Analysis
-
max time kernel
150s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
09/05/2024, 14:44
Behavioral task
behavioral1
Sample
632f524916b9a699959b5078dc5c6b70_NeikiAnalytics.exe
Resource
win7-20240221-en
6 signatures
150 seconds
General
-
Target
632f524916b9a699959b5078dc5c6b70_NeikiAnalytics.exe
-
Size
484KB
-
MD5
632f524916b9a699959b5078dc5c6b70
-
SHA1
5e5b3b024861fe0e1a23f0cb0236bc3e081f65b9
-
SHA256
a36a5b29ddda1ead9dae55d81e1a00d0906c250ddc1b126c6e44985469d7e234
-
SHA512
0b6155fdfe7ad42599c827c15e60b2813d01483dbfac2d56e265a605212eeb15c5f3b5546c1e6cace3d6c271e38da25b2acc98d7c26d2ba1e3b856c25c53f7fa
-
SSDEEP
12288:N4wFHoSMu49P9mPh2kkkkK4kXkkkkkkkkl888888888888888888nr:Cu49lmPh2kkkkK4kXkkkkkkkkZ
Malware Config
Signatures
-
Detect Blackmoon payload 52 IoCs
resource yara_rule behavioral1/memory/2136-7-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2912-11-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2084-26-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/1164-38-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2940-51-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2748-47-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/1352-66-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2500-75-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2888-86-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2688-117-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2552-125-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2256-160-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2308-178-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/1680-198-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2164-188-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/1672-248-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/1376-258-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2236-266-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/632-239-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/936-291-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2700-300-0x0000000000220000-0x0000000000256000-memory.dmp family_blackmoon behavioral1/memory/2884-307-0x0000000000220000-0x0000000000256000-memory.dmp family_blackmoon behavioral1/memory/1096-230-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2160-221-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2756-107-0x0000000000440000-0x0000000000476000-memory.dmp family_blackmoon behavioral1/memory/2756-106-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2756-105-0x0000000000440000-0x0000000000476000-memory.dmp family_blackmoon behavioral1/memory/2672-97-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2672-95-0x00000000005D0000-0x0000000000606000-memory.dmp family_blackmoon behavioral1/memory/2956-345-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2272-359-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2992-386-0x0000000000220000-0x0000000000256000-memory.dmp family_blackmoon behavioral1/memory/2676-406-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2852-432-0x0000000000220000-0x0000000000256000-memory.dmp family_blackmoon behavioral1/memory/2076-433-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2196-458-0x0000000000220000-0x0000000000256000-memory.dmp family_blackmoon behavioral1/memory/1064-471-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/1828-557-0x00000000002C0000-0x00000000002F6000-memory.dmp family_blackmoon behavioral1/memory/552-675-0x0000000000320000-0x0000000000356000-memory.dmp family_blackmoon behavioral1/memory/2100-684-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2100-683-0x00000000001B0000-0x00000000001E6000-memory.dmp family_blackmoon behavioral1/memory/2676-697-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2480-717-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2416-730-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/1676-799-0x0000000000440000-0x0000000000476000-memory.dmp family_blackmoon behavioral1/memory/1844-825-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/760-886-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/2784-906-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral1/memory/1576-920-0x00000000001B0000-0x00000000001E6000-memory.dmp family_blackmoon behavioral1/memory/1608-940-0x0000000000440000-0x0000000000476000-memory.dmp family_blackmoon behavioral1/memory/2816-948-0x0000000000220000-0x0000000000256000-memory.dmp family_blackmoon behavioral1/memory/2816-947-0x0000000000220000-0x0000000000256000-memory.dmp family_blackmoon -
Malware Dropper & Backdoor - Berbew 64 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
resource yara_rule behavioral1/memory/2136-0-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral1/files/0x000d0000000122b8-5.dat family_berbew behavioral1/memory/2136-7-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral1/memory/2912-11-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral1/files/0x0009000000014aec-17.dat family_berbew behavioral1/memory/2084-18-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral1/files/0x0009000000014ec4-27.dat family_berbew behavioral1/memory/2084-26-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral1/memory/2084-28-0x0000000000220000-0x0000000000256000-memory.dmp family_berbew behavioral1/memory/1164-29-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral1/memory/2748-40-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral1/files/0x0007000000014fe1-39.dat family_berbew behavioral1/memory/1164-38-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral1/memory/2940-51-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral1/files/0x0007000000015264-49.dat family_berbew behavioral1/memory/2748-47-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral1/files/0x00070000000155d4-67.dat family_berbew behavioral1/memory/1352-66-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral1/files/0x0007000000015364-59.dat family_berbew behavioral1/memory/1352-58-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral1/memory/2500-75-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral1/memory/2888-77-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral1/files/0x0006000000016cf0-78.dat family_berbew behavioral1/memory/2500-76-0x0000000001C80000-0x0000000001CB6000-memory.dmp family_berbew behavioral1/memory/2888-86-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral1/files/0x0009000000014b6d-84.dat family_berbew behavioral1/files/0x0006000000016d01-98.dat family_berbew behavioral1/files/0x0006000000016d11-108.dat family_berbew behavioral1/memory/2688-117-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral1/files/0x0006000000016d24-118.dat family_berbew behavioral1/files/0x0006000000016d36-126.dat family_berbew behavioral1/memory/2552-125-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral1/files/0x0006000000016d41-135.dat family_berbew behavioral1/files/0x0006000000016d4a-143.dat family_berbew behavioral1/files/0x0006000000016d4f-150.dat family_berbew behavioral1/memory/844-161-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral1/memory/2256-160-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral1/files/0x0006000000016d55-162.dat family_berbew behavioral1/memory/2308-178-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral1/files/0x0006000000016d89-179.dat family_berbew behavioral1/files/0x0006000000016e56-189.dat family_berbew behavioral1/memory/1680-198-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral1/files/0x000600000001704f-197.dat family_berbew behavioral1/memory/2164-188-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral1/files/0x000500000001868c-213.dat family_berbew behavioral1/files/0x0006000000017090-206.dat family_berbew behavioral1/files/0x0005000000018698-223.dat family_berbew behavioral1/files/0x00050000000186a0-231.dat family_berbew behavioral1/files/0x0006000000018ae2-240.dat family_berbew behavioral1/files/0x0006000000018ae8-249.dat family_berbew behavioral1/memory/1672-248-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral1/files/0x0006000000018b15-259.dat family_berbew behavioral1/memory/1376-258-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral1/files/0x0006000000018b33-267.dat family_berbew behavioral1/memory/2236-266-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral1/memory/632-239-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral1/files/0x0006000000018b42-283.dat family_berbew behavioral1/files/0x0006000000018b37-276.dat family_berbew behavioral1/files/0x0006000000018b4a-293.dat family_berbew behavioral1/memory/936-291-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral1/memory/1096-230-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral1/memory/880-314-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral1/memory/2160-221-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral1/files/0x0006000000016d84-171.dat family_berbew -
Executes dropped EXE 64 IoCs
pid Process 2912 dhvfht.exe 2084 pxdxlr.exe 1164 nrpfr.exe 2748 xpdxjbd.exe 2940 thtlpd.exe 1352 trhnhv.exe 2500 tvrhtrl.exe 2888 hlrnhtn.exe 2672 xnfhf.exe 2756 jhfrt.exe 2688 rdpblnd.exe 2552 fxxnp.exe 2424 hdbvh.exe 2828 llbhxbh.exe 1704 vvfxpbn.exe 2256 jtbjvr.exe 844 vrbnrf.exe 2308 txvhrx.exe 2164 fjrjbt.exe 1744 rfrjf.exe 1680 njppbr.exe 1700 rbtrlp.exe 2160 dltrbnf.exe 1096 hvnhxx.exe 632 nldxnfj.exe 1672 dttvx.exe 1376 tvbpp.exe 2236 ndrpn.exe 1156 bjnjd.exe 1816 pjrnfb.exe 936 lljdv.exe 2700 djptx.exe 2884 jhnjnt.exe 2080 vbplpbh.exe 880 frblv.exe 3048 btvnvr.exe 548 lddbjbv.exe 2976 dtpxbfr.exe 2956 xjttbxd.exe 868 nnhrrnf.exe 2272 bhvxt.exe 1720 vljntf.exe 3012 vrfprvr.exe 552 thftb.exe 2992 rpbhxd.exe 2496 hbjfh.exe 2568 npxxrdb.exe 2676 rfdlv.exe 2120 xlhhrl.exe 2408 bbprdrr.exe 2480 fjdjfl.exe 2852 rvblp.exe 2076 rjxvh.exe 1948 rlxtnvf.exe 2252 xrhnxf.exe 2196 bdtxh.exe 1216 hhpxb.exe 1064 nrvddh.exe 1944 lrtnlx.exe 1252 nhnnj.exe 1528 jtpjrb.exe 1548 vfndt.exe 1060 fxphnr.exe 2316 hnfrnnp.exe -
resource yara_rule behavioral1/memory/2136-0-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x000d0000000122b8-5.dat upx behavioral1/memory/2136-7-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/memory/2912-11-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0009000000014aec-17.dat upx behavioral1/memory/2084-18-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0009000000014ec4-27.dat upx behavioral1/memory/2084-26-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/memory/2084-28-0x0000000000220000-0x0000000000256000-memory.dmp upx behavioral1/memory/1164-29-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/memory/2748-40-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0007000000014fe1-39.dat upx behavioral1/memory/1164-38-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/memory/2940-51-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0007000000015264-49.dat upx behavioral1/memory/2748-47-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x00070000000155d4-67.dat upx behavioral1/memory/1352-66-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0007000000015364-59.dat upx behavioral1/memory/1352-58-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/memory/2500-75-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/memory/2888-77-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0006000000016cf0-78.dat upx behavioral1/memory/2888-86-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0009000000014b6d-84.dat upx behavioral1/files/0x0006000000016d01-98.dat upx behavioral1/files/0x0006000000016d11-108.dat upx behavioral1/memory/2688-117-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0006000000016d24-118.dat upx behavioral1/files/0x0006000000016d36-126.dat upx behavioral1/memory/2552-125-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0006000000016d41-135.dat upx behavioral1/files/0x0006000000016d4a-143.dat upx behavioral1/files/0x0006000000016d4f-150.dat upx behavioral1/memory/844-161-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/memory/2256-160-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0006000000016d55-162.dat upx behavioral1/memory/2308-178-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0006000000016d89-179.dat upx behavioral1/files/0x0006000000016e56-189.dat upx behavioral1/memory/1680-198-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x000600000001704f-197.dat upx behavioral1/memory/2164-188-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x000500000001868c-213.dat upx behavioral1/files/0x0006000000017090-206.dat upx behavioral1/files/0x0005000000018698-223.dat upx behavioral1/files/0x00050000000186a0-231.dat upx behavioral1/files/0x0006000000018ae2-240.dat upx behavioral1/files/0x0006000000018ae8-249.dat upx behavioral1/memory/1672-248-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0006000000018b15-259.dat upx behavioral1/memory/1376-258-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0006000000018b33-267.dat upx behavioral1/memory/2236-266-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/memory/632-239-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0006000000018b42-283.dat upx behavioral1/files/0x0006000000018b37-276.dat upx behavioral1/files/0x0006000000018b4a-293.dat upx behavioral1/memory/936-291-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/memory/1096-230-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/memory/880-314-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/memory/2160-221-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral1/files/0x0006000000016d84-171.dat upx behavioral1/memory/2308-170-0x0000000000400000-0x0000000000436000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2136 wrote to memory of 2912 2136 632f524916b9a699959b5078dc5c6b70_NeikiAnalytics.exe 28 PID 2136 wrote to memory of 2912 2136 632f524916b9a699959b5078dc5c6b70_NeikiAnalytics.exe 28 PID 2136 wrote to memory of 2912 2136 632f524916b9a699959b5078dc5c6b70_NeikiAnalytics.exe 28 PID 2136 wrote to memory of 2912 2136 632f524916b9a699959b5078dc5c6b70_NeikiAnalytics.exe 28 PID 2912 wrote to memory of 2084 2912 dhvfht.exe 29 PID 2912 wrote to memory of 2084 2912 dhvfht.exe 29 PID 2912 wrote to memory of 2084 2912 dhvfht.exe 29 PID 2912 wrote to memory of 2084 2912 dhvfht.exe 29 PID 2084 wrote to memory of 1164 2084 pxdxlr.exe 30 PID 2084 wrote to memory of 1164 2084 pxdxlr.exe 30 PID 2084 wrote to memory of 1164 2084 pxdxlr.exe 30 PID 2084 wrote to memory of 1164 2084 pxdxlr.exe 30 PID 1164 wrote to memory of 2748 1164 nrpfr.exe 31 PID 1164 wrote to memory of 2748 1164 nrpfr.exe 31 PID 1164 wrote to memory of 2748 1164 nrpfr.exe 31 PID 1164 wrote to memory of 2748 1164 nrpfr.exe 31 PID 2748 wrote to memory of 2940 2748 xpdxjbd.exe 32 PID 2748 wrote to memory of 2940 2748 xpdxjbd.exe 32 PID 2748 wrote to memory of 2940 2748 xpdxjbd.exe 32 PID 2748 wrote to memory of 2940 2748 xpdxjbd.exe 32 PID 2940 wrote to memory of 1352 2940 thtlpd.exe 33 PID 2940 wrote to memory of 1352 2940 thtlpd.exe 33 PID 2940 wrote to memory of 1352 2940 thtlpd.exe 33 PID 2940 wrote to memory of 1352 2940 thtlpd.exe 33 PID 1352 wrote to memory of 2500 1352 trhnhv.exe 34 PID 1352 wrote to memory of 2500 1352 trhnhv.exe 34 PID 1352 wrote to memory of 2500 1352 trhnhv.exe 34 PID 1352 wrote to memory of 2500 1352 trhnhv.exe 34 PID 2500 wrote to memory of 2888 2500 tvrhtrl.exe 35 PID 2500 wrote to memory of 2888 2500 tvrhtrl.exe 35 PID 2500 wrote to memory of 2888 2500 tvrhtrl.exe 35 PID 2500 wrote to memory of 2888 2500 tvrhtrl.exe 35 PID 2888 wrote to memory of 2672 2888 hlrnhtn.exe 36 PID 2888 wrote to memory of 2672 2888 hlrnhtn.exe 36 PID 2888 wrote to memory of 2672 2888 hlrnhtn.exe 36 PID 2888 wrote to memory of 2672 2888 hlrnhtn.exe 36 PID 2672 wrote to memory of 2756 2672 xnfhf.exe 37 PID 2672 wrote to memory of 2756 2672 xnfhf.exe 37 PID 2672 wrote to memory of 2756 2672 xnfhf.exe 37 PID 2672 wrote to memory of 2756 2672 xnfhf.exe 37 PID 2756 wrote to memory of 2688 2756 jhfrt.exe 38 PID 2756 wrote to memory of 2688 2756 jhfrt.exe 38 PID 2756 wrote to memory of 2688 2756 jhfrt.exe 38 PID 2756 wrote to memory of 2688 2756 jhfrt.exe 38 PID 2688 wrote to memory of 2552 2688 rdpblnd.exe 39 PID 2688 wrote to memory of 2552 2688 rdpblnd.exe 39 PID 2688 wrote to memory of 2552 2688 rdpblnd.exe 39 PID 2688 wrote to memory of 2552 2688 rdpblnd.exe 39 PID 2552 wrote to memory of 2424 2552 fxxnp.exe 40 PID 2552 wrote to memory of 2424 2552 fxxnp.exe 40 PID 2552 wrote to memory of 2424 2552 fxxnp.exe 40 PID 2552 wrote to memory of 2424 2552 fxxnp.exe 40 PID 2424 wrote to memory of 2828 2424 hdbvh.exe 41 PID 2424 wrote to memory of 2828 2424 hdbvh.exe 41 PID 2424 wrote to memory of 2828 2424 hdbvh.exe 41 PID 2424 wrote to memory of 2828 2424 hdbvh.exe 41 PID 2828 wrote to memory of 1704 2828 llbhxbh.exe 42 PID 2828 wrote to memory of 1704 2828 llbhxbh.exe 42 PID 2828 wrote to memory of 1704 2828 llbhxbh.exe 42 PID 2828 wrote to memory of 1704 2828 llbhxbh.exe 42 PID 1704 wrote to memory of 2256 1704 vvfxpbn.exe 43 PID 1704 wrote to memory of 2256 1704 vvfxpbn.exe 43 PID 1704 wrote to memory of 2256 1704 vvfxpbn.exe 43 PID 1704 wrote to memory of 2256 1704 vvfxpbn.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\632f524916b9a699959b5078dc5c6b70_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\632f524916b9a699959b5078dc5c6b70_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2136 -
\??\c:\dhvfht.exec:\dhvfht.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2912 -
\??\c:\pxdxlr.exec:\pxdxlr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2084 -
\??\c:\nrpfr.exec:\nrpfr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1164 -
\??\c:\xpdxjbd.exec:\xpdxjbd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2748 -
\??\c:\thtlpd.exec:\thtlpd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2940 -
\??\c:\trhnhv.exec:\trhnhv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1352 -
\??\c:\tvrhtrl.exec:\tvrhtrl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2500 -
\??\c:\hlrnhtn.exec:\hlrnhtn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2888 -
\??\c:\xnfhf.exec:\xnfhf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2672 -
\??\c:\jhfrt.exec:\jhfrt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2756 -
\??\c:\rdpblnd.exec:\rdpblnd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2688 -
\??\c:\fxxnp.exec:\fxxnp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2552 -
\??\c:\hdbvh.exec:\hdbvh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2424 -
\??\c:\llbhxbh.exec:\llbhxbh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2828 -
\??\c:\vvfxpbn.exec:\vvfxpbn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1704 -
\??\c:\jtbjvr.exec:\jtbjvr.exe17⤵
- Executes dropped EXE
PID:2256 -
\??\c:\vrbnrf.exec:\vrbnrf.exe18⤵
- Executes dropped EXE
PID:844 -
\??\c:\txvhrx.exec:\txvhrx.exe19⤵
- Executes dropped EXE
PID:2308 -
\??\c:\fjrjbt.exec:\fjrjbt.exe20⤵
- Executes dropped EXE
PID:2164 -
\??\c:\rfrjf.exec:\rfrjf.exe21⤵
- Executes dropped EXE
PID:1744 -
\??\c:\njppbr.exec:\njppbr.exe22⤵
- Executes dropped EXE
PID:1680 -
\??\c:\rbtrlp.exec:\rbtrlp.exe23⤵
- Executes dropped EXE
PID:1700 -
\??\c:\dltrbnf.exec:\dltrbnf.exe24⤵
- Executes dropped EXE
PID:2160 -
\??\c:\hvnhxx.exec:\hvnhxx.exe25⤵
- Executes dropped EXE
PID:1096 -
\??\c:\nldxnfj.exec:\nldxnfj.exe26⤵
- Executes dropped EXE
PID:632 -
\??\c:\dttvx.exec:\dttvx.exe27⤵
- Executes dropped EXE
PID:1672 -
\??\c:\tvbpp.exec:\tvbpp.exe28⤵
- Executes dropped EXE
PID:1376 -
\??\c:\ndrpn.exec:\ndrpn.exe29⤵
- Executes dropped EXE
PID:2236 -
\??\c:\bjnjd.exec:\bjnjd.exe30⤵
- Executes dropped EXE
PID:1156 -
\??\c:\pjrnfb.exec:\pjrnfb.exe31⤵
- Executes dropped EXE
PID:1816 -
\??\c:\lljdv.exec:\lljdv.exe32⤵
- Executes dropped EXE
PID:936 -
\??\c:\djptx.exec:\djptx.exe33⤵
- Executes dropped EXE
PID:2700 -
\??\c:\jhnjnt.exec:\jhnjnt.exe34⤵
- Executes dropped EXE
PID:2884 -
\??\c:\vbplpbh.exec:\vbplpbh.exe35⤵
- Executes dropped EXE
PID:2080 -
\??\c:\frblv.exec:\frblv.exe36⤵
- Executes dropped EXE
PID:880 -
\??\c:\btvnvr.exec:\btvnvr.exe37⤵
- Executes dropped EXE
PID:3048 -
\??\c:\lddbjbv.exec:\lddbjbv.exe38⤵
- Executes dropped EXE
PID:548 -
\??\c:\dtpxbfr.exec:\dtpxbfr.exe39⤵
- Executes dropped EXE
PID:2976 -
\??\c:\xjttbxd.exec:\xjttbxd.exe40⤵
- Executes dropped EXE
PID:2956 -
\??\c:\nnhrrnf.exec:\nnhrrnf.exe41⤵
- Executes dropped EXE
PID:868 -
\??\c:\bhvxt.exec:\bhvxt.exe42⤵
- Executes dropped EXE
PID:2272 -
\??\c:\vljntf.exec:\vljntf.exe43⤵
- Executes dropped EXE
PID:1720 -
\??\c:\vrfprvr.exec:\vrfprvr.exe44⤵
- Executes dropped EXE
PID:3012 -
\??\c:\thftb.exec:\thftb.exe45⤵
- Executes dropped EXE
PID:552 -
\??\c:\rpbhxd.exec:\rpbhxd.exe46⤵
- Executes dropped EXE
PID:2992 -
\??\c:\hbjfh.exec:\hbjfh.exe47⤵
- Executes dropped EXE
PID:2496 -
\??\c:\npxxrdb.exec:\npxxrdb.exe48⤵
- Executes dropped EXE
PID:2568 -
\??\c:\rfdlv.exec:\rfdlv.exe49⤵
- Executes dropped EXE
PID:2676 -
\??\c:\xlhhrl.exec:\xlhhrl.exe50⤵
- Executes dropped EXE
PID:2120 -
\??\c:\bbprdrr.exec:\bbprdrr.exe51⤵
- Executes dropped EXE
PID:2408 -
\??\c:\fjdjfl.exec:\fjdjfl.exe52⤵
- Executes dropped EXE
PID:2480 -
\??\c:\rvblp.exec:\rvblp.exe53⤵
- Executes dropped EXE
PID:2852 -
\??\c:\rjxvh.exec:\rjxvh.exe54⤵
- Executes dropped EXE
PID:2076 -
\??\c:\rlxtnvf.exec:\rlxtnvf.exe55⤵
- Executes dropped EXE
PID:1948 -
\??\c:\xrhnxf.exec:\xrhnxf.exe56⤵
- Executes dropped EXE
PID:2252 -
\??\c:\bdtxh.exec:\bdtxh.exe57⤵
- Executes dropped EXE
PID:2196 -
\??\c:\hhpxb.exec:\hhpxb.exe58⤵
- Executes dropped EXE
PID:1216 -
\??\c:\nrvddh.exec:\nrvddh.exe59⤵
- Executes dropped EXE
PID:1064 -
\??\c:\lrtnlx.exec:\lrtnlx.exe60⤵
- Executes dropped EXE
PID:1944 -
\??\c:\nhnnj.exec:\nhnnj.exe61⤵
- Executes dropped EXE
PID:1252 -
\??\c:\jtpjrb.exec:\jtpjrb.exe62⤵
- Executes dropped EXE
PID:1528 -
\??\c:\vfndt.exec:\vfndt.exe63⤵
- Executes dropped EXE
PID:1548 -
\??\c:\fxphnr.exec:\fxphnr.exe64⤵
- Executes dropped EXE
PID:1060 -
\??\c:\hnfrnnp.exec:\hnfrnnp.exe65⤵
- Executes dropped EXE
PID:2316 -
\??\c:\jthnnf.exec:\jthnnf.exe66⤵PID:1604
-
\??\c:\ltlnhv.exec:\ltlnhv.exe67⤵PID:1424
-
\??\c:\rtdddp.exec:\rtdddp.exe68⤵PID:1832
-
\??\c:\pxhbll.exec:\pxhbll.exe69⤵PID:2340
-
\??\c:\xvxvbrh.exec:\xvxvbrh.exe70⤵PID:1504
-
\??\c:\fbxrp.exec:\fbxrp.exe71⤵PID:440
-
\??\c:\xbtfbh.exec:\xbtfbh.exe72⤵PID:1708
-
\??\c:\dlvhnt.exec:\dlvhnt.exe73⤵PID:1828
-
\??\c:\hxtxnd.exec:\hxtxnd.exe74⤵PID:892
-
\??\c:\tnlbjxl.exec:\tnlbjxl.exe75⤵PID:1816
-
\??\c:\brhdlll.exec:\brhdlll.exe76⤵PID:280
-
\??\c:\lxtxt.exec:\lxtxt.exe77⤵PID:2112
-
\??\c:\dvndl.exec:\dvndl.exe78⤵PID:2720
-
\??\c:\xdhnjvx.exec:\xdhnjvx.exe79⤵PID:1768
-
\??\c:\pbftrb.exec:\pbftrb.exe80⤵PID:2780
-
\??\c:\jxtnhbl.exec:\jxtnhbl.exe81⤵PID:2784
-
\??\c:\frxjd.exec:\frxjd.exe82⤵PID:1984
-
\??\c:\prrlvl.exec:\prrlvl.exe83⤵PID:3028
-
\??\c:\ddlfvf.exec:\ddlfvf.exe84⤵PID:3048
-
\??\c:\pjphbp.exec:\pjphbp.exe85⤵PID:2604
-
\??\c:\lxfvrld.exec:\lxfvrld.exe86⤵PID:780
-
\??\c:\htbndt.exec:\htbndt.exe87⤵PID:1608
-
\??\c:\hjxrjt.exec:\hjxrjt.exe88⤵PID:2800
-
\??\c:\dffljf.exec:\dffljf.exe89⤵PID:2272
-
\??\c:\lxfrb.exec:\lxfrb.exe90⤵PID:588
-
\??\c:\dtfjj.exec:\dtfjj.exe91⤵PID:1488
-
\??\c:\rbvxrnl.exec:\rbvxrnl.exe92⤵PID:552
-
\??\c:\fhdjvj.exec:\fhdjvj.exe93⤵PID:2100
-
\??\c:\vxhbx.exec:\vxhbx.exe94⤵PID:2640
-
\??\c:\pdnxdv.exec:\pdnxdv.exe95⤵PID:2612
-
\??\c:\hdjvxp.exec:\hdjvxp.exe96⤵PID:2676
-
\??\c:\npbprdt.exec:\npbprdt.exe97⤵PID:2560
-
\??\c:\pbtfh.exec:\pbtfh.exe98⤵PID:2760
-
\??\c:\dpjfjf.exec:\dpjfjf.exe99⤵PID:2480
-
\??\c:\blrtl.exec:\blrtl.exe100⤵PID:2844
-
\??\c:\xrlnbr.exec:\xrlnbr.exe101⤵PID:2416
-
\??\c:\dhdvnl.exec:\dhdvnl.exe102⤵PID:2060
-
\??\c:\dhrffd.exec:\dhrffd.exe103⤵PID:2128
-
\??\c:\vfjjtxv.exec:\vfjjtxv.exe104⤵PID:2292
-
\??\c:\nrdvxnv.exec:\nrdvxnv.exe105⤵PID:2320
-
\??\c:\tddlv.exec:\tddlv.exe106⤵PID:888
-
\??\c:\rtfbn.exec:\rtfbn.exe107⤵PID:1684
-
\??\c:\ldjtx.exec:\ldjtx.exe108⤵PID:2260
-
\??\c:\htplt.exec:\htplt.exe109⤵PID:2300
-
\??\c:\xtntv.exec:\xtntv.exe110⤵PID:1616
-
\??\c:\hhvphhl.exec:\hhvphhl.exe111⤵PID:1676
-
\??\c:\jdhfrrh.exec:\jdhfrrh.exe112⤵PID:2012
-
\??\c:\vrpprxl.exec:\vrpprxl.exe113⤵PID:1804
-
\??\c:\jjplhx.exec:\jjplhx.exe114⤵PID:1776
-
\??\c:\ddpxnv.exec:\ddpxnv.exe115⤵PID:1844
-
\??\c:\bxthfl.exec:\bxthfl.exe116⤵PID:1884
-
\??\c:\rdjpv.exec:\rdjpv.exe117⤵PID:1016
-
\??\c:\htxphbv.exec:\htxphbv.exe118⤵PID:2384
-
\??\c:\pjrbld.exec:\pjrbld.exe119⤵PID:1696
-
\??\c:\tpftj.exec:\tpftj.exe120⤵PID:2740
-
\??\c:\dpxxjd.exec:\dpxxjd.exe121⤵PID:1796
-
\??\c:\nhvrd.exec:\nhvrd.exe122⤵PID:936
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-