Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
02-05-2024 02:09
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
b5b10cc4720053b0bf389dffa7f59757e3a110709d65a22a963e29e7af4ee650.exe
Resource
win7-20240419-en
windows7-x64
6 signatures
150 seconds
General
-
Target
b5b10cc4720053b0bf389dffa7f59757e3a110709d65a22a963e29e7af4ee650.exe
-
Size
392KB
-
MD5
33ddceb8081a60ebdee2acc80ab13965
-
SHA1
622c62e729deeeb4fc77b1c598054ca2d7b326b7
-
SHA256
b5b10cc4720053b0bf389dffa7f59757e3a110709d65a22a963e29e7af4ee650
-
SHA512
464da3d999df2b38ae0066e2c796039d8fb28a5a40b96a510607d2f23ceeccee44628805d0dcf2a49253f68ecd82bbe198fb9d8a466006ecfa4816c06fd923c5
-
SSDEEP
6144:Acm7ImGddX5WrXF5lpKGYV0aTk/BO0XJm4UEPOshN/xdKnvP48bmRo:m7TcJWjdpKGATTk/jYIOWN/KnnPF
Malware Config
Signatures
-
Detect Blackmoon payload 45 IoCs
resource yara_rule behavioral1/memory/2256-7-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1732-17-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1984-28-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2700-36-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2216-46-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2864-63-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1508-97-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2696-105-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2804-116-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2020-154-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2152-151-0x00000000003C0000-0x00000000003EA000-memory.dmp family_blackmoon behavioral1/memory/1996-171-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1952-180-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/320-189-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1408-205-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2344-231-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1088-240-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/956-259-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1512-284-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1904-295-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/564-294-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2256-319-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2628-362-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/904-401-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1504-433-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1012-446-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/388-491-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/824-531-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2112-556-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/804-591-0x00000000003A0000-0x00000000003CA000-memory.dmp family_blackmoon behavioral1/memory/1904-598-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2908-642-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2468-668-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2484-683-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/2696-708-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/940-728-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/340-747-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2232-762-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2448-778-0x00000000002B0000-0x00000000002DA000-memory.dmp family_blackmoon behavioral1/memory/880-887-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1572-1013-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/2824-1024-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1304-1147-0x00000000003C0000-0x00000000003EA000-memory.dmp family_blackmoon behavioral1/memory/688-1155-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/2724-1291-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 63 IoCs
resource yara_rule behavioral1/memory/2256-7-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1732-9-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1732-17-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1984-28-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2700-36-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2216-46-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2864-63-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1508-97-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2696-105-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2804-107-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2804-116-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2020-154-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1996-171-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1952-180-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/320-189-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1408-205-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2344-231-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1088-240-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/956-259-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1512-284-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1904-295-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/564-294-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2256-319-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2628-362-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2288-387-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/904-401-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1504-433-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1012-446-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2020-465-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2172-472-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/388-491-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/824-531-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2112-556-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/804-557-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1904-598-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2908-642-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2584-649-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2468-668-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2696-708-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/940-728-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/340-747-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/840-754-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2232-762-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2020-769-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2448-778-0x00000000002B0000-0x00000000002DA000-memory.dmp UPX behavioral1/memory/572-795-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2360-802-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/880-887-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/3044-930-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2764-937-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2632-950-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1572-1013-0x0000000000220000-0x000000000024A000-memory.dmp UPX behavioral1/memory/2824-1024-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1576-1068-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/532-1081-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/388-1088-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1740-1134-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/688-1148-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1176-1168-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/688-1189-0x0000000000220000-0x000000000024A000-memory.dmp UPX behavioral1/memory/1976-1266-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2784-1292-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1204-1323-0x0000000000400000-0x000000000042A000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 1732 5bthtn.exe 1984 frfxxrl.exe 2700 ddvjd.exe 2216 1fxflrl.exe 2076 jpjvv.exe 2864 vdjpv.exe 2408 ffrxrfr.exe 2496 flxflll.exe 2976 pvddd.exe 1508 rlxrffr.exe 2696 vjvpv.exe 2804 1xrlllr.exe 1412 pjvdp.exe 1712 fxxxxll.exe 2832 jdvvv.exe 2152 lrlfflf.exe 2020 bhttbt.exe 2952 lxxlxlr.exe 1996 hnntnt.exe 1952 3jjdv.exe 320 xlxffxr.exe 1408 jjjpj.exe 2844 hbtbnt.exe 2660 lllrlxr.exe 2344 pvvjv.exe 1088 rrxlxlr.exe 1740 jdvdj.exe 956 fxxfffx.exe 1868 vvvjp.exe 1136 xxrrlrf.exe 1512 9hbhnt.exe 564 jjjvv.exe 1904 3tnbnb.exe 876 tttnbn.exe 2092 fllxrxx.exe 2256 lllxxlr.exe 1496 hhbnbb.exe 2556 5vpdv.exe 1636 vpvdv.exe 3044 fxflrxr.exe 2680 hhbnhn.exe 2620 jdvjd.exe 2628 9fxrllx.exe 2828 rrrflxr.exe 2488 7tnbth.exe 2480 jddjv.exe 2380 1xrxflx.exe 2288 rflxfrl.exe 1640 tbbnbh.exe 904 dddjd.exe 2796 rxrlfrf.exe 1592 ntthtb.exe 2824 7bntbh.exe 1504 vdvjd.exe 1544 9lflxlx.exe 1012 hhhnnb.exe 2820 1nhtnh.exe 840 pjjvp.exe 1620 rrxxfff.exe 2020 hhbhnn.exe 2172 xxxllfx.exe 2212 bhnhnn.exe 2840 jjdjv.exe 388 rffrxrr.exe -
resource yara_rule behavioral1/memory/2256-7-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1732-9-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1732-17-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1984-28-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2700-36-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2216-46-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2864-63-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1508-97-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2696-105-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2804-107-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2804-116-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2020-154-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1996-171-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1952-180-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/320-189-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1408-205-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2344-231-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1088-240-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/956-259-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1512-284-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1904-295-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/564-294-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2256-319-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2628-362-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2288-387-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/904-401-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1504-433-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1012-446-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2172-472-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/388-491-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/824-531-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2112-556-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/804-557-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1904-598-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2908-642-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2584-649-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2468-668-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2696-708-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/940-728-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/340-747-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/840-754-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2232-762-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2020-769-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2448-778-0x00000000002B0000-0x00000000002DA000-memory.dmp upx behavioral1/memory/572-795-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2360-802-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/880-887-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/3044-930-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2764-937-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2632-950-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1572-1013-0x0000000000220000-0x000000000024A000-memory.dmp upx behavioral1/memory/2824-1024-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1544-1031-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1576-1068-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/532-1081-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/388-1088-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1740-1134-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/688-1148-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1176-1168-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/688-1189-0x0000000000220000-0x000000000024A000-memory.dmp upx behavioral1/memory/1976-1266-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2784-1292-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1204-1323-0x0000000000400000-0x000000000042A000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2256 wrote to memory of 1732 2256 b5b10cc4720053b0bf389dffa7f59757e3a110709d65a22a963e29e7af4ee650.exe 28 PID 2256 wrote to memory of 1732 2256 b5b10cc4720053b0bf389dffa7f59757e3a110709d65a22a963e29e7af4ee650.exe 28 PID 2256 wrote to memory of 1732 2256 b5b10cc4720053b0bf389dffa7f59757e3a110709d65a22a963e29e7af4ee650.exe 28 PID 2256 wrote to memory of 1732 2256 b5b10cc4720053b0bf389dffa7f59757e3a110709d65a22a963e29e7af4ee650.exe 28 PID 1732 wrote to memory of 1984 1732 5bthtn.exe 29 PID 1732 wrote to memory of 1984 1732 5bthtn.exe 29 PID 1732 wrote to memory of 1984 1732 5bthtn.exe 29 PID 1732 wrote to memory of 1984 1732 5bthtn.exe 29 PID 1984 wrote to memory of 2700 1984 frfxxrl.exe 30 PID 1984 wrote to memory of 2700 1984 frfxxrl.exe 30 PID 1984 wrote to memory of 2700 1984 frfxxrl.exe 30 PID 1984 wrote to memory of 2700 1984 frfxxrl.exe 30 PID 2700 wrote to memory of 2216 2700 ddvjd.exe 31 PID 2700 wrote to memory of 2216 2700 ddvjd.exe 31 PID 2700 wrote to memory of 2216 2700 ddvjd.exe 31 PID 2700 wrote to memory of 2216 2700 ddvjd.exe 31 PID 2216 wrote to memory of 2076 2216 1fxflrl.exe 32 PID 2216 wrote to memory of 2076 2216 1fxflrl.exe 32 PID 2216 wrote to memory of 2076 2216 1fxflrl.exe 32 PID 2216 wrote to memory of 2076 2216 1fxflrl.exe 32 PID 2076 wrote to memory of 2864 2076 jpjvv.exe 33 PID 2076 wrote to memory of 2864 2076 jpjvv.exe 33 PID 2076 wrote to memory of 2864 2076 jpjvv.exe 33 PID 2076 wrote to memory of 2864 2076 jpjvv.exe 33 PID 2864 wrote to memory of 2408 2864 vdjpv.exe 34 PID 2864 wrote to memory of 2408 2864 vdjpv.exe 34 PID 2864 wrote to memory of 2408 2864 vdjpv.exe 34 PID 2864 wrote to memory of 2408 2864 vdjpv.exe 34 PID 2408 wrote to memory of 2496 2408 ffrxrfr.exe 35 PID 2408 wrote to memory of 2496 2408 ffrxrfr.exe 35 PID 2408 wrote to memory of 2496 2408 ffrxrfr.exe 35 PID 2408 wrote to memory of 2496 2408 ffrxrfr.exe 35 PID 2496 wrote to memory of 2976 2496 flxflll.exe 36 PID 2496 wrote to memory of 2976 2496 flxflll.exe 36 PID 2496 wrote to memory of 2976 2496 flxflll.exe 36 PID 2496 wrote to memory of 2976 2496 flxflll.exe 36 PID 2976 wrote to memory of 1508 2976 pvddd.exe 37 PID 2976 wrote to memory of 1508 2976 pvddd.exe 37 PID 2976 wrote to memory of 1508 2976 pvddd.exe 37 PID 2976 wrote to memory of 1508 2976 pvddd.exe 37 PID 1508 wrote to memory of 2696 1508 rlxrffr.exe 38 PID 1508 wrote to memory of 2696 1508 rlxrffr.exe 38 PID 1508 wrote to memory of 2696 1508 rlxrffr.exe 38 PID 1508 wrote to memory of 2696 1508 rlxrffr.exe 38 PID 2696 wrote to memory of 2804 2696 vjvpv.exe 39 PID 2696 wrote to memory of 2804 2696 vjvpv.exe 39 PID 2696 wrote to memory of 2804 2696 vjvpv.exe 39 PID 2696 wrote to memory of 2804 2696 vjvpv.exe 39 PID 2804 wrote to memory of 1412 2804 1xrlllr.exe 40 PID 2804 wrote to memory of 1412 2804 1xrlllr.exe 40 PID 2804 wrote to memory of 1412 2804 1xrlllr.exe 40 PID 2804 wrote to memory of 1412 2804 1xrlllr.exe 40 PID 1412 wrote to memory of 1712 1412 pjvdp.exe 41 PID 1412 wrote to memory of 1712 1412 pjvdp.exe 41 PID 1412 wrote to memory of 1712 1412 pjvdp.exe 41 PID 1412 wrote to memory of 1712 1412 pjvdp.exe 41 PID 1712 wrote to memory of 2832 1712 fxxxxll.exe 42 PID 1712 wrote to memory of 2832 1712 fxxxxll.exe 42 PID 1712 wrote to memory of 2832 1712 fxxxxll.exe 42 PID 1712 wrote to memory of 2832 1712 fxxxxll.exe 42 PID 2832 wrote to memory of 2152 2832 jdvvv.exe 43 PID 2832 wrote to memory of 2152 2832 jdvvv.exe 43 PID 2832 wrote to memory of 2152 2832 jdvvv.exe 43 PID 2832 wrote to memory of 2152 2832 jdvvv.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\b5b10cc4720053b0bf389dffa7f59757e3a110709d65a22a963e29e7af4ee650.exe"C:\Users\Admin\AppData\Local\Temp\b5b10cc4720053b0bf389dffa7f59757e3a110709d65a22a963e29e7af4ee650.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2256 -
\??\c:\5bthtn.exec:\5bthtn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1732 -
\??\c:\frfxxrl.exec:\frfxxrl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1984 -
\??\c:\ddvjd.exec:\ddvjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2700 -
\??\c:\1fxflrl.exec:\1fxflrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2216 -
\??\c:\jpjvv.exec:\jpjvv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2076 -
\??\c:\vdjpv.exec:\vdjpv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2864 -
\??\c:\ffrxrfr.exec:\ffrxrfr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2408 -
\??\c:\flxflll.exec:\flxflll.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2496 -
\??\c:\pvddd.exec:\pvddd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2976 -
\??\c:\rlxrffr.exec:\rlxrffr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1508 -
\??\c:\vjvpv.exec:\vjvpv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2696 -
\??\c:\1xrlllr.exec:\1xrlllr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2804 -
\??\c:\pjvdp.exec:\pjvdp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1412 -
\??\c:\fxxxxll.exec:\fxxxxll.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1712 -
\??\c:\jdvvv.exec:\jdvvv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2832 -
\??\c:\lrlfflf.exec:\lrlfflf.exe17⤵
- Executes dropped EXE
PID:2152 -
\??\c:\bhttbt.exec:\bhttbt.exe18⤵
- Executes dropped EXE
PID:2020 -
\??\c:\lxxlxlr.exec:\lxxlxlr.exe19⤵
- Executes dropped EXE
PID:2952 -
\??\c:\hnntnt.exec:\hnntnt.exe20⤵
- Executes dropped EXE
PID:1996 -
\??\c:\3jjdv.exec:\3jjdv.exe21⤵
- Executes dropped EXE
PID:1952 -
\??\c:\xlxffxr.exec:\xlxffxr.exe22⤵
- Executes dropped EXE
PID:320 -
\??\c:\jjjpj.exec:\jjjpj.exe23⤵
- Executes dropped EXE
PID:1408 -
\??\c:\hbtbnt.exec:\hbtbnt.exe24⤵
- Executes dropped EXE
PID:2844 -
\??\c:\lllrlxr.exec:\lllrlxr.exe25⤵
- Executes dropped EXE
PID:2660 -
\??\c:\pvvjv.exec:\pvvjv.exe26⤵
- Executes dropped EXE
PID:2344 -
\??\c:\rrxlxlr.exec:\rrxlxlr.exe27⤵
- Executes dropped EXE
PID:1088 -
\??\c:\jdvdj.exec:\jdvdj.exe28⤵
- Executes dropped EXE
PID:1740 -
\??\c:\fxxfffx.exec:\fxxfffx.exe29⤵
- Executes dropped EXE
PID:956 -
\??\c:\vvvjp.exec:\vvvjp.exe30⤵
- Executes dropped EXE
PID:1868 -
\??\c:\xxrrlrf.exec:\xxrrlrf.exe31⤵
- Executes dropped EXE
PID:1136 -
\??\c:\9hbhnt.exec:\9hbhnt.exe32⤵
- Executes dropped EXE
PID:1512 -
\??\c:\jjjvv.exec:\jjjvv.exe33⤵
- Executes dropped EXE
PID:564 -
\??\c:\3tnbnb.exec:\3tnbnb.exe34⤵
- Executes dropped EXE
PID:1904 -
\??\c:\tttnbn.exec:\tttnbn.exe35⤵
- Executes dropped EXE
PID:876 -
\??\c:\fllxrxx.exec:\fllxrxx.exe36⤵
- Executes dropped EXE
PID:2092 -
\??\c:\lllxxlr.exec:\lllxxlr.exe37⤵
- Executes dropped EXE
PID:2256 -
\??\c:\hhbnbb.exec:\hhbnbb.exe38⤵
- Executes dropped EXE
PID:1496 -
\??\c:\5vpdv.exec:\5vpdv.exe39⤵
- Executes dropped EXE
PID:2556 -
\??\c:\vpvdv.exec:\vpvdv.exe40⤵
- Executes dropped EXE
PID:1636 -
\??\c:\fxflrxr.exec:\fxflrxr.exe41⤵
- Executes dropped EXE
PID:3044 -
\??\c:\hhbnhn.exec:\hhbnhn.exe42⤵
- Executes dropped EXE
PID:2680 -
\??\c:\jdvjd.exec:\jdvjd.exe43⤵
- Executes dropped EXE
PID:2620 -
\??\c:\9fxrllx.exec:\9fxrllx.exe44⤵
- Executes dropped EXE
PID:2628 -
\??\c:\rrrflxr.exec:\rrrflxr.exe45⤵
- Executes dropped EXE
PID:2828 -
\??\c:\7tnbth.exec:\7tnbth.exe46⤵
- Executes dropped EXE
PID:2488 -
\??\c:\jddjv.exec:\jddjv.exe47⤵
- Executes dropped EXE
PID:2480 -
\??\c:\1xrxflx.exec:\1xrxflx.exe48⤵
- Executes dropped EXE
PID:2380 -
\??\c:\rflxfrl.exec:\rflxfrl.exe49⤵
- Executes dropped EXE
PID:2288 -
\??\c:\tbbnbh.exec:\tbbnbh.exe50⤵
- Executes dropped EXE
PID:1640 -
\??\c:\dddjd.exec:\dddjd.exe51⤵
- Executes dropped EXE
PID:904 -
\??\c:\rxrlfrf.exec:\rxrlfrf.exe52⤵
- Executes dropped EXE
PID:2796 -
\??\c:\ntthtb.exec:\ntthtb.exe53⤵
- Executes dropped EXE
PID:1592 -
\??\c:\7bntbh.exec:\7bntbh.exe54⤵
- Executes dropped EXE
PID:2824 -
\??\c:\vdvjd.exec:\vdvjd.exe55⤵
- Executes dropped EXE
PID:1504 -
\??\c:\9lflxlx.exec:\9lflxlx.exe56⤵
- Executes dropped EXE
PID:1544 -
\??\c:\hhhnnb.exec:\hhhnnb.exe57⤵
- Executes dropped EXE
PID:1012 -
\??\c:\1nhtnh.exec:\1nhtnh.exe58⤵
- Executes dropped EXE
PID:2820 -
\??\c:\pjjvp.exec:\pjjvp.exe59⤵
- Executes dropped EXE
PID:840 -
\??\c:\rrxxfff.exec:\rrxxfff.exe60⤵
- Executes dropped EXE
PID:1620 -
\??\c:\hhbhnn.exec:\hhbhnn.exe61⤵
- Executes dropped EXE
PID:2020 -
\??\c:\xxxllfx.exec:\xxxllfx.exe62⤵
- Executes dropped EXE
PID:2172 -
\??\c:\bhnhnn.exec:\bhnhnn.exe63⤵
- Executes dropped EXE
PID:2212 -
\??\c:\jjdjv.exec:\jjdjv.exe64⤵
- Executes dropped EXE
PID:2840 -
\??\c:\rffrxrr.exec:\rffrxrr.exe65⤵
- Executes dropped EXE
PID:388 -
\??\c:\frlfrff.exec:\frlfrff.exe66⤵PID:292
-
\??\c:\nnhtnt.exec:\nnhtnt.exe67⤵PID:1808
-
\??\c:\jddjv.exec:\jddjv.exe68⤵PID:2816
-
\??\c:\ddpjj.exec:\ddpjj.exe69⤵PID:2352
-
\??\c:\3rxlrxl.exec:\3rxlrxl.exe70⤵PID:824
-
\??\c:\bbthhh.exec:\bbthhh.exe71⤵PID:1440
-
\??\c:\vjvpv.exec:\vjvpv.exe72⤵PID:1088
-
\??\c:\dvpvj.exec:\dvpvj.exe73⤵PID:752
-
\??\c:\5lffxfl.exec:\5lffxfl.exe74⤵PID:2112
-
\??\c:\tnbthn.exec:\tnbthn.exe75⤵PID:804
-
\??\c:\ppjdv.exec:\ppjdv.exe76⤵PID:776
-
\??\c:\ffrfflf.exec:\ffrfflf.exe77⤵PID:608
-
\??\c:\3bnnbb.exec:\3bnnbb.exe78⤵PID:2140
-
\??\c:\jpjpp.exec:\jpjpp.exe79⤵PID:2920
-
\??\c:\5ppdp.exec:\5ppdp.exe80⤵PID:1468
-
\??\c:\rlxxffr.exec:\rlxxffr.exe81⤵PID:1904
-
\??\c:\3hbnht.exec:\3hbnht.exe82⤵PID:2412
-
\??\c:\hnbtbn.exec:\hnbtbn.exe83⤵PID:1632
-
\??\c:\pvvjj.exec:\pvvjj.exe84⤵PID:3000
-
\??\c:\xxxxrxr.exec:\xxxxrxr.exe85⤵PID:2596
-
\??\c:\1hbhtb.exec:\1hbhtb.exe86⤵PID:2744
-
\??\c:\ntthbn.exec:\ntthbn.exe87⤵PID:2908
-
\??\c:\7vddd.exec:\7vddd.exe88⤵PID:2600
-
\??\c:\3xlrrxl.exec:\3xlrrxl.exe89⤵PID:2584
-
\??\c:\lllrfrl.exec:\lllrfrl.exe90⤵PID:2500
-
\??\c:\bbnntb.exec:\bbnntb.exe91⤵PID:2512
-
\??\c:\vvdpj.exec:\vvdpj.exe92⤵PID:2468
-
\??\c:\9pvpj.exec:\9pvpj.exe93⤵PID:2484
-
\??\c:\3llrflf.exec:\3llrflf.exe94⤵PID:2380
-
\??\c:\hntnht.exec:\hntnht.exe95⤵PID:2564
-
\??\c:\pjdjp.exec:\pjdjp.exe96⤵PID:1640
-
\??\c:\flfrrxr.exec:\flfrrxr.exe97⤵PID:2696
-
\??\c:\lrrlxfx.exec:\lrrlxfx.exe98⤵PID:2712
-
\??\c:\nhhtbh.exec:\nhhtbh.exe99⤵PID:1784
-
\??\c:\1pdpp.exec:\1pdpp.exe100⤵PID:1752
-
\??\c:\7flrxfr.exec:\7flrxfr.exe101⤵PID:940
-
\??\c:\ththbn.exec:\ththbn.exe102⤵PID:1544
-
\??\c:\hhtbnn.exec:\hhtbnn.exe103⤵PID:856
-
\??\c:\vddvp.exec:\vddvp.exe104⤵PID:340
-
\??\c:\xxxlflx.exec:\xxxlflx.exe105⤵PID:840
-
\??\c:\jdvjd.exec:\jdvjd.exe106⤵PID:2232
-
\??\c:\pjdjd.exec:\pjdjd.exe107⤵PID:2020
-
\??\c:\rlllrxr.exec:\rlllrxr.exe108⤵PID:2448
-
\??\c:\btbnbh.exec:\btbnbh.exe109⤵PID:1596
-
\??\c:\vpvpd.exec:\vpvpd.exe110⤵PID:1032
-
\??\c:\fxxrxfr.exec:\fxxrxfr.exe111⤵PID:572
-
\??\c:\bhhttn.exec:\bhhttn.exe112⤵PID:2360
-
\??\c:\dddvp.exec:\dddvp.exe113⤵PID:684
-
\??\c:\dppdp.exec:\dppdp.exe114⤵PID:2660
-
\??\c:\rrflxlx.exec:\rrflxlx.exe115⤵PID:1692
-
\??\c:\1hhtnb.exec:\1hhtnb.exe116⤵PID:2924
-
\??\c:\vjpjv.exec:\vjpjv.exe117⤵PID:1208
-
\??\c:\fxxxflr.exec:\fxxxflr.exe118⤵PID:1556
-
\??\c:\fxxfrfr.exec:\fxxfrfr.exe119⤵PID:2104
-
\??\c:\1bthnt.exec:\1bthnt.exe120⤵PID:888
-
\??\c:\jdvjd.exec:\jdvjd.exe121⤵PID:2180
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-