Analysis
-
max time kernel
150s -
max time network
108s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
07/05/2024, 22:43
Behavioral task
behavioral1
Sample
7613f92ab1666ca214027af1b0c1df3484380c873089bafb0dcaca0345c5ba8c.exe
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
General
-
Target
7613f92ab1666ca214027af1b0c1df3484380c873089bafb0dcaca0345c5ba8c.exe
-
Size
75KB
-
MD5
37226fae6ad15e1f68c18f637129db73
-
SHA1
01e98d47ca52aeeb2981177d04be367f15bfa6a1
-
SHA256
7613f92ab1666ca214027af1b0c1df3484380c873089bafb0dcaca0345c5ba8c
-
SHA512
5b6e9cf1248867f8167672af60cf303011541f1465d6c5a8f9ec9085df6c814802fec88bd9e1e3ed45d114033c1d96929a04c38f3889ed8ac0dc6d9f4faca530
-
SSDEEP
1536:9vQBeOGtrYS3srx93UBWfwC6Ggnouy8PbhnyLFWoFLAxZhMDzE8V:9hOmTsF93UYfwC6GIoutz5yLpOSDP
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/3596-6-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/692-8-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2092-16-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2028-25-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4976-32-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2816-31-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5040-40-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4120-53-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1076-59-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4064-65-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2492-70-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3876-73-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4400-81-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1548-92-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2752-99-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2060-105-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2616-110-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1216-116-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5048-124-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4372-130-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1888-135-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/396-155-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1748-158-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3032-167-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3676-178-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1904-184-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4140-189-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4744-202-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4864-210-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4464-211-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4516-219-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2656-231-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1500-233-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2208-243-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1932-245-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1768-264-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3012-269-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3940-276-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4608-293-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2604-297-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3660-307-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4496-314-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1648-336-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3032-343-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3788-350-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4540-358-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/464-373-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4448-383-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2028-399-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4560-442-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4372-471-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2896-483-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1824-494-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/932-512-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/632-519-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2336-535-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/940-552-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2028-567-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1328-641-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3032-672-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5008-691-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4420-699-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4292-750-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2660-764-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/3596-0-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000c000000023b8f-3.dat UPX behavioral2/memory/3596-6-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/692-8-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000b000000023b92-10.dat UPX behavioral2/files/0x000a000000023b96-13.dat UPX behavioral2/memory/2092-16-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023b97-21.dat UPX behavioral2/memory/2028-25-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023b98-27.dat UPX behavioral2/files/0x000a000000023b99-34.dat UPX behavioral2/memory/5040-37-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4976-32-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2816-31-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/5040-40-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023b9a-41.dat UPX behavioral2/files/0x000a000000023b9b-45.dat UPX behavioral2/memory/4120-48-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4120-53-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023b9c-54.dat UPX behavioral2/files/0x000a000000023b9d-60.dat UPX behavioral2/memory/1076-59-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023b9e-63.dat UPX behavioral2/memory/4064-65-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023b9f-69.dat UPX behavioral2/memory/2492-70-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3876-73-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023ba1-75.dat UPX behavioral2/files/0x000a000000023ba2-80.dat UPX behavioral2/memory/4400-81-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023ba3-85.dat UPX behavioral2/files/0x000a000000023ba4-91.dat UPX behavioral2/memory/1548-92-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023ba5-96.dat UPX behavioral2/memory/2752-99-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023ba6-102.dat UPX behavioral2/memory/2060-105-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2616-110-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023ba7-111.dat UPX behavioral2/memory/1216-116-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023ba8-117.dat UPX behavioral2/files/0x000a000000023ba9-121.dat UPX behavioral2/files/0x000a000000023baa-126.dat UPX behavioral2/memory/5048-124-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4372-130-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023bab-132.dat UPX behavioral2/memory/1888-135-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023bac-140.dat UPX behavioral2/files/0x000a000000023bad-144.dat UPX behavioral2/files/0x000a000000023bae-148.dat UPX behavioral2/memory/396-155-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023baf-153.dat UPX behavioral2/memory/1748-158-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023bb0-160.dat UPX behavioral2/memory/3032-167-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023bb1-165.dat UPX behavioral2/files/0x000a000000023bb2-171.dat UPX behavioral2/files/0x000b000000023b93-176.dat UPX behavioral2/memory/3676-178-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023bb3-182.dat UPX behavioral2/memory/1904-184-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4140-189-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4744-202-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4436-203-0x0000000000400000-0x0000000000427000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 692 pjppj.exe 2092 xrllfxx.exe 2028 nbhhnt.exe 2816 nthnnt.exe 4976 dddjd.exe 5040 dppjd.exe 4492 lfflxll.exe 4120 bbthtn.exe 1076 3vppp.exe 4064 xlfxrrl.exe 2492 ttnhtb.exe 3876 1vddv.exe 4400 rfxxllr.exe 1564 rlxxffr.exe 1548 tththt.exe 2752 dvddd.exe 2060 lrrfxfl.exe 2616 1rxxrrl.exe 1216 thtnnn.exe 5048 jddvp.exe 2288 lrfrlfr.exe 4372 ttnnhh.exe 1888 vvppj.exe 4972 rffxxll.exe 4792 7frrxxx.exe 396 tntttt.exe 1748 pddvp.exe 3032 ddppj.exe 4340 xrrlffl.exe 3676 bnhbht.exe 1904 jvddd.exe 4140 lxfxxrx.exe 2980 tbhntt.exe 4928 vpvvp.exe 4940 xxfxxxf.exe 4744 hhnbtn.exe 4436 vjppj.exe 4864 3pvvd.exe 4464 frxxrxr.exe 4516 tnhhbb.exe 744 nhbbtb.exe 2312 vvppp.exe 3560 xrxrlxr.exe 2656 xrlrxll.exe 1500 ttbtnn.exe 2536 jdjjd.exe 2208 dvjjp.exe 1932 5ffxllf.exe 4992 fxlfxxf.exe 4784 1ntttt.exe 3212 pvpjj.exe 4064 jdvpv.exe 1768 ffllrrx.exe 3012 lxfxrll.exe 3136 nbbbbb.exe 3940 nbhbtt.exe 4364 dpppv.exe 2660 7vjvj.exe 2176 3frlfff.exe 1004 llrrrxf.exe 1324 tnbbbb.exe 4608 tthnbh.exe 2604 dvdvv.exe 2424 rrfxfrl.exe -
resource yara_rule behavioral2/memory/3596-0-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000c000000023b8f-3.dat upx behavioral2/memory/3596-6-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/692-8-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000b000000023b92-10.dat upx behavioral2/files/0x000a000000023b96-13.dat upx behavioral2/memory/2092-16-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023b97-21.dat upx behavioral2/memory/2028-25-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023b98-27.dat upx behavioral2/files/0x000a000000023b99-34.dat upx behavioral2/memory/5040-37-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4976-32-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2816-31-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/5040-40-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023b9a-41.dat upx behavioral2/files/0x000a000000023b9b-45.dat upx behavioral2/memory/4120-48-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4120-53-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023b9c-54.dat upx behavioral2/files/0x000a000000023b9d-60.dat upx behavioral2/memory/1076-59-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023b9e-63.dat upx behavioral2/memory/4064-65-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023b9f-69.dat upx behavioral2/memory/2492-70-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3876-73-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023ba1-75.dat upx behavioral2/files/0x000a000000023ba2-80.dat upx behavioral2/memory/4400-81-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023ba3-85.dat upx behavioral2/files/0x000a000000023ba4-91.dat upx behavioral2/memory/1548-92-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023ba5-96.dat upx behavioral2/memory/2752-99-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023ba6-102.dat upx behavioral2/memory/2060-105-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2616-110-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023ba7-111.dat upx behavioral2/memory/1216-116-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023ba8-117.dat upx behavioral2/files/0x000a000000023ba9-121.dat upx behavioral2/files/0x000a000000023baa-126.dat upx behavioral2/memory/5048-124-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4372-130-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023bab-132.dat upx behavioral2/memory/1888-135-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023bac-140.dat upx behavioral2/files/0x000a000000023bad-144.dat upx behavioral2/files/0x000a000000023bae-148.dat upx behavioral2/memory/396-155-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023baf-153.dat upx behavioral2/memory/1748-158-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023bb0-160.dat upx behavioral2/memory/3032-167-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023bb1-165.dat upx behavioral2/files/0x000a000000023bb2-171.dat upx behavioral2/files/0x000b000000023b93-176.dat upx behavioral2/memory/3676-178-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023bb3-182.dat upx behavioral2/memory/1904-184-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4140-189-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4744-202-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4436-203-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3596 wrote to memory of 692 3596 7613f92ab1666ca214027af1b0c1df3484380c873089bafb0dcaca0345c5ba8c.exe 83 PID 3596 wrote to memory of 692 3596 7613f92ab1666ca214027af1b0c1df3484380c873089bafb0dcaca0345c5ba8c.exe 83 PID 3596 wrote to memory of 692 3596 7613f92ab1666ca214027af1b0c1df3484380c873089bafb0dcaca0345c5ba8c.exe 83 PID 692 wrote to memory of 2092 692 pjppj.exe 84 PID 692 wrote to memory of 2092 692 pjppj.exe 84 PID 692 wrote to memory of 2092 692 pjppj.exe 84 PID 2092 wrote to memory of 2028 2092 xrllfxx.exe 85 PID 2092 wrote to memory of 2028 2092 xrllfxx.exe 85 PID 2092 wrote to memory of 2028 2092 xrllfxx.exe 85 PID 2028 wrote to memory of 2816 2028 nbhhnt.exe 86 PID 2028 wrote to memory of 2816 2028 nbhhnt.exe 86 PID 2028 wrote to memory of 2816 2028 nbhhnt.exe 86 PID 2816 wrote to memory of 4976 2816 nthnnt.exe 87 PID 2816 wrote to memory of 4976 2816 nthnnt.exe 87 PID 2816 wrote to memory of 4976 2816 nthnnt.exe 87 PID 4976 wrote to memory of 5040 4976 dddjd.exe 88 PID 4976 wrote to memory of 5040 4976 dddjd.exe 88 PID 4976 wrote to memory of 5040 4976 dddjd.exe 88 PID 5040 wrote to memory of 4492 5040 dppjd.exe 89 PID 5040 wrote to memory of 4492 5040 dppjd.exe 89 PID 5040 wrote to memory of 4492 5040 dppjd.exe 89 PID 4492 wrote to memory of 4120 4492 lfflxll.exe 90 PID 4492 wrote to memory of 4120 4492 lfflxll.exe 90 PID 4492 wrote to memory of 4120 4492 lfflxll.exe 90 PID 4120 wrote to memory of 1076 4120 bbthtn.exe 91 PID 4120 wrote to memory of 1076 4120 bbthtn.exe 91 PID 4120 wrote to memory of 1076 4120 bbthtn.exe 91 PID 1076 wrote to memory of 4064 1076 3vppp.exe 92 PID 1076 wrote to memory of 4064 1076 3vppp.exe 92 PID 1076 wrote to memory of 4064 1076 3vppp.exe 92 PID 4064 wrote to memory of 2492 4064 xlfxrrl.exe 93 PID 4064 wrote to memory of 2492 4064 xlfxrrl.exe 93 PID 4064 wrote to memory of 2492 4064 xlfxrrl.exe 93 PID 2492 wrote to memory of 3876 2492 ttnhtb.exe 94 PID 2492 wrote to memory of 3876 2492 ttnhtb.exe 94 PID 2492 wrote to memory of 3876 2492 ttnhtb.exe 94 PID 3876 wrote to memory of 4400 3876 1vddv.exe 95 PID 3876 wrote to memory of 4400 3876 1vddv.exe 95 PID 3876 wrote to memory of 4400 3876 1vddv.exe 95 PID 4400 wrote to memory of 1564 4400 rfxxllr.exe 96 PID 4400 wrote to memory of 1564 4400 rfxxllr.exe 96 PID 4400 wrote to memory of 1564 4400 rfxxllr.exe 96 PID 1564 wrote to memory of 1548 1564 rlxxffr.exe 97 PID 1564 wrote to memory of 1548 1564 rlxxffr.exe 97 PID 1564 wrote to memory of 1548 1564 rlxxffr.exe 97 PID 1548 wrote to memory of 2752 1548 tththt.exe 98 PID 1548 wrote to memory of 2752 1548 tththt.exe 98 PID 1548 wrote to memory of 2752 1548 tththt.exe 98 PID 2752 wrote to memory of 2060 2752 dvddd.exe 99 PID 2752 wrote to memory of 2060 2752 dvddd.exe 99 PID 2752 wrote to memory of 2060 2752 dvddd.exe 99 PID 2060 wrote to memory of 2616 2060 lrrfxfl.exe 100 PID 2060 wrote to memory of 2616 2060 lrrfxfl.exe 100 PID 2060 wrote to memory of 2616 2060 lrrfxfl.exe 100 PID 2616 wrote to memory of 1216 2616 1rxxrrl.exe 101 PID 2616 wrote to memory of 1216 2616 1rxxrrl.exe 101 PID 2616 wrote to memory of 1216 2616 1rxxrrl.exe 101 PID 1216 wrote to memory of 5048 1216 thtnnn.exe 102 PID 1216 wrote to memory of 5048 1216 thtnnn.exe 102 PID 1216 wrote to memory of 5048 1216 thtnnn.exe 102 PID 5048 wrote to memory of 2288 5048 jddvp.exe 103 PID 5048 wrote to memory of 2288 5048 jddvp.exe 103 PID 5048 wrote to memory of 2288 5048 jddvp.exe 103 PID 2288 wrote to memory of 4372 2288 lrfrlfr.exe 104
Processes
-
C:\Users\Admin\AppData\Local\Temp\7613f92ab1666ca214027af1b0c1df3484380c873089bafb0dcaca0345c5ba8c.exe"C:\Users\Admin\AppData\Local\Temp\7613f92ab1666ca214027af1b0c1df3484380c873089bafb0dcaca0345c5ba8c.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3596 -
\??\c:\pjppj.exec:\pjppj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:692 -
\??\c:\xrllfxx.exec:\xrllfxx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2092 -
\??\c:\nbhhnt.exec:\nbhhnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2028 -
\??\c:\nthnnt.exec:\nthnnt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2816 -
\??\c:\dddjd.exec:\dddjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4976 -
\??\c:\dppjd.exec:\dppjd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5040 -
\??\c:\lfflxll.exec:\lfflxll.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4492 -
\??\c:\bbthtn.exec:\bbthtn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4120 -
\??\c:\3vppp.exec:\3vppp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1076 -
\??\c:\xlfxrrl.exec:\xlfxrrl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4064 -
\??\c:\ttnhtb.exec:\ttnhtb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2492 -
\??\c:\1vddv.exec:\1vddv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3876 -
\??\c:\rfxxllr.exec:\rfxxllr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4400 -
\??\c:\rlxxffr.exec:\rlxxffr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1564 -
\??\c:\tththt.exec:\tththt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1548 -
\??\c:\dvddd.exec:\dvddd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2752 -
\??\c:\lrrfxfl.exec:\lrrfxfl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2060 -
\??\c:\1rxxrrl.exec:\1rxxrrl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2616 -
\??\c:\thtnnn.exec:\thtnnn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1216 -
\??\c:\jddvp.exec:\jddvp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5048 -
\??\c:\lrfrlfr.exec:\lrfrlfr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2288 -
\??\c:\ttnnhh.exec:\ttnnhh.exe23⤵
- Executes dropped EXE
PID:4372 -
\??\c:\vvppj.exec:\vvppj.exe24⤵
- Executes dropped EXE
PID:1888 -
\??\c:\rffxxll.exec:\rffxxll.exe25⤵
- Executes dropped EXE
PID:4972 -
\??\c:\7frrxxx.exec:\7frrxxx.exe26⤵
- Executes dropped EXE
PID:4792 -
\??\c:\tntttt.exec:\tntttt.exe27⤵
- Executes dropped EXE
PID:396 -
\??\c:\pddvp.exec:\pddvp.exe28⤵
- Executes dropped EXE
PID:1748 -
\??\c:\ddppj.exec:\ddppj.exe29⤵
- Executes dropped EXE
PID:3032 -
\??\c:\xrrlffl.exec:\xrrlffl.exe30⤵
- Executes dropped EXE
PID:4340 -
\??\c:\bnhbht.exec:\bnhbht.exe31⤵
- Executes dropped EXE
PID:3676 -
\??\c:\jvddd.exec:\jvddd.exe32⤵
- Executes dropped EXE
PID:1904 -
\??\c:\lxfxxrx.exec:\lxfxxrx.exe33⤵
- Executes dropped EXE
PID:4140 -
\??\c:\tbhntt.exec:\tbhntt.exe34⤵
- Executes dropped EXE
PID:2980 -
\??\c:\vpvvp.exec:\vpvvp.exe35⤵
- Executes dropped EXE
PID:4928 -
\??\c:\xxfxxxf.exec:\xxfxxxf.exe36⤵
- Executes dropped EXE
PID:4940 -
\??\c:\hhnbtn.exec:\hhnbtn.exe37⤵
- Executes dropped EXE
PID:4744 -
\??\c:\vjppj.exec:\vjppj.exe38⤵
- Executes dropped EXE
PID:4436 -
\??\c:\3pvvd.exec:\3pvvd.exe39⤵
- Executes dropped EXE
PID:4864 -
\??\c:\frxxrxr.exec:\frxxrxr.exe40⤵
- Executes dropped EXE
PID:4464 -
\??\c:\tnhhbb.exec:\tnhhbb.exe41⤵
- Executes dropped EXE
PID:4516 -
\??\c:\nhbbtb.exec:\nhbbtb.exe42⤵
- Executes dropped EXE
PID:744 -
\??\c:\vvppp.exec:\vvppp.exe43⤵
- Executes dropped EXE
PID:2312 -
\??\c:\xrxrlxr.exec:\xrxrlxr.exe44⤵
- Executes dropped EXE
PID:3560 -
\??\c:\xrlrxll.exec:\xrlrxll.exe45⤵
- Executes dropped EXE
PID:2656 -
\??\c:\ttbtnn.exec:\ttbtnn.exe46⤵
- Executes dropped EXE
PID:1500 -
\??\c:\jdjjd.exec:\jdjjd.exe47⤵
- Executes dropped EXE
PID:2536 -
\??\c:\dvjjp.exec:\dvjjp.exe48⤵
- Executes dropped EXE
PID:2208 -
\??\c:\5ffxllf.exec:\5ffxllf.exe49⤵
- Executes dropped EXE
PID:1932 -
\??\c:\fxlfxxf.exec:\fxlfxxf.exe50⤵
- Executes dropped EXE
PID:4992 -
\??\c:\1ntttt.exec:\1ntttt.exe51⤵
- Executes dropped EXE
PID:4784 -
\??\c:\pvpjj.exec:\pvpjj.exe52⤵
- Executes dropped EXE
PID:3212 -
\??\c:\jdvpv.exec:\jdvpv.exe53⤵
- Executes dropped EXE
PID:4064 -
\??\c:\ffllrrx.exec:\ffllrrx.exe54⤵
- Executes dropped EXE
PID:1768 -
\??\c:\lxfxrll.exec:\lxfxrll.exe55⤵
- Executes dropped EXE
PID:3012 -
\??\c:\nbbbbb.exec:\nbbbbb.exe56⤵
- Executes dropped EXE
PID:3136 -
\??\c:\nbhbtt.exec:\nbhbtt.exe57⤵
- Executes dropped EXE
PID:3940 -
\??\c:\dpppv.exec:\dpppv.exe58⤵
- Executes dropped EXE
PID:4364 -
\??\c:\7vjvj.exec:\7vjvj.exe59⤵
- Executes dropped EXE
PID:2660 -
\??\c:\3frlfff.exec:\3frlfff.exe60⤵
- Executes dropped EXE
PID:2176 -
\??\c:\llrrrxf.exec:\llrrrxf.exe61⤵
- Executes dropped EXE
PID:1004 -
\??\c:\tnbbbb.exec:\tnbbbb.exe62⤵
- Executes dropped EXE
PID:1324 -
\??\c:\tthnbh.exec:\tthnbh.exe63⤵
- Executes dropped EXE
PID:4608 -
\??\c:\dvdvv.exec:\dvdvv.exe64⤵
- Executes dropped EXE
PID:2604 -
\??\c:\rrfxfrl.exec:\rrfxfrl.exe65⤵
- Executes dropped EXE
PID:2424 -
\??\c:\rflrrlf.exec:\rflrrlf.exe66⤵PID:3660
-
\??\c:\nhnntt.exec:\nhnntt.exe67⤵PID:3148
-
\??\c:\pvpdd.exec:\pvpdd.exe68⤵PID:4496
-
\??\c:\vpddv.exec:\vpddv.exe69⤵PID:2128
-
\??\c:\lxfxxxx.exec:\lxfxxxx.exe70⤵PID:1780
-
\??\c:\rlxrlfx.exec:\rlxrlfx.exe71⤵PID:4972
-
\??\c:\hnnhnh.exec:\hnnhnh.exe72⤵PID:5000
-
\??\c:\nnhttt.exec:\nnhttt.exe73⤵PID:404
-
\??\c:\dvdvp.exec:\dvdvp.exe74⤵PID:4156
-
\??\c:\3ffffff.exec:\3ffffff.exe75⤵PID:1648
-
\??\c:\xrrrlrr.exec:\xrrrlrr.exe76⤵PID:936
-
\??\c:\hntttb.exec:\hntttb.exe77⤵PID:3032
-
\??\c:\nnhnhh.exec:\nnhnhh.exe78⤵PID:3060
-
\??\c:\lxxxrrf.exec:\lxxxrrf.exe79⤵PID:3932
-
\??\c:\nnnnnb.exec:\nnnnnb.exe80⤵PID:3788
-
\??\c:\vpjjd.exec:\vpjjd.exe81⤵PID:2348
-
\??\c:\vdvdv.exec:\vdvdv.exe82⤵PID:4540
-
\??\c:\lxllfll.exec:\lxllfll.exe83⤵PID:4160
-
\??\c:\hbbhbb.exec:\hbbhbb.exe84⤵PID:3752
-
\??\c:\dpvjd.exec:\dpvjd.exe85⤵PID:2808
-
\??\c:\djjjp.exec:\djjjp.exe86⤵PID:464
-
\??\c:\vpdpj.exec:\vpdpj.exe87⤵PID:2276
-
\??\c:\lfxrxxl.exec:\lfxrxxl.exe88⤵PID:4504
-
\??\c:\nbttnh.exec:\nbttnh.exe89⤵PID:4448
-
\??\c:\thnbtt.exec:\thnbtt.exe90⤵PID:4864
-
\??\c:\vvdvp.exec:\vvdvp.exe91⤵PID:940
-
\??\c:\xrxrfrr.exec:\xrxrfrr.exe92⤵PID:3648
-
\??\c:\hhnntt.exec:\hhnntt.exe93⤵PID:5060
-
\??\c:\pjdvj.exec:\pjdvj.exe94⤵PID:2680
-
\??\c:\vjvvv.exec:\vjvvv.exe95⤵PID:2028
-
\??\c:\rlfxffl.exec:\rlfxffl.exe96⤵PID:4596
-
\??\c:\lxrllll.exec:\lxrllll.exe97⤵PID:1924
-
\??\c:\nbnnnn.exec:\nbnnnn.exe98⤵PID:4428
-
\??\c:\bbnnnn.exec:\bbnnnn.exe99⤵PID:4932
-
\??\c:\jjpdj.exec:\jjpdj.exe100⤵PID:4564
-
\??\c:\rllfxxx.exec:\rllfxxx.exe101⤵PID:4492
-
\??\c:\9fflxff.exec:\9fflxff.exe102⤵PID:2664
-
\??\c:\7hntnt.exec:\7hntnt.exe103⤵PID:4984
-
\??\c:\5bhhbh.exec:\5bhhbh.exe104⤵PID:3528
-
\??\c:\vddvv.exec:\vddvv.exe105⤵PID:5028
-
\??\c:\vvpvp.exec:\vvpvp.exe106⤵PID:3000
-
\??\c:\9rxffff.exec:\9rxffff.exe107⤵PID:3808
-
\??\c:\rrxrlll.exec:\rrxrlll.exe108⤵PID:4560
-
\??\c:\ttnhtt.exec:\ttnhtt.exe109⤵PID:4844
-
\??\c:\5hnhbb.exec:\5hnhbb.exe110⤵PID:4364
-
\??\c:\jjjjd.exec:\jjjjd.exe111⤵PID:2932
-
\??\c:\vdddp.exec:\vdddp.exe112⤵PID:2176
-
\??\c:\xrrfrrl.exec:\xrrfrrl.exe113⤵PID:4868
-
\??\c:\tntnbh.exec:\tntnbh.exe114⤵PID:2572
-
\??\c:\bttttt.exec:\bttttt.exe115⤵PID:4608
-
\??\c:\vjvpj.exec:\vjvpj.exe116⤵PID:2236
-
\??\c:\dpjdp.exec:\dpjdp.exe117⤵PID:2424
-
\??\c:\xxlrlll.exec:\xxlrlll.exe118⤵PID:4372
-
\??\c:\rllfxxx.exec:\rllfxxx.exe119⤵PID:3064
-
\??\c:\tnhbtb.exec:\tnhbtb.exe120⤵PID:4496
-
\??\c:\tbhbtt.exec:\tbhbtt.exe121⤵PID:2896
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-