Analysis
-
max time kernel
150s -
max time network
132s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18-05-2024 23:18
Behavioral task
behavioral1
Sample
82475d709025c6c127103f1644e1a3cb55a9175f3241271f9b829d59d936db81.exe
Resource
win7-20240508-en
windows7-x64
6 signatures
150 seconds
General
-
Target
82475d709025c6c127103f1644e1a3cb55a9175f3241271f9b829d59d936db81.exe
-
Size
74KB
-
MD5
a97612fd5a2199ec851146d78f541c25
-
SHA1
e642d7cd451946183114ce2ff6499d86045e432a
-
SHA256
82475d709025c6c127103f1644e1a3cb55a9175f3241271f9b829d59d936db81
-
SHA512
77fa71fd6441b830a7c7aed47f190ca572690307b058fd06e5582c0bb99317343d6ba85d5f63be5755c78f38a867c32a911ff57db0a3775118e6cb611435e46e
-
SSDEEP
1536:CvQBeOGtrYS3srx93UBWfwC6Ggnouy8Aeb3F7:ChOmTsF93UYfwC6GIoutAeb3l
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/1380-5-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4648-14-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3972-12-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1464-20-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4252-30-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3308-36-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2388-41-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1000-52-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4460-59-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2208-66-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2308-71-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4052-74-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3432-85-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5036-92-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2264-97-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2264-102-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1792-108-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4548-123-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1188-131-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4520-144-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1496-155-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4696-178-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5052-195-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1648-205-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4632-211-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2556-215-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2880-222-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4364-223-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1612-230-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3632-234-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2092-238-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3408-242-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2164-252-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5076-260-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3392-269-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2052-273-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4616-277-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1792-303-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3148-307-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1352-318-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1152-350-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/452-357-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3864-373-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/944-380-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1648-384-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4196-416-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1272-432-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2784-436-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4616-447-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4324-472-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2932-479-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/896-490-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1304-496-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/384-501-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4664-513-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/720-523-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3836-604-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4036-710-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1612-816-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2072-1266-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1204-1291-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4240-1300-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2336-1347-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1464-1403-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/1380-0-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000700000002328e-3.dat UPX behavioral2/memory/1380-5-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x0007000000023423-9.dat UPX behavioral2/memory/4648-14-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3972-12-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x0007000000023424-13.dat UPX behavioral2/memory/1464-20-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x0007000000023425-23.dat UPX behavioral2/memory/4252-25-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4252-30-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x0007000000023426-28.dat UPX behavioral2/files/0x0007000000023427-34.dat UPX behavioral2/memory/3308-36-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2388-41-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x0007000000023428-42.dat UPX behavioral2/files/0x0007000000023429-46.dat UPX behavioral2/files/0x000700000002342a-51.dat UPX behavioral2/memory/1000-52-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000700000002342b-56.dat UPX behavioral2/memory/2208-60-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4460-59-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000700000002342c-63.dat UPX behavioral2/memory/2208-66-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000700000002342d-69.dat UPX behavioral2/memory/2308-71-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4052-74-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000700000002342e-76.dat UPX behavioral2/memory/2716-79-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000700000002342f-82.dat UPX behavioral2/memory/3432-85-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x0007000000023430-89.dat UPX behavioral2/memory/5036-92-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x0007000000023431-94.dat UPX behavioral2/memory/2264-97-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x0007000000023432-100.dat UPX behavioral2/memory/2264-102-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x0007000000023433-106.dat UPX behavioral2/memory/1792-108-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x0007000000023434-113.dat UPX behavioral2/files/0x0007000000023435-117.dat UPX behavioral2/files/0x0007000000023436-124.dat UPX behavioral2/memory/4548-123-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1188-126-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1188-131-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x0007000000023437-129.dat UPX behavioral2/files/0x0007000000023438-135.dat UPX behavioral2/files/0x0007000000023439-140.dat UPX behavioral2/memory/4520-144-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000700000002343a-146.dat UPX behavioral2/memory/1496-149-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000700000002343b-152.dat UPX behavioral2/memory/1496-155-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4100-156-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000700000002343c-160.dat UPX behavioral2/files/0x000700000002343d-164.dat UPX behavioral2/files/0x000700000002343e-171.dat UPX behavioral2/memory/4696-178-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000700000002343f-176.dat UPX behavioral2/files/0x0007000000023440-181.dat UPX behavioral2/files/0x0007000000023441-186.dat UPX behavioral2/memory/5052-195-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1648-205-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4632-211-0x0000000000400000-0x0000000000429000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 3972 dpvpj.exe 4648 tbhhnn.exe 1464 bttttt.exe 4252 frxrfxr.exe 3308 7nbhhn.exe 2388 5pvvp.exe 1800 xxrxlxl.exe 1000 bthhhb.exe 4460 djdpd.exe 2208 xlffrxx.exe 2308 ntbbth.exe 4052 jdppd.exe 2716 7fllrff.exe 3432 9tbnhh.exe 5036 vvdjv.exe 2264 rlrrrxx.exe 1792 nbhhhh.exe 4324 llrrrrr.exe 4464 7xllllx.exe 4548 hnhnth.exe 1188 1pvvp.exe 2680 rrrlflf.exe 4928 1htnhh.exe 4520 bbnnhh.exe 1496 3dddd.exe 4100 ffxlfrr.exe 2044 7bnttb.exe 1152 vjppp.exe 4664 pjdjj.exe 4696 xrrlrxr.exe 632 tbnbth.exe 1148 dpvvj.exe 5052 rllrrxf.exe 4040 htnhnh.exe 3188 nbhbnb.exe 3692 5pppp.exe 1648 xxxxxrr.exe 4632 nthhtn.exe 2556 hhbtbt.exe 616 dpvdv.exe 2880 9lxxfxr.exe 4364 hthhbn.exe 1612 frxxxfl.exe 3632 nhtbhh.exe 2092 vvjjj.exe 3408 jvdvj.exe 900 xxfxxff.exe 4244 hhbbbn.exe 2164 pvvpj.exe 1272 vdpjj.exe 5076 rxrrlxl.exe 4080 tbtnbh.exe 2424 ppddp.exe 3392 rlxrxfr.exe 2052 thhbtb.exe 4616 jjjdd.exe 2812 rfrlfff.exe 4640 1xxxrlf.exe 5048 htbtbn.exe 3432 jvpjp.exe 3884 3jjjj.exe 1356 3fflllr.exe 976 htnhnb.exe 1792 vppdd.exe -
resource yara_rule behavioral2/memory/1380-0-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000700000002328e-3.dat upx behavioral2/memory/1380-5-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x0007000000023423-9.dat upx behavioral2/memory/4648-14-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3972-12-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x0007000000023424-13.dat upx behavioral2/memory/1464-20-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x0007000000023425-23.dat upx behavioral2/memory/4252-25-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4252-30-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x0007000000023426-28.dat upx behavioral2/files/0x0007000000023427-34.dat upx behavioral2/memory/3308-36-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2388-41-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x0007000000023428-42.dat upx behavioral2/files/0x0007000000023429-46.dat upx behavioral2/files/0x000700000002342a-51.dat upx behavioral2/memory/1000-52-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000700000002342b-56.dat upx behavioral2/memory/2208-60-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4460-59-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000700000002342c-63.dat upx behavioral2/memory/2208-66-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000700000002342d-69.dat upx behavioral2/memory/2308-71-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4052-74-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000700000002342e-76.dat upx behavioral2/memory/2716-79-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000700000002342f-82.dat upx behavioral2/memory/3432-85-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x0007000000023430-89.dat upx behavioral2/memory/5036-92-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x0007000000023431-94.dat upx behavioral2/memory/2264-97-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x0007000000023432-100.dat upx behavioral2/memory/2264-102-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x0007000000023433-106.dat upx behavioral2/memory/1792-108-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x0007000000023434-113.dat upx behavioral2/files/0x0007000000023435-117.dat upx behavioral2/files/0x0007000000023436-124.dat upx behavioral2/memory/4548-123-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1188-126-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1188-131-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x0007000000023437-129.dat upx behavioral2/files/0x0007000000023438-135.dat upx behavioral2/files/0x0007000000023439-140.dat upx behavioral2/memory/4520-144-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000700000002343a-146.dat upx behavioral2/memory/1496-149-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000700000002343b-152.dat upx behavioral2/memory/1496-155-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4100-156-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000700000002343c-160.dat upx behavioral2/files/0x000700000002343d-164.dat upx behavioral2/files/0x000700000002343e-171.dat upx behavioral2/memory/4696-178-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000700000002343f-176.dat upx behavioral2/files/0x0007000000023440-181.dat upx behavioral2/files/0x0007000000023441-186.dat upx behavioral2/memory/5052-195-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1648-205-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4632-211-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1380 wrote to memory of 3972 1380 82475d709025c6c127103f1644e1a3cb55a9175f3241271f9b829d59d936db81.exe 83 PID 1380 wrote to memory of 3972 1380 82475d709025c6c127103f1644e1a3cb55a9175f3241271f9b829d59d936db81.exe 83 PID 1380 wrote to memory of 3972 1380 82475d709025c6c127103f1644e1a3cb55a9175f3241271f9b829d59d936db81.exe 83 PID 3972 wrote to memory of 4648 3972 dpvpj.exe 84 PID 3972 wrote to memory of 4648 3972 dpvpj.exe 84 PID 3972 wrote to memory of 4648 3972 dpvpj.exe 84 PID 4648 wrote to memory of 1464 4648 tbhhnn.exe 85 PID 4648 wrote to memory of 1464 4648 tbhhnn.exe 85 PID 4648 wrote to memory of 1464 4648 tbhhnn.exe 85 PID 1464 wrote to memory of 4252 1464 bttttt.exe 86 PID 1464 wrote to memory of 4252 1464 bttttt.exe 86 PID 1464 wrote to memory of 4252 1464 bttttt.exe 86 PID 4252 wrote to memory of 3308 4252 frxrfxr.exe 87 PID 4252 wrote to memory of 3308 4252 frxrfxr.exe 87 PID 4252 wrote to memory of 3308 4252 frxrfxr.exe 87 PID 3308 wrote to memory of 2388 3308 7nbhhn.exe 88 PID 3308 wrote to memory of 2388 3308 7nbhhn.exe 88 PID 3308 wrote to memory of 2388 3308 7nbhhn.exe 88 PID 2388 wrote to memory of 1800 2388 5pvvp.exe 89 PID 2388 wrote to memory of 1800 2388 5pvvp.exe 89 PID 2388 wrote to memory of 1800 2388 5pvvp.exe 89 PID 1800 wrote to memory of 1000 1800 xxrxlxl.exe 90 PID 1800 wrote to memory of 1000 1800 xxrxlxl.exe 90 PID 1800 wrote to memory of 1000 1800 xxrxlxl.exe 90 PID 1000 wrote to memory of 4460 1000 bthhhb.exe 91 PID 1000 wrote to memory of 4460 1000 bthhhb.exe 91 PID 1000 wrote to memory of 4460 1000 bthhhb.exe 91 PID 4460 wrote to memory of 2208 4460 djdpd.exe 92 PID 4460 wrote to memory of 2208 4460 djdpd.exe 92 PID 4460 wrote to memory of 2208 4460 djdpd.exe 92 PID 2208 wrote to memory of 2308 2208 xlffrxx.exe 93 PID 2208 wrote to memory of 2308 2208 xlffrxx.exe 93 PID 2208 wrote to memory of 2308 2208 xlffrxx.exe 93 PID 2308 wrote to memory of 4052 2308 ntbbth.exe 94 PID 2308 wrote to memory of 4052 2308 ntbbth.exe 94 PID 2308 wrote to memory of 4052 2308 ntbbth.exe 94 PID 4052 wrote to memory of 2716 4052 jdppd.exe 95 PID 4052 wrote to memory of 2716 4052 jdppd.exe 95 PID 4052 wrote to memory of 2716 4052 jdppd.exe 95 PID 2716 wrote to memory of 3432 2716 7fllrff.exe 96 PID 2716 wrote to memory of 3432 2716 7fllrff.exe 96 PID 2716 wrote to memory of 3432 2716 7fllrff.exe 96 PID 3432 wrote to memory of 5036 3432 9tbnhh.exe 97 PID 3432 wrote to memory of 5036 3432 9tbnhh.exe 97 PID 3432 wrote to memory of 5036 3432 9tbnhh.exe 97 PID 5036 wrote to memory of 2264 5036 vvdjv.exe 98 PID 5036 wrote to memory of 2264 5036 vvdjv.exe 98 PID 5036 wrote to memory of 2264 5036 vvdjv.exe 98 PID 2264 wrote to memory of 1792 2264 rlrrrxx.exe 99 PID 2264 wrote to memory of 1792 2264 rlrrrxx.exe 99 PID 2264 wrote to memory of 1792 2264 rlrrrxx.exe 99 PID 1792 wrote to memory of 4324 1792 nbhhhh.exe 100 PID 1792 wrote to memory of 4324 1792 nbhhhh.exe 100 PID 1792 wrote to memory of 4324 1792 nbhhhh.exe 100 PID 4324 wrote to memory of 4464 4324 llrrrrr.exe 101 PID 4324 wrote to memory of 4464 4324 llrrrrr.exe 101 PID 4324 wrote to memory of 4464 4324 llrrrrr.exe 101 PID 4464 wrote to memory of 4548 4464 7xllllx.exe 102 PID 4464 wrote to memory of 4548 4464 7xllllx.exe 102 PID 4464 wrote to memory of 4548 4464 7xllllx.exe 102 PID 4548 wrote to memory of 1188 4548 hnhnth.exe 103 PID 4548 wrote to memory of 1188 4548 hnhnth.exe 103 PID 4548 wrote to memory of 1188 4548 hnhnth.exe 103 PID 1188 wrote to memory of 2680 1188 1pvvp.exe 104
Processes
-
C:\Users\Admin\AppData\Local\Temp\82475d709025c6c127103f1644e1a3cb55a9175f3241271f9b829d59d936db81.exe"C:\Users\Admin\AppData\Local\Temp\82475d709025c6c127103f1644e1a3cb55a9175f3241271f9b829d59d936db81.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1380 -
\??\c:\dpvpj.exec:\dpvpj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3972 -
\??\c:\tbhhnn.exec:\tbhhnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4648 -
\??\c:\bttttt.exec:\bttttt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1464 -
\??\c:\frxrfxr.exec:\frxrfxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4252 -
\??\c:\7nbhhn.exec:\7nbhhn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3308 -
\??\c:\5pvvp.exec:\5pvvp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2388 -
\??\c:\xxrxlxl.exec:\xxrxlxl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1800 -
\??\c:\bthhhb.exec:\bthhhb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1000 -
\??\c:\djdpd.exec:\djdpd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4460 -
\??\c:\xlffrxx.exec:\xlffrxx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2208 -
\??\c:\ntbbth.exec:\ntbbth.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2308 -
\??\c:\jdppd.exec:\jdppd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4052 -
\??\c:\7fllrff.exec:\7fllrff.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2716 -
\??\c:\9tbnhh.exec:\9tbnhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3432 -
\??\c:\vvdjv.exec:\vvdjv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5036 -
\??\c:\rlrrrxx.exec:\rlrrrxx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2264 -
\??\c:\nbhhhh.exec:\nbhhhh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1792 -
\??\c:\llrrrrr.exec:\llrrrrr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4324 -
\??\c:\7xllllx.exec:\7xllllx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4464 -
\??\c:\hnhnth.exec:\hnhnth.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4548 -
\??\c:\1pvvp.exec:\1pvvp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1188 -
\??\c:\rrrlflf.exec:\rrrlflf.exe23⤵
- Executes dropped EXE
PID:2680 -
\??\c:\1htnhh.exec:\1htnhh.exe24⤵
- Executes dropped EXE
PID:4928 -
\??\c:\bbnnhh.exec:\bbnnhh.exe25⤵
- Executes dropped EXE
PID:4520 -
\??\c:\3dddd.exec:\3dddd.exe26⤵
- Executes dropped EXE
PID:1496 -
\??\c:\ffxlfrr.exec:\ffxlfrr.exe27⤵
- Executes dropped EXE
PID:4100 -
\??\c:\7bnttb.exec:\7bnttb.exe28⤵
- Executes dropped EXE
PID:2044 -
\??\c:\vjppp.exec:\vjppp.exe29⤵
- Executes dropped EXE
PID:1152 -
\??\c:\pjdjj.exec:\pjdjj.exe30⤵
- Executes dropped EXE
PID:4664 -
\??\c:\xrrlrxr.exec:\xrrlrxr.exe31⤵
- Executes dropped EXE
PID:4696 -
\??\c:\tbnbth.exec:\tbnbth.exe32⤵
- Executes dropped EXE
PID:632 -
\??\c:\dpvvj.exec:\dpvvj.exe33⤵
- Executes dropped EXE
PID:1148 -
\??\c:\rllrrxf.exec:\rllrrxf.exe34⤵
- Executes dropped EXE
PID:5052 -
\??\c:\htnhnh.exec:\htnhnh.exe35⤵
- Executes dropped EXE
PID:4040 -
\??\c:\nbhbnb.exec:\nbhbnb.exe36⤵
- Executes dropped EXE
PID:3188 -
\??\c:\5pppp.exec:\5pppp.exe37⤵
- Executes dropped EXE
PID:3692 -
\??\c:\xxxxxrr.exec:\xxxxxrr.exe38⤵
- Executes dropped EXE
PID:1648 -
\??\c:\nthhtn.exec:\nthhtn.exe39⤵
- Executes dropped EXE
PID:4632 -
\??\c:\hhbtbt.exec:\hhbtbt.exe40⤵
- Executes dropped EXE
PID:2556 -
\??\c:\dpvdv.exec:\dpvdv.exe41⤵
- Executes dropped EXE
PID:616 -
\??\c:\9lxxfxr.exec:\9lxxfxr.exe42⤵
- Executes dropped EXE
PID:2880 -
\??\c:\hthhbn.exec:\hthhbn.exe43⤵
- Executes dropped EXE
PID:4364 -
\??\c:\frxxxfl.exec:\frxxxfl.exe44⤵
- Executes dropped EXE
PID:1612 -
\??\c:\nhtbhh.exec:\nhtbhh.exe45⤵
- Executes dropped EXE
PID:3632 -
\??\c:\vvjjj.exec:\vvjjj.exe46⤵
- Executes dropped EXE
PID:2092 -
\??\c:\jvdvj.exec:\jvdvj.exe47⤵
- Executes dropped EXE
PID:3408 -
\??\c:\xxfxxff.exec:\xxfxxff.exe48⤵
- Executes dropped EXE
PID:900 -
\??\c:\hhbbbn.exec:\hhbbbn.exe49⤵
- Executes dropped EXE
PID:4244 -
\??\c:\pvvpj.exec:\pvvpj.exe50⤵
- Executes dropped EXE
PID:2164 -
\??\c:\vdpjj.exec:\vdpjj.exe51⤵
- Executes dropped EXE
PID:1272 -
\??\c:\rxrrlxl.exec:\rxrrlxl.exe52⤵
- Executes dropped EXE
PID:5076 -
\??\c:\tbtnbh.exec:\tbtnbh.exe53⤵
- Executes dropped EXE
PID:4080 -
\??\c:\ppddp.exec:\ppddp.exe54⤵
- Executes dropped EXE
PID:2424 -
\??\c:\rlxrxfr.exec:\rlxrxfr.exe55⤵
- Executes dropped EXE
PID:3392 -
\??\c:\thhbtb.exec:\thhbtb.exe56⤵
- Executes dropped EXE
PID:2052 -
\??\c:\jjjdd.exec:\jjjdd.exe57⤵
- Executes dropped EXE
PID:4616 -
\??\c:\rfrlfff.exec:\rfrlfff.exe58⤵
- Executes dropped EXE
PID:2812 -
\??\c:\1xxxrlf.exec:\1xxxrlf.exe59⤵
- Executes dropped EXE
PID:4640 -
\??\c:\htbtbn.exec:\htbtbn.exe60⤵
- Executes dropped EXE
PID:5048 -
\??\c:\jvpjp.exec:\jvpjp.exe61⤵
- Executes dropped EXE
PID:3432 -
\??\c:\3jjjj.exec:\3jjjj.exe62⤵
- Executes dropped EXE
PID:3884 -
\??\c:\3fflllr.exec:\3fflllr.exe63⤵
- Executes dropped EXE
PID:1356 -
\??\c:\htnhnb.exec:\htnhnb.exe64⤵
- Executes dropped EXE
PID:976 -
\??\c:\vppdd.exec:\vppdd.exe65⤵
- Executes dropped EXE
PID:1792 -
\??\c:\dpdpj.exec:\dpdpj.exe66⤵PID:3148
-
\??\c:\1xfxxrr.exec:\1xfxxrr.exe67⤵PID:3128
-
\??\c:\nnhthb.exec:\nnhthb.exe68⤵PID:3196
-
\??\c:\vpddv.exec:\vpddv.exe69⤵PID:1352
-
\??\c:\xlllrlr.exec:\xlllrlr.exe70⤵PID:2128
-
\??\c:\nhtnhn.exec:\nhtnhn.exe71⤵PID:3404
-
\??\c:\vdjvj.exec:\vdjvj.exe72⤵PID:548
-
\??\c:\9ffrfff.exec:\9ffrfff.exe73⤵PID:3696
-
\??\c:\rlffxrx.exec:\rlffxrx.exe74⤵PID:2336
-
\??\c:\nhhbhn.exec:\nhhbhn.exe75⤵PID:3500
-
\??\c:\ppdjv.exec:\ppdjv.exe76⤵PID:4284
-
\??\c:\lfxrfxr.exec:\lfxrfxr.exe77⤵PID:5060
-
\??\c:\xxxllxx.exec:\xxxllxx.exe78⤵PID:2684
-
\??\c:\ntnttt.exec:\ntnttt.exe79⤵PID:1152
-
\??\c:\vdpvp.exec:\vdpvp.exe80⤵PID:1772
-
\??\c:\xxxxxrf.exec:\xxxxxrf.exe81⤵PID:452
-
\??\c:\7rxxfxr.exec:\7rxxfxr.exe82⤵PID:2632
-
\??\c:\5httnt.exec:\5httnt.exe83⤵PID:1896
-
\??\c:\5ntnnn.exec:\5ntnnn.exe84⤵PID:528
-
\??\c:\ddddv.exec:\ddddv.exe85⤵PID:1736
-
\??\c:\pjjdp.exec:\pjjdp.exe86⤵PID:3864
-
\??\c:\xxfrrlx.exec:\xxfrrlx.exe87⤵PID:1428
-
\??\c:\htbbhn.exec:\htbbhn.exe88⤵PID:944
-
\??\c:\dpvjd.exec:\dpvjd.exe89⤵PID:1648
-
\??\c:\jjpdd.exec:\jjpdd.exe90⤵PID:2188
-
\??\c:\xxxfxlr.exec:\xxxfxlr.exe91⤵PID:2072
-
\??\c:\thnnnn.exec:\thnnnn.exe92⤵PID:3464
-
\??\c:\tbtbbb.exec:\tbtbbb.exe93⤵PID:2484
-
\??\c:\vjjdj.exec:\vjjdj.exe94⤵PID:1284
-
\??\c:\xfffxfx.exec:\xfffxfx.exe95⤵PID:1888
-
\??\c:\nnhhhh.exec:\nnhhhh.exe96⤵PID:3156
-
\??\c:\nhbbtn.exec:\nhbbtn.exe97⤵PID:3200
-
\??\c:\pjvpd.exec:\pjvpd.exe98⤵PID:1464
-
\??\c:\flfxxxx.exec:\flfxxxx.exe99⤵PID:4196
-
\??\c:\bhtbnb.exec:\bhtbnb.exe100⤵PID:3408
-
\??\c:\hntbhb.exec:\hntbhb.exe101⤵PID:1596
-
\??\c:\vppvd.exec:\vppvd.exe102⤵PID:1976
-
\??\c:\3flfxfl.exec:\3flfxfl.exe103⤵PID:1172
-
\??\c:\7frxrrl.exec:\7frxrrl.exe104⤵PID:1272
-
\??\c:\1bhhbb.exec:\1bhhbb.exe105⤵PID:2784
-
\??\c:\pjjvj.exec:\pjjvj.exe106⤵PID:4080
-
\??\c:\rlxxflx.exec:\rlxxflx.exe107⤵PID:2372
-
\??\c:\pvdpv.exec:\pvdpv.exe108⤵PID:2352
-
\??\c:\jppvp.exec:\jppvp.exe109⤵PID:4616
-
\??\c:\rlfrflx.exec:\rlfrflx.exe110⤵PID:4580
-
\??\c:\bbthhn.exec:\bbthhn.exe111⤵PID:5048
-
\??\c:\nbnhhn.exec:\nbnhhn.exe112⤵PID:4908
-
\??\c:\pdjpp.exec:\pdjpp.exe113⤵PID:3884
-
\??\c:\xxxxlrr.exec:\xxxxlrr.exe114⤵PID:2600
-
\??\c:\lrrlflx.exec:\lrrlflx.exe115⤵PID:2700
-
\??\c:\hntnbt.exec:\hntnbt.exe116⤵PID:4324
-
\??\c:\thtnbb.exec:\thtnbb.exe117⤵PID:3148
-
\??\c:\5vpvd.exec:\5vpvd.exe118⤵PID:2932
-
\??\c:\xxlllll.exec:\xxlllll.exe119⤵PID:208
-
\??\c:\lrlrlfr.exec:\lrlrlfr.exe120⤵PID:1352
-
\??\c:\btbhnb.exec:\btbhnb.exe121⤵PID:896
-
\??\c:\jjvdj.exec:\jjvdj.exe122⤵PID:2488
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-