Analysis
-
max time kernel
150s -
max time network
104s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
04-05-2024 00:43
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
968e5e3709b4b6d04e51b983864ed75fa4c41c9002687e0b143550bee8fc6378.exe
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
General
-
Target
968e5e3709b4b6d04e51b983864ed75fa4c41c9002687e0b143550bee8fc6378.exe
-
Size
360KB
-
MD5
d4df9ad46aeefbe216fefd93a6285a8e
-
SHA1
f406c2818ed93b760f3db78e6c932fce9f77f930
-
SHA256
968e5e3709b4b6d04e51b983864ed75fa4c41c9002687e0b143550bee8fc6378
-
SHA512
ac5db498983e5db62fb6d1bf7a361c9a1946c4d2509dd7c12cfaa471fcf10095332ef0344b7e8430b1d655bb9baeed39a467e1c903ede78fcbfb052913a7ea73
-
SSDEEP
6144:Zcm7ImGddX4S8cm7ImGddEJcm7ImGddXRS8E91cm7IFbYLcm7ImGdga1o:j7Tcov7TcQ7TchI7l7Tba1o
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/1696-5-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/228-7-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/228-13-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/4312-28-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/1604-22-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/4752-33-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/2608-40-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/4952-48-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/2268-55-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/3872-61-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/3428-69-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/1764-81-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/2332-90-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/4504-98-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/2332-84-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/1212-105-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/4608-108-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/3972-116-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/1236-120-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/1236-123-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/1312-124-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/1312-129-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/4632-137-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/4596-144-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/1288-155-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/3788-162-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/664-174-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/4520-169-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/4468-179-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/4332-192-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/4144-186-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/4656-200-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/1896-208-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/4672-223-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/4004-222-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/4004-217-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/4244-215-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/3712-228-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/4672-227-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/3712-232-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/1484-237-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/1484-243-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/2444-240-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/1916-247-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/3980-252-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/3324-257-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/4092-259-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/4092-262-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/116-267-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/5064-272-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/1244-273-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/1244-277-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/4236-282-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/4068-288-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/3824-292-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/2788-297-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/3972-302-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/2484-304-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/3064-456-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/1364-551-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/1380-1353-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/1880-1501-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/3976-1567-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon behavioral2/memory/4716-1579-0x0000000000400000-0x000000000046C000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/1696-5-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/228-7-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/228-13-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/4312-28-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/1604-22-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/4752-33-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/2608-40-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/4952-42-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/4952-48-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/2268-55-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/3872-61-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/4316-70-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/3428-69-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/1764-81-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/2332-90-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/1212-96-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/4504-98-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/2332-84-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/1212-105-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/4608-108-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/3972-116-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/1236-120-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/1236-123-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/1312-124-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/1312-129-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/4632-133-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/4632-137-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/4596-141-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/4596-144-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/1288-155-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/3788-162-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/4468-175-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/664-174-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/4520-169-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/664-167-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/4468-179-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/4332-192-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/4144-186-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/4656-200-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/1896-202-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/1896-208-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/4004-222-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/4244-215-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/3712-228-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/4672-227-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/3712-232-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/1484-243-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/1916-241-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/2444-240-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/1916-247-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/3980-252-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/3324-257-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/4092-262-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/116-267-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/5064-272-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/1244-277-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/4236-282-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/4068-288-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/3824-292-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/2788-297-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/3972-298-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/3972-302-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/1380-1353-0x0000000000400000-0x000000000046C000-memory.dmp UPX behavioral2/memory/3976-1567-0x0000000000400000-0x000000000046C000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 228 ffflrrl.exe 1604 fllfxxr.exe 4312 bbhbtn.exe 4752 jvjdv.exe 2608 dpjjd.exe 4952 ntbbhh.exe 2268 fxxrrrl.exe 3872 nnntnt.exe 3428 pppvv.exe 4316 1xxxxxr.exe 1764 htbbtt.exe 2332 tnnhhh.exe 4504 9jpdv.exe 1212 nnnnhn.exe 4608 dpvpj.exe 3972 flxrlll.exe 1236 rflfxff.exe 1312 bntnbt.exe 4632 lxxxlll.exe 4596 vdvvj.exe 1288 9rlfxxr.exe 3788 bttnhh.exe 4520 pvvdj.exe 664 7fllflf.exe 4468 nhnntn.exe 4144 jdjvd.exe 4332 thhtnb.exe 4656 thbnhh.exe 1896 pjpjj.exe 4244 hbbnnn.exe 4004 pdvjv.exe 4672 hbnhnn.exe 3712 dddvp.exe 2444 vdvjv.exe 1484 fxlfrrx.exe 1916 5lfxrrl.exe 3980 lxfxxrr.exe 3324 ttbnnn.exe 4092 pjpdd.exe 116 5lrfffx.exe 5064 rllfxxr.exe 1244 1btnnh.exe 4236 lfrlfxf.exe 4068 btbhnh.exe 3824 pvdvj.exe 2788 tbhbnh.exe 3972 llxfrrl.exe 2484 pddvp.exe 2424 ddjvp.exe 4616 7llxlfx.exe 2736 1hnhbn.exe 1560 ddpjp.exe 3740 djpvp.exe 3480 9fxrfxf.exe 2496 1fxfxrl.exe 4560 bnbttt.exe 1884 btbtbb.exe 1980 dvpjp.exe 4256 xllxrfx.exe 700 frxrlxx.exe 1060 nbnhhh.exe 2780 vjjdp.exe 4484 pvjdj.exe 1876 xlrlllr.exe -
resource yara_rule behavioral2/memory/1696-5-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/228-7-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/228-13-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/1604-15-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/4312-28-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/4752-26-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/1604-22-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/4312-20-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/4752-33-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/2608-40-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/4952-42-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/4952-48-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/3872-56-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/2268-55-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/2268-50-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/3872-61-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/3428-63-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/4316-70-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/3428-69-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/1764-78-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/1764-81-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/2332-90-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/4504-88-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/1212-96-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/4504-98-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/2332-84-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/1212-105-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/4608-103-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/4608-108-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/3972-116-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/1236-120-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/1236-123-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/1312-129-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/4632-133-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/4632-137-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/4596-141-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/4596-144-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/4316-140-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/1288-155-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/3788-153-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/3788-162-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/4468-175-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/664-174-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/4520-169-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/664-167-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/4520-160-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/4468-179-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/4332-192-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/4144-186-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/4144-183-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/4656-197-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/4656-200-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/1896-208-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/4244-210-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/4672-223-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/4004-222-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/4004-217-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/4244-215-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/3712-228-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/4672-227-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/3712-232-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/2444-234-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/1484-237-0x0000000000400000-0x000000000046C000-memory.dmp upx behavioral2/memory/1484-243-0x0000000000400000-0x000000000046C000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1696 wrote to memory of 228 1696 968e5e3709b4b6d04e51b983864ed75fa4c41c9002687e0b143550bee8fc6378.exe 84 PID 1696 wrote to memory of 228 1696 968e5e3709b4b6d04e51b983864ed75fa4c41c9002687e0b143550bee8fc6378.exe 84 PID 1696 wrote to memory of 228 1696 968e5e3709b4b6d04e51b983864ed75fa4c41c9002687e0b143550bee8fc6378.exe 84 PID 228 wrote to memory of 1604 228 ffflrrl.exe 85 PID 228 wrote to memory of 1604 228 ffflrrl.exe 85 PID 228 wrote to memory of 1604 228 ffflrrl.exe 85 PID 1604 wrote to memory of 4312 1604 fllfxxr.exe 86 PID 1604 wrote to memory of 4312 1604 fllfxxr.exe 86 PID 1604 wrote to memory of 4312 1604 fllfxxr.exe 86 PID 4312 wrote to memory of 4752 4312 bbhbtn.exe 87 PID 4312 wrote to memory of 4752 4312 bbhbtn.exe 87 PID 4312 wrote to memory of 4752 4312 bbhbtn.exe 87 PID 4752 wrote to memory of 2608 4752 jvjdv.exe 88 PID 4752 wrote to memory of 2608 4752 jvjdv.exe 88 PID 4752 wrote to memory of 2608 4752 jvjdv.exe 88 PID 2608 wrote to memory of 4952 2608 dpjjd.exe 89 PID 2608 wrote to memory of 4952 2608 dpjjd.exe 89 PID 2608 wrote to memory of 4952 2608 dpjjd.exe 89 PID 4952 wrote to memory of 2268 4952 ntbbhh.exe 90 PID 4952 wrote to memory of 2268 4952 ntbbhh.exe 90 PID 4952 wrote to memory of 2268 4952 ntbbhh.exe 90 PID 2268 wrote to memory of 3872 2268 fxxrrrl.exe 91 PID 2268 wrote to memory of 3872 2268 fxxrrrl.exe 91 PID 2268 wrote to memory of 3872 2268 fxxrrrl.exe 91 PID 3872 wrote to memory of 3428 3872 nnntnt.exe 93 PID 3872 wrote to memory of 3428 3872 nnntnt.exe 93 PID 3872 wrote to memory of 3428 3872 nnntnt.exe 93 PID 3428 wrote to memory of 4316 3428 pppvv.exe 94 PID 3428 wrote to memory of 4316 3428 pppvv.exe 94 PID 3428 wrote to memory of 4316 3428 pppvv.exe 94 PID 4316 wrote to memory of 1764 4316 1xxxxxr.exe 95 PID 4316 wrote to memory of 1764 4316 1xxxxxr.exe 95 PID 4316 wrote to memory of 1764 4316 1xxxxxr.exe 95 PID 1764 wrote to memory of 2332 1764 htbbtt.exe 96 PID 1764 wrote to memory of 2332 1764 htbbtt.exe 96 PID 1764 wrote to memory of 2332 1764 htbbtt.exe 96 PID 2332 wrote to memory of 4504 2332 tnnhhh.exe 97 PID 2332 wrote to memory of 4504 2332 tnnhhh.exe 97 PID 2332 wrote to memory of 4504 2332 tnnhhh.exe 97 PID 4504 wrote to memory of 1212 4504 9jpdv.exe 98 PID 4504 wrote to memory of 1212 4504 9jpdv.exe 98 PID 4504 wrote to memory of 1212 4504 9jpdv.exe 98 PID 1212 wrote to memory of 4608 1212 nnnnhn.exe 99 PID 1212 wrote to memory of 4608 1212 nnnnhn.exe 99 PID 1212 wrote to memory of 4608 1212 nnnnhn.exe 99 PID 4608 wrote to memory of 3972 4608 dpvpj.exe 100 PID 4608 wrote to memory of 3972 4608 dpvpj.exe 100 PID 4608 wrote to memory of 3972 4608 dpvpj.exe 100 PID 3972 wrote to memory of 1236 3972 flxrlll.exe 102 PID 3972 wrote to memory of 1236 3972 flxrlll.exe 102 PID 3972 wrote to memory of 1236 3972 flxrlll.exe 102 PID 1236 wrote to memory of 1312 1236 rflfxff.exe 103 PID 1236 wrote to memory of 1312 1236 rflfxff.exe 103 PID 1236 wrote to memory of 1312 1236 rflfxff.exe 103 PID 1312 wrote to memory of 4632 1312 bntnbt.exe 105 PID 1312 wrote to memory of 4632 1312 bntnbt.exe 105 PID 1312 wrote to memory of 4632 1312 bntnbt.exe 105 PID 4632 wrote to memory of 4596 4632 lxxxlll.exe 106 PID 4632 wrote to memory of 4596 4632 lxxxlll.exe 106 PID 4632 wrote to memory of 4596 4632 lxxxlll.exe 106 PID 4596 wrote to memory of 1288 4596 vdvvj.exe 107 PID 4596 wrote to memory of 1288 4596 vdvvj.exe 107 PID 4596 wrote to memory of 1288 4596 vdvvj.exe 107 PID 1288 wrote to memory of 3788 1288 9rlfxxr.exe 108
Processes
-
C:\Users\Admin\AppData\Local\Temp\968e5e3709b4b6d04e51b983864ed75fa4c41c9002687e0b143550bee8fc6378.exe"C:\Users\Admin\AppData\Local\Temp\968e5e3709b4b6d04e51b983864ed75fa4c41c9002687e0b143550bee8fc6378.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1696 -
\??\c:\ffflrrl.exec:\ffflrrl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:228 -
\??\c:\fllfxxr.exec:\fllfxxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1604 -
\??\c:\bbhbtn.exec:\bbhbtn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4312 -
\??\c:\jvjdv.exec:\jvjdv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4752 -
\??\c:\dpjjd.exec:\dpjjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2608 -
\??\c:\ntbbhh.exec:\ntbbhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4952 -
\??\c:\fxxrrrl.exec:\fxxrrrl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2268 -
\??\c:\nnntnt.exec:\nnntnt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3872 -
\??\c:\pppvv.exec:\pppvv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3428 -
\??\c:\1xxxxxr.exec:\1xxxxxr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4316 -
\??\c:\htbbtt.exec:\htbbtt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1764 -
\??\c:\tnnhhh.exec:\tnnhhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2332 -
\??\c:\9jpdv.exec:\9jpdv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4504 -
\??\c:\nnnnhn.exec:\nnnnhn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1212 -
\??\c:\dpvpj.exec:\dpvpj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4608 -
\??\c:\flxrlll.exec:\flxrlll.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3972 -
\??\c:\rflfxff.exec:\rflfxff.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1236 -
\??\c:\bntnbt.exec:\bntnbt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1312 -
\??\c:\lxxxlll.exec:\lxxxlll.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4632 -
\??\c:\vdvvj.exec:\vdvvj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4596 -
\??\c:\9rlfxxr.exec:\9rlfxxr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1288 -
\??\c:\bttnhh.exec:\bttnhh.exe23⤵
- Executes dropped EXE
PID:3788 -
\??\c:\pvvdj.exec:\pvvdj.exe24⤵
- Executes dropped EXE
PID:4520 -
\??\c:\7fllflf.exec:\7fllflf.exe25⤵
- Executes dropped EXE
PID:664 -
\??\c:\nhnntn.exec:\nhnntn.exe26⤵
- Executes dropped EXE
PID:4468 -
\??\c:\jdjvd.exec:\jdjvd.exe27⤵
- Executes dropped EXE
PID:4144 -
\??\c:\thhtnb.exec:\thhtnb.exe28⤵
- Executes dropped EXE
PID:4332 -
\??\c:\thbnhh.exec:\thbnhh.exe29⤵
- Executes dropped EXE
PID:4656 -
\??\c:\pjpjj.exec:\pjpjj.exe30⤵
- Executes dropped EXE
PID:1896 -
\??\c:\hbbnnn.exec:\hbbnnn.exe31⤵
- Executes dropped EXE
PID:4244 -
\??\c:\pdvjv.exec:\pdvjv.exe32⤵
- Executes dropped EXE
PID:4004 -
\??\c:\hbnhnn.exec:\hbnhnn.exe33⤵
- Executes dropped EXE
PID:4672 -
\??\c:\dddvp.exec:\dddvp.exe34⤵
- Executes dropped EXE
PID:3712 -
\??\c:\vdvjv.exec:\vdvjv.exe35⤵
- Executes dropped EXE
PID:2444 -
\??\c:\fxlfrrx.exec:\fxlfrrx.exe36⤵
- Executes dropped EXE
PID:1484 -
\??\c:\5lfxrrl.exec:\5lfxrrl.exe37⤵
- Executes dropped EXE
PID:1916 -
\??\c:\lxfxxrr.exec:\lxfxxrr.exe38⤵
- Executes dropped EXE
PID:3980 -
\??\c:\ttbnnn.exec:\ttbnnn.exe39⤵
- Executes dropped EXE
PID:3324 -
\??\c:\pjpdd.exec:\pjpdd.exe40⤵
- Executes dropped EXE
PID:4092 -
\??\c:\5lrfffx.exec:\5lrfffx.exe41⤵
- Executes dropped EXE
PID:116 -
\??\c:\rllfxxr.exec:\rllfxxr.exe42⤵
- Executes dropped EXE
PID:5064 -
\??\c:\1btnnh.exec:\1btnnh.exe43⤵
- Executes dropped EXE
PID:1244 -
\??\c:\lfrlfxf.exec:\lfrlfxf.exe44⤵
- Executes dropped EXE
PID:4236 -
\??\c:\btbhnh.exec:\btbhnh.exe45⤵
- Executes dropped EXE
PID:4068 -
\??\c:\pvdvj.exec:\pvdvj.exe46⤵
- Executes dropped EXE
PID:3824 -
\??\c:\tbhbnh.exec:\tbhbnh.exe47⤵
- Executes dropped EXE
PID:2788 -
\??\c:\llxfrrl.exec:\llxfrrl.exe48⤵
- Executes dropped EXE
PID:3972 -
\??\c:\pddvp.exec:\pddvp.exe49⤵
- Executes dropped EXE
PID:2484 -
\??\c:\ddjvp.exec:\ddjvp.exe50⤵
- Executes dropped EXE
PID:2424 -
\??\c:\7llxlfx.exec:\7llxlfx.exe51⤵
- Executes dropped EXE
PID:4616 -
\??\c:\1hnhbn.exec:\1hnhbn.exe52⤵
- Executes dropped EXE
PID:2736 -
\??\c:\ddpjp.exec:\ddpjp.exe53⤵
- Executes dropped EXE
PID:1560 -
\??\c:\djpvp.exec:\djpvp.exe54⤵
- Executes dropped EXE
PID:3740 -
\??\c:\9fxrfxf.exec:\9fxrfxf.exe55⤵
- Executes dropped EXE
PID:3480 -
\??\c:\1fxfxrl.exec:\1fxfxrl.exe56⤵
- Executes dropped EXE
PID:2496 -
\??\c:\bnbttt.exec:\bnbttt.exe57⤵
- Executes dropped EXE
PID:4560 -
\??\c:\btbtbb.exec:\btbtbb.exe58⤵
- Executes dropped EXE
PID:1884 -
\??\c:\dvpjp.exec:\dvpjp.exe59⤵
- Executes dropped EXE
PID:1980 -
\??\c:\xllxrfx.exec:\xllxrfx.exe60⤵
- Executes dropped EXE
PID:4256 -
\??\c:\frxrlxx.exec:\frxrlxx.exe61⤵
- Executes dropped EXE
PID:700 -
\??\c:\nbnhhh.exec:\nbnhhh.exe62⤵
- Executes dropped EXE
PID:1060 -
\??\c:\vjjdp.exec:\vjjdp.exe63⤵
- Executes dropped EXE
PID:2780 -
\??\c:\pvjdj.exec:\pvjdj.exe64⤵
- Executes dropped EXE
PID:4484 -
\??\c:\xlrlllr.exec:\xlrlllr.exe65⤵
- Executes dropped EXE
PID:1876 -
\??\c:\rfxrllf.exec:\rfxrllf.exe66⤵PID:5028
-
\??\c:\hbbtnh.exec:\hbbtnh.exe67⤵PID:1656
-
\??\c:\dvpjd.exec:\dvpjd.exe68⤵PID:3604
-
\??\c:\xxfxrrr.exec:\xxfxrrr.exe69⤵PID:3296
-
\??\c:\frxrffx.exec:\frxrffx.exe70⤵PID:3900
-
\??\c:\bttttt.exec:\bttttt.exe71⤵PID:2556
-
\??\c:\ttnnbt.exec:\ttnnbt.exe72⤵PID:3948
-
\??\c:\jdjjv.exec:\jdjjv.exe73⤵PID:3676
-
\??\c:\dpjjd.exec:\dpjjd.exe74⤵PID:116
-
\??\c:\7xxlxrl.exec:\7xxlxrl.exe75⤵PID:3976
-
\??\c:\btnnht.exec:\btnnht.exe76⤵PID:4396
-
\??\c:\hnhbnh.exec:\hnhbnh.exe77⤵PID:4272
-
\??\c:\jvvpd.exec:\jvvpd.exe78⤵PID:4088
-
\??\c:\rflrlrl.exec:\rflrlrl.exe79⤵PID:3064
-
\??\c:\5hbtnn.exec:\5hbtnn.exe80⤵PID:1776
-
\??\c:\pdddp.exec:\pdddp.exe81⤵PID:2520
-
\??\c:\lrfrfxr.exec:\lrfrfxr.exe82⤵PID:2680
-
\??\c:\3tthbt.exec:\3tthbt.exe83⤵PID:1096
-
\??\c:\5jjdv.exec:\5jjdv.exe84⤵PID:1828
-
\??\c:\lrfxrlf.exec:\lrfxrlf.exe85⤵PID:3260
-
\??\c:\fxlflfl.exec:\fxlflfl.exe86⤵PID:3152
-
\??\c:\bbtnbt.exec:\bbtnbt.exe87⤵PID:1956
-
\??\c:\pjdvj.exec:\pjdvj.exe88⤵PID:2472
-
\??\c:\pvjdv.exec:\pvjdv.exe89⤵PID:4124
-
\??\c:\7nthbt.exec:\7nthbt.exe90⤵PID:3216
-
\??\c:\thhhnn.exec:\thhhnn.exe91⤵PID:4144
-
\??\c:\1lrlxxr.exec:\1lrlxxr.exe92⤵PID:3340
-
\??\c:\3hnnnh.exec:\3hnnnh.exe93⤵PID:2336
-
\??\c:\fflfrrl.exec:\fflfrrl.exe94⤵PID:4724
-
\??\c:\3tbtnn.exec:\3tbtnn.exe95⤵PID:4372
-
\??\c:\pdjdv.exec:\pdjdv.exe96⤵PID:2968
-
\??\c:\xllfxxx.exec:\xllfxxx.exe97⤵PID:628
-
\??\c:\nbbtnh.exec:\nbbtnh.exe98⤵PID:1364
-
\??\c:\vvdvp.exec:\vvdvp.exe99⤵PID:1656
-
\??\c:\3llxlfx.exec:\3llxlfx.exe100⤵PID:2444
-
\??\c:\bttnbb.exec:\bttnbb.exe101⤵PID:3296
-
\??\c:\5btnbb.exec:\5btnbb.exe102⤵PID:2436
-
\??\c:\jvjjv.exec:\jvjjv.exe103⤵PID:3324
-
\??\c:\fxrlfff.exec:\fxrlfff.exe104⤵PID:3648
-
\??\c:\xllffxx.exec:\xllffxx.exe105⤵PID:3676
-
\??\c:\9tttnn.exec:\9tttnn.exe106⤵PID:4384
-
\??\c:\jjppv.exec:\jjppv.exe107⤵PID:2940
-
\??\c:\ddjdj.exec:\ddjdj.exe108⤵PID:3224
-
\??\c:\9lfrxxl.exec:\9lfrxxl.exe109⤵PID:1396
-
\??\c:\hbbtnn.exec:\hbbtnn.exe110⤵PID:1756
-
\??\c:\tnnhth.exec:\tnnhth.exe111⤵PID:2340
-
\??\c:\dpjdp.exec:\dpjdp.exe112⤵PID:2812
-
\??\c:\xffxrll.exec:\xffxrll.exe113⤵PID:2012
-
\??\c:\vjddv.exec:\vjddv.exe114⤵PID:2948
-
\??\c:\ddvjd.exec:\ddvjd.exe115⤵PID:3736
-
\??\c:\lrrlxrf.exec:\lrrlxrf.exe116⤵PID:4652
-
\??\c:\htnthh.exec:\htnthh.exe117⤵PID:3688
-
\??\c:\ttbthh.exec:\ttbthh.exe118⤵PID:2944
-
\??\c:\vvvvp.exec:\vvvvp.exe119⤵PID:1956
-
\??\c:\rrfxxxx.exec:\rrfxxxx.exe120⤵PID:2696
-
\??\c:\lrxfflr.exec:\lrxfflr.exe121⤵PID:4164
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-