Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
04-05-2024 00:43
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
968e5e3709b4b6d04e51b983864ed75fa4c41c9002687e0b143550bee8fc6378.exe
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
General
-
Target
968e5e3709b4b6d04e51b983864ed75fa4c41c9002687e0b143550bee8fc6378.exe
-
Size
360KB
-
MD5
d4df9ad46aeefbe216fefd93a6285a8e
-
SHA1
f406c2818ed93b760f3db78e6c932fce9f77f930
-
SHA256
968e5e3709b4b6d04e51b983864ed75fa4c41c9002687e0b143550bee8fc6378
-
SHA512
ac5db498983e5db62fb6d1bf7a361c9a1946c4d2509dd7c12cfaa471fcf10095332ef0344b7e8430b1d655bb9baeed39a467e1c903ede78fcbfb052913a7ea73
-
SSDEEP
6144:Zcm7ImGddX4S8cm7ImGddEJcm7ImGddXRS8E91cm7IFbYLcm7ImGdga1o:j7Tcov7TcQ7TchI7l7Tba1o
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral1/memory/2300-9-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/2952-126-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/2300-318-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/2744-437-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/1644-511-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/1940-540-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/2592-614-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/2428-635-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/2396-628-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/1520-621-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/2636-607-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/1692-600-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/1044-593-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/1992-574-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/2980-567-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/2876-560-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/1752-553-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/568-533-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/568-526-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/2060-525-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/1748-518-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/2520-504-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/2520-503-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/1440-496-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/1440-495-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/1740-489-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/1740-488-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/2096-482-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/1908-469-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/1908-462-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/2056-461-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/2056-460-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/2056-456-0x0000000000220000-0x000000000028C000-memory.dmp family_blackmoon behavioral1/memory/2132-452-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/1272-445-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/1272-440-0x00000000004E0000-0x000000000054C000-memory.dmp family_blackmoon behavioral1/memory/2744-436-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/2692-423-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/2920-430-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/1476-409-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/2688-402-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/1844-389-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/2428-382-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/2600-375-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/2600-368-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/1508-367-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/2552-360-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/2552-355-0x00000000002A0000-0x000000000030C000-memory.dmp family_blackmoon behavioral1/memory/2856-346-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/2576-339-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/2576-338-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/2288-332-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/1504-325-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/1504-324-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/2300-313-0x0000000000220000-0x000000000028C000-memory.dmp family_blackmoon behavioral1/memory/2876-310-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/1752-303-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/2044-294-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/1432-285-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/764-276-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/356-267-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/612-258-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/1644-249-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral1/memory/2916-240-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral1/memory/2300-9-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/880-10-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/2952-126-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/2300-318-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/2744-437-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/1644-511-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/1940-540-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/2592-614-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/2428-635-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/2396-628-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/1520-621-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/2636-607-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/1692-600-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/1044-593-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/1992-574-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/2980-567-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/2876-560-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/1752-553-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/568-533-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/568-526-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/2060-525-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/1748-518-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/2520-504-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/2520-497-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/1440-496-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/1740-489-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/2096-482-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/1908-469-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/1908-462-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/2056-461-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/2056-453-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/2132-452-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/1272-445-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/2692-423-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/2920-430-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/2620-410-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/1476-409-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/2688-402-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/1844-389-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/2428-382-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/2600-375-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/2600-374-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/2600-368-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/1508-367-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/2552-360-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/2856-346-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/2576-339-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/2288-332-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/1504-325-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/2876-310-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/1752-303-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/2044-294-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/1432-285-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/764-276-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/356-267-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/612-258-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/1644-249-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/2916-240-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/1740-232-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/2128-215-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/1908-206-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/1724-197-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/2100-188-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral1/memory/836-178-0x0000000000400000-0x000000000046C000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 880 i400044.exe 2392 0800224.exe 1692 xrffxxl.exe 1044 420026.exe 2716 btbbtn.exe 2712 fxlfxxf.exe 2552 llflxxf.exe 2452 5jvdv.exe 2432 lxffrrx.exe 1524 k08466.exe 2476 lxfflff.exe 2816 1fxlxxf.exe 2952 dpjpd.exe 1428 vpjjv.exe 1964 btntbh.exe 296 2022484.exe 2796 9jddp.exe 836 ffflxxf.exe 2100 646066.exe 1724 042466.exe 1908 3btnnn.exe 2128 642460.exe 1008 rfllllr.exe 1740 w20088.exe 2916 3vdjj.exe 1644 lrffffl.exe 612 2068002.exe 356 4284666.exe 764 lxflxxx.exe 1432 k08888.exe 2044 hhnthn.exe 1752 0488040.exe 2876 frffxfl.exe 2300 tnbbbh.exe 1504 8640668.exe 2288 e80462.exe 2576 tnbbnn.exe 2856 20840.exe 2844 thnhbb.exe 2552 xrxxlll.exe 1508 bthnnt.exe 2600 82884.exe 2428 042288.exe 1844 206806.exe 832 64668.exe 2688 rlflrrx.exe 1476 hhtbbb.exe 2620 jdjjj.exe 2692 828248.exe 2920 602282.exe 2744 lxfxffl.exe 1272 264644.exe 2132 080004.exe 2056 lfxfrlx.exe 1908 9lfflll.exe 2528 868466.exe 2096 q46662.exe 1740 fxfxxxx.exe 1440 k64404.exe 2520 vjvvv.exe 1644 rlrxrrl.exe 1748 vpvvj.exe 2060 1thnnn.exe 568 7nntbb.exe -
resource yara_rule behavioral1/memory/2300-9-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/880-10-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/2392-22-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/1692-33-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/2952-126-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/2100-182-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/2300-318-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/2744-437-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/1644-511-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/1940-540-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/2592-614-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/2428-635-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/2396-628-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/1520-621-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/2636-607-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/1692-600-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/1044-593-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/1992-574-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/2980-567-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/2876-560-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/1752-553-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/568-533-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/568-526-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/2060-525-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/1748-518-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/2520-504-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/2520-497-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/1440-496-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/1740-489-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/2096-482-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/1908-469-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/1908-462-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/2056-461-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/2132-452-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/1272-445-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/2692-423-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/2920-430-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/2620-410-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/1476-409-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/2688-402-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/1844-389-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/2428-382-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/2600-375-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/2600-374-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/2600-368-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/1508-367-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/2552-360-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/2856-346-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/2576-339-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/2288-332-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/1504-325-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/2876-310-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/1752-303-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/2044-294-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/1432-285-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/764-276-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/356-267-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/612-258-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/1644-249-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/2916-240-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/1740-232-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/2128-215-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/1908-206-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral1/memory/1724-197-0x0000000000400000-0x000000000046C000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2300 wrote to memory of 880 2300 968e5e3709b4b6d04e51b983864ed75fa4c41c9002687e0b143550bee8fc6378.exe 28 PID 2300 wrote to memory of 880 2300 968e5e3709b4b6d04e51b983864ed75fa4c41c9002687e0b143550bee8fc6378.exe 28 PID 2300 wrote to memory of 880 2300 968e5e3709b4b6d04e51b983864ed75fa4c41c9002687e0b143550bee8fc6378.exe 28 PID 2300 wrote to memory of 880 2300 968e5e3709b4b6d04e51b983864ed75fa4c41c9002687e0b143550bee8fc6378.exe 28 PID 880 wrote to memory of 2392 880 i400044.exe 29 PID 880 wrote to memory of 2392 880 i400044.exe 29 PID 880 wrote to memory of 2392 880 i400044.exe 29 PID 880 wrote to memory of 2392 880 i400044.exe 29 PID 2392 wrote to memory of 1692 2392 0800224.exe 30 PID 2392 wrote to memory of 1692 2392 0800224.exe 30 PID 2392 wrote to memory of 1692 2392 0800224.exe 30 PID 2392 wrote to memory of 1692 2392 0800224.exe 30 PID 1692 wrote to memory of 1044 1692 xrffxxl.exe 100 PID 1692 wrote to memory of 1044 1692 xrffxxl.exe 100 PID 1692 wrote to memory of 1044 1692 xrffxxl.exe 100 PID 1692 wrote to memory of 1044 1692 xrffxxl.exe 100 PID 1044 wrote to memory of 2716 1044 420026.exe 32 PID 1044 wrote to memory of 2716 1044 420026.exe 32 PID 1044 wrote to memory of 2716 1044 420026.exe 32 PID 1044 wrote to memory of 2716 1044 420026.exe 32 PID 2716 wrote to memory of 2712 2716 btbbtn.exe 33 PID 2716 wrote to memory of 2712 2716 btbbtn.exe 33 PID 2716 wrote to memory of 2712 2716 btbbtn.exe 33 PID 2716 wrote to memory of 2712 2716 btbbtn.exe 33 PID 2712 wrote to memory of 2552 2712 fxlfxxf.exe 148 PID 2712 wrote to memory of 2552 2712 fxlfxxf.exe 148 PID 2712 wrote to memory of 2552 2712 fxlfxxf.exe 148 PID 2712 wrote to memory of 2552 2712 fxlfxxf.exe 148 PID 2552 wrote to memory of 2452 2552 llflxxf.exe 35 PID 2552 wrote to memory of 2452 2552 llflxxf.exe 35 PID 2552 wrote to memory of 2452 2552 llflxxf.exe 35 PID 2552 wrote to memory of 2452 2552 llflxxf.exe 35 PID 2452 wrote to memory of 2432 2452 5jvdv.exe 36 PID 2452 wrote to memory of 2432 2452 5jvdv.exe 36 PID 2452 wrote to memory of 2432 2452 5jvdv.exe 36 PID 2452 wrote to memory of 2432 2452 5jvdv.exe 36 PID 2432 wrote to memory of 1524 2432 lxffrrx.exe 37 PID 2432 wrote to memory of 1524 2432 lxffrrx.exe 37 PID 2432 wrote to memory of 1524 2432 lxffrrx.exe 37 PID 2432 wrote to memory of 1524 2432 lxffrrx.exe 37 PID 1524 wrote to memory of 2476 1524 k08466.exe 38 PID 1524 wrote to memory of 2476 1524 k08466.exe 38 PID 1524 wrote to memory of 2476 1524 k08466.exe 38 PID 1524 wrote to memory of 2476 1524 k08466.exe 38 PID 2476 wrote to memory of 2816 2476 lxfflff.exe 39 PID 2476 wrote to memory of 2816 2476 lxfflff.exe 39 PID 2476 wrote to memory of 2816 2476 lxfflff.exe 39 PID 2476 wrote to memory of 2816 2476 lxfflff.exe 39 PID 2816 wrote to memory of 2952 2816 1fxlxxf.exe 40 PID 2816 wrote to memory of 2952 2816 1fxlxxf.exe 40 PID 2816 wrote to memory of 2952 2816 1fxlxxf.exe 40 PID 2816 wrote to memory of 2952 2816 1fxlxxf.exe 40 PID 2952 wrote to memory of 1428 2952 dpjpd.exe 41 PID 2952 wrote to memory of 1428 2952 dpjpd.exe 41 PID 2952 wrote to memory of 1428 2952 dpjpd.exe 41 PID 2952 wrote to memory of 1428 2952 dpjpd.exe 41 PID 1428 wrote to memory of 1964 1428 vpjjv.exe 42 PID 1428 wrote to memory of 1964 1428 vpjjv.exe 42 PID 1428 wrote to memory of 1964 1428 vpjjv.exe 42 PID 1428 wrote to memory of 1964 1428 vpjjv.exe 42 PID 1964 wrote to memory of 296 1964 btntbh.exe 43 PID 1964 wrote to memory of 296 1964 btntbh.exe 43 PID 1964 wrote to memory of 296 1964 btntbh.exe 43 PID 1964 wrote to memory of 296 1964 btntbh.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\968e5e3709b4b6d04e51b983864ed75fa4c41c9002687e0b143550bee8fc6378.exe"C:\Users\Admin\AppData\Local\Temp\968e5e3709b4b6d04e51b983864ed75fa4c41c9002687e0b143550bee8fc6378.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2300 -
\??\c:\i400044.exec:\i400044.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:880 -
\??\c:\0800224.exec:\0800224.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2392 -
\??\c:\xrffxxl.exec:\xrffxxl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1692 -
\??\c:\420026.exec:\420026.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1044 -
\??\c:\btbbtn.exec:\btbbtn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2716 -
\??\c:\fxlfxxf.exec:\fxlfxxf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2712 -
\??\c:\llflxxf.exec:\llflxxf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2552 -
\??\c:\5jvdv.exec:\5jvdv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2452 -
\??\c:\lxffrrx.exec:\lxffrrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2432 -
\??\c:\k08466.exec:\k08466.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1524 -
\??\c:\lxfflff.exec:\lxfflff.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2476 -
\??\c:\1fxlxxf.exec:\1fxlxxf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2816 -
\??\c:\dpjpd.exec:\dpjpd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2952 -
\??\c:\vpjjv.exec:\vpjjv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1428 -
\??\c:\btntbh.exec:\btntbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1964 -
\??\c:\2022484.exec:\2022484.exe17⤵
- Executes dropped EXE
PID:296 -
\??\c:\9jddp.exec:\9jddp.exe18⤵
- Executes dropped EXE
PID:2796 -
\??\c:\ffflxxf.exec:\ffflxxf.exe19⤵
- Executes dropped EXE
PID:836 -
\??\c:\646066.exec:\646066.exe20⤵
- Executes dropped EXE
PID:2100 -
\??\c:\042466.exec:\042466.exe21⤵
- Executes dropped EXE
PID:1724 -
\??\c:\3btnnn.exec:\3btnnn.exe22⤵
- Executes dropped EXE
PID:1908 -
\??\c:\642460.exec:\642460.exe23⤵
- Executes dropped EXE
PID:2128 -
\??\c:\rfllllr.exec:\rfllllr.exe24⤵
- Executes dropped EXE
PID:1008 -
\??\c:\w20088.exec:\w20088.exe25⤵
- Executes dropped EXE
PID:1740 -
\??\c:\3vdjj.exec:\3vdjj.exe26⤵
- Executes dropped EXE
PID:2916 -
\??\c:\lrffffl.exec:\lrffffl.exe27⤵
- Executes dropped EXE
PID:1644 -
\??\c:\2068002.exec:\2068002.exe28⤵
- Executes dropped EXE
PID:612 -
\??\c:\4284666.exec:\4284666.exe29⤵
- Executes dropped EXE
PID:356 -
\??\c:\lxflxxx.exec:\lxflxxx.exe30⤵
- Executes dropped EXE
PID:764 -
\??\c:\k08888.exec:\k08888.exe31⤵
- Executes dropped EXE
PID:1432 -
\??\c:\hhnthn.exec:\hhnthn.exe32⤵
- Executes dropped EXE
PID:2044 -
\??\c:\0488040.exec:\0488040.exe33⤵
- Executes dropped EXE
PID:1752 -
\??\c:\frffxfl.exec:\frffxfl.exe34⤵
- Executes dropped EXE
PID:2876 -
\??\c:\tnbbbh.exec:\tnbbbh.exe35⤵
- Executes dropped EXE
PID:2300 -
\??\c:\8640668.exec:\8640668.exe36⤵
- Executes dropped EXE
PID:1504 -
\??\c:\e80462.exec:\e80462.exe37⤵
- Executes dropped EXE
PID:2288 -
\??\c:\tnbbnn.exec:\tnbbnn.exe38⤵
- Executes dropped EXE
PID:2576 -
\??\c:\20840.exec:\20840.exe39⤵
- Executes dropped EXE
PID:2856 -
\??\c:\thnhbb.exec:\thnhbb.exe40⤵
- Executes dropped EXE
PID:2844 -
\??\c:\xrxxlll.exec:\xrxxlll.exe41⤵
- Executes dropped EXE
PID:2552 -
\??\c:\bthnnt.exec:\bthnnt.exe42⤵
- Executes dropped EXE
PID:1508 -
\??\c:\82884.exec:\82884.exe43⤵
- Executes dropped EXE
PID:2600 -
\??\c:\042288.exec:\042288.exe44⤵
- Executes dropped EXE
PID:2428 -
\??\c:\206806.exec:\206806.exe45⤵
- Executes dropped EXE
PID:1844 -
\??\c:\64668.exec:\64668.exe46⤵
- Executes dropped EXE
PID:832 -
\??\c:\rlflrrx.exec:\rlflrrx.exe47⤵
- Executes dropped EXE
PID:2688 -
\??\c:\hhtbbb.exec:\hhtbbb.exe48⤵
- Executes dropped EXE
PID:1476 -
\??\c:\jdjjj.exec:\jdjjj.exe49⤵
- Executes dropped EXE
PID:2620 -
\??\c:\828248.exec:\828248.exe50⤵
- Executes dropped EXE
PID:2692 -
\??\c:\602282.exec:\602282.exe51⤵
- Executes dropped EXE
PID:2920 -
\??\c:\lxfxffl.exec:\lxfxffl.exe52⤵
- Executes dropped EXE
PID:2744 -
\??\c:\264644.exec:\264644.exe53⤵
- Executes dropped EXE
PID:1272 -
\??\c:\080004.exec:\080004.exe54⤵
- Executes dropped EXE
PID:2132 -
\??\c:\lfxfrlx.exec:\lfxfrlx.exe55⤵
- Executes dropped EXE
PID:2056 -
\??\c:\9lfflll.exec:\9lfflll.exe56⤵
- Executes dropped EXE
PID:1908 -
\??\c:\868466.exec:\868466.exe57⤵
- Executes dropped EXE
PID:2528 -
\??\c:\q46662.exec:\q46662.exe58⤵
- Executes dropped EXE
PID:2096 -
\??\c:\fxfxxxx.exec:\fxfxxxx.exe59⤵
- Executes dropped EXE
PID:1740 -
\??\c:\k64404.exec:\k64404.exe60⤵
- Executes dropped EXE
PID:1440 -
\??\c:\vjvvv.exec:\vjvvv.exe61⤵
- Executes dropped EXE
PID:2520 -
\??\c:\rlrxrrl.exec:\rlrxrrl.exe62⤵
- Executes dropped EXE
PID:1644 -
\??\c:\vpvvj.exec:\vpvvj.exe63⤵
- Executes dropped EXE
PID:1748 -
\??\c:\1thnnn.exec:\1thnnn.exe64⤵
- Executes dropped EXE
PID:2060 -
\??\c:\7nntbb.exec:\7nntbb.exe65⤵
- Executes dropped EXE
PID:568 -
\??\c:\e60024.exec:\e60024.exe66⤵PID:1940
-
\??\c:\hbtthh.exec:\hbtthh.exe67⤵PID:3068
-
\??\c:\bnbbnn.exec:\bnbbnn.exe68⤵PID:1752
-
\??\c:\800284.exec:\800284.exe69⤵PID:2876
-
\??\c:\pjvpd.exec:\pjvpd.exe70⤵PID:2980
-
\??\c:\m0280.exec:\m0280.exe71⤵PID:1992
-
\??\c:\3ntttt.exec:\3ntttt.exe72⤵PID:1028
-
\??\c:\thhhbb.exec:\thhhbb.exe73⤵PID:2828
-
\??\c:\2680288.exec:\2680288.exe74⤵PID:1044
-
\??\c:\e04022.exec:\e04022.exe75⤵PID:1692
-
\??\c:\o248440.exec:\o248440.exe76⤵PID:2636
-
\??\c:\g2068.exec:\g2068.exe77⤵PID:2592
-
\??\c:\3fffxfl.exec:\3fffxfl.exe78⤵PID:1520
-
\??\c:\3dvvv.exec:\3dvvv.exe79⤵PID:2396
-
\??\c:\thtnbt.exec:\thtnbt.exe80⤵PID:2428
-
\??\c:\3ddjp.exec:\3ddjp.exe81⤵PID:2144
-
\??\c:\e80626.exec:\e80626.exe82⤵PID:2480
-
\??\c:\jjvvp.exec:\jjvvp.exe83⤵PID:2936
-
\??\c:\08402.exec:\08402.exe84⤵PID:2824
-
\??\c:\0804400.exec:\0804400.exe85⤵PID:2820
-
\??\c:\rfxxllr.exec:\rfxxllr.exe86⤵PID:2532
-
\??\c:\xrxfrxf.exec:\xrxfrxf.exe87⤵PID:1288
-
\??\c:\dvjpp.exec:\dvjpp.exe88⤵PID:2920
-
\??\c:\xxllflr.exec:\xxllflr.exe89⤵PID:2500
-
\??\c:\lfrrfff.exec:\lfrrfff.exe90⤵PID:2284
-
\??\c:\tthhtt.exec:\tthhtt.exe91⤵PID:2908
-
\??\c:\xrlxffr.exec:\xrlxffr.exe92⤵PID:2976
-
\??\c:\xrrrllx.exec:\xrrrllx.exe93⤵PID:2504
-
\??\c:\608406.exec:\608406.exe94⤵PID:1252
-
\??\c:\jddvd.exec:\jddvd.exe95⤵PID:1936
-
\??\c:\lxflrlr.exec:\lxflrlr.exe96⤵PID:2328
-
\??\c:\60880.exec:\60880.exe97⤵PID:2232
-
\??\c:\m8488.exec:\m8488.exe98⤵PID:1008
-
\??\c:\nhtthh.exec:\nhtthh.exe99⤵PID:1052
-
\??\c:\hthhhn.exec:\hthhhn.exe100⤵PID:1712
-
\??\c:\0028046.exec:\0028046.exe101⤵PID:1796
-
\??\c:\5lllfff.exec:\5lllfff.exe102⤵PID:572
-
\??\c:\0866880.exec:\0866880.exe103⤵PID:1268
-
\??\c:\42446.exec:\42446.exe104⤵PID:2080
-
\??\c:\8688440.exec:\8688440.exe105⤵PID:768
-
\??\c:\u804044.exec:\u804044.exe106⤵PID:3068
-
\??\c:\64668.exec:\64668.exe107⤵PID:2544
-
\??\c:\hthbnn.exec:\hthbnn.exe108⤵PID:2656
-
\??\c:\vjvvp.exec:\vjvvp.exe109⤵PID:2356
-
\??\c:\640000.exec:\640000.exe110⤵PID:2776
-
\??\c:\lrrrrrr.exec:\lrrrrrr.exe111⤵PID:2300
-
\??\c:\5nntht.exec:\5nntht.exe112⤵PID:2456
-
\??\c:\08286.exec:\08286.exe113⤵PID:2828
-
\??\c:\btbbhh.exec:\btbbhh.exe114⤵PID:1504
-
\??\c:\s8686.exec:\s8686.exe115⤵PID:384
-
\??\c:\08668.exec:\08668.exe116⤵PID:2324
-
\??\c:\nnhtbb.exec:\nnhtbb.exe117⤵PID:2064
-
\??\c:\dvdjv.exec:\dvdjv.exe118⤵PID:2856
-
\??\c:\pjvvv.exec:\pjvvv.exe119⤵PID:2716
-
\??\c:\a4024.exec:\a4024.exe120⤵PID:2784
-
\??\c:\424068.exec:\424068.exe121⤵PID:1276
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-