844 wrote to memory of 3632 1844 l5x5k.exe 109 PID 1844 wrote to memory of 3632 1844 l5x5k.exe 109 PID 1844 wrote to memory of 3632 1844 l5x5k.exe 109 PID 3632 wrote to memory of 1780 3632 26f95.exe 110 PID 3632 wrote to memory of 1780 3632 26f95.exe 110 PID 3632 wrote to memory of 1780 3632 26f95.exe 110 PID 1780 wrote to memory of 640 1780 74gv4um.exe 111
Processes
-
C:\Users\Admin\AppData\Local\Temp\dd9fed63d002946d36344b00681be29e53cadfaa64f1fe47794c60705204b9b5.exe"C:\Users\Admin\AppData\Local\Temp\dd9fed63d002946d36344b00681be29e53cadfaa64f1fe47794c60705204b9b5.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:652 -
\??\c:\6tc03w.exec:\6tc03w.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1656 -
\??\c:\57flgk3.exec:\57flgk3.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1364 -
\??\c:\2c6g1c6.exec:\2c6g1c6.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2860 -
\??\c:\v3usho.exec:\v3usho.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3768 -
\??\c:\20448.exec:\20448.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2656 -
\??\c:\1p69ea.exec:\1p69ea.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3184 -
\??\c:\41bfg6.exec:\41bfg6.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3804 -
\??\c:\x2tb2ah.exec:\x2tb2ah.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2748 -
\??\c:\i2a1j46.exec:\i2a1j46.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3488 -
\??\c:\7cv3e.exec:\7cv3e.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:432 -
\??\c:\59i3a2w.exec:\59i3a2w.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2492 -
\??\c:\j4l5h16.exec:\j4l5h16.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2112 -
\??\c:\4px9bq0.exec:\4px9bq0.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5048 -
\??\c:\7iisnan.exec:\7iisnan.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2932 -
\??\c:\e07d7d2.exec:\e07d7d2.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1864 -
\??\c:\46sa4j7.exec:\46sa4j7.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2892 -
\??\c:\kre6f.exec:\kre6f.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4560 -
\??\c:\q6spxa.exec:\q6spxa.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4736 -
\??\c:\l5x5k.exec:\l5x5k.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1844 -
\??\c:\26f95.exec:\26f95.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3632 -
\??\c:\74gv4um.exec:\74gv4um.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1780 -
\??\c:\694ua2.exec:\694ua2.exe23⤵
- Executes dropped EXE
PID:640 -
\??\c:\f83738.exec:\f83738.exe24⤵
- Executes dropped EXE
PID:3464 -
\??\c:\14sm3qf.exec:\14sm3qf.exe25⤵
- Executes dropped EXE
PID:1440 -
\??\c:\84vpea.exec:\84vpea.exe26⤵
- Executes dropped EXE
PID:1624 -
\??\c:\e06qqr2.exec:\e06qqr2.exe27⤵
- Executes dropped EXE
PID:2532 -
\??\c:\i0pt6a.exec:\i0pt6a.exe28⤵
- Executes dropped EXE
PID:364 -
\??\c:\qiqa8.exec:\qiqa8.exe29⤵
- Executes dropped EXE
PID:388 -
\??\c:\05u3ogp.exec:\05u3ogp.exe30⤵
- Executes dropped EXE
PID:1956 -
\??\c:\9417c.exec:\9417c.exe31⤵
- Executes dropped EXE
PID:2404 -
\??\c:\e7o8h.exec:\e7o8h.exe32⤵
- Executes dropped EXE
PID:3352 -
\??\c:\3u4873.exec:\3u4873.exe33⤵PID:3204
-
\??\c:\xxg7138.exec:\xxg7138.exe34⤵
- Executes dropped EXE
PID:4668 -
\??\c:\xr4o69.exec:\xr4o69.exe35⤵
- Executes dropped EXE
PID:3144 -
\??\c:\0pvqlj.exec:\0pvqlj.exe36⤵
- Executes dropped EXE
PID:3628 -
\??\c:\lhjmt4.exec:\lhjmt4.exe37⤵
- Executes dropped EXE
PID:3356 -
\??\c:\784q30.exec:\784q30.exe38⤵
- Executes dropped EXE
PID:3548 -
\??\c:\4a829.exec:\4a829.exe39⤵
- Executes dropped EXE
PID:5084 -
\??\c:\t8pv9.exec:\t8pv9.exe40⤵
- Executes dropped EXE
PID:1004 -
\??\c:\9204k.exec:\9204k.exe41⤵
- Executes dropped EXE
PID:4860 -
\??\c:\du2871.exec:\du2871.exe42⤵
- Executes dropped EXE
PID:2188 -
\??\c:\26hfxj.exec:\26hfxj.exe43⤵
- Executes dropped EXE
PID:3928 -
\??\c:\6calmf4.exec:\6calmf4.exe44⤵
- Executes dropped EXE
PID:1408 -
\??\c:\6973o.exec:\6973o.exe45⤵
- Executes dropped EXE
PID:2748 -
\??\c:\608040.exec:\608040.exe46⤵
- Executes dropped EXE
PID:3792 -
\??\c:\2006064.exec:\2006064.exe47⤵
- Executes dropped EXE
PID:2976 -
\??\c:\2k0hi.exec:\2k0hi.exe48⤵
- Executes dropped EXE
PID:3920 -
\??\c:\w4c52.exec:\w4c52.exe49⤵
- Executes dropped EXE
PID:820 -
\??\c:\1778dm.exec:\1778dm.exe50⤵
- Executes dropped EXE
PID:4460 -
\??\c:\9u08f6.exec:\9u08f6.exe51⤵
- Executes dropped EXE
PID:868 -
\??\c:\jstf89.exec:\jstf89.exe52⤵
- Executes dropped EXE
PID:3016 -
\??\c:\wj00c.exec:\wj00c.exe53⤵
- Executes dropped EXE
PID:3476 -
\??\c:\dsg2x2.exec:\dsg2x2.exe54⤵
- Executes dropped EXE
PID:2348 -
\??\c:\14d0dxp.exec:\14d0dxp.exe55⤵
- Executes dropped EXE
PID:4904 -
\??\c:\4k83c35.exec:\4k83c35.exe56⤵
- Executes dropped EXE
PID:1672 -
\??\c:\9cc8wx2.exec:\9cc8wx2.exe57⤵
- Executes dropped EXE
PID:3136 -
\??\c:\i4eu22.exec:\i4eu22.exe58⤵
- Executes dropped EXE
PID:3728 -
\??\c:\m7lb2.exec:\m7lb2.exe59⤵
- Executes dropped EXE
PID:4192 -
\??\c:\qf8na6.exec:\qf8na6.exe60⤵
- Executes dropped EXE
PID:1460 -
\??\c:\8lx3f.exec:\8lx3f.exe61⤵
- Executes dropped EXE
PID:3372 -
\??\c:\51lae6g.exec:\51lae6g.exe62⤵
- Executes dropped EXE
PID:3620 -
\??\c:\9bj9m82.exec:\9bj9m82.exe63⤵
- Executes dropped EXE
PID:1256 -
\??\c:\3mbf23.exec:\3mbf23.exe64⤵
- Executes dropped EXE
PID:3108 -
\??\c:\7x25x2.exec:\7x25x2.exe65⤵
- Executes dropped EXE
PID:4748 -
\??\c:\326028.exec:\326028.exe66⤵
- Executes dropped EXE
PID:2516 -
\??\c:\rk8t0n.exec:\rk8t0n.exe67⤵PID:624
-
\??\c:\ve3lc.exec:\ve3lc.exe68⤵PID:4920
-
\??\c:\o84q418.exec:\o84q418.exe69⤵PID:1948
-
\??\c:\dh04ltu.exec:\dh04ltu.exe70⤵PID:2956
-
\??\c:\ua37tjd.exec:\ua37tjd.exe71⤵PID:3616
-
\??\c:\26mq23.exec:\26mq23.exe72⤵PID:5096
-
\??\c:\0666086.exec:\0666086.exe73⤵PID:388
-
\??\c:\b8ln8.exec:\b8ln8.exe74⤵PID:224
-
\??\c:\w8826hx.exec:\w8826hx.exe75⤵PID:3972
-
\??\c:\04hbt.exec:\04hbt.exe76⤵PID:4412
-
\??\c:\980rix.exec:\980rix.exe77⤵PID:1392
-
\??\c:\53603.exec:\53603.exe78⤵PID:3960
-
\??\c:\285qagb.exec:\285qagb.exe79⤵PID:4976
-
\??\c:\66fwbx.exec:\66fwbx.exe80⤵PID:3144
-
\??\c:\tiope3.exec:\tiope3.exe81⤵PID:2860
-
\??\c:\hb4d20.exec:\hb4d20.exe82⤵PID:4576
-
\??\c:\w82ed.exec:\w82ed.exe83⤵PID:3304
-
\??\c:\7u5027p.exec:\7u5027p.exe84⤵PID:2076
-
\??\c:\7le9oq1.exec:\7le9oq1.exe85⤵PID:4196
-
\??\c:\h9qtq.exec:\h9qtq.exe86⤵PID:392
-
\??\c:\h0ola.exec:\h0ola.exe87⤵PID:4452
-
\??\c:\630ok.exec:\630ok.exe88⤵PID:2472
-
\??\c:\7hb37.exec:\7hb37.exe89⤵PID:2184
-
\??\c:\9o3rswo.exec:\9o3rswo.exe90⤵PID:1408
-
\??\c:\85g4k8.exec:\85g4k8.exe91⤵PID:2748
-
\??\c:\97468.exec:\97468.exe92⤵PID:2880
-
\??\c:\b02t05.exec:\b02t05.exe93⤵PID:432
-
\??\c:\820xlfv.exec:\820xlfv.exe94⤵PID:2492
-
\??\c:\1600c70.exec:\1600c70.exe95⤵PID:2576
-
\??\c:\x611b4.exec:\x611b4.exe96⤵PID:4460
-
\??\c:\47l5c3.exec:\47l5c3.exe97⤵PID:2012
-
\??\c:\36h3o3a.exec:\36h3o3a.exe98⤵PID:3224
-
\??\c:\v2q6o.exec:\v2q6o.exe99⤵PID:1984
-
\??\c:\osp6j96.exec:\osp6j96.exe100⤵PID:4760
-
\??\c:\01qwr5m.exec:\01qwr5m.exe101⤵PID:4560
-
\??\c:\26s64.exec:\26s64.exe102⤵PID:4784
-
\??\c:\e06krv.exec:\e06krv.exe103⤵PID:4084
-
\??\c:\6o9151q.exec:\6o9151q.exe104⤵PID:60
-
\??\c:\439bc7.exec:\439bc7.exe105⤵PID:1484
-
\??\c:\f391w5.exec:\f391w5.exe106⤵PID:4988
-
\??\c:\2p708.exec:\2p708.exe107⤵PID:1908
-
\??\c:\bo3h8.exec:\bo3h8.exe108⤵PID:4172
-
\??\c:\ddp36a.exec:\ddp36a.exe109⤵PID:4516
-
\??\c:\73t07.exec:\73t07.exe110⤵PID:1604
-
\??\c:\rc11u0.exec:\rc11u0.exe111⤵PID:1528
-
\??\c:\bwu79.exec:\bwu79.exe112⤵PID:3752
-
\??\c:\ng200r.exec:\ng200r.exe113⤵PID:1232
-
\??\c:\a1dp17i.exec:\a1dp17i.exe114⤵PID:4048
-
\??\c:\9frt5u.exec:\9frt5u.exe115⤵PID:1624
-
\??\c:\28x1a3.exec:\28x1a3.exe116⤵PID:988
-
\??\c:\7147wk2.exec:\7147wk2.exe117⤵PID:1712
-
\??\c:\9q3n5t.exec:\9q3n5t.exe118⤵PID:1368
-
\??\c:\n3th7.exec:\n3th7.exe119⤵PID:2728
-
\??\c:\1g0daw.exec:\1g0daw.exe120⤵PID:5116
-
\??\c:\v06vgf.exec:\v06vgf.exe121⤵PID:224
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-