Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
05/05/2024, 02:35
Behavioral task
behavioral1
Sample
a17c846103b3f4912364b8a21d65724626f98398080c0f5324fba6dd3b17379a.exe
Resource
win7-20240215-en
windows7-x64
6 signatures
150 seconds
General
-
Target
a17c846103b3f4912364b8a21d65724626f98398080c0f5324fba6dd3b17379a.exe
-
Size
276KB
-
MD5
f43e69fb347f3392ecc6948c0dafe957
-
SHA1
3647aa3d7a9b976a95da85b57857a184bdd33cc5
-
SHA256
a17c846103b3f4912364b8a21d65724626f98398080c0f5324fba6dd3b17379a
-
SHA512
fe399ec578535a321ed2f235f84748d4cf50d00a0f442ffb1e39c00ea64645571f479ee453c5bdcf704e90b1559b03d90507845d58ade6152a3c11508d3ee481
-
SSDEEP
6144:ncm4FmowdHoS6rW3NNTvBu6wo2J4JAgNXkArR/rtXOLtu4J6KvvLp3OKtUuuuTEr:14wFHoSeM/Tpu6w14JAOkIRhOBu4Jhv8
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/1940-5-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4324-7-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4648-12-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2124-17-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2836-24-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1724-30-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3472-39-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5092-42-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3400-53-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3760-60-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3520-73-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1268-69-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1260-88-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3808-93-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4260-102-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2128-107-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4836-100-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3164-112-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3040-125-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/60-122-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3952-131-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/808-143-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3584-179-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1852-184-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4224-189-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/436-196-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4140-206-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2944-224-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2992-228-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1940-233-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4324-234-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1416-244-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/632-263-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/864-270-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/760-282-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/716-286-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1296-300-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1680-308-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3164-315-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4688-319-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1060-323-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2896-328-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3464-340-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2564-354-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1080-370-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4736-375-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3776-399-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/224-406-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4288-410-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1776-448-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2940-480-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4524-506-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3524-524-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4616-564-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1368-583-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3752-647-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3764-657-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1388-674-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1268-732-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4856-787-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4388-833-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1852-929-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2940-1160-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1600-1170-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/1940-0-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000b000000023bb2-4.dat UPX behavioral2/memory/1940-5-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4324-7-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000a000000023bb6-9.dat UPX behavioral2/memory/4648-12-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2124-17-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000a000000023bb7-16.dat UPX behavioral2/memory/2836-24-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000a000000023bb8-22.dat UPX behavioral2/memory/1724-30-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000a000000023bba-33.dat UPX behavioral2/files/0x000a000000023bb9-28.dat UPX behavioral2/files/0x000a000000023bbb-40.dat UPX behavioral2/memory/3472-39-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/5092-42-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000a000000023bbc-45.dat UPX behavioral2/files/0x0031000000023bbd-50.dat UPX behavioral2/memory/3400-53-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3760-60-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x0031000000023bbe-57.dat UPX behavioral2/files/0x0031000000023bbf-63.dat UPX behavioral2/files/0x000a000000023bc0-67.dat UPX behavioral2/memory/3520-73-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1268-69-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000a000000023bc1-74.dat UPX behavioral2/files/0x000a000000023bc2-79.dat UPX behavioral2/memory/1260-82-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000a000000023bc3-87.dat UPX behavioral2/memory/1260-88-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000a000000023bc4-91.dat UPX behavioral2/memory/3808-93-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000b000000023bb3-97.dat UPX behavioral2/files/0x000a000000023bc5-104.dat UPX behavioral2/memory/4260-102-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2128-107-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4836-100-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000a000000023bc7-110.dat UPX behavioral2/memory/3164-112-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000a000000023bc8-117.dat UPX behavioral2/files/0x000a000000023bc9-124.dat UPX behavioral2/memory/3040-125-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/60-122-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3952-131-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000a000000023bcb-136.dat UPX behavioral2/memory/808-137-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000a000000023bcc-140.dat UPX behavioral2/memory/808-143-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000a000000023bcd-147.dat UPX behavioral2/files/0x000a000000023bce-151.dat UPX behavioral2/files/0x000b000000023bb3-157.dat UPX behavioral2/files/0x000a000000023bca-129.dat UPX behavioral2/files/0x000a000000023bcf-163.dat UPX behavioral2/files/0x000a000000023bd0-167.dat UPX behavioral2/files/0x000a000000023bd1-172.dat UPX behavioral2/files/0x000a000000023bd2-176.dat UPX behavioral2/memory/3584-179-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000a000000023bd3-182.dat UPX behavioral2/memory/1852-184-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4224-189-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/436-196-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4140-206-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2944-224-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2992-228-0x0000000000400000-0x0000000000429000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 4324 bhtthn.exe 4648 dvvvd.exe 2124 xlxfrrx.exe 2836 hbbbbt.exe 1724 tbbthb.exe 3472 jjjpv.exe 5092 rfrfllx.exe 3400 vdpjj.exe 4748 rlxxrxx.exe 3760 bnhhtn.exe 1268 dvdvd.exe 3520 htnhnb.exe 2708 dvddv.exe 1260 hnttnh.exe 3808 pjjdj.exe 4836 frfxffl.exe 4260 dvjjd.exe 2128 9lrrlrx.exe 3164 tnnhtn.exe 60 ppvpd.exe 3040 rlfxrxx.exe 3952 djddp.exe 808 ffffffx.exe 1156 nntbtt.exe 4808 ddddv.exe 4172 bnnnhb.exe 4120 dvjjd.exe 1176 xxffffr.exe 2564 lrxffrl.exe 3584 vvvpj.exe 1852 rrrlxxr.exe 4224 djvjp.exe 880 xlxxfll.exe 3524 hhbttn.exe 436 rlffrll.exe 2388 bbbnbb.exe 4140 pjdvd.exe 2484 hthnnn.exe 3300 nhnntb.exe 3116 dvdjv.exe 2856 frxrrfl.exe 4884 tbnntt.exe 2944 pjdpp.exe 2992 5jjjd.exe 1940 thnnhn.exe 4324 bhtbbb.exe 3476 vvdjj.exe 1416 bhtnhh.exe 2188 9vjvd.exe 1548 rrrrffr.exe 3000 nbnttb.exe 1068 dpjjp.exe 1220 rfrxlrx.exe 632 1ntbbn.exe 896 dvvvv.exe 864 lfrlxrr.exe 2508 hbhtbh.exe 3060 vjppp.exe 4308 xllxxlf.exe 760 nttttt.exe 716 nnnnnt.exe 1576 pvppv.exe 5032 5tbtbb.exe 2796 jddpv.exe -
resource yara_rule behavioral2/memory/1940-0-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000b000000023bb2-4.dat upx behavioral2/memory/1940-5-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4324-7-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000a000000023bb6-9.dat upx behavioral2/memory/4648-12-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2124-17-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000a000000023bb7-16.dat upx behavioral2/memory/2836-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000a000000023bb8-22.dat upx behavioral2/memory/1724-30-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000a000000023bba-33.dat upx behavioral2/files/0x000a000000023bb9-28.dat upx behavioral2/files/0x000a000000023bbb-40.dat upx behavioral2/memory/3472-39-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5092-42-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000a000000023bbc-45.dat upx behavioral2/files/0x0031000000023bbd-50.dat upx behavioral2/memory/3400-53-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3760-60-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x0031000000023bbe-57.dat upx behavioral2/files/0x0031000000023bbf-63.dat upx behavioral2/files/0x000a000000023bc0-67.dat upx behavioral2/memory/3520-73-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1268-69-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000a000000023bc1-74.dat upx behavioral2/files/0x000a000000023bc2-79.dat upx behavioral2/memory/1260-82-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000a000000023bc3-87.dat upx behavioral2/memory/1260-88-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000a000000023bc4-91.dat upx behavioral2/memory/3808-93-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000b000000023bb3-97.dat upx behavioral2/files/0x000a000000023bc5-104.dat upx behavioral2/memory/4260-102-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2128-107-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4836-100-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000a000000023bc7-110.dat upx behavioral2/memory/3164-112-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000a000000023bc8-117.dat upx behavioral2/files/0x000a000000023bc9-124.dat upx behavioral2/memory/3040-125-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/60-122-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3952-131-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000a000000023bcb-136.dat upx behavioral2/memory/808-137-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000a000000023bcc-140.dat upx behavioral2/memory/808-143-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000a000000023bcd-147.dat upx behavioral2/files/0x000a000000023bce-151.dat upx behavioral2/files/0x000b000000023bb3-157.dat upx behavioral2/files/0x000a000000023bca-129.dat upx behavioral2/files/0x000a000000023bcf-163.dat upx behavioral2/files/0x000a000000023bd0-167.dat upx behavioral2/files/0x000a000000023bd1-172.dat upx behavioral2/files/0x000a000000023bd2-176.dat upx behavioral2/memory/3584-179-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000a000000023bd3-182.dat upx behavioral2/memory/1852-184-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4224-189-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/436-196-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4140-206-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2944-224-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2992-228-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1940 wrote to memory of 4324 1940 a17c846103b3f4912364b8a21d65724626f98398080c0f5324fba6dd3b17379a.exe 83 PID 1940 wrote to memory of 4324 1940 a17c846103b3f4912364b8a21d65724626f98398080c0f5324fba6dd3b17379a.exe 83 PID 1940 wrote to memory of 4324 1940 a17c846103b3f4912364b8a21d65724626f98398080c0f5324fba6dd3b17379a.exe 83 PID 4324 wrote to memory of 4648 4324 bhtthn.exe 84 PID 4324 wrote to memory of 4648 4324 bhtthn.exe 84 PID 4324 wrote to memory of 4648 4324 bhtthn.exe 84 PID 4648 wrote to memory of 2124 4648 dvvvd.exe 85 PID 4648 wrote to memory of 2124 4648 dvvvd.exe 85 PID 4648 wrote to memory of 2124 4648 dvvvd.exe 85 PID 2124 wrote to memory of 2836 2124 xlxfrrx.exe 86 PID 2124 wrote to memory of 2836 2124 xlxfrrx.exe 86 PID 2124 wrote to memory of 2836 2124 xlxfrrx.exe 86 PID 2836 wrote to memory of 1724 2836 hbbbbt.exe 87 PID 2836 wrote to memory of 1724 2836 hbbbbt.exe 87 PID 2836 wrote to memory of 1724 2836 hbbbbt.exe 87 PID 1724 wrote to memory of 3472 1724 tbbthb.exe 88 PID 1724 wrote to memory of 3472 1724 tbbthb.exe 88 PID 1724 wrote to memory of 3472 1724 tbbthb.exe 88 PID 3472 wrote to memory of 5092 3472 jjjpv.exe 89 PID 3472 wrote to memory of 5092 3472 jjjpv.exe 89 PID 3472 wrote to memory of 5092 3472 jjjpv.exe 89 PID 5092 wrote to memory of 3400 5092 rfrfllx.exe 90 PID 5092 wrote to memory of 3400 5092 rfrfllx.exe 90 PID 5092 wrote to memory of 3400 5092 rfrfllx.exe 90 PID 3400 wrote to memory of 4748 3400 vdpjj.exe 91 PID 3400 wrote to memory of 4748 3400 vdpjj.exe 91 PID 3400 wrote to memory of 4748 3400 vdpjj.exe 91 PID 4748 wrote to memory of 3760 4748 rlxxrxx.exe 92 PID 4748 wrote to memory of 3760 4748 rlxxrxx.exe 92 PID 4748 wrote to memory of 3760 4748 rlxxrxx.exe 92 PID 3760 wrote to memory of 1268 3760 bnhhtn.exe 93 PID 3760 wrote to memory of 1268 3760 bnhhtn.exe 93 PID 3760 wrote to memory of 1268 3760 bnhhtn.exe 93 PID 1268 wrote to memory of 3520 1268 dvdvd.exe 94 PID 1268 wrote to memory of 3520 1268 dvdvd.exe 94 PID 1268 wrote to memory of 3520 1268 dvdvd.exe 94 PID 3520 wrote to memory of 2708 3520 htnhnb.exe 95 PID 3520 wrote to memory of 2708 3520 htnhnb.exe 95 PID 3520 wrote to memory of 2708 3520 htnhnb.exe 95 PID 2708 wrote to memory of 1260 2708 dvddv.exe 96 PID 2708 wrote to memory of 1260 2708 dvddv.exe 96 PID 2708 wrote to memory of 1260 2708 dvddv.exe 96 PID 1260 wrote to memory of 3808 1260 hnttnh.exe 97 PID 1260 wrote to memory of 3808 1260 hnttnh.exe 97 PID 1260 wrote to memory of 3808 1260 hnttnh.exe 97 PID 3808 wrote to memory of 4836 3808 pjjdj.exe 98 PID 3808 wrote to memory of 4836 3808 pjjdj.exe 98 PID 3808 wrote to memory of 4836 3808 pjjdj.exe 98 PID 4836 wrote to memory of 4260 4836 frfxffl.exe 99 PID 4836 wrote to memory of 4260 4836 frfxffl.exe 99 PID 4836 wrote to memory of 4260 4836 frfxffl.exe 99 PID 4260 wrote to memory of 2128 4260 dvjjd.exe 100 PID 4260 wrote to memory of 2128 4260 dvjjd.exe 100 PID 4260 wrote to memory of 2128 4260 dvjjd.exe 100 PID 2128 wrote to memory of 3164 2128 9lrrlrx.exe 101 PID 2128 wrote to memory of 3164 2128 9lrrlrx.exe 101 PID 2128 wrote to memory of 3164 2128 9lrrlrx.exe 101 PID 3164 wrote to memory of 60 3164 tnnhtn.exe 102 PID 3164 wrote to memory of 60 3164 tnnhtn.exe 102 PID 3164 wrote to memory of 60 3164 tnnhtn.exe 102 PID 60 wrote to memory of 3040 60 ppvpd.exe 103 PID 60 wrote to memory of 3040 60 ppvpd.exe 103 PID 60 wrote to memory of 3040 60 ppvpd.exe 103 PID 3040 wrote to memory of 3952 3040 rlfxrxx.exe 104
Processes
-
C:\Users\Admin\AppData\Local\Temp\a17c846103b3f4912364b8a21d65724626f98398080c0f5324fba6dd3b17379a.exe"C:\Users\Admin\AppData\Local\Temp\a17c846103b3f4912364b8a21d65724626f98398080c0f5324fba6dd3b17379a.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1940 -
\??\c:\bhtthn.exec:\bhtthn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4324 -
\??\c:\dvvvd.exec:\dvvvd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4648 -
\??\c:\xlxfrrx.exec:\xlxfrrx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2124 -
\??\c:\hbbbbt.exec:\hbbbbt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2836 -
\??\c:\tbbthb.exec:\tbbthb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1724 -
\??\c:\jjjpv.exec:\jjjpv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3472 -
\??\c:\rfrfllx.exec:\rfrfllx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5092 -
\??\c:\vdpjj.exec:\vdpjj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3400 -
\??\c:\rlxxrxx.exec:\rlxxrxx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4748 -
\??\c:\bnhhtn.exec:\bnhhtn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3760 -
\??\c:\dvdvd.exec:\dvdvd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1268 -
\??\c:\htnhnb.exec:\htnhnb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3520 -
\??\c:\dvddv.exec:\dvddv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2708 -
\??\c:\hnttnh.exec:\hnttnh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1260 -
\??\c:\pjjdj.exec:\pjjdj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3808 -
\??\c:\frfxffl.exec:\frfxffl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4836 -
\??\c:\dvjjd.exec:\dvjjd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4260 -
\??\c:\9lrrlrx.exec:\9lrrlrx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2128 -
\??\c:\tnnhtn.exec:\tnnhtn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3164 -
\??\c:\ppvpd.exec:\ppvpd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:60 -
\??\c:\rlfxrxx.exec:\rlfxrxx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3040 -
\??\c:\djddp.exec:\djddp.exe23⤵
- Executes dropped EXE
PID:3952 -
\??\c:\ffffffx.exec:\ffffffx.exe24⤵
- Executes dropped EXE
PID:808 -
\??\c:\nntbtt.exec:\nntbtt.exe25⤵
- Executes dropped EXE
PID:1156 -
\??\c:\ddddv.exec:\ddddv.exe26⤵
- Executes dropped EXE
PID:4808 -
\??\c:\bnnnhb.exec:\bnnnhb.exe27⤵
- Executes dropped EXE
PID:4172 -
\??\c:\dvjjd.exec:\dvjjd.exe28⤵
- Executes dropped EXE
PID:4120 -
\??\c:\xxffffr.exec:\xxffffr.exe29⤵
- Executes dropped EXE
PID:1176 -
\??\c:\lrxffrl.exec:\lrxffrl.exe30⤵
- Executes dropped EXE
PID:2564 -
\??\c:\vvvpj.exec:\vvvpj.exe31⤵
- Executes dropped EXE
PID:3584 -
\??\c:\rrrlxxr.exec:\rrrlxxr.exe32⤵
- Executes dropped EXE
PID:1852 -
\??\c:\djvjp.exec:\djvjp.exe33⤵
- Executes dropped EXE
PID:4224 -
\??\c:\xlxxfll.exec:\xlxxfll.exe34⤵
- Executes dropped EXE
PID:880 -
\??\c:\hhbttn.exec:\hhbttn.exe35⤵
- Executes dropped EXE
PID:3524 -
\??\c:\rlffrll.exec:\rlffrll.exe36⤵
- Executes dropped EXE
PID:436 -
\??\c:\bbbnbb.exec:\bbbnbb.exe37⤵
- Executes dropped EXE
PID:2388 -
\??\c:\pjdvd.exec:\pjdvd.exe38⤵
- Executes dropped EXE
PID:4140 -
\??\c:\hthnnn.exec:\hthnnn.exe39⤵
- Executes dropped EXE
PID:2484 -
\??\c:\nhnntb.exec:\nhnntb.exe40⤵
- Executes dropped EXE
PID:3300 -
\??\c:\dvdjv.exec:\dvdjv.exe41⤵
- Executes dropped EXE
PID:3116 -
\??\c:\frxrrfl.exec:\frxrrfl.exe42⤵
- Executes dropped EXE
PID:2856 -
\??\c:\tbnntt.exec:\tbnntt.exe43⤵
- Executes dropped EXE
PID:4884 -
\??\c:\pjdpp.exec:\pjdpp.exe44⤵
- Executes dropped EXE
PID:2944 -
\??\c:\5jjjd.exec:\5jjjd.exe45⤵
- Executes dropped EXE
PID:2992 -
\??\c:\thnnhn.exec:\thnnhn.exe46⤵
- Executes dropped EXE
PID:1940 -
\??\c:\bhtbbb.exec:\bhtbbb.exe47⤵
- Executes dropped EXE
PID:4324 -
\??\c:\vvdjj.exec:\vvdjj.exe48⤵
- Executes dropped EXE
PID:3476 -
\??\c:\bhtnhh.exec:\bhtnhh.exe49⤵
- Executes dropped EXE
PID:1416 -
\??\c:\9vjvd.exec:\9vjvd.exe50⤵
- Executes dropped EXE
PID:2188 -
\??\c:\rrrrffr.exec:\rrrrffr.exe51⤵
- Executes dropped EXE
PID:1548 -
\??\c:\nbnttb.exec:\nbnttb.exe52⤵
- Executes dropped EXE
PID:3000 -
\??\c:\dpjjp.exec:\dpjjp.exe53⤵
- Executes dropped EXE
PID:1068 -
\??\c:\rfrxlrx.exec:\rfrxlrx.exe54⤵
- Executes dropped EXE
PID:1220 -
\??\c:\1ntbbn.exec:\1ntbbn.exe55⤵
- Executes dropped EXE
PID:632 -
\??\c:\dvvvv.exec:\dvvvv.exe56⤵
- Executes dropped EXE
PID:896 -
\??\c:\lfrlxrr.exec:\lfrlxrr.exe57⤵
- Executes dropped EXE
PID:864 -
\??\c:\hbhtbh.exec:\hbhtbh.exe58⤵
- Executes dropped EXE
PID:2508 -
\??\c:\vjppp.exec:\vjppp.exe59⤵
- Executes dropped EXE
PID:3060 -
\??\c:\xllxxlf.exec:\xllxxlf.exe60⤵
- Executes dropped EXE
PID:4308 -
\??\c:\nttttt.exec:\nttttt.exe61⤵
- Executes dropped EXE
PID:760 -
\??\c:\nnnnnt.exec:\nnnnnt.exe62⤵
- Executes dropped EXE
PID:716 -
\??\c:\pvppv.exec:\pvppv.exe63⤵
- Executes dropped EXE
PID:1576 -
\??\c:\5tbtbb.exec:\5tbtbb.exe64⤵
- Executes dropped EXE
PID:5032 -
\??\c:\jddpv.exec:\jddpv.exe65⤵
- Executes dropped EXE
PID:2796 -
\??\c:\rrxffff.exec:\rrxffff.exe66⤵PID:1296
-
\??\c:\btbbbt.exec:\btbbbt.exe67⤵PID:5020
-
\??\c:\3jpdp.exec:\3jpdp.exe68⤵PID:1680
-
\??\c:\llfrrfx.exec:\llfrrfx.exe69⤵PID:2240
-
\??\c:\ttbntb.exec:\ttbntb.exe70⤵PID:3164
-
\??\c:\dppjp.exec:\dppjp.exe71⤵PID:4688
-
\??\c:\rxflffr.exec:\rxflffr.exe72⤵PID:1060
-
\??\c:\hnbntt.exec:\hnbntt.exe73⤵PID:2032
-
\??\c:\hbnntt.exec:\hbnntt.exe74⤵PID:2896
-
\??\c:\pjdvv.exec:\pjdvv.exe75⤵PID:2904
-
\??\c:\fxllxxr.exec:\fxllxxr.exe76⤵PID:4496
-
\??\c:\tbbthb.exec:\tbbthb.exe77⤵PID:4396
-
\??\c:\hbttnn.exec:\hbttnn.exe78⤵PID:3464
-
\??\c:\5dddv.exec:\5dddv.exe79⤵PID:3452
-
\??\c:\rrxffll.exec:\rrxffll.exe80⤵PID:3764
-
\??\c:\nntntt.exec:\nntntt.exe81⤵PID:2564
-
\??\c:\bnbbtt.exec:\bnbbtt.exe82⤵PID:1160
-
\??\c:\ppppv.exec:\ppppv.exe83⤵PID:2436
-
\??\c:\xxrxrrr.exec:\xxrxrrr.exe84⤵PID:412
-
\??\c:\bnbthh.exec:\bnbthh.exe85⤵PID:3596
-
\??\c:\ppjdd.exec:\ppjdd.exe86⤵PID:1080
-
\??\c:\ppjdj.exec:\ppjdj.exe87⤵PID:1388
-
\??\c:\7llllrr.exec:\7llllrr.exe88⤵PID:4736
-
\??\c:\tnnhht.exec:\tnnhht.exe89⤵PID:3992
-
\??\c:\pddjj.exec:\pddjj.exe90⤵PID:2620
-
\??\c:\1rrxxfx.exec:\1rrxxfx.exe91⤵PID:3604
-
\??\c:\fxlflll.exec:\fxlflll.exe92⤵PID:4868
-
\??\c:\bbnnnn.exec:\bbnnnn.exe93⤵PID:1784
-
\??\c:\pvdpp.exec:\pvdpp.exe94⤵PID:1436
-
\??\c:\5jddd.exec:\5jddd.exe95⤵PID:3776
-
\??\c:\frllrrr.exec:\frllrrr.exe96⤵PID:1804
-
\??\c:\bhttbb.exec:\bhttbb.exe97⤵PID:224
-
\??\c:\vjvjd.exec:\vjvjd.exe98⤵PID:4288
-
\??\c:\1dpvv.exec:\1dpvv.exe99⤵PID:3008
-
\??\c:\flllxfr.exec:\flllxfr.exe100⤵PID:2740
-
\??\c:\ttbbhh.exec:\ttbbhh.exe101⤵PID:4732
-
\??\c:\hbtttt.exec:\hbtttt.exe102⤵PID:1416
-
\??\c:\jdjjp.exec:\jdjjp.exe103⤵PID:3372
-
\??\c:\frlflff.exec:\frlflff.exe104⤵PID:3000
-
\??\c:\bhtbtb.exec:\bhtbtb.exe105⤵PID:5108
-
\??\c:\nttnnh.exec:\nttnnh.exe106⤵PID:3192
-
\??\c:\vppjv.exec:\vppjv.exe107⤵PID:1968
-
\??\c:\lrxfrfl.exec:\lrxfrfl.exe108⤵PID:2828
-
\??\c:\bnthbh.exec:\bnthbh.exe109⤵PID:2492
-
\??\c:\vpvpv.exec:\vpvpv.exe110⤵PID:1776
-
\??\c:\djvdd.exec:\djvdd.exe111⤵PID:1844
-
\??\c:\rxrflfr.exec:\rxrflfr.exe112⤵PID:3340
-
\??\c:\thbnth.exec:\thbnth.exe113⤵PID:3484
-
\??\c:\pddvv.exec:\pddvv.exe114⤵PID:1248
-
\??\c:\vdvdj.exec:\vdvdj.exe115⤵PID:4508
-
\??\c:\3xxxxlr.exec:\3xxxxlr.exe116⤵PID:1652
-
\??\c:\bnbhbt.exec:\bnbhbt.exe117⤵PID:4072
-
\??\c:\ppdvv.exec:\ppdvv.exe118⤵PID:3164
-
\??\c:\jvdvj.exec:\jvdvj.exe119⤵PID:4344
-
\??\c:\lfllfxf.exec:\lfllfxf.exe120⤵PID:2940
-
\??\c:\ntttnt.exec:\ntttnt.exe121⤵PID:1684
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-