Analysis
-
max time kernel
150s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
09/05/2024, 03:30
Behavioral task
behavioral1
Sample
dfaf2325ac6dcdb525f967c4be6fc840_NEIKI.exe
Resource
win7-20240221-en
6 signatures
150 seconds
General
-
Target
dfaf2325ac6dcdb525f967c4be6fc840_NEIKI.exe
-
Size
259KB
-
MD5
dfaf2325ac6dcdb525f967c4be6fc840
-
SHA1
d739e9d52f2561d1b2ee67be0be4b27512992b43
-
SHA256
8ded563b81abe772f8e0d1deb34ee72c803b5c5083182115d2d6adf875517c4c
-
SHA512
2bc75d2f66f079dd2b4c2d59c038f699468e41160d53541b76749d122e704f0427da4635434355ffb8adf03c11c4305539647e38a8b3e2e390adde0cdc505782
-
SSDEEP
6144:mcm4FmowdHoS1IOnHoDTmhraHcpOFltH4t0P4EhTKCi5RQc7EC:I4wFHoSKOHYT6eFpguen5Sc7h
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/2628-4-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3228-8-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/536-44-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4792-55-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2744-89-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4916-98-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3916-132-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3616-158-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4064-189-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2980-193-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1004-207-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2472-227-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4988-233-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3588-261-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1636-279-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/588-282-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3984-289-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2548-307-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2500-375-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2520-411-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4092-415-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1628-447-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2236-465-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2488-484-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4408-500-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4632-560-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4472-665-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2664-783-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2664-787-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/5064-754-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4064-658-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2548-625-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1400-599-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1432-576-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4632-556-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2184-541-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/956-523-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4444-489-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3540-475-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2436-353-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/452-339-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4604-303-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4080-293-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3484-262-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1404-257-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/536-246-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4088-182-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3268-171-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/5112-170-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/508-150-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/884-145-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4636-134-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3244-116-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2728-106-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3024-94-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3708-80-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/464-79-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4804-72-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1852-62-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1184-61-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1524-37-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1524-32-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1620-31-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1508-19-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon -
Malware Dropper & Backdoor - Berbew 32 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
resource yara_rule behavioral2/files/0x000600000002329e-6.dat family_berbew behavioral2/files/0x000a000000023422-10.dat family_berbew behavioral2/files/0x000800000002342a-16.dat family_berbew behavioral2/files/0x000700000002342b-22.dat family_berbew behavioral2/files/0x000700000002342d-38.dat family_berbew behavioral2/files/0x000700000002342e-43.dat family_berbew behavioral2/files/0x0007000000023433-70.dat family_berbew behavioral2/files/0x0007000000023435-84.dat family_berbew behavioral2/files/0x0007000000023436-90.dat family_berbew behavioral2/files/0x0007000000023439-104.dat family_berbew behavioral2/files/0x000700000002343b-117.dat family_berbew behavioral2/files/0x000700000002343c-120.dat family_berbew behavioral2/files/0x000700000002343f-139.dat family_berbew behavioral2/files/0x0007000000023441-155.dat family_berbew behavioral2/files/0x0007000000023442-163.dat family_berbew behavioral2/files/0x0007000000023433-183.dat family_berbew behavioral2/files/0x0007000000023444-187.dat family_berbew behavioral2/files/0x000b000000023388-176.dat family_berbew behavioral2/files/0x0007000000023443-168.dat family_berbew behavioral2/files/0x0007000000023440-151.dat family_berbew behavioral2/files/0x0008000000023428-144.dat family_berbew behavioral2/files/0x000700000002343e-133.dat family_berbew behavioral2/files/0x000700000002343d-127.dat family_berbew behavioral2/files/0x000700000002343a-110.dat family_berbew behavioral2/files/0x0007000000023438-100.dat family_berbew behavioral2/files/0x0007000000023437-95.dat family_berbew behavioral2/files/0x0007000000023434-77.dat family_berbew behavioral2/files/0x0007000000023432-67.dat family_berbew behavioral2/files/0x0007000000023431-59.dat family_berbew behavioral2/files/0x0007000000023430-54.dat family_berbew behavioral2/files/0x000700000002342f-49.dat family_berbew behavioral2/files/0x000700000002342c-30.dat family_berbew -
Executes dropped EXE 64 IoCs
pid Process 3228 tntnbb.exe 2632 vjvpp.exe 1508 djdvv.exe 1620 xlxrrlr.exe 1524 ffrlrrx.exe 536 lxlxfrf.exe 3348 1tnntb.exe 4792 1vvpp.exe 1184 7lrlrrx.exe 1852 bbhbnb.exe 4804 bnbbhh.exe 464 vdvpj.exe 3708 3xxrlrr.exe 2744 btbbtt.exe 3024 xrrrlll.exe 4916 bbbtnn.exe 2728 9pvvp.exe 1344 9ppjd.exe 3244 llrllll.exe 3380 1hnbhh.exe 1140 vpddv.exe 3916 flrffff.exe 4636 btnhhh.exe 884 hhnhbb.exe 508 1ppdp.exe 3616 xrxlxxr.exe 1948 7btnhn.exe 5112 7pvpj.exe 3268 hbtnnh.exe 4088 jdppd.exe 4064 vdvpj.exe 2980 rrlfxrl.exe 5004 7jjdd.exe 4132 jvdvv.exe 3064 rrfxxxr.exe 4032 9tntnt.exe 1004 5hnbbt.exe 2184 jjppv.exe 4312 3rrrlrl.exe 3472 flflffx.exe 4912 xlfxrlf.exe 4980 lllffrx.exe 2472 bhthnb.exe 4988 xlfxrll.exe 1620 frlfxff.exe 1772 9nnntn.exe 380 nnnnhn.exe 536 pdvdd.exe 4724 lxrrffl.exe 1428 hhnhhh.exe 1404 nnnnhb.exe 3588 pdjvj.exe 3484 pvjdv.exe 4140 rlxrrrl.exe 4028 nthbtt.exe 2932 thnhbb.exe 1636 jdpjv.exe 588 5ppvj.exe 3972 lffxfxl.exe 3984 btntnb.exe 4080 5tbnnt.exe 2728 jdpjd.exe 2600 xrffffx.exe 4604 xxfflrl.exe -
resource yara_rule behavioral2/memory/2628-0-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/2628-4-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x000600000002329e-6.dat upx behavioral2/memory/3228-8-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x000a000000023422-10.dat upx behavioral2/files/0x000800000002342a-16.dat upx behavioral2/files/0x000700000002342b-22.dat upx behavioral2/memory/1620-25-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x000700000002342d-38.dat upx behavioral2/memory/536-44-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x000700000002342e-43.dat upx behavioral2/memory/4792-55-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023433-70.dat upx behavioral2/files/0x0007000000023435-84.dat upx behavioral2/files/0x0007000000023436-90.dat upx behavioral2/memory/2744-89-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/4916-98-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023439-104.dat upx behavioral2/files/0x000700000002343b-117.dat upx behavioral2/files/0x000700000002343c-120.dat upx behavioral2/memory/3916-132-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x000700000002343f-139.dat upx behavioral2/files/0x0007000000023441-155.dat upx behavioral2/memory/3616-158-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023442-163.dat upx behavioral2/memory/4088-177-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023433-183.dat upx behavioral2/memory/4064-189-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/2980-193-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/4132-197-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/1004-207-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/2472-227-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/4988-233-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/3588-261-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/2932-272-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/1636-279-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/588-282-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/3984-289-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/2548-307-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/1120-343-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/2500-375-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/2520-411-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/4092-415-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/3288-434-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/1628-447-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/3212-458-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/2236-465-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/5104-476-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/2488-484-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/1072-490-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/4408-500-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/2184-537-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/4044-552-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/4632-560-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/4472-665-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/3956-678-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/696-718-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/5064-750-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/3348-761-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/2664-783-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/4512-797-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/1688-846-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/2664-787-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/5064-754-0x0000000000400000-0x0000000000436000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2628 wrote to memory of 3228 2628 dfaf2325ac6dcdb525f967c4be6fc840_NEIKI.exe 80 PID 2628 wrote to memory of 3228 2628 dfaf2325ac6dcdb525f967c4be6fc840_NEIKI.exe 80 PID 2628 wrote to memory of 3228 2628 dfaf2325ac6dcdb525f967c4be6fc840_NEIKI.exe 80 PID 3228 wrote to memory of 2632 3228 tntnbb.exe 266 PID 3228 wrote to memory of 2632 3228 tntnbb.exe 266 PID 3228 wrote to memory of 2632 3228 tntnbb.exe 266 PID 2632 wrote to memory of 1508 2632 vjvpp.exe 82 PID 2632 wrote to memory of 1508 2632 vjvpp.exe 82 PID 2632 wrote to memory of 1508 2632 vjvpp.exe 82 PID 1508 wrote to memory of 1620 1508 djdvv.exe 83 PID 1508 wrote to memory of 1620 1508 djdvv.exe 83 PID 1508 wrote to memory of 1620 1508 djdvv.exe 83 PID 1620 wrote to memory of 1524 1620 xlxrrlr.exe 225 PID 1620 wrote to memory of 1524 1620 xlxrrlr.exe 225 PID 1620 wrote to memory of 1524 1620 xlxrrlr.exe 225 PID 1524 wrote to memory of 536 1524 ffrlrrx.exe 85 PID 1524 wrote to memory of 536 1524 ffrlrrx.exe 85 PID 1524 wrote to memory of 536 1524 ffrlrrx.exe 85 PID 536 wrote to memory of 3348 536 lxlxfrf.exe 287 PID 536 wrote to memory of 3348 536 lxlxfrf.exe 287 PID 536 wrote to memory of 3348 536 lxlxfrf.exe 287 PID 3348 wrote to memory of 4792 3348 1tnntb.exe 88 PID 3348 wrote to memory of 4792 3348 1tnntb.exe 88 PID 3348 wrote to memory of 4792 3348 1tnntb.exe 88 PID 4792 wrote to memory of 1184 4792 1vvpp.exe 90 PID 4792 wrote to memory of 1184 4792 1vvpp.exe 90 PID 4792 wrote to memory of 1184 4792 1vvpp.exe 90 PID 1184 wrote to memory of 1852 1184 7lrlrrx.exe 91 PID 1184 wrote to memory of 1852 1184 7lrlrrx.exe 91 PID 1184 wrote to memory of 1852 1184 7lrlrrx.exe 91 PID 1852 wrote to memory of 4804 1852 bbhbnb.exe 358 PID 1852 wrote to memory of 4804 1852 bbhbnb.exe 358 PID 1852 wrote to memory of 4804 1852 bbhbnb.exe 358 PID 4804 wrote to memory of 464 4804 bnbbhh.exe 93 PID 4804 wrote to memory of 464 4804 bnbbhh.exe 93 PID 4804 wrote to memory of 464 4804 bnbbhh.exe 93 PID 464 wrote to memory of 3708 464 vdvpj.exe 95 PID 464 wrote to memory of 3708 464 vdvpj.exe 95 PID 464 wrote to memory of 3708 464 vdvpj.exe 95 PID 3708 wrote to memory of 2744 3708 3xxrlrr.exe 96 PID 3708 wrote to memory of 2744 3708 3xxrlrr.exe 96 PID 3708 wrote to memory of 2744 3708 3xxrlrr.exe 96 PID 2744 wrote to memory of 3024 2744 btbbtt.exe 97 PID 2744 wrote to memory of 3024 2744 btbbtt.exe 97 PID 2744 wrote to memory of 3024 2744 btbbtt.exe 97 PID 3024 wrote to memory of 4916 3024 xrrrlll.exe 98 PID 3024 wrote to memory of 4916 3024 xrrrlll.exe 98 PID 3024 wrote to memory of 4916 3024 xrrrlll.exe 98 PID 4916 wrote to memory of 2728 4916 bbbtnn.exe 99 PID 4916 wrote to memory of 2728 4916 bbbtnn.exe 99 PID 4916 wrote to memory of 2728 4916 bbbtnn.exe 99 PID 2728 wrote to memory of 1344 2728 9pvvp.exe 100 PID 2728 wrote to memory of 1344 2728 9pvvp.exe 100 PID 2728 wrote to memory of 1344 2728 9pvvp.exe 100 PID 1344 wrote to memory of 3244 1344 9ppjd.exe 101 PID 1344 wrote to memory of 3244 1344 9ppjd.exe 101 PID 1344 wrote to memory of 3244 1344 9ppjd.exe 101 PID 3244 wrote to memory of 3380 3244 llrllll.exe 102 PID 3244 wrote to memory of 3380 3244 llrllll.exe 102 PID 3244 wrote to memory of 3380 3244 llrllll.exe 102 PID 3380 wrote to memory of 1140 3380 1hnbhh.exe 103 PID 3380 wrote to memory of 1140 3380 1hnbhh.exe 103 PID 3380 wrote to memory of 1140 3380 1hnbhh.exe 103 PID 1140 wrote to memory of 3916 1140 vpddv.exe 355
Processes
-
C:\Users\Admin\AppData\Local\Temp\dfaf2325ac6dcdb525f967c4be6fc840_NEIKI.exe"C:\Users\Admin\AppData\Local\Temp\dfaf2325ac6dcdb525f967c4be6fc840_NEIKI.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2628 -
\??\c:\tntnbb.exec:\tntnbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3228 -
\??\c:\vjvpp.exec:\vjvpp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2632 -
\??\c:\djdvv.exec:\djdvv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1508 -
\??\c:\xlxrrlr.exec:\xlxrrlr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1620 -
\??\c:\ffrlrrx.exec:\ffrlrrx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1524 -
\??\c:\lxlxfrf.exec:\lxlxfrf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:536 -
\??\c:\1tnntb.exec:\1tnntb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3348 -
\??\c:\1vvpp.exec:\1vvpp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4792 -
\??\c:\7lrlrrx.exec:\7lrlrrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1184 -
\??\c:\bbhbnb.exec:\bbhbnb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1852 -
\??\c:\bnbbhh.exec:\bnbbhh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4804 -
\??\c:\vdvpj.exec:\vdvpj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:464 -
\??\c:\3xxrlrr.exec:\3xxrlrr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3708 -
\??\c:\btbbtt.exec:\btbbtt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2744 -
\??\c:\xrrrlll.exec:\xrrrlll.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3024 -
\??\c:\bbbtnn.exec:\bbbtnn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4916 -
\??\c:\9pvvp.exec:\9pvvp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2728 -
\??\c:\9ppjd.exec:\9ppjd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1344 -
\??\c:\llrllll.exec:\llrllll.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3244 -
\??\c:\1hnbhh.exec:\1hnbhh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3380 -
\??\c:\vpddv.exec:\vpddv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1140 -
\??\c:\flrffff.exec:\flrffff.exe23⤵
- Executes dropped EXE
PID:3916 -
\??\c:\btnhhh.exec:\btnhhh.exe24⤵
- Executes dropped EXE
PID:4636 -
\??\c:\hhnhbb.exec:\hhnhbb.exe25⤵
- Executes dropped EXE
PID:884 -
\??\c:\1ppdp.exec:\1ppdp.exe26⤵
- Executes dropped EXE
PID:508 -
\??\c:\xrxlxxr.exec:\xrxlxxr.exe27⤵
- Executes dropped EXE
PID:3616 -
\??\c:\7btnhn.exec:\7btnhn.exe28⤵
- Executes dropped EXE
PID:1948 -
\??\c:\7pvpj.exec:\7pvpj.exe29⤵
- Executes dropped EXE
PID:5112 -
\??\c:\hbtnnh.exec:\hbtnnh.exe30⤵
- Executes dropped EXE
PID:3268 -
\??\c:\jdppd.exec:\jdppd.exe31⤵
- Executes dropped EXE
PID:4088 -
\??\c:\vdvpj.exec:\vdvpj.exe32⤵
- Executes dropped EXE
PID:4064 -
\??\c:\rrlfxrl.exec:\rrlfxrl.exe33⤵
- Executes dropped EXE
PID:2980 -
\??\c:\7jjdd.exec:\7jjdd.exe34⤵
- Executes dropped EXE
PID:5004 -
\??\c:\jvdvv.exec:\jvdvv.exe35⤵
- Executes dropped EXE
PID:4132 -
\??\c:\rrfxxxr.exec:\rrfxxxr.exe36⤵
- Executes dropped EXE
PID:3064 -
\??\c:\9tntnt.exec:\9tntnt.exe37⤵
- Executes dropped EXE
PID:4032 -
\??\c:\5hnbbt.exec:\5hnbbt.exe38⤵
- Executes dropped EXE
PID:1004 -
\??\c:\jjppv.exec:\jjppv.exe39⤵
- Executes dropped EXE
PID:2184 -
\??\c:\3rrrlrl.exec:\3rrrlrl.exe40⤵
- Executes dropped EXE
PID:4312 -
\??\c:\flflffx.exec:\flflffx.exe41⤵
- Executes dropped EXE
PID:3472 -
\??\c:\xlfxrlf.exec:\xlfxrlf.exe42⤵
- Executes dropped EXE
PID:4912 -
\??\c:\lllffrx.exec:\lllffrx.exe43⤵
- Executes dropped EXE
PID:4980 -
\??\c:\bhthnb.exec:\bhthnb.exe44⤵
- Executes dropped EXE
PID:2472 -
\??\c:\xlfxrll.exec:\xlfxrll.exe45⤵
- Executes dropped EXE
PID:4988 -
\??\c:\frlfxff.exec:\frlfxff.exe46⤵
- Executes dropped EXE
PID:1620 -
\??\c:\9nnntn.exec:\9nnntn.exe47⤵
- Executes dropped EXE
PID:1772 -
\??\c:\nnnnhn.exec:\nnnnhn.exe48⤵
- Executes dropped EXE
PID:380 -
\??\c:\pdvdd.exec:\pdvdd.exe49⤵
- Executes dropped EXE
PID:536 -
\??\c:\lxrrffl.exec:\lxrrffl.exe50⤵
- Executes dropped EXE
PID:4724 -
\??\c:\hhnhhh.exec:\hhnhhh.exe51⤵
- Executes dropped EXE
PID:1428 -
\??\c:\nnnnhb.exec:\nnnnhb.exe52⤵
- Executes dropped EXE
PID:1404 -
\??\c:\pdjvj.exec:\pdjvj.exe53⤵
- Executes dropped EXE
PID:3588 -
\??\c:\pvjdv.exec:\pvjdv.exe54⤵
- Executes dropped EXE
PID:3484 -
\??\c:\rlxrrrl.exec:\rlxrrrl.exe55⤵
- Executes dropped EXE
PID:4140 -
\??\c:\nthbtt.exec:\nthbtt.exe56⤵
- Executes dropped EXE
PID:4028 -
\??\c:\thnhbb.exec:\thnhbb.exe57⤵
- Executes dropped EXE
PID:2932 -
\??\c:\jdpjv.exec:\jdpjv.exe58⤵
- Executes dropped EXE
PID:1636 -
\??\c:\5ppvj.exec:\5ppvj.exe59⤵
- Executes dropped EXE
PID:588 -
\??\c:\lffxfxl.exec:\lffxfxl.exe60⤵
- Executes dropped EXE
PID:3972 -
\??\c:\btntnb.exec:\btntnb.exe61⤵
- Executes dropped EXE
PID:3984 -
\??\c:\5tbnnt.exec:\5tbnnt.exe62⤵
- Executes dropped EXE
PID:4080 -
\??\c:\jdpjd.exec:\jdpjd.exe63⤵
- Executes dropped EXE
PID:2728 -
\??\c:\xrffffx.exec:\xrffffx.exe64⤵
- Executes dropped EXE
PID:2600 -
\??\c:\xxfflrl.exec:\xxfflrl.exe65⤵
- Executes dropped EXE
PID:4604 -
\??\c:\hbnhbt.exec:\hbnhbt.exe66⤵PID:2548
-
\??\c:\bhnnhh.exec:\bhnnhh.exe67⤵PID:3544
-
\??\c:\9jdvp.exec:\9jdvp.exe68⤵PID:620
-
\??\c:\lfrfxrx.exec:\lfrfxrx.exe69⤵PID:4428
-
\??\c:\rfrxrrl.exec:\rfrxrrl.exe70⤵PID:1972
-
\??\c:\nnbbhh.exec:\nnbbhh.exe71⤵PID:884
-
\??\c:\1ttnhh.exec:\1ttnhh.exe72⤵PID:5000
-
\??\c:\jjvpj.exec:\jjvpj.exe73⤵PID:232
-
\??\c:\3dpdv.exec:\3dpdv.exe74⤵PID:4068
-
\??\c:\xlllflf.exec:\xlllflf.exe75⤵PID:2928
-
\??\c:\xxrxlxl.exec:\xxrxlxl.exe76⤵PID:452
-
\??\c:\btbtnn.exec:\btbtnn.exe77⤵PID:3488
-
\??\c:\nnhbtt.exec:\nnhbtt.exe78⤵PID:1120
-
\??\c:\vvddv.exec:\vvddv.exe79⤵PID:4088
-
\??\c:\lflrrff.exec:\lflrrff.exe80⤵PID:2436
-
\??\c:\rrxrllf.exec:\rrxrllf.exe81⤵PID:4472
-
\??\c:\9bbtnt.exec:\9bbtnt.exe82⤵PID:1960
-
\??\c:\5hhbtb.exec:\5hhbtb.exe83⤵PID:1740
-
\??\c:\ppjjp.exec:\ppjjp.exe84⤵PID:2052
-
\??\c:\pdjdp.exec:\pdjdp.exe85⤵PID:4620
-
\??\c:\fxxrlll.exec:\fxxrlll.exe86⤵PID:1812
-
\??\c:\3lxxfrx.exec:\3lxxfrx.exe87⤵PID:1144
-
\??\c:\ntnhhn.exec:\ntnhhn.exe88⤵PID:2500
-
\??\c:\nnnnnn.exec:\nnnnnn.exe89⤵PID:4184
-
\??\c:\jvvpp.exec:\jvvpp.exe90⤵PID:3928
-
\??\c:\vpvjv.exec:\vpvjv.exe91⤵PID:4352
-
\??\c:\fxrrxxl.exec:\fxrrxxl.exe92⤵PID:2628
-
\??\c:\rrxrfff.exec:\rrxrfff.exe93⤵PID:3732
-
\??\c:\nbbbtt.exec:\nbbbtt.exe94⤵PID:3384
-
\??\c:\hnttnn.exec:\hnttnn.exe95⤵PID:4848
-
\??\c:\pjppp.exec:\pjppp.exe96⤵PID:2472
-
\??\c:\vppdv.exec:\vppdv.exe97⤵PID:2060
-
\??\c:\xxlfxxr.exec:\xxlfxxr.exe98⤵PID:2520
-
\??\c:\3bbbth.exec:\3bbbth.exe99⤵PID:4092
-
\??\c:\btnhbb.exec:\btnhbb.exe100⤵PID:684
-
\??\c:\jdjdj.exec:\jdjdj.exe101⤵PID:1180
-
\??\c:\llxrllr.exec:\llxrllr.exe102⤵PID:2732
-
\??\c:\lrrlxxr.exec:\lrrlxxr.exe103⤵PID:1184
-
\??\c:\nhtntb.exec:\nhtntb.exe104⤵PID:2576
-
\??\c:\ppvvv.exec:\ppvvv.exe105⤵PID:4076
-
\??\c:\jjddv.exec:\jjddv.exe106⤵PID:3288
-
\??\c:\frffxlf.exec:\frffxlf.exe107⤵PID:860
-
\??\c:\bnbtbt.exec:\bnbtbt.exe108⤵PID:4224
-
\??\c:\ddjjd.exec:\ddjjd.exe109⤵PID:3972
-
\??\c:\rxrrrll.exec:\rxrrrll.exe110⤵PID:1628
-
\??\c:\7rrlffx.exec:\7rrlffx.exe111⤵PID:1704
-
\??\c:\hhtbtt.exec:\hhtbtt.exe112⤵PID:4084
-
\??\c:\djvvd.exec:\djvvd.exe113⤵PID:3212
-
\??\c:\rlxrlll.exec:\rlxrlll.exe114⤵PID:2236
-
\??\c:\thnhbt.exec:\thnhbt.exe115⤵PID:3888
-
\??\c:\7jpjj.exec:\7jpjj.exe116⤵PID:4944
-
\??\c:\ppppd.exec:\ppppd.exe117⤵PID:3540
-
\??\c:\rxfllxr.exec:\rxfllxr.exe118⤵PID:5104
-
\??\c:\3tbttb.exec:\3tbttb.exe119⤵PID:2488
-
\??\c:\hthhhn.exec:\hthhhn.exe120⤵PID:4444
-
\??\c:\jvddd.exec:\jvddd.exe121⤵PID:1072
-
\??\c:\frlfffx.exec:\frlfffx.exe122⤵PID:216
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-