Analysis
-
max time kernel
150s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13/05/2024, 21:08
Behavioral task
behavioral1
Sample
4b9c87680a17c6a9f7ef96b5807c257051cafc0f5715d6cb7ff85a774db098ed.exe
Resource
win7-20240215-en
windows7-x64
6 signatures
150 seconds
General
-
Target
4b9c87680a17c6a9f7ef96b5807c257051cafc0f5715d6cb7ff85a774db098ed.exe
-
Size
360KB
-
MD5
a9ee6d3710b88fc903b824e7216e5d03
-
SHA1
6d21283c921f58f42525ecee21653e52c2f0e6f8
-
SHA256
4b9c87680a17c6a9f7ef96b5807c257051cafc0f5715d6cb7ff85a774db098ed
-
SHA512
96fde38791ed4ad4eeb04cf857b51966bf0d8ae3f8a51e5349964b4cd390ea5a3e71a0b08af90cdeb458a112285f343f4a55ae891c7da842fd7d057d3bcaaad3
-
SSDEEP
6144:Lcm4FmowdHoSHt251UriZFwu1b26X1wjhtSizj3:R4wFHoSHYHUrAwqzc5
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/2736-0-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3920-9-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5008-15-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4488-20-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4400-26-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3708-34-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5116-39-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5088-44-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1524-49-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3584-55-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4860-65-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3932-66-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1748-74-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3692-80-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5076-88-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3508-102-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4548-109-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1180-107-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1156-124-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2328-130-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4580-132-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1288-139-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4064-142-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4068-149-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3448-157-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1532-160-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1196-165-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3944-170-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4796-177-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1416-185-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1540-194-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4280-201-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4568-203-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4424-207-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3760-213-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5008-220-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1152-225-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3224-228-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4072-231-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4308-236-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3012-243-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2056-256-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4344-277-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2284-286-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4892-295-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3052-300-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1356-305-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1056-314-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3636-320-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3632-369-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4488-387-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3224-394-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1836-399-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2864-411-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2060-430-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1436-458-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4872-463-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/384-502-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3756-515-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2696-562-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1416-676-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3328-730-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5052-749-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2368-789-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/2736-0-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3920-4-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0006000000023270-3.dat UPX behavioral2/files/0x00080000000233b7-8.dat UPX behavioral2/memory/3920-9-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233b8-11.dat UPX behavioral2/memory/5008-15-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4488-16-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233b9-21.dat UPX behavioral2/memory/4488-20-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233ba-25.dat UPX behavioral2/memory/4400-26-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233bb-29.dat UPX behavioral2/files/0x00070000000233bc-33.dat UPX behavioral2/memory/3708-34-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233bd-38.dat UPX behavioral2/memory/5116-39-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/5088-44-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233be-45.dat UPX behavioral2/files/0x00070000000233bf-48.dat UPX behavioral2/memory/1524-49-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233c0-53.dat UPX behavioral2/memory/3584-55-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233c1-58.dat UPX behavioral2/memory/4860-60-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4860-65-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3932-66-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00080000000233b5-64.dat UPX behavioral2/files/0x00070000000233c2-69.dat UPX behavioral2/files/0x00070000000233c3-73.dat UPX behavioral2/memory/1748-74-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233c4-78.dat UPX behavioral2/memory/3692-80-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233c5-83.dat UPX behavioral2/files/0x00070000000233c6-87.dat UPX behavioral2/memory/5076-88-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233c7-92.dat UPX behavioral2/files/0x00070000000233c8-96.dat UPX behavioral2/files/0x00070000000233c9-100.dat UPX behavioral2/memory/3508-102-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233ca-105.dat UPX behavioral2/memory/4548-109-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1180-107-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233cb-111.dat UPX behavioral2/files/0x00070000000233cc-115.dat UPX behavioral2/files/0x00070000000233cd-119.dat UPX behavioral2/files/0x00070000000233ce-123.dat UPX behavioral2/memory/1156-124-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233cf-128.dat UPX behavioral2/memory/2328-130-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4580-132-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233d0-134.dat UPX behavioral2/files/0x00070000000233d1-138.dat UPX behavioral2/memory/1288-139-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4064-142-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233d2-144.dat UPX behavioral2/files/0x00070000000233d3-148.dat UPX behavioral2/memory/4068-149-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233d4-153.dat UPX behavioral2/memory/3448-157-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1532-160-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1196-165-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3944-170-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4796-177-0x0000000000400000-0x0000000000427000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 3920 fffxxxr.exe 5008 nhhbbt.exe 4488 hhnttn.exe 4400 5bbbtb.exe 3356 djddj.exe 3708 btnhtt.exe 5116 5dppj.exe 5088 nhbthh.exe 1524 lfllfll.exe 3584 dpvjp.exe 2512 httnnh.exe 4860 rxllrlf.exe 3932 3vvpp.exe 1748 pvdvv.exe 2712 xrfflrr.exe 3692 5djjd.exe 5076 lxxrllf.exe 1808 djjjj.exe 1344 nhhhhh.exe 3508 1dvvv.exe 4548 ffrrllf.exe 1180 xrrfxxx.exe 440 hbhhbb.exe 1396 xfllfxf.exe 1156 bhbbbt.exe 2328 fxxlffr.exe 4580 tnnnnn.exe 1288 pppjp.exe 4064 ttbtnn.exe 4068 pddvv.exe 3128 hhbntn.exe 3448 lfxrrrr.exe 1532 bhtnhh.exe 3216 vjjjd.exe 1196 vjpjd.exe 3840 hhbtnn.exe 3944 ddddv.exe 2176 jvvpj.exe 1812 frxxxff.exe 2432 tntbth.exe 4796 3ddvj.exe 1796 5rlfxxx.exe 3652 fxlfxxf.exe 1416 bbhnnn.exe 4248 dpdjj.exe 3264 jjddj.exe 1540 xflfxfx.exe 4004 ttbttt.exe 856 pddvv.exe 4280 vdpvp.exe 4568 lrrlflf.exe 4424 hhbbbh.exe 2876 jjppp.exe 2336 xrllllf.exe 3760 hbbnht.exe 2416 ppdpd.exe 5008 vvdvv.exe 4420 frlffff.exe 1152 1hhbbb.exe 3224 dpjjd.exe 4072 lrlfffl.exe 2836 hnbbnn.exe 4308 lfllflx.exe 3356 bntttb.exe -
resource yara_rule behavioral2/memory/2736-0-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3920-4-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0006000000023270-3.dat upx behavioral2/files/0x00080000000233b7-8.dat upx behavioral2/memory/3920-9-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233b8-11.dat upx behavioral2/memory/5008-15-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4488-16-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233b9-21.dat upx behavioral2/memory/4488-20-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233ba-25.dat upx behavioral2/memory/4400-26-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233bb-29.dat upx behavioral2/files/0x00070000000233bc-33.dat upx behavioral2/memory/3708-34-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233bd-38.dat upx behavioral2/memory/5116-39-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/5088-44-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233be-45.dat upx behavioral2/files/0x00070000000233bf-48.dat upx behavioral2/memory/1524-49-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233c0-53.dat upx behavioral2/memory/3584-55-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233c1-58.dat upx behavioral2/memory/4860-60-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4860-65-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3932-66-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00080000000233b5-64.dat upx behavioral2/files/0x00070000000233c2-69.dat upx behavioral2/files/0x00070000000233c3-73.dat upx behavioral2/memory/1748-74-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233c4-78.dat upx behavioral2/memory/3692-80-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233c5-83.dat upx behavioral2/files/0x00070000000233c6-87.dat upx behavioral2/memory/5076-88-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233c7-92.dat upx behavioral2/files/0x00070000000233c8-96.dat upx behavioral2/files/0x00070000000233c9-100.dat upx behavioral2/memory/3508-102-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233ca-105.dat upx behavioral2/memory/4548-109-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1180-107-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233cb-111.dat upx behavioral2/files/0x00070000000233cc-115.dat upx behavioral2/files/0x00070000000233cd-119.dat upx behavioral2/files/0x00070000000233ce-123.dat upx behavioral2/memory/1156-124-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233cf-128.dat upx behavioral2/memory/2328-130-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4580-132-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233d0-134.dat upx behavioral2/files/0x00070000000233d1-138.dat upx behavioral2/memory/1288-139-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4064-142-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233d2-144.dat upx behavioral2/files/0x00070000000233d3-148.dat upx behavioral2/memory/4068-149-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233d4-153.dat upx behavioral2/memory/3448-157-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1532-160-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1196-165-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3944-170-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4796-177-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2736 wrote to memory of 3920 2736 4b9c87680a17c6a9f7ef96b5807c257051cafc0f5715d6cb7ff85a774db098ed.exe 82 PID 2736 wrote to memory of 3920 2736 4b9c87680a17c6a9f7ef96b5807c257051cafc0f5715d6cb7ff85a774db098ed.exe 82 PID 2736 wrote to memory of 3920 2736 4b9c87680a17c6a9f7ef96b5807c257051cafc0f5715d6cb7ff85a774db098ed.exe 82 PID 3920 wrote to memory of 5008 3920 fffxxxr.exe 83 PID 3920 wrote to memory of 5008 3920 fffxxxr.exe 83 PID 3920 wrote to memory of 5008 3920 fffxxxr.exe 83 PID 5008 wrote to memory of 4488 5008 nhhbbt.exe 84 PID 5008 wrote to memory of 4488 5008 nhhbbt.exe 84 PID 5008 wrote to memory of 4488 5008 nhhbbt.exe 84 PID 4488 wrote to memory of 4400 4488 hhnttn.exe 87 PID 4488 wrote to memory of 4400 4488 hhnttn.exe 87 PID 4488 wrote to memory of 4400 4488 hhnttn.exe 87 PID 4400 wrote to memory of 3356 4400 5bbbtb.exe 88 PID 4400 wrote to memory of 3356 4400 5bbbtb.exe 88 PID 4400 wrote to memory of 3356 4400 5bbbtb.exe 88 PID 3356 wrote to memory of 3708 3356 djddj.exe 90 PID 3356 wrote to memory of 3708 3356 djddj.exe 90 PID 3356 wrote to memory of 3708 3356 djddj.exe 90 PID 3708 wrote to memory of 5116 3708 btnhtt.exe 91 PID 3708 wrote to memory of 5116 3708 btnhtt.exe 91 PID 3708 wrote to memory of 5116 3708 btnhtt.exe 91 PID 5116 wrote to memory of 5088 5116 5dppj.exe 92 PID 5116 wrote to memory of 5088 5116 5dppj.exe 92 PID 5116 wrote to memory of 5088 5116 5dppj.exe 92 PID 5088 wrote to memory of 1524 5088 nhbthh.exe 93 PID 5088 wrote to memory of 1524 5088 nhbthh.exe 93 PID 5088 wrote to memory of 1524 5088 nhbthh.exe 93 PID 1524 wrote to memory of 3584 1524 lfllfll.exe 94 PID 1524 wrote to memory of 3584 1524 lfllfll.exe 94 PID 1524 wrote to memory of 3584 1524 lfllfll.exe 94 PID 3584 wrote to memory of 2512 3584 dpvjp.exe 95 PID 3584 wrote to memory of 2512 3584 dpvjp.exe 95 PID 3584 wrote to memory of 2512 3584 dpvjp.exe 95 PID 2512 wrote to memory of 4860 2512 httnnh.exe 96 PID 2512 wrote to memory of 4860 2512 httnnh.exe 96 PID 2512 wrote to memory of 4860 2512 httnnh.exe 96 PID 4860 wrote to memory of 3932 4860 rxllrlf.exe 97 PID 4860 wrote to memory of 3932 4860 rxllrlf.exe 97 PID 4860 wrote to memory of 3932 4860 rxllrlf.exe 97 PID 3932 wrote to memory of 1748 3932 3vvpp.exe 98 PID 3932 wrote to memory of 1748 3932 3vvpp.exe 98 PID 3932 wrote to memory of 1748 3932 3vvpp.exe 98 PID 1748 wrote to memory of 2712 1748 pvdvv.exe 99 PID 1748 wrote to memory of 2712 1748 pvdvv.exe 99 PID 1748 wrote to memory of 2712 1748 pvdvv.exe 99 PID 2712 wrote to memory of 3692 2712 xrfflrr.exe 100 PID 2712 wrote to memory of 3692 2712 xrfflrr.exe 100 PID 2712 wrote to memory of 3692 2712 xrfflrr.exe 100 PID 3692 wrote to memory of 5076 3692 5djjd.exe 101 PID 3692 wrote to memory of 5076 3692 5djjd.exe 101 PID 3692 wrote to memory of 5076 3692 5djjd.exe 101 PID 5076 wrote to memory of 1808 5076 lxxrllf.exe 102 PID 5076 wrote to memory of 1808 5076 lxxrllf.exe 102 PID 5076 wrote to memory of 1808 5076 lxxrllf.exe 102 PID 1808 wrote to memory of 1344 1808 djjjj.exe 103 PID 1808 wrote to memory of 1344 1808 djjjj.exe 103 PID 1808 wrote to memory of 1344 1808 djjjj.exe 103 PID 1344 wrote to memory of 3508 1344 nhhhhh.exe 104 PID 1344 wrote to memory of 3508 1344 nhhhhh.exe 104 PID 1344 wrote to memory of 3508 1344 nhhhhh.exe 104 PID 3508 wrote to memory of 4548 3508 1dvvv.exe 105 PID 3508 wrote to memory of 4548 3508 1dvvv.exe 105 PID 3508 wrote to memory of 4548 3508 1dvvv.exe 105 PID 4548 wrote to memory of 1180 4548 ffrrllf.exe 106
Processes
-
C:\Users\Admin\AppData\Local\Temp\4b9c87680a17c6a9f7ef96b5807c257051cafc0f5715d6cb7ff85a774db098ed.exe"C:\Users\Admin\AppData\Local\Temp\4b9c87680a17c6a9f7ef96b5807c257051cafc0f5715d6cb7ff85a774db098ed.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2736 -
\??\c:\fffxxxr.exec:\fffxxxr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3920 -
\??\c:\nhhbbt.exec:\nhhbbt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5008 -
\??\c:\hhnttn.exec:\hhnttn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4488 -
\??\c:\5bbbtb.exec:\5bbbtb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4400 -
\??\c:\djddj.exec:\djddj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3356 -
\??\c:\btnhtt.exec:\btnhtt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3708 -
\??\c:\5dppj.exec:\5dppj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5116 -
\??\c:\nhbthh.exec:\nhbthh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5088 -
\??\c:\lfllfll.exec:\lfllfll.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1524 -
\??\c:\dpvjp.exec:\dpvjp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3584 -
\??\c:\httnnh.exec:\httnnh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2512 -
\??\c:\rxllrlf.exec:\rxllrlf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4860 -
\??\c:\3vvpp.exec:\3vvpp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3932 -
\??\c:\pvdvv.exec:\pvdvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1748 -
\??\c:\xrfflrr.exec:\xrfflrr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2712 -
\??\c:\5djjd.exec:\5djjd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3692 -
\??\c:\lxxrllf.exec:\lxxrllf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5076 -
\??\c:\djjjj.exec:\djjjj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1808 -
\??\c:\nhhhhh.exec:\nhhhhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1344 -
\??\c:\1dvvv.exec:\1dvvv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3508 -
\??\c:\ffrrllf.exec:\ffrrllf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4548 -
\??\c:\xrrfxxx.exec:\xrrfxxx.exe23⤵
- Executes dropped EXE
PID:1180 -
\??\c:\hbhhbb.exec:\hbhhbb.exe24⤵
- Executes dropped EXE
PID:440 -
\??\c:\xfllfxf.exec:\xfllfxf.exe25⤵
- Executes dropped EXE
PID:1396 -
\??\c:\bhbbbt.exec:\bhbbbt.exe26⤵
- Executes dropped EXE
PID:1156 -
\??\c:\fxxlffr.exec:\fxxlffr.exe27⤵
- Executes dropped EXE
PID:2328 -
\??\c:\tnnnnn.exec:\tnnnnn.exe28⤵
- Executes dropped EXE
PID:4580 -
\??\c:\pppjp.exec:\pppjp.exe29⤵
- Executes dropped EXE
PID:1288 -
\??\c:\ttbtnn.exec:\ttbtnn.exe30⤵
- Executes dropped EXE
PID:4064 -
\??\c:\pddvv.exec:\pddvv.exe31⤵
- Executes dropped EXE
PID:4068 -
\??\c:\hhbntn.exec:\hhbntn.exe32⤵
- Executes dropped EXE
PID:3128 -
\??\c:\lfxrrrr.exec:\lfxrrrr.exe33⤵
- Executes dropped EXE
PID:3448 -
\??\c:\bhtnhh.exec:\bhtnhh.exe34⤵
- Executes dropped EXE
PID:1532 -
\??\c:\vjjjd.exec:\vjjjd.exe35⤵
- Executes dropped EXE
PID:3216 -
\??\c:\vjpjd.exec:\vjpjd.exe36⤵
- Executes dropped EXE
PID:1196 -
\??\c:\hhbtnn.exec:\hhbtnn.exe37⤵
- Executes dropped EXE
PID:3840 -
\??\c:\ddddv.exec:\ddddv.exe38⤵
- Executes dropped EXE
PID:3944 -
\??\c:\jvvpj.exec:\jvvpj.exe39⤵
- Executes dropped EXE
PID:2176 -
\??\c:\frxxxff.exec:\frxxxff.exe40⤵
- Executes dropped EXE
PID:1812 -
\??\c:\tntbth.exec:\tntbth.exe41⤵
- Executes dropped EXE
PID:2432 -
\??\c:\3ddvj.exec:\3ddvj.exe42⤵
- Executes dropped EXE
PID:4796 -
\??\c:\5rlfxxx.exec:\5rlfxxx.exe43⤵
- Executes dropped EXE
PID:1796 -
\??\c:\fxlfxxf.exec:\fxlfxxf.exe44⤵
- Executes dropped EXE
PID:3652 -
\??\c:\bbhnnn.exec:\bbhnnn.exe45⤵
- Executes dropped EXE
PID:1416 -
\??\c:\dpdjj.exec:\dpdjj.exe46⤵
- Executes dropped EXE
PID:4248 -
\??\c:\jjddj.exec:\jjddj.exe47⤵
- Executes dropped EXE
PID:3264 -
\??\c:\xflfxfx.exec:\xflfxfx.exe48⤵
- Executes dropped EXE
PID:1540 -
\??\c:\ttbttt.exec:\ttbttt.exe49⤵
- Executes dropped EXE
PID:4004 -
\??\c:\pddvv.exec:\pddvv.exe50⤵
- Executes dropped EXE
PID:856 -
\??\c:\vdpvp.exec:\vdpvp.exe51⤵
- Executes dropped EXE
PID:4280 -
\??\c:\lrrlflf.exec:\lrrlflf.exe52⤵
- Executes dropped EXE
PID:4568 -
\??\c:\hhbbbh.exec:\hhbbbh.exe53⤵
- Executes dropped EXE
PID:4424 -
\??\c:\jjppp.exec:\jjppp.exe54⤵
- Executes dropped EXE
PID:2876 -
\??\c:\xrllllf.exec:\xrllllf.exe55⤵
- Executes dropped EXE
PID:2336 -
\??\c:\hbbnht.exec:\hbbnht.exe56⤵
- Executes dropped EXE
PID:3760 -
\??\c:\ppdpd.exec:\ppdpd.exe57⤵
- Executes dropped EXE
PID:2416 -
\??\c:\vvdvv.exec:\vvdvv.exe58⤵
- Executes dropped EXE
PID:5008 -
\??\c:\frlffff.exec:\frlffff.exe59⤵
- Executes dropped EXE
PID:4420 -
\??\c:\1hhbbb.exec:\1hhbbb.exe60⤵
- Executes dropped EXE
PID:1152 -
\??\c:\dpjjd.exec:\dpjjd.exe61⤵
- Executes dropped EXE
PID:3224 -
\??\c:\lrlfffl.exec:\lrlfffl.exe62⤵
- Executes dropped EXE
PID:4072 -
\??\c:\hnbbnn.exec:\hnbbnn.exe63⤵
- Executes dropped EXE
PID:2836 -
\??\c:\lfllflx.exec:\lfllflx.exe64⤵
- Executes dropped EXE
PID:4308 -
\??\c:\bntttb.exec:\bntttb.exe65⤵
- Executes dropped EXE
PID:3356 -
\??\c:\llrlxxx.exec:\llrlxxx.exe66⤵PID:3008
-
\??\c:\3xlxxff.exec:\3xlxxff.exe67⤵PID:3012
-
\??\c:\bnttth.exec:\bnttth.exe68⤵PID:3608
-
\??\c:\dpjdv.exec:\dpjdv.exe69⤵PID:4976
-
\??\c:\xrfxffl.exec:\xrfxffl.exe70⤵PID:4776
-
\??\c:\lxxrflf.exec:\lxxrflf.exe71⤵PID:2312
-
\??\c:\nthbbb.exec:\nthbbb.exe72⤵PID:2580
-
\??\c:\vvppj.exec:\vvppj.exe73⤵PID:2056
-
\??\c:\rllfxxx.exec:\rllfxxx.exe74⤵PID:3312
-
\??\c:\bhnbbt.exec:\bhnbbt.exe75⤵PID:3784
-
\??\c:\dpvpp.exec:\dpvpp.exe76⤵PID:4860
-
\??\c:\rxlrrrf.exec:\rxlrrrf.exe77⤵PID:3240
-
\??\c:\nbbnbb.exec:\nbbnbb.exe78⤵PID:2508
-
\??\c:\dppdp.exec:\dppdp.exe79⤵PID:1748
-
\??\c:\dpjjd.exec:\dpjjd.exe80⤵PID:4496
-
\??\c:\xllffff.exec:\xllffff.exe81⤵PID:5052
-
\??\c:\hbbbtt.exec:\hbbbtt.exe82⤵PID:3692
-
\??\c:\jddpd.exec:\jddpd.exe83⤵PID:4344
-
\??\c:\3fxxlll.exec:\3fxxlll.exe84⤵PID:4444
-
\??\c:\xxxffff.exec:\xxxffff.exe85⤵PID:2264
-
\??\c:\hbtnbb.exec:\hbtnbb.exe86⤵PID:4104
-
\??\c:\dpvvv.exec:\dpvvv.exe87⤵PID:2284
-
\??\c:\lxfxffx.exec:\lxfxffx.exe88⤵PID:5080
-
\??\c:\hbnhhh.exec:\hbnhhh.exe89⤵PID:764
-
\??\c:\3nbbbb.exec:\3nbbbb.exe90⤵PID:2204
-
\??\c:\jvdvv.exec:\jvdvv.exe91⤵PID:4892
-
\??\c:\llfxrrf.exec:\llfxrrf.exe92⤵PID:2200
-
\??\c:\tntnhh.exec:\tntnhh.exe93⤵PID:3052
-
\??\c:\5dddp.exec:\5dddp.exe94⤵PID:408
-
\??\c:\thtbtb.exec:\thtbtb.exe95⤵PID:1356
-
\??\c:\dpdpp.exec:\dpdpp.exe96⤵PID:2740
-
\??\c:\rlffffx.exec:\rlffffx.exe97⤵PID:4900
-
\??\c:\xfxrxxl.exec:\xfxrxxl.exe98⤵PID:3380
-
\??\c:\bnhnnb.exec:\bnhnnb.exe99⤵PID:1056
-
\??\c:\pvvvv.exec:\pvvvv.exe100⤵PID:3300
-
\??\c:\rrxxrfx.exec:\rrxxrfx.exe101⤵PID:1216
-
\??\c:\rlllrrr.exec:\rlllrrr.exe102⤵PID:3636
-
\??\c:\tntttt.exec:\tntttt.exe103⤵PID:3228
-
\??\c:\5vvpj.exec:\5vvpj.exe104⤵PID:3400
-
\??\c:\rfrlflf.exec:\rfrlflf.exe105⤵PID:3360
-
\??\c:\bbbnhh.exec:\bbbnhh.exe106⤵PID:3320
-
\??\c:\dpjdv.exec:\dpjdv.exe107⤵PID:3032
-
\??\c:\pdpjv.exec:\pdpjv.exe108⤵PID:452
-
\??\c:\7hnbnh.exec:\7hnbnh.exe109⤵PID:3104
-
\??\c:\nbnnnn.exec:\nbnnnn.exe110⤵PID:3908
-
\??\c:\jdppj.exec:\jdppj.exe111⤵PID:3180
-
\??\c:\vdjdv.exec:\vdjdv.exe112⤵PID:2596
-
\??\c:\xrxxrrr.exec:\xrxxrrr.exe113⤵PID:544
-
\??\c:\tnttnt.exec:\tnttnt.exe114⤵PID:3372
-
\??\c:\httbbt.exec:\httbbt.exe115⤵PID:3564
-
\??\c:\9jpjj.exec:\9jpjj.exe116⤵PID:4796
-
\??\c:\lrrllll.exec:\lrrllll.exe117⤵PID:2016
-
\??\c:\9llffff.exec:\9llffff.exe118⤵PID:3756
-
\??\c:\hhtbbt.exec:\hhtbbt.exe119⤵PID:1416
-
\??\c:\vddvv.exec:\vddvv.exe120⤵PID:4020
-
\??\c:\llllxrr.exec:\llllxrr.exe121⤵PID:3264
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-