Analysis
-
max time kernel
150s -
max time network
117s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
02/05/2024, 05:16
Behavioral task
behavioral1
Sample
ee76993b3739e44042d96678fc41d9f3e8410b08cf452e209fdd981091b4f48b.exe
Resource
win7-20240220-en
windows7-x64
6 signatures
150 seconds
General
-
Target
ee76993b3739e44042d96678fc41d9f3e8410b08cf452e209fdd981091b4f48b.exe
-
Size
331KB
-
MD5
702cffd0dd752ddd3d14006e3ddda6a6
-
SHA1
d04dfa515f9685286543f105a530efe38565e307
-
SHA256
ee76993b3739e44042d96678fc41d9f3e8410b08cf452e209fdd981091b4f48b
-
SHA512
ec18120c818be759d34b76b00302fa0d949157d53b916b496147d82809aa58a453fbf364fbe48379705aa24c4b325933b0ad71914c9cccfd2feef1ffc1b2b104
-
SSDEEP
3072:LhOmTsF93UYfwC6GIoutHt251UrRE9TTFwT0JOfZKoCdMztr:Lcm4FmowdHoSHt251UriZFwT+aZKNmtr
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/216-4-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4424-11-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1416-10-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5112-18-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4816-25-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3992-29-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3392-41-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1460-40-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3104-49-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5008-57-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5016-53-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1688-70-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2616-75-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2732-90-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2760-86-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4828-79-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3124-98-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5040-114-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1104-110-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4764-104-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4904-119-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3128-126-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3324-137-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5108-144-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4768-148-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1100-133-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1184-156-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1628-161-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1628-164-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4284-172-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3292-182-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4448-194-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3772-196-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/116-205-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1400-208-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3832-218-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2488-230-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2076-234-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1824-240-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4404-256-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4124-276-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2408-281-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4036-286-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4956-290-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4048-307-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4848-312-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2016-321-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1928-327-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4788-328-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2096-344-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3080-351-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2292-356-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2248-385-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2404-397-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4100-408-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2944-410-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4452-422-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3512-524-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4616-530-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2836-542-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2932-561-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4404-604-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4144-613-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1768-622-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/216-0-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/216-4-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000d000000023b2e-3.dat UPX behavioral2/files/0x000c000000023b91-8.dat UPX behavioral2/memory/4424-11-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1416-10-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000b000000023b92-12.dat UPX behavioral2/files/0x000a000000023b97-19.dat UPX behavioral2/memory/5112-18-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023b98-23.dat UPX behavioral2/memory/4816-25-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023b99-28.dat UPX behavioral2/memory/1460-31-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3992-29-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023b9b-38.dat UPX behavioral2/memory/3392-41-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023b9c-44.dat UPX behavioral2/memory/1460-40-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023b9a-35.dat UPX behavioral2/files/0x000a000000023b9d-48.dat UPX behavioral2/memory/3104-49-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023b9e-55.dat UPX behavioral2/memory/5008-57-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023b9f-59.dat UPX behavioral2/memory/5016-53-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023ba0-63.dat UPX behavioral2/memory/1688-70-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023ba1-68.dat UPX behavioral2/files/0x000a000000023ba2-72.dat UPX behavioral2/memory/2616-75-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023ba4-83.dat UPX behavioral2/memory/2732-90-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000c000000023b82-93.dat UPX behavioral2/files/0x000a000000023ba5-88.dat UPX behavioral2/memory/2760-86-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4828-79-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023ba3-78.dat UPX behavioral2/files/0x000a000000023ba7-97.dat UPX behavioral2/memory/3124-98-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023ba8-102.dat UPX behavioral2/files/0x000a000000023ba9-107.dat UPX behavioral2/files/0x000a000000023baa-112.dat UPX behavioral2/memory/5040-114-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1104-110-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023bab-117.dat UPX behavioral2/memory/4764-104-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4904-119-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023bac-121.dat UPX behavioral2/files/0x000a000000023bad-125.dat UPX behavioral2/memory/3128-126-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023bae-130.dat UPX behavioral2/files/0x000a000000023baf-135.dat UPX behavioral2/memory/3324-137-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/5108-144-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023bb1-145.dat UPX behavioral2/memory/4768-148-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023bb0-141.dat UPX behavioral2/memory/1100-133-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023bb2-150.dat UPX behavioral2/memory/1184-156-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023bb3-155.dat UPX behavioral2/memory/1628-161-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1628-164-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4284-169-0x0000000000400000-0x0000000000427000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 1416 pjvpp.exe 4424 tbbttt.exe 5112 rrlfxrl.exe 4816 ttnhbt.exe 3992 flrfxrl.exe 1460 ppddd.exe 2740 xrrllrl.exe 3392 ntttnh.exe 3104 7vvpj.exe 5016 ppddp.exe 5008 fffxffl.exe 1784 nntnnh.exe 1824 fxxrllf.exe 1688 nhntnt.exe 2616 dpvvp.exe 4828 jdvpj.exe 2760 9rrlflf.exe 2732 hhhbtt.exe 3124 bhhtnn.exe 3496 bhnnbn.exe 4764 btbtnn.exe 1104 7vvjd.exe 5040 fflllll.exe 4904 hnhttn.exe 3128 1hbtbb.exe 1100 9jdpj.exe 4880 5rfrffx.exe 3324 3hhbtt.exe 5108 hbtnhb.exe 4768 pjdjj.exe 400 lxfrlfx.exe 1184 tnbtbb.exe 3384 hbhhnh.exe 1628 htnhbt.exe 3900 jddpp.exe 1860 rrfxfxl.exe 4284 btnnht.exe 4048 tbnhbb.exe 2980 3jjdv.exe 4848 xrrfxrl.exe 3292 bthbhh.exe 4820 dvdvp.exe 2428 pjjjd.exe 3388 3rrlffx.exe 472 ttnntt.exe 2964 jjpdv.exe 4448 lxfxfff.exe 3772 5hhbtt.exe 4504 bbbnhh.exe 4020 jdjvp.exe 116 ffxrllf.exe 1724 bbttbh.exe 1400 3ddvd.exe 3332 xlrlffx.exe 2492 9tthbb.exe 3832 tnnhbb.exe 2412 1djjd.exe 3792 3jpjj.exe 4760 lrlffll.exe 1516 1nthnn.exe 2488 tthhbh.exe 2524 jvddp.exe 2076 xxfxffl.exe 1520 lrxrlfx.exe -
resource yara_rule behavioral2/memory/216-0-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/216-4-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000d000000023b2e-3.dat upx behavioral2/files/0x000c000000023b91-8.dat upx behavioral2/memory/4424-11-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1416-10-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000b000000023b92-12.dat upx behavioral2/files/0x000a000000023b97-19.dat upx behavioral2/memory/5112-18-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023b98-23.dat upx behavioral2/memory/4816-25-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023b99-28.dat upx behavioral2/memory/1460-31-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3992-29-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023b9b-38.dat upx behavioral2/memory/3392-41-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023b9c-44.dat upx behavioral2/memory/1460-40-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023b9a-35.dat upx behavioral2/files/0x000a000000023b9d-48.dat upx behavioral2/memory/3104-49-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023b9e-55.dat upx behavioral2/memory/5008-57-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023b9f-59.dat upx behavioral2/memory/5016-53-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023ba0-63.dat upx behavioral2/memory/1688-70-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023ba1-68.dat upx behavioral2/files/0x000a000000023ba2-72.dat upx behavioral2/memory/2616-75-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023ba4-83.dat upx behavioral2/memory/2732-90-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000c000000023b82-93.dat upx behavioral2/files/0x000a000000023ba5-88.dat upx behavioral2/memory/2760-86-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4828-79-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023ba3-78.dat upx behavioral2/files/0x000a000000023ba7-97.dat upx behavioral2/memory/3124-98-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023ba8-102.dat upx behavioral2/files/0x000a000000023ba9-107.dat upx behavioral2/files/0x000a000000023baa-112.dat upx behavioral2/memory/5040-114-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1104-110-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023bab-117.dat upx behavioral2/memory/4764-104-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4904-119-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023bac-121.dat upx behavioral2/files/0x000a000000023bad-125.dat upx behavioral2/memory/3128-126-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023bae-130.dat upx behavioral2/files/0x000a000000023baf-135.dat upx behavioral2/memory/3324-137-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/5108-144-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023bb1-145.dat upx behavioral2/memory/4768-148-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023bb0-141.dat upx behavioral2/memory/1100-133-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023bb2-150.dat upx behavioral2/memory/1184-156-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023bb3-155.dat upx behavioral2/memory/1628-161-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1628-164-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4284-169-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 216 wrote to memory of 1416 216 ee76993b3739e44042d96678fc41d9f3e8410b08cf452e209fdd981091b4f48b.exe 83 PID 216 wrote to memory of 1416 216 ee76993b3739e44042d96678fc41d9f3e8410b08cf452e209fdd981091b4f48b.exe 83 PID 216 wrote to memory of 1416 216 ee76993b3739e44042d96678fc41d9f3e8410b08cf452e209fdd981091b4f48b.exe 83 PID 1416 wrote to memory of 4424 1416 pjvpp.exe 84 PID 1416 wrote to memory of 4424 1416 pjvpp.exe 84 PID 1416 wrote to memory of 4424 1416 pjvpp.exe 84 PID 4424 wrote to memory of 5112 4424 tbbttt.exe 85 PID 4424 wrote to memory of 5112 4424 tbbttt.exe 85 PID 4424 wrote to memory of 5112 4424 tbbttt.exe 85 PID 5112 wrote to memory of 4816 5112 rrlfxrl.exe 86 PID 5112 wrote to memory of 4816 5112 rrlfxrl.exe 86 PID 5112 wrote to memory of 4816 5112 rrlfxrl.exe 86 PID 4816 wrote to memory of 3992 4816 ttnhbt.exe 87 PID 4816 wrote to memory of 3992 4816 ttnhbt.exe 87 PID 4816 wrote to memory of 3992 4816 ttnhbt.exe 87 PID 3992 wrote to memory of 1460 3992 flrfxrl.exe 89 PID 3992 wrote to memory of 1460 3992 flrfxrl.exe 89 PID 3992 wrote to memory of 1460 3992 flrfxrl.exe 89 PID 1460 wrote to memory of 2740 1460 ppddd.exe 90 PID 1460 wrote to memory of 2740 1460 ppddd.exe 90 PID 1460 wrote to memory of 2740 1460 ppddd.exe 90 PID 2740 wrote to memory of 3392 2740 xrrllrl.exe 91 PID 2740 wrote to memory of 3392 2740 xrrllrl.exe 91 PID 2740 wrote to memory of 3392 2740 xrrllrl.exe 91 PID 3392 wrote to memory of 3104 3392 ntttnh.exe 92 PID 3392 wrote to memory of 3104 3392 ntttnh.exe 92 PID 3392 wrote to memory of 3104 3392 ntttnh.exe 92 PID 3104 wrote to memory of 5016 3104 7vvpj.exe 93 PID 3104 wrote to memory of 5016 3104 7vvpj.exe 93 PID 3104 wrote to memory of 5016 3104 7vvpj.exe 93 PID 5016 wrote to memory of 5008 5016 ppddp.exe 94 PID 5016 wrote to memory of 5008 5016 ppddp.exe 94 PID 5016 wrote to memory of 5008 5016 ppddp.exe 94 PID 5008 wrote to memory of 1784 5008 fffxffl.exe 95 PID 5008 wrote to memory of 1784 5008 fffxffl.exe 95 PID 5008 wrote to memory of 1784 5008 fffxffl.exe 95 PID 1784 wrote to memory of 1824 1784 nntnnh.exe 97 PID 1784 wrote to memory of 1824 1784 nntnnh.exe 97 PID 1784 wrote to memory of 1824 1784 nntnnh.exe 97 PID 1824 wrote to memory of 1688 1824 fxxrllf.exe 99 PID 1824 wrote to memory of 1688 1824 fxxrllf.exe 99 PID 1824 wrote to memory of 1688 1824 fxxrllf.exe 99 PID 1688 wrote to memory of 2616 1688 nhntnt.exe 100 PID 1688 wrote to memory of 2616 1688 nhntnt.exe 100 PID 1688 wrote to memory of 2616 1688 nhntnt.exe 100 PID 2616 wrote to memory of 4828 2616 dpvvp.exe 101 PID 2616 wrote to memory of 4828 2616 dpvvp.exe 101 PID 2616 wrote to memory of 4828 2616 dpvvp.exe 101 PID 4828 wrote to memory of 2760 4828 jdvpj.exe 102 PID 4828 wrote to memory of 2760 4828 jdvpj.exe 102 PID 4828 wrote to memory of 2760 4828 jdvpj.exe 102 PID 2760 wrote to memory of 2732 2760 9rrlflf.exe 103 PID 2760 wrote to memory of 2732 2760 9rrlflf.exe 103 PID 2760 wrote to memory of 2732 2760 9rrlflf.exe 103 PID 2732 wrote to memory of 3124 2732 hhhbtt.exe 104 PID 2732 wrote to memory of 3124 2732 hhhbtt.exe 104 PID 2732 wrote to memory of 3124 2732 hhhbtt.exe 104 PID 3124 wrote to memory of 3496 3124 bhhtnn.exe 105 PID 3124 wrote to memory of 3496 3124 bhhtnn.exe 105 PID 3124 wrote to memory of 3496 3124 bhhtnn.exe 105 PID 3496 wrote to memory of 4764 3496 bhnnbn.exe 106 PID 3496 wrote to memory of 4764 3496 bhnnbn.exe 106 PID 3496 wrote to memory of 4764 3496 bhnnbn.exe 106 PID 4764 wrote to memory of 1104 4764 btbtnn.exe 107
Processes
-
C:\Users\Admin\AppData\Local\Temp\ee76993b3739e44042d96678fc41d9f3e8410b08cf452e209fdd981091b4f48b.exe"C:\Users\Admin\AppData\Local\Temp\ee76993b3739e44042d96678fc41d9f3e8410b08cf452e209fdd981091b4f48b.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:216 -
\??\c:\pjvpp.exec:\pjvpp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1416 -
\??\c:\tbbttt.exec:\tbbttt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4424 -
\??\c:\rrlfxrl.exec:\rrlfxrl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5112 -
\??\c:\ttnhbt.exec:\ttnhbt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4816 -
\??\c:\flrfxrl.exec:\flrfxrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3992 -
\??\c:\ppddd.exec:\ppddd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1460 -
\??\c:\xrrllrl.exec:\xrrllrl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2740 -
\??\c:\ntttnh.exec:\ntttnh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3392 -
\??\c:\7vvpj.exec:\7vvpj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3104 -
\??\c:\ppddp.exec:\ppddp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5016 -
\??\c:\fffxffl.exec:\fffxffl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5008 -
\??\c:\nntnnh.exec:\nntnnh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1784 -
\??\c:\fxxrllf.exec:\fxxrllf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1824 -
\??\c:\nhntnt.exec:\nhntnt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1688 -
\??\c:\dpvvp.exec:\dpvvp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2616 -
\??\c:\jdvpj.exec:\jdvpj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4828 -
\??\c:\9rrlflf.exec:\9rrlflf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2760 -
\??\c:\hhhbtt.exec:\hhhbtt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2732 -
\??\c:\bhhtnn.exec:\bhhtnn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3124 -
\??\c:\bhnnbn.exec:\bhnnbn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3496 -
\??\c:\btbtnn.exec:\btbtnn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4764 -
\??\c:\7vvjd.exec:\7vvjd.exe23⤵
- Executes dropped EXE
PID:1104 -
\??\c:\fflllll.exec:\fflllll.exe24⤵
- Executes dropped EXE
PID:5040 -
\??\c:\hnhttn.exec:\hnhttn.exe25⤵
- Executes dropped EXE
PID:4904 -
\??\c:\1hbtbb.exec:\1hbtbb.exe26⤵
- Executes dropped EXE
PID:3128 -
\??\c:\9jdpj.exec:\9jdpj.exe27⤵
- Executes dropped EXE
PID:1100 -
\??\c:\5rfrffx.exec:\5rfrffx.exe28⤵
- Executes dropped EXE
PID:4880 -
\??\c:\3hhbtt.exec:\3hhbtt.exe29⤵
- Executes dropped EXE
PID:3324 -
\??\c:\hbtnhb.exec:\hbtnhb.exe30⤵
- Executes dropped EXE
PID:5108 -
\??\c:\pjdjj.exec:\pjdjj.exe31⤵
- Executes dropped EXE
PID:4768 -
\??\c:\lxfrlfx.exec:\lxfrlfx.exe32⤵
- Executes dropped EXE
PID:400 -
\??\c:\tnbtbb.exec:\tnbtbb.exe33⤵
- Executes dropped EXE
PID:1184 -
\??\c:\hbhhnh.exec:\hbhhnh.exe34⤵
- Executes dropped EXE
PID:3384 -
\??\c:\htnhbt.exec:\htnhbt.exe35⤵
- Executes dropped EXE
PID:1628 -
\??\c:\jddpp.exec:\jddpp.exe36⤵
- Executes dropped EXE
PID:3900 -
\??\c:\rrfxfxl.exec:\rrfxfxl.exe37⤵
- Executes dropped EXE
PID:1860 -
\??\c:\btnnht.exec:\btnnht.exe38⤵
- Executes dropped EXE
PID:4284 -
\??\c:\tbnhbb.exec:\tbnhbb.exe39⤵
- Executes dropped EXE
PID:4048 -
\??\c:\3jjdv.exec:\3jjdv.exe40⤵
- Executes dropped EXE
PID:2980 -
\??\c:\xrrfxrl.exec:\xrrfxrl.exe41⤵
- Executes dropped EXE
PID:4848 -
\??\c:\bthbhh.exec:\bthbhh.exe42⤵
- Executes dropped EXE
PID:3292 -
\??\c:\dvdvp.exec:\dvdvp.exe43⤵
- Executes dropped EXE
PID:4820 -
\??\c:\pjjjd.exec:\pjjjd.exe44⤵
- Executes dropped EXE
PID:2428 -
\??\c:\3rrlffx.exec:\3rrlffx.exe45⤵
- Executes dropped EXE
PID:3388 -
\??\c:\ttnntt.exec:\ttnntt.exe46⤵
- Executes dropped EXE
PID:472 -
\??\c:\jjpdv.exec:\jjpdv.exe47⤵
- Executes dropped EXE
PID:2964 -
\??\c:\lxfxfff.exec:\lxfxfff.exe48⤵
- Executes dropped EXE
PID:4448 -
\??\c:\5hhbtt.exec:\5hhbtt.exe49⤵
- Executes dropped EXE
PID:3772 -
\??\c:\bbbnhh.exec:\bbbnhh.exe50⤵
- Executes dropped EXE
PID:4504 -
\??\c:\jdjvp.exec:\jdjvp.exe51⤵
- Executes dropped EXE
PID:4020 -
\??\c:\ffxrllf.exec:\ffxrllf.exe52⤵
- Executes dropped EXE
PID:116 -
\??\c:\bbttbh.exec:\bbttbh.exe53⤵
- Executes dropped EXE
PID:1724 -
\??\c:\3ddvd.exec:\3ddvd.exe54⤵
- Executes dropped EXE
PID:1400 -
\??\c:\xlrlffx.exec:\xlrlffx.exe55⤵
- Executes dropped EXE
PID:3332 -
\??\c:\9tthbb.exec:\9tthbb.exe56⤵
- Executes dropped EXE
PID:2492 -
\??\c:\tnnhbb.exec:\tnnhbb.exe57⤵
- Executes dropped EXE
PID:3832 -
\??\c:\1djjd.exec:\1djjd.exe58⤵
- Executes dropped EXE
PID:2412 -
\??\c:\3jpjj.exec:\3jpjj.exe59⤵
- Executes dropped EXE
PID:3792 -
\??\c:\lrlffll.exec:\lrlffll.exe60⤵
- Executes dropped EXE
PID:4760 -
\??\c:\1nthnn.exec:\1nthnn.exe61⤵
- Executes dropped EXE
PID:1516 -
\??\c:\tthhbh.exec:\tthhbh.exe62⤵
- Executes dropped EXE
PID:2488 -
\??\c:\jvddp.exec:\jvddp.exe63⤵
- Executes dropped EXE
PID:2524 -
\??\c:\xxfxffl.exec:\xxfxffl.exe64⤵
- Executes dropped EXE
PID:2076 -
\??\c:\lrxrlfx.exec:\lrxrlfx.exe65⤵
- Executes dropped EXE
PID:1520 -
\??\c:\bnbnbn.exec:\bnbnbn.exe66⤵PID:4536
-
\??\c:\5ppjj.exec:\5ppjj.exe67⤵PID:1824
-
\??\c:\ppvjv.exec:\ppvjv.exe68⤵PID:2256
-
\??\c:\lfffrfx.exec:\lfffrfx.exe69⤵PID:4832
-
\??\c:\nbhbtt.exec:\nbhbtt.exe70⤵PID:4860
-
\??\c:\tnbttt.exec:\tnbttt.exe71⤵PID:2144
-
\??\c:\jvpjp.exec:\jvpjp.exe72⤵PID:1868
-
\??\c:\xffxlll.exec:\xffxlll.exe73⤵PID:2732
-
\??\c:\nntnhh.exec:\nntnhh.exe74⤵PID:4404
-
\??\c:\vdpdp.exec:\vdpdp.exe75⤵PID:3124
-
\??\c:\xfxfxlx.exec:\xfxfxlx.exe76⤵PID:364
-
\??\c:\fxfxxxx.exec:\fxfxxxx.exe77⤵PID:4244
-
\??\c:\hbhhnn.exec:\hbhhnn.exe78⤵PID:1104
-
\??\c:\bnhnhh.exec:\bnhnhh.exe79⤵PID:2156
-
\??\c:\1jjdd.exec:\1jjdd.exe80⤵PID:1768
-
\??\c:\vppdv.exec:\vppdv.exe81⤵PID:1504
-
\??\c:\rffxrrr.exec:\rffxrrr.exe82⤵PID:1392
-
\??\c:\5flxfff.exec:\5flxfff.exe83⤵PID:4124
-
\??\c:\nnnnhh.exec:\nnnnhh.exe84⤵PID:2024
-
\??\c:\jvddd.exec:\jvddd.exe85⤵PID:872
-
\??\c:\vjvpd.exec:\vjvpd.exe86⤵PID:2408
-
\??\c:\rrlfrrx.exec:\rrlfrrx.exe87⤵PID:4036
-
\??\c:\7bnbht.exec:\7bnbht.exe88⤵PID:4784
-
\??\c:\tntthn.exec:\tntthn.exe89⤵PID:4956
-
\??\c:\djdvv.exec:\djdvv.exe90⤵PID:708
-
\??\c:\dvddv.exec:\dvddv.exe91⤵PID:3512
-
\??\c:\flrlffx.exec:\flrlffx.exe92⤵PID:1628
-
\??\c:\nnbttn.exec:\nnbttn.exe93⤵PID:3724
-
\??\c:\5ntbhh.exec:\5ntbhh.exe94⤵PID:1860
-
\??\c:\ddppp.exec:\ddppp.exe95⤵PID:4300
-
\??\c:\btbbhh.exec:\btbbhh.exe96⤵PID:4048
-
\??\c:\1ttntn.exec:\1ttntn.exe97⤵PID:2344
-
\??\c:\vppjd.exec:\vppjd.exe98⤵PID:4848
-
\??\c:\frxxrrl.exec:\frxxrrl.exe99⤵PID:2836
-
\??\c:\1rrlxff.exec:\1rrlxff.exe100⤵PID:1856
-
\??\c:\1ntnbb.exec:\1ntnbb.exe101⤵PID:4200
-
\??\c:\jvdvp.exec:\jvdvp.exe102⤵PID:2016
-
\??\c:\rxxlfxr.exec:\rxxlfxr.exe103⤵PID:4376
-
\??\c:\tbbtnn.exec:\tbbtnn.exe104⤵PID:1928
-
\??\c:\ppjpj.exec:\ppjpj.exe105⤵PID:4788
-
\??\c:\lflfxrx.exec:\lflfxrx.exe106⤵PID:1948
-
\??\c:\ntttnn.exec:\ntttnn.exe107⤵PID:2536
-
\??\c:\bhnhhh.exec:\bhnhhh.exe108⤵PID:2932
-
\??\c:\dpvpj.exec:\dpvpj.exe109⤵PID:2856
-
\??\c:\xxfxfxr.exec:\xxfxfxr.exe110⤵PID:2028
-
\??\c:\ffrlllf.exec:\ffrlllf.exe111⤵PID:2636
-
\??\c:\bhhbnn.exec:\bhhbnn.exe112⤵PID:2096
-
\??\c:\btnhbt.exec:\btnhbt.exe113⤵PID:640
-
\??\c:\vpjjp.exec:\vpjjp.exe114⤵PID:3080
-
\??\c:\fxxrlfx.exec:\fxxrlfx.exe115⤵PID:2384
-
\??\c:\flrxrff.exec:\flrxrff.exe116⤵PID:4204
-
\??\c:\hbtnhh.exec:\hbtnhh.exe117⤵PID:2292
-
\??\c:\vjvdp.exec:\vjvdp.exe118⤵PID:1076
-
\??\c:\xflfxrl.exec:\xflfxrl.exe119⤵PID:2736
-
\??\c:\xllxrlf.exec:\xllxrlf.exe120⤵PID:4832
-
\??\c:\nbhbbb.exec:\nbhbbb.exe121⤵PID:3624
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-