Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
17-05-2024 18:19
Behavioral task
behavioral1
Sample
066b78f4eec06b122105d7c8e4e5c9c8f650bebf1f32d17b012aa53ca80ad62e.exe
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
General
-
Target
066b78f4eec06b122105d7c8e4e5c9c8f650bebf1f32d17b012aa53ca80ad62e.exe
-
Size
441KB
-
MD5
4cd8b2f00eec519c8d6364011b9def9e
-
SHA1
6c3900ba49ed426ba2a6321858e1130284c649cd
-
SHA256
066b78f4eec06b122105d7c8e4e5c9c8f650bebf1f32d17b012aa53ca80ad62e
-
SHA512
09c43aaded984e69f8f75cd17eab64a3e9cb10a6ab72baf4c1da3e6dcc439d64ec4d4d26ad13a584cba4e40675b3a1de68c4b650c7116f72df7bc416be186e05
-
SSDEEP
12288:M4wFHoSpg4wFHonR/nPF2LnFL4wF04wFK4wFK4wlua:UrR/nPB
Malware Config
Signatures
-
Detect Blackmoon payload 61 IoCs
resource yara_rule behavioral2/memory/2028-8-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/3540-6-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/2028-15-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/316-19-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/4076-26-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/3848-34-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/4324-46-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/2844-49-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/5028-55-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/4976-63-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/2168-71-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/4040-69-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/2212-77-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/8-83-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/8-90-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/2212-86-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/2168-81-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/4648-96-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/3320-105-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/4472-109-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/4852-119-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/4052-118-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/4852-125-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/1288-128-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/3284-131-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/1288-134-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/3284-138-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/3680-145-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/4192-163-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/400-168-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/3476-156-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/4576-174-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/4972-179-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/1228-188-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/2792-193-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/2304-202-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/1796-208-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/2284-210-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/2284-215-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/2224-216-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/2224-218-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/3540-225-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/848-226-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/848-230-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/4784-237-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/316-236-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/4784-242-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/2012-247-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/4964-251-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/3244-252-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/3844-260-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/4008-265-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/4592-270-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/408-275-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/4056-276-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/4056-280-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/2768-285-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/1708-290-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/8-295-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/3384-300-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral2/memory/2504-11180-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/files/0x0006000000023298-3.dat UPX behavioral2/memory/2028-8-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/memory/3540-6-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/files/0x0007000000023414-12.dat UPX behavioral2/memory/316-13-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/memory/2028-15-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/files/0x0008000000023413-10.dat UPX behavioral2/memory/316-19-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/files/0x0007000000023416-24.dat UPX behavioral2/memory/4076-26-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/memory/4324-35-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/memory/3848-34-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/files/0x0007000000023417-33.dat UPX behavioral2/files/0x0007000000023419-45.dat UPX behavioral2/files/0x0007000000023418-39.dat UPX behavioral2/memory/4324-46-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/memory/2844-49-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/memory/5028-47-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/memory/4976-53-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/memory/5028-55-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/files/0x000700000002341a-52.dat UPX behavioral2/memory/4040-61-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/memory/4976-63-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/files/0x000700000002341b-60.dat UPX behavioral2/files/0x0008000000023411-66.dat UPX behavioral2/memory/2168-71-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/memory/4040-69-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/files/0x000700000002341c-74.dat UPX behavioral2/files/0x000700000002341d-79.dat UPX behavioral2/memory/8-83-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/files/0x000700000002341e-87.dat UPX behavioral2/memory/8-90-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/memory/2212-86-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/memory/2168-81-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/files/0x000700000002341f-94.dat UPX behavioral2/memory/4648-96-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/memory/3320-98-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/files/0x0007000000022976-101.dat UPX behavioral2/memory/4472-103-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/memory/3320-105-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/files/0x000600000002296d-110.dat UPX behavioral2/memory/4472-109-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/memory/4052-112-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/files/0x0007000000023420-116.dat UPX behavioral2/memory/4052-118-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/memory/4852-125-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/files/0x0007000000023422-129.dat UPX behavioral2/memory/1288-128-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/files/0x0007000000023421-123.dat UPX behavioral2/memory/3284-131-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/memory/1288-134-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/files/0x0007000000023424-139.dat UPX behavioral2/memory/3284-138-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/memory/3680-140-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/files/0x0007000000023425-143.dat UPX behavioral2/memory/3476-147-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/memory/3680-145-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/memory/4192-163-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/memory/400-168-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/files/0x0007000000023428-165.dat UPX behavioral2/files/0x0007000000023427-158.dat UPX behavioral2/memory/3476-156-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/memory/4192-153-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral2/files/0x0007000000023426-151.dat UPX -
Executes dropped EXE 64 IoCs
pid Process 2028 tbbtnh.exe 316 jdvpv.exe 4076 xflfxxr.exe 3848 xrfxrrl.exe 4324 hbbnnb.exe 2844 xxllrrl.exe 5028 rlllxxr.exe 4976 bbnhtn.exe 4040 jjvvd.exe 2168 djvpd.exe 2212 dvjvj.exe 8 rlfrlfx.exe 4648 hnbthh.exe 3320 thbtnh.exe 4472 lxrlrrx.exe 4052 xlxrffr.exe 4852 dvdvv.exe 1288 lrxrllx.exe 3284 bthtnb.exe 3680 pvjdv.exe 3476 bhnntb.exe 4192 vpjdv.exe 400 1xfxlrr.exe 4576 tthhnt.exe 4972 5jjdd.exe 1228 xxlrxxf.exe 2792 xxxxxxx.exe 2304 bbtnnt.exe 1796 dvdpp.exe 2284 1bnhbb.exe 2224 xrlfxxx.exe 848 dpvpd.exe 316 vpjvd.exe 4784 hhbthh.exe 2012 rfrlrll.exe 4964 xflfxxx.exe 3244 pdjjd.exe 3844 vvvpj.exe 4008 rxflllf.exe 4592 hhnnnn.exe 408 xlxrllf.exe 4056 rrrrlfl.exe 2768 lrffxrl.exe 1708 thhtbh.exe 8 fxfxlll.exe 3384 btbthb.exe 3652 3pvpj.exe 880 nthbnt.exe 2904 pdpdd.exe 3748 ffrxlll.exe 4560 hbtnbb.exe 4140 vppjv.exe 1356 rxrlffx.exe 3284 7pjdp.exe 4304 lrxxxff.exe 1560 vvvpj.exe 1804 lfrlffx.exe 3008 bbtttn.exe 2084 vvpjd.exe 2936 lrffffx.exe 4072 rlrlllf.exe 1520 9htnhb.exe 3968 7vvvj.exe 1476 7rllfff.exe -
resource yara_rule behavioral2/memory/3540-0-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/files/0x0006000000023298-3.dat upx behavioral2/memory/2028-8-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/memory/3540-6-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/files/0x0007000000023414-12.dat upx behavioral2/memory/316-13-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/memory/2028-15-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/files/0x0008000000023413-10.dat upx behavioral2/memory/4076-21-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/memory/316-19-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/files/0x0007000000023416-24.dat upx behavioral2/memory/3848-27-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/memory/4076-26-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/memory/4324-35-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/memory/3848-34-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/files/0x0007000000023417-33.dat upx behavioral2/memory/2844-40-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/files/0x0007000000023419-45.dat upx behavioral2/files/0x0007000000023418-39.dat upx behavioral2/memory/4324-46-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/memory/2844-49-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/memory/5028-47-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/memory/4976-53-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/memory/5028-55-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/files/0x000700000002341a-52.dat upx behavioral2/memory/4040-61-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/memory/4976-63-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/files/0x000700000002341b-60.dat upx behavioral2/files/0x0008000000023411-66.dat upx behavioral2/memory/2168-71-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/memory/4040-69-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/files/0x000700000002341c-74.dat upx behavioral2/memory/2212-77-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/files/0x000700000002341d-79.dat upx behavioral2/memory/8-83-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/files/0x000700000002341e-87.dat upx behavioral2/memory/8-90-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/memory/2212-86-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/memory/2168-81-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/memory/4648-91-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/files/0x000700000002341f-94.dat upx behavioral2/memory/4648-96-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/memory/3320-98-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/files/0x0007000000022976-101.dat upx behavioral2/memory/4472-103-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/memory/3320-105-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/files/0x000600000002296d-110.dat upx behavioral2/memory/4472-109-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/memory/4052-112-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/files/0x0007000000023420-116.dat upx behavioral2/memory/4852-119-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/memory/4052-118-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/memory/4852-125-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/files/0x0007000000023422-129.dat upx behavioral2/memory/1288-128-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/files/0x0007000000023421-123.dat upx behavioral2/memory/3284-131-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/memory/1288-134-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/files/0x0007000000023424-139.dat upx behavioral2/memory/3284-138-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/memory/3680-140-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/files/0x0007000000023425-143.dat upx behavioral2/memory/3476-147-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral2/memory/3680-145-0x0000000000400000-0x000000000048C000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3540 wrote to memory of 2028 3540 066b78f4eec06b122105d7c8e4e5c9c8f650bebf1f32d17b012aa53ca80ad62e.exe 82 PID 3540 wrote to memory of 2028 3540 066b78f4eec06b122105d7c8e4e5c9c8f650bebf1f32d17b012aa53ca80ad62e.exe 82 PID 3540 wrote to memory of 2028 3540 066b78f4eec06b122105d7c8e4e5c9c8f650bebf1f32d17b012aa53ca80ad62e.exe 82 PID 2028 wrote to memory of 316 2028 tbbtnh.exe 83 PID 2028 wrote to memory of 316 2028 tbbtnh.exe 83 PID 2028 wrote to memory of 316 2028 tbbtnh.exe 83 PID 316 wrote to memory of 4076 316 jdvpv.exe 84 PID 316 wrote to memory of 4076 316 jdvpv.exe 84 PID 316 wrote to memory of 4076 316 jdvpv.exe 84 PID 4076 wrote to memory of 3848 4076 xflfxxr.exe 85 PID 4076 wrote to memory of 3848 4076 xflfxxr.exe 85 PID 4076 wrote to memory of 3848 4076 xflfxxr.exe 85 PID 3848 wrote to memory of 4324 3848 xrfxrrl.exe 86 PID 3848 wrote to memory of 4324 3848 xrfxrrl.exe 86 PID 3848 wrote to memory of 4324 3848 xrfxrrl.exe 86 PID 4324 wrote to memory of 2844 4324 hbbnnb.exe 87 PID 4324 wrote to memory of 2844 4324 hbbnnb.exe 87 PID 4324 wrote to memory of 2844 4324 hbbnnb.exe 87 PID 2844 wrote to memory of 5028 2844 xxllrrl.exe 88 PID 2844 wrote to memory of 5028 2844 xxllrrl.exe 88 PID 2844 wrote to memory of 5028 2844 xxllrrl.exe 88 PID 5028 wrote to memory of 4976 5028 rlllxxr.exe 89 PID 5028 wrote to memory of 4976 5028 rlllxxr.exe 89 PID 5028 wrote to memory of 4976 5028 rlllxxr.exe 89 PID 4976 wrote to memory of 4040 4976 bbnhtn.exe 91 PID 4976 wrote to memory of 4040 4976 bbnhtn.exe 91 PID 4976 wrote to memory of 4040 4976 bbnhtn.exe 91 PID 4040 wrote to memory of 2168 4040 jjvvd.exe 93 PID 4040 wrote to memory of 2168 4040 jjvvd.exe 93 PID 4040 wrote to memory of 2168 4040 jjvvd.exe 93 PID 2168 wrote to memory of 2212 2168 djvpd.exe 94 PID 2168 wrote to memory of 2212 2168 djvpd.exe 94 PID 2168 wrote to memory of 2212 2168 djvpd.exe 94 PID 2212 wrote to memory of 8 2212 dvjvj.exe 95 PID 2212 wrote to memory of 8 2212 dvjvj.exe 95 PID 2212 wrote to memory of 8 2212 dvjvj.exe 95 PID 8 wrote to memory of 4648 8 rlfrlfx.exe 96 PID 8 wrote to memory of 4648 8 rlfrlfx.exe 96 PID 8 wrote to memory of 4648 8 rlfrlfx.exe 96 PID 4648 wrote to memory of 3320 4648 hnbthh.exe 98 PID 4648 wrote to memory of 3320 4648 hnbthh.exe 98 PID 4648 wrote to memory of 3320 4648 hnbthh.exe 98 PID 3320 wrote to memory of 4472 3320 thbtnh.exe 99 PID 3320 wrote to memory of 4472 3320 thbtnh.exe 99 PID 3320 wrote to memory of 4472 3320 thbtnh.exe 99 PID 4472 wrote to memory of 4052 4472 lxrlrrx.exe 100 PID 4472 wrote to memory of 4052 4472 lxrlrrx.exe 100 PID 4472 wrote to memory of 4052 4472 lxrlrrx.exe 100 PID 4052 wrote to memory of 4852 4052 xlxrffr.exe 101 PID 4052 wrote to memory of 4852 4052 xlxrffr.exe 101 PID 4052 wrote to memory of 4852 4052 xlxrffr.exe 101 PID 4852 wrote to memory of 1288 4852 dvdvv.exe 102 PID 4852 wrote to memory of 1288 4852 dvdvv.exe 102 PID 4852 wrote to memory of 1288 4852 dvdvv.exe 102 PID 1288 wrote to memory of 3284 1288 lrxrllx.exe 103 PID 1288 wrote to memory of 3284 1288 lrxrllx.exe 103 PID 1288 wrote to memory of 3284 1288 lrxrllx.exe 103 PID 3284 wrote to memory of 3680 3284 bthtnb.exe 104 PID 3284 wrote to memory of 3680 3284 bthtnb.exe 104 PID 3284 wrote to memory of 3680 3284 bthtnb.exe 104 PID 3680 wrote to memory of 3476 3680 pvjdv.exe 105 PID 3680 wrote to memory of 3476 3680 pvjdv.exe 105 PID 3680 wrote to memory of 3476 3680 pvjdv.exe 105 PID 3476 wrote to memory of 4192 3476 bhnntb.exe 106
Processes
-
C:\Users\Admin\AppData\Local\Temp\066b78f4eec06b122105d7c8e4e5c9c8f650bebf1f32d17b012aa53ca80ad62e.exe"C:\Users\Admin\AppData\Local\Temp\066b78f4eec06b122105d7c8e4e5c9c8f650bebf1f32d17b012aa53ca80ad62e.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3540 -
\??\c:\tbbtnh.exec:\tbbtnh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2028 -
\??\c:\jdvpv.exec:\jdvpv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:316 -
\??\c:\xflfxxr.exec:\xflfxxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4076 -
\??\c:\xrfxrrl.exec:\xrfxrrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3848 -
\??\c:\hbbnnb.exec:\hbbnnb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4324 -
\??\c:\xxllrrl.exec:\xxllrrl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2844 -
\??\c:\rlllxxr.exec:\rlllxxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5028 -
\??\c:\bbnhtn.exec:\bbnhtn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4976 -
\??\c:\jjvvd.exec:\jjvvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4040 -
\??\c:\djvpd.exec:\djvpd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2168 -
\??\c:\dvjvj.exec:\dvjvj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2212 -
\??\c:\rlfrlfx.exec:\rlfrlfx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:8 -
\??\c:\hnbthh.exec:\hnbthh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4648 -
\??\c:\thbtnh.exec:\thbtnh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3320 -
\??\c:\lxrlrrx.exec:\lxrlrrx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4472 -
\??\c:\xlxrffr.exec:\xlxrffr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4052 -
\??\c:\dvdvv.exec:\dvdvv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4852 -
\??\c:\lrxrllx.exec:\lrxrllx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1288 -
\??\c:\bthtnb.exec:\bthtnb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3284 -
\??\c:\pvjdv.exec:\pvjdv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3680 -
\??\c:\bhnntb.exec:\bhnntb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3476 -
\??\c:\vpjdv.exec:\vpjdv.exe23⤵
- Executes dropped EXE
PID:4192 -
\??\c:\1xfxlrr.exec:\1xfxlrr.exe24⤵
- Executes dropped EXE
PID:400 -
\??\c:\tthhnt.exec:\tthhnt.exe25⤵
- Executes dropped EXE
PID:4576 -
\??\c:\5jjdd.exec:\5jjdd.exe26⤵
- Executes dropped EXE
PID:4972 -
\??\c:\xxlrxxf.exec:\xxlrxxf.exe27⤵
- Executes dropped EXE
PID:1228 -
\??\c:\xxxxxxx.exec:\xxxxxxx.exe28⤵
- Executes dropped EXE
PID:2792 -
\??\c:\bbtnnt.exec:\bbtnnt.exe29⤵
- Executes dropped EXE
PID:2304 -
\??\c:\dvdpp.exec:\dvdpp.exe30⤵
- Executes dropped EXE
PID:1796 -
\??\c:\1bnhbb.exec:\1bnhbb.exe31⤵
- Executes dropped EXE
PID:2284 -
\??\c:\xrlfxxx.exec:\xrlfxxx.exe32⤵
- Executes dropped EXE
PID:2224 -
\??\c:\ttntnh.exec:\ttntnh.exe33⤵PID:3540
-
\??\c:\dpvpd.exec:\dpvpd.exe34⤵
- Executes dropped EXE
PID:848 -
\??\c:\vpjvd.exec:\vpjvd.exe35⤵
- Executes dropped EXE
PID:316 -
\??\c:\hhbthh.exec:\hhbthh.exe36⤵
- Executes dropped EXE
PID:4784 -
\??\c:\rfrlrll.exec:\rfrlrll.exe37⤵
- Executes dropped EXE
PID:2012 -
\??\c:\xflfxxx.exec:\xflfxxx.exe38⤵
- Executes dropped EXE
PID:4964 -
\??\c:\pdjjd.exec:\pdjjd.exe39⤵
- Executes dropped EXE
PID:3244 -
\??\c:\vvvpj.exec:\vvvpj.exe40⤵
- Executes dropped EXE
PID:3844 -
\??\c:\rxflllf.exec:\rxflllf.exe41⤵
- Executes dropped EXE
PID:4008 -
\??\c:\hhnnnn.exec:\hhnnnn.exe42⤵
- Executes dropped EXE
PID:4592 -
\??\c:\xlxrllf.exec:\xlxrllf.exe43⤵
- Executes dropped EXE
PID:408 -
\??\c:\rrrrlfl.exec:\rrrrlfl.exe44⤵
- Executes dropped EXE
PID:4056 -
\??\c:\lrffxrl.exec:\lrffxrl.exe45⤵
- Executes dropped EXE
PID:2768 -
\??\c:\thhtbh.exec:\thhtbh.exe46⤵
- Executes dropped EXE
PID:1708 -
\??\c:\fxfxlll.exec:\fxfxlll.exe47⤵
- Executes dropped EXE
PID:8 -
\??\c:\btbthb.exec:\btbthb.exe48⤵
- Executes dropped EXE
PID:3384 -
\??\c:\3pvpj.exec:\3pvpj.exe49⤵
- Executes dropped EXE
PID:3652 -
\??\c:\nthbnt.exec:\nthbnt.exe50⤵
- Executes dropped EXE
PID:880 -
\??\c:\pdpdd.exec:\pdpdd.exe51⤵
- Executes dropped EXE
PID:2904 -
\??\c:\ffrxlll.exec:\ffrxlll.exe52⤵
- Executes dropped EXE
PID:3748 -
\??\c:\hbtnbb.exec:\hbtnbb.exe53⤵
- Executes dropped EXE
PID:4560 -
\??\c:\vppjv.exec:\vppjv.exe54⤵
- Executes dropped EXE
PID:4140 -
\??\c:\rxrlffx.exec:\rxrlffx.exe55⤵
- Executes dropped EXE
PID:1356 -
\??\c:\7pjdp.exec:\7pjdp.exe56⤵
- Executes dropped EXE
PID:3284 -
\??\c:\lrxxxff.exec:\lrxxxff.exe57⤵
- Executes dropped EXE
PID:4304 -
\??\c:\vvvpj.exec:\vvvpj.exe58⤵
- Executes dropped EXE
PID:1560 -
\??\c:\lfrlffx.exec:\lfrlffx.exe59⤵
- Executes dropped EXE
PID:1804 -
\??\c:\bbtttn.exec:\bbtttn.exe60⤵
- Executes dropped EXE
PID:3008 -
\??\c:\vvpjd.exec:\vvpjd.exe61⤵
- Executes dropped EXE
PID:2084 -
\??\c:\lrffffx.exec:\lrffffx.exe62⤵
- Executes dropped EXE
PID:2936 -
\??\c:\rlrlllf.exec:\rlrlllf.exe63⤵
- Executes dropped EXE
PID:4072 -
\??\c:\9htnhb.exec:\9htnhb.exe64⤵
- Executes dropped EXE
PID:1520 -
\??\c:\7vvvj.exec:\7vvvj.exe65⤵
- Executes dropped EXE
PID:3968 -
\??\c:\7rllfff.exec:\7rllfff.exe66⤵
- Executes dropped EXE
PID:1476 -
\??\c:\xfllffx.exec:\xfllffx.exe67⤵PID:2496
-
\??\c:\bthbnn.exec:\bthbnn.exe68⤵PID:2620
-
\??\c:\jppjd.exec:\jppjd.exe69⤵PID:1596
-
\??\c:\lllfrrr.exec:\lllfrrr.exe70⤵PID:1472
-
\??\c:\bthbbb.exec:\bthbbb.exe71⤵PID:924
-
\??\c:\hbbttt.exec:\hbbttt.exe72⤵PID:4844
-
\??\c:\jvddv.exec:\jvddv.exe73⤵PID:4044
-
\??\c:\pvddv.exec:\pvddv.exe74⤵PID:4216
-
\??\c:\9ffrlxx.exec:\9ffrlxx.exe75⤵PID:2760
-
\??\c:\1thbtt.exec:\1thbtt.exe76⤵PID:3228
-
\??\c:\pppjj.exec:\pppjj.exe77⤵PID:2980
-
\??\c:\dpjjd.exec:\dpjjd.exe78⤵PID:3216
-
\??\c:\rlffffx.exec:\rlffffx.exe79⤵PID:4504
-
\??\c:\1bbbtt.exec:\1bbbtt.exe80⤵PID:976
-
\??\c:\ttntnb.exec:\ttntnb.exe81⤵PID:2252
-
\??\c:\vpjdv.exec:\vpjdv.exe82⤵PID:1116
-
\??\c:\fxrrffx.exec:\fxrrffx.exe83⤵PID:3292
-
\??\c:\tntnnn.exec:\tntnnn.exe84⤵PID:2796
-
\??\c:\vpjjd.exec:\vpjjd.exe85⤵PID:4256
-
\??\c:\vdjjd.exec:\vdjjd.exe86⤵PID:4472
-
\??\c:\fxfxrrl.exec:\fxfxrrl.exe87⤵PID:764
-
\??\c:\nbhbtt.exec:\nbhbtt.exe88⤵PID:748
-
\??\c:\vjjjd.exec:\vjjjd.exe89⤵PID:4496
-
\??\c:\pjppv.exec:\pjppv.exe90⤵PID:4004
-
\??\c:\lrxrrrr.exec:\lrxrrrr.exe91⤵PID:4364
-
\??\c:\ttbtbb.exec:\ttbtbb.exe92⤵PID:3008
-
\??\c:\jvdvv.exec:\jvdvv.exe93⤵PID:1968
-
\??\c:\rxrxxfx.exec:\rxrxxfx.exe94⤵PID:1456
-
\??\c:\nnhbnh.exec:\nnhbnh.exe95⤵PID:4972
-
\??\c:\ddppj.exec:\ddppj.exe96⤵PID:1532
-
\??\c:\rllfxxx.exec:\rllfxxx.exe97⤵PID:4408
-
\??\c:\ntbbtt.exec:\ntbbtt.exe98⤵PID:1440
-
\??\c:\7bnhnt.exec:\7bnhnt.exe99⤵PID:1468
-
\??\c:\jpddp.exec:\jpddp.exe100⤵PID:4224
-
\??\c:\ffrlllr.exec:\ffrlllr.exe101⤵PID:2224
-
\??\c:\nbbbnn.exec:\nbbbnn.exe102⤵PID:2028
-
\??\c:\btttnt.exec:\btttnt.exe103⤵PID:1904
-
\??\c:\vjdvv.exec:\vjdvv.exe104⤵PID:4000
-
\??\c:\rlrfrlf.exec:\rlrfrlf.exe105⤵PID:1612
-
\??\c:\5lflxlr.exec:\5lflxlr.exe106⤵PID:3628
-
\??\c:\nbhttn.exec:\nbhttn.exe107⤵PID:4300
-
\??\c:\ppdvv.exec:\ppdvv.exe108⤵PID:4876
-
\??\c:\xfxxlrl.exec:\xfxxlrl.exe109⤵PID:3844
-
\??\c:\xrfxxxr.exec:\xrfxxxr.exe110⤵PID:556
-
\??\c:\hhhhhh.exec:\hhhhhh.exe111⤵PID:4112
-
\??\c:\ppppj.exec:\ppppj.exe112⤵PID:3264
-
\??\c:\vvjjv.exec:\vvjjv.exe113⤵PID:404
-
\??\c:\ffxllfr.exec:\ffxllfr.exe114⤵PID:4252
-
\??\c:\7bthbh.exec:\7bthbh.exe115⤵PID:4312
-
\??\c:\vjjjd.exec:\vjjjd.exe116⤵PID:3292
-
\??\c:\3dppj.exec:\3dppj.exe117⤵PID:2904
-
\??\c:\ffxxxxr.exec:\ffxxxxr.exe118⤵PID:4256
-
\??\c:\tnnbhh.exec:\tnnbhh.exe119⤵PID:4560
-
\??\c:\hhthnn.exec:\hhthnn.exe120⤵PID:4276
-
\??\c:\rrrllxr.exec:\rrrllxr.exe121⤵PID:1788
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-