Analysis
-
max time kernel
151s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
03-05-2024 21:22
Behavioral task
behavioral1
Sample
4926d0c641a7431878aba79aa73d1ed53d7d6ef2c50548732d1c5f37caac141b.exe
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
General
-
Target
4926d0c641a7431878aba79aa73d1ed53d7d6ef2c50548732d1c5f37caac141b.exe
-
Size
65KB
-
MD5
2b1fd53aa30a0716a4d76af208e6dcd3
-
SHA1
289fe5252b91bc383845f357cd0698527074f068
-
SHA256
4926d0c641a7431878aba79aa73d1ed53d7d6ef2c50548732d1c5f37caac141b
-
SHA512
263db0b74fab744f5c128ba3adc8a113ebe451cc101990f0a0fe63195d0f3d88c8c7a99a4716bb7c5024dd466c32a765306da64366a13a44a43c19424081aba6
-
SSDEEP
1536:kvQBeOGtrYS3srx93UBWfwC6Ggnouy8p5yAXN8dI4I9c1CLcxdw/hx:khOmTsF93UYfwC6GIoutpYHrgow/3
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/4400-4-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3180-14-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3124-20-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3456-26-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4800-31-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4196-36-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1052-42-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3596-49-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3324-54-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2524-60-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2328-66-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1124-72-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/416-77-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2092-93-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4804-97-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1060-101-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3536-110-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3628-116-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3660-122-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4632-128-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4512-138-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/816-144-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1372-150-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/360-153-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4980-167-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/648-173-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4400-180-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2056-191-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/904-195-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2980-200-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3904-206-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3916-211-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3880-215-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2084-217-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1104-236-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2092-255-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3488-261-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2300-268-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4864-278-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4612-282-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1940-289-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1128-300-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3412-306-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4304-311-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2396-328-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/768-368-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2120-375-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2328-382-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3564-383-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3556-414-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4864-435-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3384-473-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3484-478-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3980-489-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4532-502-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4908-515-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2352-546-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3396-577-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3604-593-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3008-648-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3372-743-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/464-751-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2680-769-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/524-1363-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/4400-0-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0008000000023251-3.dat UPX behavioral2/memory/4400-4-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0008000000023254-8.dat UPX behavioral2/files/0x0008000000023255-11.dat UPX behavioral2/memory/3180-14-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0008000000023257-18.dat UPX behavioral2/memory/3124-20-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3456-26-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0008000000023259-24.dat UPX behavioral2/memory/4800-31-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002325a-30.dat UPX behavioral2/files/0x000700000002325b-35.dat UPX behavioral2/memory/4196-36-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002325c-40.dat UPX behavioral2/memory/1052-42-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002325d-46.dat UPX behavioral2/memory/3596-49-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002325e-52.dat UPX behavioral2/memory/3324-54-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2524-60-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002325f-59.dat UPX behavioral2/memory/2328-66-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023260-64.dat UPX behavioral2/files/0x0007000000023261-70.dat UPX behavioral2/memory/1124-72-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023262-76.dat UPX behavioral2/memory/416-77-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023263-81.dat UPX behavioral2/files/0x0007000000023264-86.dat UPX behavioral2/memory/2092-93-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023265-92.dat UPX behavioral2/memory/4804-97-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023267-98.dat UPX behavioral2/memory/1060-101-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023268-103.dat UPX behavioral2/files/0x0007000000023269-108.dat UPX behavioral2/memory/3536-110-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002326a-114.dat UPX behavioral2/memory/3628-116-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002326b-120.dat UPX behavioral2/memory/3660-122-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002326c-126.dat UPX behavioral2/memory/4632-128-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002326d-132.dat UPX behavioral2/files/0x000700000002326e-137.dat UPX behavioral2/memory/4512-138-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002326f-142.dat UPX behavioral2/memory/816-144-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023270-147.dat UPX behavioral2/memory/1372-150-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/360-153-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023271-155.dat UPX behavioral2/files/0x0007000000023272-161.dat UPX behavioral2/memory/4980-163-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023273-166.dat UPX behavioral2/memory/4980-167-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023274-171.dat UPX behavioral2/memory/648-173-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4400-180-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023275-179.dat UPX behavioral2/memory/32-181-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2056-191-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/904-195-0x0000000000400000-0x0000000000427000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 3480 07v5g0.exe 3180 j15ox1q.exe 3124 ni125a.exe 3456 ldlgk.exe 4800 9jgr69m.exe 4196 8h1qc.exe 1052 4l34m79.exe 3596 29q5f.exe 3324 duqu0.exe 2524 c0685.exe 2328 qq5ie9.exe 1124 t52v7s3.exe 416 u5pexof.exe 232 984ga75.exe 5088 36399o.exe 2092 3k7o4.exe 4804 we2tr8i.exe 1060 5238f0.exe 3536 65a5it5.exe 3628 ltdlt.exe 3660 1290qv4.exe 4632 29lehee.exe 2456 462p2.exe 4512 3775hha.exe 816 974s3k.exe 1372 4xj5j.exe 360 3qat5hw.exe 4436 ia8x7.exe 4980 kbnh76.exe 648 dgv387q.exe 4400 88pq900.exe 32 3666h20.exe 4180 33939.exe 2056 k0gg1wc.exe 904 jt35bvs.exe 1600 5vp2e7.exe 2980 6l930w.exe 3904 s7s13.exe 3916 5r0rx8.exe 3880 3wk79.exe 2084 1flr2.exe 3984 oc7jv.exe 3840 od7qew.exe 3224 5an9sk.exe 3740 2e05r0.exe 3564 f37pf72.exe 1104 6822f.exe 2608 217k9ee.exe 4460 9r72hbk.exe 4536 0ri6p.exe 3992 u3m73o1.exe 1536 2meo3g.exe 2092 t404h.exe 3488 6c5o767.exe 3388 8lru853.exe 2300 i9og8q.exe 2752 8999n.exe 2688 kkn7q.exe 4864 99jwt.exe 4612 0dsa7tq.exe 2252 38w9f1.exe 1940 wb2ii6.exe 4524 073a3.exe 3160 6r11j.exe -
resource yara_rule behavioral2/memory/4400-0-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0008000000023251-3.dat upx behavioral2/memory/4400-4-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0008000000023254-8.dat upx behavioral2/files/0x0008000000023255-11.dat upx behavioral2/memory/3180-14-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0008000000023257-18.dat upx behavioral2/memory/3124-20-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3456-26-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0008000000023259-24.dat upx behavioral2/memory/4800-31-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002325a-30.dat upx behavioral2/files/0x000700000002325b-35.dat upx behavioral2/memory/4196-36-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002325c-40.dat upx behavioral2/memory/1052-42-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002325d-46.dat upx behavioral2/memory/3596-49-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002325e-52.dat upx behavioral2/memory/3324-54-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2524-60-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002325f-59.dat upx behavioral2/memory/2328-66-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023260-64.dat upx behavioral2/files/0x0007000000023261-70.dat upx behavioral2/memory/1124-72-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023262-76.dat upx behavioral2/memory/416-77-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023263-81.dat upx behavioral2/files/0x0007000000023264-86.dat upx behavioral2/memory/2092-93-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023265-92.dat upx behavioral2/memory/4804-97-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023267-98.dat upx behavioral2/memory/1060-101-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023268-103.dat upx behavioral2/files/0x0007000000023269-108.dat upx behavioral2/memory/3536-110-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002326a-114.dat upx behavioral2/memory/3628-116-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002326b-120.dat upx behavioral2/memory/3660-122-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002326c-126.dat upx behavioral2/memory/4632-128-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002326d-132.dat upx behavioral2/files/0x000700000002326e-137.dat upx behavioral2/memory/4512-138-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002326f-142.dat upx behavioral2/memory/816-144-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023270-147.dat upx behavioral2/memory/1372-150-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/360-153-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023271-155.dat upx behavioral2/files/0x0007000000023272-161.dat upx behavioral2/memory/4980-163-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023273-166.dat upx behavioral2/memory/4980-167-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023274-171.dat upx behavioral2/memory/648-173-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4400-180-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023275-179.dat upx behavioral2/memory/32-181-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2056-191-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/904-195-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4400 wrote to memory of 3480 4400 4926d0c641a7431878aba79aa73d1ed53d7d6ef2c50548732d1c5f37caac141b.exe 91 PID 4400 wrote to memory of 3480 4400 4926d0c641a7431878aba79aa73d1ed53d7d6ef2c50548732d1c5f37caac141b.exe 91 PID 4400 wrote to memory of 3480 4400 4926d0c641a7431878aba79aa73d1ed53d7d6ef2c50548732d1c5f37caac141b.exe 91 PID 3480 wrote to memory of 3180 3480 07v5g0.exe 92 PID 3480 wrote to memory of 3180 3480 07v5g0.exe 92 PID 3480 wrote to memory of 3180 3480 07v5g0.exe 92 PID 3180 wrote to memory of 3124 3180 j15ox1q.exe 93 PID 3180 wrote to memory of 3124 3180 j15ox1q.exe 93 PID 3180 wrote to memory of 3124 3180 j15ox1q.exe 93 PID 3124 wrote to memory of 3456 3124 ni125a.exe 94 PID 3124 wrote to memory of 3456 3124 ni125a.exe 94 PID 3124 wrote to memory of 3456 3124 ni125a.exe 94 PID 3456 wrote to memory of 4800 3456 ldlgk.exe 95 PID 3456 wrote to memory of 4800 3456 ldlgk.exe 95 PID 3456 wrote to memory of 4800 3456 ldlgk.exe 95 PID 4800 wrote to memory of 4196 4800 9jgr69m.exe 96 PID 4800 wrote to memory of 4196 4800 9jgr69m.exe 96 PID 4800 wrote to memory of 4196 4800 9jgr69m.exe 96 PID 4196 wrote to memory of 1052 4196 8h1qc.exe 97 PID 4196 wrote to memory of 1052 4196 8h1qc.exe 97 PID 4196 wrote to memory of 1052 4196 8h1qc.exe 97 PID 1052 wrote to memory of 3596 1052 4l34m79.exe 98 PID 1052 wrote to memory of 3596 1052 4l34m79.exe 98 PID 1052 wrote to memory of 3596 1052 4l34m79.exe 98 PID 3596 wrote to memory of 3324 3596 29q5f.exe 99 PID 3596 wrote to memory of 3324 3596 29q5f.exe 99 PID 3596 wrote to memory of 3324 3596 29q5f.exe 99 PID 3324 wrote to memory of 2524 3324 duqu0.exe 100 PID 3324 wrote to memory of 2524 3324 duqu0.exe 100 PID 3324 wrote to memory of 2524 3324 duqu0.exe 100 PID 2524 wrote to memory of 2328 2524 c0685.exe 101 PID 2524 wrote to memory of 2328 2524 c0685.exe 101 PID 2524 wrote to memory of 2328 2524 c0685.exe 101 PID 2328 wrote to memory of 1124 2328 qq5ie9.exe 102 PID 2328 wrote to memory of 1124 2328 qq5ie9.exe 102 PID 2328 wrote to memory of 1124 2328 qq5ie9.exe 102 PID 1124 wrote to memory of 416 1124 t52v7s3.exe 103 PID 1124 wrote to memory of 416 1124 t52v7s3.exe 103 PID 1124 wrote to memory of 416 1124 t52v7s3.exe 103 PID 416 wrote to memory of 232 416 u5pexof.exe 104 PID 416 wrote to memory of 232 416 u5pexof.exe 104 PID 416 wrote to memory of 232 416 u5pexof.exe 104 PID 232 wrote to memory of 5088 232 984ga75.exe 105 PID 232 wrote to memory of 5088 232 984ga75.exe 105 PID 232 wrote to memory of 5088 232 984ga75.exe 105 PID 5088 wrote to memory of 2092 5088 36399o.exe 106 PID 5088 wrote to memory of 2092 5088 36399o.exe 106 PID 5088 wrote to memory of 2092 5088 36399o.exe 106 PID 2092 wrote to memory of 4804 2092 3k7o4.exe 107 PID 2092 wrote to memory of 4804 2092 3k7o4.exe 107 PID 2092 wrote to memory of 4804 2092 3k7o4.exe 107 PID 4804 wrote to memory of 1060 4804 we2tr8i.exe 108 PID 4804 wrote to memory of 1060 4804 we2tr8i.exe 108 PID 4804 wrote to memory of 1060 4804 we2tr8i.exe 108 PID 1060 wrote to memory of 3536 1060 5238f0.exe 109 PID 1060 wrote to memory of 3536 1060 5238f0.exe 109 PID 1060 wrote to memory of 3536 1060 5238f0.exe 109 PID 3536 wrote to memory of 3628 3536 65a5it5.exe 110 PID 3536 wrote to memory of 3628 3536 65a5it5.exe 110 PID 3536 wrote to memory of 3628 3536 65a5it5.exe 110 PID 3628 wrote to memory of 3660 3628 ltdlt.exe 111 PID 3628 wrote to memory of 3660 3628 ltdlt.exe 111 PID 3628 wrote to memory of 3660 3628 ltdlt.exe 111 PID 3660 wrote to memory of 4632 3660 1290qv4.exe 112
Processes
-
C:\Users\Admin\AppData\Local\Temp\4926d0c641a7431878aba79aa73d1ed53d7d6ef2c50548732d1c5f37caac141b.exe"C:\Users\Admin\AppData\Local\Temp\4926d0c641a7431878aba79aa73d1ed53d7d6ef2c50548732d1c5f37caac141b.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4400 -
\??\c:\07v5g0.exec:\07v5g0.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3480 -
\??\c:\j15ox1q.exec:\j15ox1q.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3180 -
\??\c:\ni125a.exec:\ni125a.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3124 -
\??\c:\ldlgk.exec:\ldlgk.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3456 -
\??\c:\9jgr69m.exec:\9jgr69m.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4800 -
\??\c:\8h1qc.exec:\8h1qc.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4196 -
\??\c:\4l34m79.exec:\4l34m79.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1052 -
\??\c:\29q5f.exec:\29q5f.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3596 -
\??\c:\duqu0.exec:\duqu0.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3324 -
\??\c:\c0685.exec:\c0685.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2524 -
\??\c:\qq5ie9.exec:\qq5ie9.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2328 -
\??\c:\t52v7s3.exec:\t52v7s3.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1124 -
\??\c:\u5pexof.exec:\u5pexof.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:416 -
\??\c:\984ga75.exec:\984ga75.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:232 -
\??\c:\36399o.exec:\36399o.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5088 -
\??\c:\3k7o4.exec:\3k7o4.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2092 -
\??\c:\we2tr8i.exec:\we2tr8i.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4804 -
\??\c:\5238f0.exec:\5238f0.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1060 -
\??\c:\65a5it5.exec:\65a5it5.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3536 -
\??\c:\ltdlt.exec:\ltdlt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3628 -
\??\c:\1290qv4.exec:\1290qv4.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3660 -
\??\c:\29lehee.exec:\29lehee.exe23⤵
- Executes dropped EXE
PID:4632 -
\??\c:\462p2.exec:\462p2.exe24⤵
- Executes dropped EXE
PID:2456 -
\??\c:\3775hha.exec:\3775hha.exe25⤵
- Executes dropped EXE
PID:4512 -
\??\c:\974s3k.exec:\974s3k.exe26⤵
- Executes dropped EXE
PID:816 -
\??\c:\4xj5j.exec:\4xj5j.exe27⤵
- Executes dropped EXE
PID:1372 -
\??\c:\3qat5hw.exec:\3qat5hw.exe28⤵
- Executes dropped EXE
PID:360 -
\??\c:\ia8x7.exec:\ia8x7.exe29⤵
- Executes dropped EXE
PID:4436 -
\??\c:\kbnh76.exec:\kbnh76.exe30⤵
- Executes dropped EXE
PID:4980 -
\??\c:\dgv387q.exec:\dgv387q.exe31⤵
- Executes dropped EXE
PID:648 -
\??\c:\88pq900.exec:\88pq900.exe32⤵
- Executes dropped EXE
PID:4400 -
\??\c:\3666h20.exec:\3666h20.exe33⤵
- Executes dropped EXE
PID:32 -
\??\c:\33939.exec:\33939.exe34⤵
- Executes dropped EXE
PID:4180 -
\??\c:\k0gg1wc.exec:\k0gg1wc.exe35⤵
- Executes dropped EXE
PID:2056 -
\??\c:\jt35bvs.exec:\jt35bvs.exe36⤵
- Executes dropped EXE
PID:904 -
\??\c:\5vp2e7.exec:\5vp2e7.exe37⤵
- Executes dropped EXE
PID:1600 -
\??\c:\6l930w.exec:\6l930w.exe38⤵
- Executes dropped EXE
PID:2980 -
\??\c:\s7s13.exec:\s7s13.exe39⤵
- Executes dropped EXE
PID:3904 -
\??\c:\5r0rx8.exec:\5r0rx8.exe40⤵
- Executes dropped EXE
PID:3916 -
\??\c:\3wk79.exec:\3wk79.exe41⤵
- Executes dropped EXE
PID:3880 -
\??\c:\1flr2.exec:\1flr2.exe42⤵
- Executes dropped EXE
PID:2084 -
\??\c:\oc7jv.exec:\oc7jv.exe43⤵
- Executes dropped EXE
PID:3984 -
\??\c:\od7qew.exec:\od7qew.exe44⤵
- Executes dropped EXE
PID:3840 -
\??\c:\5an9sk.exec:\5an9sk.exe45⤵
- Executes dropped EXE
PID:3224 -
\??\c:\2e05r0.exec:\2e05r0.exe46⤵
- Executes dropped EXE
PID:3740 -
\??\c:\f37pf72.exec:\f37pf72.exe47⤵
- Executes dropped EXE
PID:3564 -
\??\c:\6822f.exec:\6822f.exe48⤵
- Executes dropped EXE
PID:1104 -
\??\c:\217k9ee.exec:\217k9ee.exe49⤵
- Executes dropped EXE
PID:2608 -
\??\c:\9r72hbk.exec:\9r72hbk.exe50⤵
- Executes dropped EXE
PID:4460 -
\??\c:\0ri6p.exec:\0ri6p.exe51⤵
- Executes dropped EXE
PID:4536 -
\??\c:\u3m73o1.exec:\u3m73o1.exe52⤵
- Executes dropped EXE
PID:3992 -
\??\c:\2meo3g.exec:\2meo3g.exe53⤵
- Executes dropped EXE
PID:1536 -
\??\c:\t404h.exec:\t404h.exe54⤵
- Executes dropped EXE
PID:2092 -
\??\c:\6c5o767.exec:\6c5o767.exe55⤵
- Executes dropped EXE
PID:3488 -
\??\c:\8lru853.exec:\8lru853.exe56⤵
- Executes dropped EXE
PID:3388 -
\??\c:\i9og8q.exec:\i9og8q.exe57⤵
- Executes dropped EXE
PID:2300 -
\??\c:\8999n.exec:\8999n.exe58⤵
- Executes dropped EXE
PID:2752 -
\??\c:\kkn7q.exec:\kkn7q.exe59⤵
- Executes dropped EXE
PID:2688 -
\??\c:\99jwt.exec:\99jwt.exe60⤵
- Executes dropped EXE
PID:4864 -
\??\c:\0dsa7tq.exec:\0dsa7tq.exe61⤵
- Executes dropped EXE
PID:4612 -
\??\c:\38w9f1.exec:\38w9f1.exe62⤵
- Executes dropped EXE
PID:2252 -
\??\c:\wb2ii6.exec:\wb2ii6.exe63⤵
- Executes dropped EXE
PID:1940 -
\??\c:\073a3.exec:\073a3.exe64⤵
- Executes dropped EXE
PID:4524 -
\??\c:\6r11j.exec:\6r11j.exe65⤵
- Executes dropped EXE
PID:3160 -
\??\c:\7ivld.exec:\7ivld.exe66⤵PID:2308
-
\??\c:\vqa93h4.exec:\vqa93h4.exe67⤵PID:1128
-
\??\c:\n5m8o.exec:\n5m8o.exe68⤵PID:3412
-
\??\c:\2d5en.exec:\2d5en.exe69⤵PID:1440
-
\??\c:\itr51ab.exec:\itr51ab.exe70⤵PID:4304
-
\??\c:\20pv4a.exec:\20pv4a.exe71⤵PID:1212
-
\??\c:\53sg5qi.exec:\53sg5qi.exe72⤵PID:3384
-
\??\c:\39xekx.exec:\39xekx.exe73⤵PID:2404
-
\??\c:\wq5e4g.exec:\wq5e4g.exe74⤵PID:1120
-
\??\c:\x40f8b.exec:\x40f8b.exe75⤵PID:2396
-
\??\c:\28h9t5.exec:\28h9t5.exe76⤵PID:2764
-
\??\c:\06j32l.exec:\06j32l.exe77⤵PID:948
-
\??\c:\2945q5.exec:\2945q5.exe78⤵PID:2916
-
\??\c:\4q03mbi.exec:\4q03mbi.exe79⤵PID:3124
-
\??\c:\4501634.exec:\4501634.exe80⤵PID:3456
-
\??\c:\j90xx.exec:\j90xx.exe81⤵PID:4868
-
\??\c:\q3f5p.exec:\q3f5p.exe82⤵PID:3816
-
\??\c:\43vtp9.exec:\43vtp9.exe83⤵PID:3400
-
\??\c:\xpxpx.exec:\xpxpx.exe84⤵PID:3548
-
\??\c:\wkx9q0.exec:\wkx9q0.exe85⤵PID:888
-
\??\c:\1aa3ouc.exec:\1aa3ouc.exe86⤵PID:3756
-
\??\c:\41kisqi.exec:\41kisqi.exe87⤵PID:2320
-
\??\c:\u677aq.exec:\u677aq.exe88⤵PID:768
-
\??\c:\786825.exec:\786825.exe89⤵PID:3492
-
\??\c:\dxnft5.exec:\dxnft5.exe90⤵PID:2120
-
\??\c:\me6d70.exec:\me6d70.exe91⤵PID:3224
-
\??\c:\mjak3bi.exec:\mjak3bi.exe92⤵PID:2328
-
\??\c:\8xlr3.exec:\8xlr3.exe93⤵PID:3564
-
\??\c:\p8vra2.exec:\p8vra2.exe94⤵PID:3204
-
\??\c:\lm9nx.exec:\lm9nx.exe95⤵PID:4756
-
\??\c:\ijk2wl.exec:\ijk2wl.exe96⤵PID:1464
-
\??\c:\mjsd1.exec:\mjsd1.exe97⤵PID:416
-
\??\c:\c2s5li.exec:\c2s5li.exe98⤵PID:2388
-
\??\c:\8vqub.exec:\8vqub.exe99⤵PID:3500
-
\??\c:\u39l9.exec:\u39l9.exe100⤵PID:2804
-
\??\c:\e31b9e.exec:\e31b9e.exe101⤵PID:1216
-
\??\c:\gro45v7.exec:\gro45v7.exe102⤵PID:3556
-
\??\c:\eeag5.exec:\eeag5.exe103⤵PID:3396
-
\??\c:\15195n.exec:\15195n.exe104⤵PID:180
-
\??\c:\h8woloa.exec:\h8woloa.exe105⤵PID:1584
-
\??\c:\rr2if2w.exec:\rr2if2w.exe106⤵PID:1996
-
\??\c:\1e34n55.exec:\1e34n55.exe107⤵PID:2688
-
\??\c:\0om117.exec:\0om117.exe108⤵PID:4864
-
\??\c:\s732o6.exec:\s732o6.exe109⤵PID:4612
-
\??\c:\ee7bs90.exec:\ee7bs90.exe110⤵PID:1624
-
\??\c:\v1bb5i.exec:\v1bb5i.exe111⤵PID:1568
-
\??\c:\vqe66.exec:\vqe66.exe112⤵PID:4524
-
\??\c:\rxrs3.exec:\rxrs3.exe113⤵PID:1044
-
\??\c:\d570md.exec:\d570md.exe114⤵PID:4416
-
\??\c:\8a4b49.exec:\8a4b49.exe115⤵PID:2012
-
\??\c:\st1bf.exec:\st1bf.exe116⤵PID:2968
-
\??\c:\7aa5s4e.exec:\7aa5s4e.exe117⤵PID:4296
-
\??\c:\1u7x1.exec:\1u7x1.exe118⤵PID:4328
-
\??\c:\3cmg07u.exec:\3cmg07u.exe119⤵PID:1212
-
\??\c:\ge25098.exec:\ge25098.exe120⤵PID:3384
-
\??\c:\s5a4t3.exec:\s5a4t3.exe121⤵PID:2404
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-