Analysis
-
max time kernel
149s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
16/05/2024, 22:45
Behavioral task
behavioral1
Sample
57638e08e4df62b2d537e983c65af0cb9a88c4424bcffb5647e56c54624906e0.exe
Resource
win7-20240220-en
6 signatures
150 seconds
General
-
Target
57638e08e4df62b2d537e983c65af0cb9a88c4424bcffb5647e56c54624906e0.exe
-
Size
334KB
-
MD5
80cdd2cdaf40fbe4a5328d1d536694a6
-
SHA1
f3813f753bfb8f88d189c180a3bd6cc2e9428a35
-
SHA256
57638e08e4df62b2d537e983c65af0cb9a88c4424bcffb5647e56c54624906e0
-
SHA512
0978c3d175bfd73bfb4e73f5684e6f462ffefbcb150cf462ea86ed5c3927ec2d745276e01038f24cb9eb55a4e17fff2e75dbcdf41c01a7c580464eae82d9b5dc
-
SSDEEP
6144:rcm4FmowdHoSphraHcpOaKHpXfRo0V8JcgE+ezpg1i/6:x4wFHoS3eFaKHpv/VycgE8o6
Malware Config
Signatures
-
Detect Blackmoon payload 40 IoCs
resource yara_rule behavioral1/memory/2208-8-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2088-19-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2124-29-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2708-57-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2412-59-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2464-79-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/356-142-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1412-220-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1172-230-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2840-305-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2636-349-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2620-347-0x00000000002B0000-0x00000000002D7000-memory.dmp family_blackmoon behavioral1/memory/2636-356-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1516-414-0x00000000001B0000-0x00000000001D7000-memory.dmp family_blackmoon behavioral1/memory/1636-873-0x00000000002A0000-0x00000000002C7000-memory.dmp family_blackmoon behavioral1/memory/2536-724-0x00000000003A0000-0x00000000003C7000-memory.dmp family_blackmoon behavioral1/memory/1720-573-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/912-503-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1400-485-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/2864-369-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2480-339-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2208-312-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2820-291-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2232-282-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2236-273-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/808-254-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1308-245-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2008-176-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1448-167-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1448-162-0x00000000003A0000-0x00000000003C7000-memory.dmp family_blackmoon behavioral1/memory/2656-157-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2132-126-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2476-122-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/2476-115-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1344-114-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1244-104-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2560-95-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2292-75-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2636-40-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2496-38-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral1/memory/2208-0-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2208-3-0x0000000000220000-0x0000000000247000-memory.dmp UPX behavioral1/files/0x000c000000015cb1-6.dat UPX behavioral1/memory/2088-10-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2208-8-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2088-19-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0036000000015d21-17.dat UPX behavioral1/files/0x0007000000015d85-27.dat UPX behavioral1/memory/2124-29-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2708-57-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2412-59-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0007000000016ce0-77.dat UPX behavioral1/memory/2464-79-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1244-96-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0006000000016cfd-105.dat UPX behavioral1/files/0x0006000000016d10-124.dat UPX behavioral1/files/0x0006000000016d18-133.dat UPX behavioral1/memory/356-142-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0006000000016d81-169.dat UPX behavioral1/files/0x0006000000016d85-178.dat UPX behavioral1/files/0x0006000000016e56-193.dat UPX behavioral1/files/0x0006000000016f7e-204.dat UPX behavioral1/files/0x000600000001737b-210.dat UPX behavioral1/memory/1412-220-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x000600000001737e-221.dat UPX behavioral1/memory/1172-230-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x00060000000173dc-246.dat UPX behavioral1/files/0x00060000000173df-256.dat UPX behavioral1/files/0x00060000000173e7-264.dat UPX behavioral1/files/0x0035000000015d39-280.dat UPX behavioral1/memory/2840-305-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2480-332-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2620-341-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2636-349-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2636-356-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2480-389-0x0000000000220000-0x0000000000247000-memory.dmp UPX behavioral1/memory/1900-528-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2780-598-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2544-611-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1484-795-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2352-970-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/540-1052-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/620-1164-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/632-1227-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2932-1234-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2596-1296-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2456-1241-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2384-1208-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2888-1171-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1236-983-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1852-890-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1636-873-0x00000000002A0000-0x00000000002C7000-memory.dmp UPX behavioral1/memory/892-846-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2096-839-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/932-826-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1404-776-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/788-757-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1896-738-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2784-711-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2860-666-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1720-573-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/912-503-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/836-382-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2864-369-0x0000000000400000-0x0000000000427000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 2088 vvppv.exe 2124 xlffffr.exe 2496 hbnthb.exe 2636 dvvdp.exe 2708 pjvjp.exe 2412 lfxlxfr.exe 2292 7rffrrf.exe 2464 9tnbht.exe 2560 1jdvd.exe 1244 vjdpv.exe 1344 xxllffl.exe 2476 bththh.exe 2132 nnhnth.exe 2200 1ddpv.exe 356 vpjpp.exe 2656 rlxrxlr.exe 1448 1hhttb.exe 2008 3vpvd.exe 2744 3frxxff.exe 1968 llxxflx.exe 1904 nhtbnt.exe 540 btnbth.exe 1412 9pdvd.exe 560 1xrxrxl.exe 1172 jjdpj.exe 1308 dvddj.exe 808 xxrlffx.exe 1844 btntbb.exe 952 jvjpd.exe 2236 fxxrlrl.exe 2232 xxfrrfr.exe 2820 thnntn.exe 1424 3vpdv.exe 2840 pjpvj.exe 2208 llllxff.exe 1752 7frrrlr.exe 3000 hbnbnn.exe 2480 pjddd.exe 2620 1fxxxrx.exe 2636 3lrfflf.exe 2552 ttnnbh.exe 2404 ddvvj.exe 2864 lfxflrf.exe 1060 rrlxxlf.exe 836 ntthhn.exe 1368 tnhntn.exe 2640 1jpjp.exe 2408 dvpvj.exe 1516 9frrffl.exe 2612 ntbbhb.exe 1608 1jvjp.exe 1016 jvpjj.exe 2032 xlffxxr.exe 2296 7bthtb.exe 2908 hhbhnt.exe 2024 pdjvd.exe 2744 vvvdp.exe 1968 lllrxfx.exe 488 5bbhnb.exe 2660 9nbbhh.exe 1400 ppdjp.exe 1412 9frllfl.exe 2652 lfxlxlr.exe 912 1thnbh.exe -
resource yara_rule behavioral1/memory/2208-0-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2208-3-0x0000000000220000-0x0000000000247000-memory.dmp upx behavioral1/files/0x000c000000015cb1-6.dat upx behavioral1/memory/2088-10-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2208-8-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2088-19-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0036000000015d21-17.dat upx behavioral1/files/0x0007000000015d85-27.dat upx behavioral1/memory/2124-29-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2708-57-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2412-59-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0007000000016ce0-77.dat upx behavioral1/memory/2464-79-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1244-96-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000016cfd-105.dat upx behavioral1/files/0x0006000000016d10-124.dat upx behavioral1/files/0x0006000000016d18-133.dat upx behavioral1/memory/356-142-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000016d81-169.dat upx behavioral1/files/0x0006000000016d85-178.dat upx behavioral1/files/0x0006000000016e56-193.dat upx behavioral1/files/0x0006000000016f7e-204.dat upx behavioral1/files/0x000600000001737b-210.dat upx behavioral1/memory/1412-220-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x000600000001737e-221.dat upx behavioral1/memory/1172-230-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x00060000000173dc-246.dat upx behavioral1/files/0x00060000000173df-256.dat upx behavioral1/files/0x00060000000173e7-264.dat upx behavioral1/files/0x0035000000015d39-280.dat upx behavioral1/memory/2840-305-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2480-332-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2620-341-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2636-349-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2636-356-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2480-389-0x0000000000220000-0x0000000000247000-memory.dmp upx behavioral1/memory/1900-528-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2780-598-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2544-611-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1484-795-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2352-970-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/540-1052-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/620-1164-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/632-1227-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2932-1234-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2596-1296-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2456-1241-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2384-1208-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2888-1171-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1236-983-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1852-890-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1636-873-0x00000000002A0000-0x00000000002C7000-memory.dmp upx behavioral1/memory/892-846-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2096-839-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/932-826-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1404-776-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/788-757-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1896-738-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2784-711-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2860-666-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1720-573-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1948-544-0x0000000000220000-0x0000000000247000-memory.dmp upx behavioral1/memory/912-503-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/836-382-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2208 wrote to memory of 2088 2208 57638e08e4df62b2d537e983c65af0cb9a88c4424bcffb5647e56c54624906e0.exe 28 PID 2208 wrote to memory of 2088 2208 57638e08e4df62b2d537e983c65af0cb9a88c4424bcffb5647e56c54624906e0.exe 28 PID 2208 wrote to memory of 2088 2208 57638e08e4df62b2d537e983c65af0cb9a88c4424bcffb5647e56c54624906e0.exe 28 PID 2208 wrote to memory of 2088 2208 57638e08e4df62b2d537e983c65af0cb9a88c4424bcffb5647e56c54624906e0.exe 28 PID 2088 wrote to memory of 2124 2088 vvppv.exe 29 PID 2088 wrote to memory of 2124 2088 vvppv.exe 29 PID 2088 wrote to memory of 2124 2088 vvppv.exe 29 PID 2088 wrote to memory of 2124 2088 vvppv.exe 29 PID 2124 wrote to memory of 2496 2124 xlffffr.exe 30 PID 2124 wrote to memory of 2496 2124 xlffffr.exe 30 PID 2124 wrote to memory of 2496 2124 xlffffr.exe 30 PID 2124 wrote to memory of 2496 2124 xlffffr.exe 30 PID 2496 wrote to memory of 2636 2496 hbnthb.exe 31 PID 2496 wrote to memory of 2636 2496 hbnthb.exe 31 PID 2496 wrote to memory of 2636 2496 hbnthb.exe 31 PID 2496 wrote to memory of 2636 2496 hbnthb.exe 31 PID 2636 wrote to memory of 2708 2636 dvvdp.exe 112 PID 2636 wrote to memory of 2708 2636 dvvdp.exe 112 PID 2636 wrote to memory of 2708 2636 dvvdp.exe 112 PID 2636 wrote to memory of 2708 2636 dvvdp.exe 112 PID 2708 wrote to memory of 2412 2708 pjvjp.exe 33 PID 2708 wrote to memory of 2412 2708 pjvjp.exe 33 PID 2708 wrote to memory of 2412 2708 pjvjp.exe 33 PID 2708 wrote to memory of 2412 2708 pjvjp.exe 33 PID 2412 wrote to memory of 2292 2412 lfxlxfr.exe 113 PID 2412 wrote to memory of 2292 2412 lfxlxfr.exe 113 PID 2412 wrote to memory of 2292 2412 lfxlxfr.exe 113 PID 2412 wrote to memory of 2292 2412 lfxlxfr.exe 113 PID 2292 wrote to memory of 2464 2292 7rffrrf.exe 35 PID 2292 wrote to memory of 2464 2292 7rffrrf.exe 35 PID 2292 wrote to memory of 2464 2292 7rffrrf.exe 35 PID 2292 wrote to memory of 2464 2292 7rffrrf.exe 35 PID 2464 wrote to memory of 2560 2464 9tnbht.exe 36 PID 2464 wrote to memory of 2560 2464 9tnbht.exe 36 PID 2464 wrote to memory of 2560 2464 9tnbht.exe 36 PID 2464 wrote to memory of 2560 2464 9tnbht.exe 36 PID 2560 wrote to memory of 1244 2560 1jdvd.exe 37 PID 2560 wrote to memory of 1244 2560 1jdvd.exe 37 PID 2560 wrote to memory of 1244 2560 1jdvd.exe 37 PID 2560 wrote to memory of 1244 2560 1jdvd.exe 37 PID 1244 wrote to memory of 1344 1244 vjdpv.exe 38 PID 1244 wrote to memory of 1344 1244 vjdpv.exe 38 PID 1244 wrote to memory of 1344 1244 vjdpv.exe 38 PID 1244 wrote to memory of 1344 1244 vjdpv.exe 38 PID 1344 wrote to memory of 2476 1344 xxllffl.exe 39 PID 1344 wrote to memory of 2476 1344 xxllffl.exe 39 PID 1344 wrote to memory of 2476 1344 xxllffl.exe 39 PID 1344 wrote to memory of 2476 1344 xxllffl.exe 39 PID 2476 wrote to memory of 2132 2476 bththh.exe 40 PID 2476 wrote to memory of 2132 2476 bththh.exe 40 PID 2476 wrote to memory of 2132 2476 bththh.exe 40 PID 2476 wrote to memory of 2132 2476 bththh.exe 40 PID 2132 wrote to memory of 2200 2132 nnhnth.exe 41 PID 2132 wrote to memory of 2200 2132 nnhnth.exe 41 PID 2132 wrote to memory of 2200 2132 nnhnth.exe 41 PID 2132 wrote to memory of 2200 2132 nnhnth.exe 41 PID 2200 wrote to memory of 356 2200 1ddpv.exe 42 PID 2200 wrote to memory of 356 2200 1ddpv.exe 42 PID 2200 wrote to memory of 356 2200 1ddpv.exe 42 PID 2200 wrote to memory of 356 2200 1ddpv.exe 42 PID 356 wrote to memory of 2656 356 vpjpp.exe 43 PID 356 wrote to memory of 2656 356 vpjpp.exe 43 PID 356 wrote to memory of 2656 356 vpjpp.exe 43 PID 356 wrote to memory of 2656 356 vpjpp.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\57638e08e4df62b2d537e983c65af0cb9a88c4424bcffb5647e56c54624906e0.exe"C:\Users\Admin\AppData\Local\Temp\57638e08e4df62b2d537e983c65af0cb9a88c4424bcffb5647e56c54624906e0.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2208 -
\??\c:\vvppv.exec:\vvppv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2088 -
\??\c:\xlffffr.exec:\xlffffr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2124 -
\??\c:\hbnthb.exec:\hbnthb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2496 -
\??\c:\dvvdp.exec:\dvvdp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2636 -
\??\c:\pjvjp.exec:\pjvjp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2708 -
\??\c:\lfxlxfr.exec:\lfxlxfr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2412 -
\??\c:\7rffrrf.exec:\7rffrrf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2292 -
\??\c:\9tnbht.exec:\9tnbht.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2464 -
\??\c:\1jdvd.exec:\1jdvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2560 -
\??\c:\vjdpv.exec:\vjdpv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1244 -
\??\c:\xxllffl.exec:\xxllffl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1344 -
\??\c:\bththh.exec:\bththh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2476 -
\??\c:\nnhnth.exec:\nnhnth.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2132 -
\??\c:\1ddpv.exec:\1ddpv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2200 -
\??\c:\vpjpp.exec:\vpjpp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:356 -
\??\c:\rlxrxlr.exec:\rlxrxlr.exe17⤵
- Executes dropped EXE
PID:2656 -
\??\c:\1hhttb.exec:\1hhttb.exe18⤵
- Executes dropped EXE
PID:1448 -
\??\c:\3vpvd.exec:\3vpvd.exe19⤵
- Executes dropped EXE
PID:2008 -
\??\c:\3frxxff.exec:\3frxxff.exe20⤵
- Executes dropped EXE
PID:2744 -
\??\c:\llxxflx.exec:\llxxflx.exe21⤵
- Executes dropped EXE
PID:1968 -
\??\c:\nhtbnt.exec:\nhtbnt.exe22⤵
- Executes dropped EXE
PID:1904 -
\??\c:\btnbth.exec:\btnbth.exe23⤵
- Executes dropped EXE
PID:540 -
\??\c:\9pdvd.exec:\9pdvd.exe24⤵
- Executes dropped EXE
PID:1412 -
\??\c:\1xrxrxl.exec:\1xrxrxl.exe25⤵
- Executes dropped EXE
PID:560 -
\??\c:\jjdpj.exec:\jjdpj.exe26⤵
- Executes dropped EXE
PID:1172 -
\??\c:\dvddj.exec:\dvddj.exe27⤵
- Executes dropped EXE
PID:1308 -
\??\c:\xxrlffx.exec:\xxrlffx.exe28⤵
- Executes dropped EXE
PID:808 -
\??\c:\btntbb.exec:\btntbb.exe29⤵
- Executes dropped EXE
PID:1844 -
\??\c:\jvjpd.exec:\jvjpd.exe30⤵
- Executes dropped EXE
PID:952 -
\??\c:\fxxrlrl.exec:\fxxrlrl.exe31⤵
- Executes dropped EXE
PID:2236 -
\??\c:\xxfrrfr.exec:\xxfrrfr.exe32⤵
- Executes dropped EXE
PID:2232 -
\??\c:\thnntn.exec:\thnntn.exe33⤵
- Executes dropped EXE
PID:2820 -
\??\c:\3vpdv.exec:\3vpdv.exe34⤵
- Executes dropped EXE
PID:1424 -
\??\c:\pjpvj.exec:\pjpvj.exe35⤵
- Executes dropped EXE
PID:2840 -
\??\c:\llllxff.exec:\llllxff.exe36⤵
- Executes dropped EXE
PID:2208 -
\??\c:\7frrrlr.exec:\7frrrlr.exe37⤵
- Executes dropped EXE
PID:1752 -
\??\c:\hbnbnn.exec:\hbnbnn.exe38⤵
- Executes dropped EXE
PID:3000 -
\??\c:\pjddd.exec:\pjddd.exe39⤵
- Executes dropped EXE
PID:2480 -
\??\c:\1fxxxrx.exec:\1fxxxrx.exe40⤵
- Executes dropped EXE
PID:2620 -
\??\c:\3lrfflf.exec:\3lrfflf.exe41⤵
- Executes dropped EXE
PID:2636 -
\??\c:\ttnnbh.exec:\ttnnbh.exe42⤵
- Executes dropped EXE
PID:2552 -
\??\c:\ddvvj.exec:\ddvvj.exe43⤵
- Executes dropped EXE
PID:2404 -
\??\c:\lfxflrf.exec:\lfxflrf.exe44⤵
- Executes dropped EXE
PID:2864 -
\??\c:\rrlxxlf.exec:\rrlxxlf.exe45⤵
- Executes dropped EXE
PID:1060 -
\??\c:\ntthhn.exec:\ntthhn.exe46⤵
- Executes dropped EXE
PID:836 -
\??\c:\tnhntn.exec:\tnhntn.exe47⤵
- Executes dropped EXE
PID:1368 -
\??\c:\1jpjp.exec:\1jpjp.exe48⤵
- Executes dropped EXE
PID:2640 -
\??\c:\dvpvj.exec:\dvpvj.exe49⤵
- Executes dropped EXE
PID:2408 -
\??\c:\9frrffl.exec:\9frrffl.exe50⤵
- Executes dropped EXE
PID:1516 -
\??\c:\ntbbhb.exec:\ntbbhb.exe51⤵
- Executes dropped EXE
PID:2612 -
\??\c:\1jvjp.exec:\1jvjp.exe52⤵
- Executes dropped EXE
PID:1608 -
\??\c:\jvpjj.exec:\jvpjj.exe53⤵
- Executes dropped EXE
PID:1016 -
\??\c:\xlffxxr.exec:\xlffxxr.exe54⤵
- Executes dropped EXE
PID:2032 -
\??\c:\7bthtb.exec:\7bthtb.exe55⤵
- Executes dropped EXE
PID:2296 -
\??\c:\hhbhnt.exec:\hhbhnt.exe56⤵
- Executes dropped EXE
PID:2908 -
\??\c:\pdjvd.exec:\pdjvd.exe57⤵
- Executes dropped EXE
PID:2024 -
\??\c:\vvvdp.exec:\vvvdp.exe58⤵
- Executes dropped EXE
PID:2744 -
\??\c:\lllrxfx.exec:\lllrxfx.exe59⤵
- Executes dropped EXE
PID:1968 -
\??\c:\5bbhnb.exec:\5bbhnb.exe60⤵
- Executes dropped EXE
PID:488 -
\??\c:\9nbbhh.exec:\9nbbhh.exe61⤵
- Executes dropped EXE
PID:2660 -
\??\c:\ppdjp.exec:\ppdjp.exe62⤵
- Executes dropped EXE
PID:1400 -
\??\c:\9frllfl.exec:\9frllfl.exe63⤵
- Executes dropped EXE
PID:1412 -
\??\c:\lfxlxlr.exec:\lfxlxlr.exe64⤵
- Executes dropped EXE
PID:2652 -
\??\c:\1thnbh.exec:\1thnbh.exe65⤵
- Executes dropped EXE
PID:912 -
\??\c:\vddvd.exec:\vddvd.exe66⤵PID:1172
-
\??\c:\rrrflxl.exec:\rrrflxl.exe67⤵PID:1280
-
\??\c:\lfffffr.exec:\lfffffr.exe68⤵PID:2300
-
\??\c:\rrxlllr.exec:\rrxlllr.exe69⤵PID:1900
-
\??\c:\btbbhn.exec:\btbbhn.exe70⤵PID:2984
-
\??\c:\nhtbnt.exec:\nhtbnt.exe71⤵PID:1948
-
\??\c:\ppjpd.exec:\ppjpd.exe72⤵PID:1944
-
\??\c:\llllrrl.exec:\llllrrl.exe73⤵PID:2232
-
\??\c:\fxllffl.exec:\fxllffl.exe74⤵PID:2820
-
\??\c:\llrlxlf.exec:\llrlxlf.exe75⤵PID:1884
-
\??\c:\hnnbnt.exec:\hnnbnt.exe76⤵PID:1720
-
\??\c:\hbthbh.exec:\hbthbh.exe77⤵PID:1528
-
\??\c:\ddvdp.exec:\ddvdp.exe78⤵PID:2216
-
\??\c:\pvvjj.exec:\pvvjj.exe79⤵PID:1752
-
\??\c:\rxllffr.exec:\rxllffr.exe80⤵PID:2780
-
\??\c:\tbnhhh.exec:\tbnhhh.exe81⤵PID:2148
-
\??\c:\hbhnnn.exec:\hbhnnn.exe82⤵PID:2544
-
\??\c:\jjvvj.exec:\jjvvj.exe83⤵PID:2704
-
\??\c:\pdjpp.exec:\pdjpp.exe84⤵PID:2260
-
\??\c:\lflrrxf.exec:\lflrrxf.exe85⤵PID:2644
-
\??\c:\1xlrrrx.exec:\1xlrrrx.exe86⤵PID:2708
-
\??\c:\hbnhnh.exec:\hbnhnh.exe87⤵PID:2292
-
\??\c:\tbnnbb.exec:\tbnnbb.exe88⤵PID:2836
-
\??\c:\dppdd.exec:\dppdd.exe89⤵PID:2140
-
\??\c:\pvjjj.exec:\pvjjj.exe90⤵PID:1656
-
\??\c:\1xllrff.exec:\1xllrff.exe91⤵PID:2860
-
\??\c:\3fxlrfl.exec:\3fxlrfl.exe92⤵PID:1488
-
\??\c:\thnhtn.exec:\thnhtn.exe93⤵PID:2284
-
\??\c:\hhthnn.exec:\hhthnn.exe94⤵PID:1236
-
\??\c:\pjjpd.exec:\pjjpd.exe95⤵PID:2532
-
\??\c:\dvjjv.exec:\dvjjv.exe96⤵PID:2428
-
\??\c:\rlflffl.exec:\rlflffl.exe97⤵PID:1888
-
\??\c:\5lxxfrf.exec:\5lxxfrf.exe98⤵PID:2784
-
\??\c:\5thntb.exec:\5thntb.exe99⤵PID:2536
-
\??\c:\btttbh.exec:\btttbh.exe100⤵PID:1684
-
\??\c:\ppjvj.exec:\ppjvj.exe101⤵PID:2152
-
\??\c:\3jddd.exec:\3jddd.exe102⤵PID:1896
-
\??\c:\rlxfrrl.exec:\rlxfrrl.exe103⤵PID:2024
-
\??\c:\rlflrrf.exec:\rlflrrf.exe104⤵PID:2136
-
\??\c:\bntthh.exec:\bntthh.exe105⤵PID:788
-
\??\c:\nbnhnh.exec:\nbnhnh.exe106⤵PID:1100
-
\??\c:\dpvvv.exec:\dpvvv.exe107⤵PID:1592
-
\??\c:\1jdpv.exec:\1jdpv.exe108⤵PID:1404
-
\??\c:\3fxfrrx.exec:\3fxfrrx.exe109⤵PID:2340
-
\??\c:\lfxxxlr.exec:\lfxxxlr.exe110⤵PID:856
-
\??\c:\nnhnbh.exec:\nnhnbh.exe111⤵PID:1484
-
\??\c:\nhbbhn.exec:\nhbbhn.exe112⤵PID:1308
-
\??\c:\9jjvj.exec:\9jjvj.exe113⤵PID:2952
-
\??\c:\vdpvv.exec:\vdpvv.exe114⤵PID:452
-
\??\c:\ffrlrrl.exec:\ffrlrrl.exe115⤵PID:320
-
\??\c:\rlxlrfl.exec:\rlxlrfl.exe116⤵PID:932
-
\??\c:\fxlrffr.exec:\fxlrffr.exe117⤵PID:1928
-
\??\c:\httbhb.exec:\httbhb.exe118⤵PID:2096
-
\??\c:\dvvvj.exec:\dvvvj.exe119⤵PID:892
-
\??\c:\vjvpv.exec:\vjvpv.exe120⤵PID:2672
-
\??\c:\xlflrrf.exec:\xlflrrf.exe121⤵PID:2816
-
\??\c:\xxxrfrr.exec:\xxxrfrr.exe122⤵PID:2840
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-