Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
16/05/2024, 18:30
Behavioral task
behavioral1
Sample
0936c62ba23c675aaa245d487b8f28d3046f6fb77b1e0584671437f5e565658d.exe
Resource
win7-20240508-en
windows7-x64
6 signatures
150 seconds
General
-
Target
0936c62ba23c675aaa245d487b8f28d3046f6fb77b1e0584671437f5e565658d.exe
-
Size
173KB
-
MD5
3ece4476b43edcf916139abe0bbf0a73
-
SHA1
8ac401d89cc97ff0494b89b21ec929dc1d90ad4f
-
SHA256
0936c62ba23c675aaa245d487b8f28d3046f6fb77b1e0584671437f5e565658d
-
SHA512
5f7cb495b0607c23681887dc54902221035cf00ccd7f7a719bcc69d1916b20cd04f271cf5ab240ae0002ffc5e7886a103d421c0636ca1f046d4e149621136e99
-
SSDEEP
3072:6hOmTsF93UYfwC6GIoutQ0tSe5yLpcka62c+8+dRNN7Yk+6C2Wv:6cm4FmowdHoSQ0tH6lCXb7Ybv
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/4020-15-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2128-13-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/1812-5-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/1856-24-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3096-31-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/1756-36-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/1232-40-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2332-49-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2044-55-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/1200-68-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2252-82-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/1764-88-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/1384-100-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2968-105-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/1036-108-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/1104-117-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3552-135-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4712-163-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/1968-174-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3432-148-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/1460-146-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4076-191-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4812-201-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3044-205-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3084-209-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/1496-214-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4440-220-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2960-222-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4020-225-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2192-235-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4092-245-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/1948-256-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3240-260-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3256-263-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3116-281-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2964-291-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3956-295-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4684-303-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/944-315-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/660-322-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/5092-329-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4644-334-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/800-390-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/116-398-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/964-417-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3256-427-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2372-440-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/1424-447-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3736-501-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4380-503-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/820-515-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2320-519-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2040-526-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3612-531-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3096-548-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3176-582-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/1384-595-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4796-622-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3584-681-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2044-688-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/344-853-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3448-981-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/832-1006-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/1856-1103-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/1812-0-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x000500000002328f-6.dat UPX behavioral2/memory/4020-7-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x000a0000000233e5-11.dat UPX behavioral2/memory/4020-15-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x00070000000233ed-12.dat UPX behavioral2/memory/2128-13-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/memory/1812-5-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x00070000000233ee-22.dat UPX behavioral2/memory/1856-24-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x00070000000233ef-30.dat UPX behavioral2/memory/1756-32-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/memory/3096-31-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x00070000000233f0-37.dat UPX behavioral2/memory/1756-36-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/memory/1232-40-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x00070000000233f2-43.dat UPX behavioral2/files/0x00070000000233f3-50.dat UPX behavioral2/memory/2332-49-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x00070000000233f4-53.dat UPX behavioral2/memory/2044-55-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x00070000000233f5-59.dat UPX behavioral2/files/0x00070000000233f6-66.dat UPX behavioral2/memory/1200-68-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x00070000000233f8-70.dat UPX behavioral2/files/0x00070000000233f9-75.dat UPX behavioral2/files/0x00070000000233fa-80.dat UPX behavioral2/memory/2252-82-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x00070000000233fb-86.dat UPX behavioral2/memory/1764-88-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x00070000000233fc-92.dat UPX behavioral2/memory/1384-95-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x00070000000233fd-98.dat UPX behavioral2/memory/1384-100-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x00070000000233fe-104.dat UPX behavioral2/memory/2968-105-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/memory/1036-108-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x00070000000233ff-111.dat UPX behavioral2/files/0x0007000000023400-115.dat UPX behavioral2/memory/1104-117-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x00090000000233ea-121.dat UPX behavioral2/files/0x0007000000023401-126.dat UPX behavioral2/memory/3552-135-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x0007000000023402-133.dat UPX behavioral2/memory/3432-140-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x0007000000023404-143.dat UPX behavioral2/files/0x0007000000023405-151.dat UPX behavioral2/files/0x0007000000023406-156.dat UPX behavioral2/files/0x0007000000023407-161.dat UPX behavioral2/memory/4712-163-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x0007000000023408-167.dat UPX behavioral2/files/0x0007000000023409-172.dat UPX behavioral2/memory/1968-174-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x000700000002340a-177.dat UPX behavioral2/files/0x000700000002340b-183.dat UPX behavioral2/memory/3432-148-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/memory/1460-146-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x0007000000023403-138.dat UPX behavioral2/memory/4076-191-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/memory/4812-201-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/memory/3044-205-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/memory/3084-209-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/memory/1496-214-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/memory/4440-220-0x0000000000400000-0x0000000000432000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 4020 nbhbbb.exe 2128 nhttth.exe 1856 pjpjd.exe 3096 1nttnt.exe 1756 pvjdj.exe 1232 lxrlrfx.exe 2332 1pvvp.exe 2044 lrfffll.exe 3180 nbbtnn.exe 3464 xxllffx.exe 1200 xxxrrxx.exe 1004 hbtnht.exe 2252 dpvvj.exe 1764 7xfxfff.exe 3872 bbttnn.exe 1384 jjvdv.exe 2968 xfflxff.exe 1036 djjdj.exe 1104 jvjjd.exe 3896 rlffxlr.exe 856 dpvpj.exe 1472 dvdpv.exe 3552 lxffxxf.exe 3432 tbhnnn.exe 1460 dvjvv.exe 908 xllfxxr.exe 2588 rlfxrll.exe 4712 bthhbb.exe 1968 nnhhbn.exe 2444 llrrlll.exe 4328 bbhhhn.exe 3560 dpdvj.exe 4076 xfllfff.exe 3208 nbttnn.exe 2612 5jppd.exe 4812 lrrrlll.exe 3044 xxrrrrr.exe 3084 ttbbtt.exe 3064 dvdvp.exe 1496 jjjdd.exe 4440 7xlfrrf.exe 2960 hthbnn.exe 4020 hhnhbh.exe 1372 jjpdd.exe 2192 ppppp.exe 4520 xrxrllf.exe 604 bhtnhh.exe 4092 3nbtnn.exe 3396 dvdvp.exe 676 xfrrllr.exe 1728 bhnhht.exe 1948 bntnnh.exe 3240 dvvvp.exe 3256 lflflfl.exe 3464 5rrxxxf.exe 948 7htbbh.exe 1532 htbttt.exe 2372 jjvpv.exe 3116 jdpvp.exe 2688 lfrlfff.exe 2964 htnhnn.exe 3956 jdvjd.exe 4332 7rxlfxr.exe 1080 9bhhbt.exe -
resource yara_rule behavioral2/memory/1812-0-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x000500000002328f-6.dat upx behavioral2/memory/4020-7-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x000a0000000233e5-11.dat upx behavioral2/memory/4020-15-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x00070000000233ed-12.dat upx behavioral2/memory/2128-13-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/memory/1812-5-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x00070000000233ee-22.dat upx behavioral2/memory/1856-24-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x00070000000233ef-30.dat upx behavioral2/memory/1756-32-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/memory/3096-31-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x00070000000233f0-37.dat upx behavioral2/memory/1756-36-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/memory/1232-40-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x00070000000233f2-43.dat upx behavioral2/files/0x00070000000233f3-50.dat upx behavioral2/memory/2332-49-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x00070000000233f4-53.dat upx behavioral2/memory/2044-55-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x00070000000233f5-59.dat upx behavioral2/files/0x00070000000233f6-66.dat upx behavioral2/memory/1200-68-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x00070000000233f8-70.dat upx behavioral2/files/0x00070000000233f9-75.dat upx behavioral2/files/0x00070000000233fa-80.dat upx behavioral2/memory/2252-82-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x00070000000233fb-86.dat upx behavioral2/memory/1764-88-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x00070000000233fc-92.dat upx behavioral2/memory/1384-95-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x00070000000233fd-98.dat upx behavioral2/memory/1384-100-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x00070000000233fe-104.dat upx behavioral2/memory/2968-105-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/memory/1036-108-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x00070000000233ff-111.dat upx behavioral2/files/0x0007000000023400-115.dat upx behavioral2/memory/1104-117-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x00090000000233ea-121.dat upx behavioral2/files/0x0007000000023401-126.dat upx behavioral2/memory/3552-135-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x0007000000023402-133.dat upx behavioral2/memory/3432-140-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x0007000000023404-143.dat upx behavioral2/files/0x0007000000023405-151.dat upx behavioral2/files/0x0007000000023406-156.dat upx behavioral2/files/0x0007000000023407-161.dat upx behavioral2/memory/4712-163-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x0007000000023408-167.dat upx behavioral2/files/0x0007000000023409-172.dat upx behavioral2/memory/1968-174-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x000700000002340a-177.dat upx behavioral2/files/0x000700000002340b-183.dat upx behavioral2/memory/3432-148-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/memory/1460-146-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x0007000000023403-138.dat upx behavioral2/memory/4076-191-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/memory/4812-201-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/memory/3044-205-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/memory/3084-209-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/memory/1496-214-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/memory/4440-220-0x0000000000400000-0x0000000000432000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1812 wrote to memory of 4020 1812 0936c62ba23c675aaa245d487b8f28d3046f6fb77b1e0584671437f5e565658d.exe 83 PID 1812 wrote to memory of 4020 1812 0936c62ba23c675aaa245d487b8f28d3046f6fb77b1e0584671437f5e565658d.exe 83 PID 1812 wrote to memory of 4020 1812 0936c62ba23c675aaa245d487b8f28d3046f6fb77b1e0584671437f5e565658d.exe 83 PID 4020 wrote to memory of 2128 4020 nbhbbb.exe 84 PID 4020 wrote to memory of 2128 4020 nbhbbb.exe 84 PID 4020 wrote to memory of 2128 4020 nbhbbb.exe 84 PID 2128 wrote to memory of 1856 2128 nhttth.exe 85 PID 2128 wrote to memory of 1856 2128 nhttth.exe 85 PID 2128 wrote to memory of 1856 2128 nhttth.exe 85 PID 1856 wrote to memory of 3096 1856 pjpjd.exe 86 PID 1856 wrote to memory of 3096 1856 pjpjd.exe 86 PID 1856 wrote to memory of 3096 1856 pjpjd.exe 86 PID 3096 wrote to memory of 1756 3096 1nttnt.exe 87 PID 3096 wrote to memory of 1756 3096 1nttnt.exe 87 PID 3096 wrote to memory of 1756 3096 1nttnt.exe 87 PID 1756 wrote to memory of 1232 1756 pvjdj.exe 88 PID 1756 wrote to memory of 1232 1756 pvjdj.exe 88 PID 1756 wrote to memory of 1232 1756 pvjdj.exe 88 PID 1232 wrote to memory of 2332 1232 lxrlrfx.exe 89 PID 1232 wrote to memory of 2332 1232 lxrlrfx.exe 89 PID 1232 wrote to memory of 2332 1232 lxrlrfx.exe 89 PID 2332 wrote to memory of 2044 2332 1pvvp.exe 90 PID 2332 wrote to memory of 2044 2332 1pvvp.exe 90 PID 2332 wrote to memory of 2044 2332 1pvvp.exe 90 PID 2044 wrote to memory of 3180 2044 lrfffll.exe 91 PID 2044 wrote to memory of 3180 2044 lrfffll.exe 91 PID 2044 wrote to memory of 3180 2044 lrfffll.exe 91 PID 3180 wrote to memory of 3464 3180 nbbtnn.exe 92 PID 3180 wrote to memory of 3464 3180 nbbtnn.exe 92 PID 3180 wrote to memory of 3464 3180 nbbtnn.exe 92 PID 3464 wrote to memory of 1200 3464 xxllffx.exe 93 PID 3464 wrote to memory of 1200 3464 xxllffx.exe 93 PID 3464 wrote to memory of 1200 3464 xxllffx.exe 93 PID 1200 wrote to memory of 1004 1200 xxxrrxx.exe 95 PID 1200 wrote to memory of 1004 1200 xxxrrxx.exe 95 PID 1200 wrote to memory of 1004 1200 xxxrrxx.exe 95 PID 1004 wrote to memory of 2252 1004 hbtnht.exe 96 PID 1004 wrote to memory of 2252 1004 hbtnht.exe 96 PID 1004 wrote to memory of 2252 1004 hbtnht.exe 96 PID 2252 wrote to memory of 1764 2252 dpvvj.exe 97 PID 2252 wrote to memory of 1764 2252 dpvvj.exe 97 PID 2252 wrote to memory of 1764 2252 dpvvj.exe 97 PID 1764 wrote to memory of 3872 1764 7xfxfff.exe 98 PID 1764 wrote to memory of 3872 1764 7xfxfff.exe 98 PID 1764 wrote to memory of 3872 1764 7xfxfff.exe 98 PID 3872 wrote to memory of 1384 3872 bbttnn.exe 99 PID 3872 wrote to memory of 1384 3872 bbttnn.exe 99 PID 3872 wrote to memory of 1384 3872 bbttnn.exe 99 PID 1384 wrote to memory of 2968 1384 jjvdv.exe 101 PID 1384 wrote to memory of 2968 1384 jjvdv.exe 101 PID 1384 wrote to memory of 2968 1384 jjvdv.exe 101 PID 2968 wrote to memory of 1036 2968 xfflxff.exe 102 PID 2968 wrote to memory of 1036 2968 xfflxff.exe 102 PID 2968 wrote to memory of 1036 2968 xfflxff.exe 102 PID 1036 wrote to memory of 1104 1036 djjdj.exe 103 PID 1036 wrote to memory of 1104 1036 djjdj.exe 103 PID 1036 wrote to memory of 1104 1036 djjdj.exe 103 PID 1104 wrote to memory of 3896 1104 jvjjd.exe 104 PID 1104 wrote to memory of 3896 1104 jvjjd.exe 104 PID 1104 wrote to memory of 3896 1104 jvjjd.exe 104 PID 3896 wrote to memory of 856 3896 rlffxlr.exe 105 PID 3896 wrote to memory of 856 3896 rlffxlr.exe 105 PID 3896 wrote to memory of 856 3896 rlffxlr.exe 105 PID 856 wrote to memory of 1472 856 dpvpj.exe 106
Processes
-
C:\Users\Admin\AppData\Local\Temp\0936c62ba23c675aaa245d487b8f28d3046f6fb77b1e0584671437f5e565658d.exe"C:\Users\Admin\AppData\Local\Temp\0936c62ba23c675aaa245d487b8f28d3046f6fb77b1e0584671437f5e565658d.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1812 -
\??\c:\nbhbbb.exec:\nbhbbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4020 -
\??\c:\nhttth.exec:\nhttth.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2128 -
\??\c:\pjpjd.exec:\pjpjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1856 -
\??\c:\1nttnt.exec:\1nttnt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3096 -
\??\c:\pvjdj.exec:\pvjdj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1756 -
\??\c:\lxrlrfx.exec:\lxrlrfx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1232 -
\??\c:\1pvvp.exec:\1pvvp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2332 -
\??\c:\lrfffll.exec:\lrfffll.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2044 -
\??\c:\nbbtnn.exec:\nbbtnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3180 -
\??\c:\xxllffx.exec:\xxllffx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3464 -
\??\c:\xxxrrxx.exec:\xxxrrxx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1200 -
\??\c:\hbtnht.exec:\hbtnht.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1004 -
\??\c:\dpvvj.exec:\dpvvj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2252 -
\??\c:\7xfxfff.exec:\7xfxfff.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1764 -
\??\c:\bbttnn.exec:\bbttnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3872 -
\??\c:\jjvdv.exec:\jjvdv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1384 -
\??\c:\xfflxff.exec:\xfflxff.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2968 -
\??\c:\djjdj.exec:\djjdj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1036 -
\??\c:\jvjjd.exec:\jvjjd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1104 -
\??\c:\rlffxlr.exec:\rlffxlr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3896 -
\??\c:\dpvpj.exec:\dpvpj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:856 -
\??\c:\dvdpv.exec:\dvdpv.exe23⤵
- Executes dropped EXE
PID:1472 -
\??\c:\lxffxxf.exec:\lxffxxf.exe24⤵
- Executes dropped EXE
PID:3552 -
\??\c:\tbhnnn.exec:\tbhnnn.exe25⤵
- Executes dropped EXE
PID:3432 -
\??\c:\dvjvv.exec:\dvjvv.exe26⤵
- Executes dropped EXE
PID:1460 -
\??\c:\xllfxxr.exec:\xllfxxr.exe27⤵
- Executes dropped EXE
PID:908 -
\??\c:\rlfxrll.exec:\rlfxrll.exe28⤵
- Executes dropped EXE
PID:2588 -
\??\c:\bthhbb.exec:\bthhbb.exe29⤵
- Executes dropped EXE
PID:4712 -
\??\c:\nnhhbn.exec:\nnhhbn.exe30⤵
- Executes dropped EXE
PID:1968 -
\??\c:\llrrlll.exec:\llrrlll.exe31⤵
- Executes dropped EXE
PID:2444 -
\??\c:\bbhhhn.exec:\bbhhhn.exe32⤵
- Executes dropped EXE
PID:4328 -
\??\c:\dpdvj.exec:\dpdvj.exe33⤵
- Executes dropped EXE
PID:3560 -
\??\c:\xfllfff.exec:\xfllfff.exe34⤵
- Executes dropped EXE
PID:4076 -
\??\c:\nbttnn.exec:\nbttnn.exe35⤵
- Executes dropped EXE
PID:3208 -
\??\c:\5jppd.exec:\5jppd.exe36⤵
- Executes dropped EXE
PID:2612 -
\??\c:\lrrrlll.exec:\lrrrlll.exe37⤵
- Executes dropped EXE
PID:4812 -
\??\c:\xxrrrrr.exec:\xxrrrrr.exe38⤵
- Executes dropped EXE
PID:3044 -
\??\c:\ttbbtt.exec:\ttbbtt.exe39⤵
- Executes dropped EXE
PID:3084 -
\??\c:\dvdvp.exec:\dvdvp.exe40⤵
- Executes dropped EXE
PID:3064 -
\??\c:\jjjdd.exec:\jjjdd.exe41⤵
- Executes dropped EXE
PID:1496 -
\??\c:\7xlfrrf.exec:\7xlfrrf.exe42⤵
- Executes dropped EXE
PID:4440 -
\??\c:\hthbnn.exec:\hthbnn.exe43⤵
- Executes dropped EXE
PID:2960 -
\??\c:\hhnhbh.exec:\hhnhbh.exe44⤵
- Executes dropped EXE
PID:4020 -
\??\c:\jjpdd.exec:\jjpdd.exe45⤵
- Executes dropped EXE
PID:1372 -
\??\c:\ppppp.exec:\ppppp.exe46⤵
- Executes dropped EXE
PID:2192 -
\??\c:\xrxrllf.exec:\xrxrllf.exe47⤵
- Executes dropped EXE
PID:4520 -
\??\c:\bhtnhh.exec:\bhtnhh.exe48⤵
- Executes dropped EXE
PID:604 -
\??\c:\3nbtnn.exec:\3nbtnn.exe49⤵
- Executes dropped EXE
PID:4092 -
\??\c:\dvdvp.exec:\dvdvp.exe50⤵
- Executes dropped EXE
PID:3396 -
\??\c:\xfrrllr.exec:\xfrrllr.exe51⤵
- Executes dropped EXE
PID:676 -
\??\c:\bhnhht.exec:\bhnhht.exe52⤵
- Executes dropped EXE
PID:1728 -
\??\c:\bntnnh.exec:\bntnnh.exe53⤵
- Executes dropped EXE
PID:1948 -
\??\c:\dvvvp.exec:\dvvvp.exe54⤵
- Executes dropped EXE
PID:3240 -
\??\c:\lflflfl.exec:\lflflfl.exe55⤵
- Executes dropped EXE
PID:3256 -
\??\c:\5rrxxxf.exec:\5rrxxxf.exe56⤵
- Executes dropped EXE
PID:3464 -
\??\c:\7htbbh.exec:\7htbbh.exe57⤵
- Executes dropped EXE
PID:948 -
\??\c:\htbttt.exec:\htbttt.exe58⤵
- Executes dropped EXE
PID:1532 -
\??\c:\jjvpv.exec:\jjvpv.exe59⤵
- Executes dropped EXE
PID:2372 -
\??\c:\jdpvp.exec:\jdpvp.exe60⤵
- Executes dropped EXE
PID:3116 -
\??\c:\lfrlfff.exec:\lfrlfff.exe61⤵
- Executes dropped EXE
PID:2688 -
\??\c:\htnhnn.exec:\htnhnn.exe62⤵
- Executes dropped EXE
PID:2964 -
\??\c:\jdvjd.exec:\jdvjd.exe63⤵
- Executes dropped EXE
PID:3956 -
\??\c:\7rxlfxr.exec:\7rxlfxr.exe64⤵
- Executes dropped EXE
PID:4332 -
\??\c:\9bhhbt.exec:\9bhhbt.exe65⤵
- Executes dropped EXE
PID:1080 -
\??\c:\jvvvp.exec:\jvvvp.exe66⤵PID:4684
-
\??\c:\lrfxllf.exec:\lrfxllf.exe67⤵PID:3336
-
\??\c:\rxxfxxr.exec:\rxxfxxr.exe68⤵PID:5044
-
\??\c:\tbhbbb.exec:\tbhbbb.exe69⤵PID:944
-
\??\c:\vpddv.exec:\vpddv.exe70⤵PID:2972
-
\??\c:\xxrrrrl.exec:\xxrrrrl.exe71⤵PID:660
-
\??\c:\bhnhbb.exec:\bhnhbb.exe72⤵PID:1404
-
\??\c:\dvjdv.exec:\dvjdv.exe73⤵PID:5092
-
\??\c:\vppjv.exec:\vppjv.exe74⤵PID:3788
-
\??\c:\ffrllxx.exec:\ffrllxx.exe75⤵PID:4644
-
\??\c:\ntbtnn.exec:\ntbtnn.exe76⤵PID:1460
-
\??\c:\jdjpp.exec:\jdjpp.exe77⤵PID:3988
-
\??\c:\xxrrlff.exec:\xxrrlff.exe78⤵PID:1732
-
\??\c:\fxllrrx.exec:\fxllrrx.exe79⤵PID:1844
-
\??\c:\jjppp.exec:\jjppp.exe80⤵PID:3028
-
\??\c:\xxrrllf.exec:\xxrrllf.exe81⤵PID:2000
-
\??\c:\bttbtt.exec:\bttbtt.exe82⤵PID:2656
-
\??\c:\jjvpj.exec:\jjvpj.exe83⤵PID:3660
-
\??\c:\thhnht.exec:\thhnht.exe84⤵PID:3528
-
\??\c:\jvdpj.exec:\jvdpj.exe85⤵PID:3976
-
\??\c:\vjpjd.exec:\vjpjd.exe86⤵PID:3580
-
\??\c:\fllfxrl.exec:\fllfxrl.exe87⤵PID:3720
-
\??\c:\thhhbb.exec:\thhhbb.exe88⤵PID:5108
-
\??\c:\pdddv.exec:\pdddv.exe89⤵PID:1432
-
\??\c:\xrrrlll.exec:\xrrrlll.exe90⤵PID:2272
-
\??\c:\9fxxllf.exec:\9fxxllf.exe91⤵PID:636
-
\??\c:\htbbtn.exec:\htbbtn.exe92⤵PID:800
-
\??\c:\jdppv.exec:\jdppv.exe93⤵PID:4440
-
\??\c:\dvvpj.exec:\dvvpj.exe94⤵PID:116
-
\??\c:\3xfrllf.exec:\3xfrllf.exe95⤵PID:736
-
\??\c:\httnbb.exec:\httnbb.exe96⤵PID:1804
-
\??\c:\lrffrxr.exec:\lrffrxr.exe97⤵PID:1604
-
\??\c:\bhtttt.exec:\bhtttt.exe98⤵PID:1756
-
\??\c:\bthbbb.exec:\bthbbb.exe99⤵PID:3920
-
\??\c:\pdddv.exec:\pdddv.exe100⤵PID:964
-
\??\c:\dvdvp.exec:\dvdvp.exe101⤵PID:5068
-
\??\c:\7xfxrrr.exec:\7xfxrrr.exe102⤵PID:2936
-
\??\c:\9lrlfxx.exec:\9lrlfxx.exe103⤵PID:5024
-
\??\c:\thtntt.exec:\thtntt.exe104⤵PID:3256
-
\??\c:\5hhbtb.exec:\5hhbtb.exe105⤵PID:1952
-
\??\c:\djjdv.exec:\djjdv.exe106⤵PID:2396
-
\??\c:\rllfxxr.exec:\rllfxxr.exe107⤵PID:2372
-
\??\c:\fxlfffx.exec:\fxlfffx.exe108⤵PID:3744
-
\??\c:\5htbhn.exec:\5htbhn.exe109⤵PID:1424
-
\??\c:\hnhhbt.exec:\hnhhbt.exe110⤵PID:1384
-
\??\c:\vjvvj.exec:\vjvvj.exe111⤵PID:2968
-
\??\c:\rlfxxxx.exec:\rlfxxxx.exe112⤵PID:4684
-
\??\c:\rlxlrfr.exec:\rlxlrfr.exe113⤵PID:5044
-
\??\c:\nbbnnn.exec:\nbbnnn.exe114⤵PID:2724
-
\??\c:\ddvpd.exec:\ddvpd.exe115⤵PID:436
-
\??\c:\vjpjd.exec:\vjpjd.exe116⤵PID:2172
-
\??\c:\lxlffll.exec:\lxlffll.exe117⤵PID:1976
-
\??\c:\xrrxffx.exec:\xrrxffx.exe118⤵PID:2452
-
\??\c:\nnnnhh.exec:\nnnnhh.exe119⤵PID:1192
-
\??\c:\bthbtt.exec:\bthbtt.exe120⤵PID:404
-
\??\c:\vvjdp.exec:\vvjdp.exe121⤵PID:4892
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-