Analysis
-
max time kernel
151s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 00:55
Behavioral task
behavioral1
Sample
98f27fb98d5c55fe222c36feb5193ad1450d91028934a2c915621f9dcccbf477.exe
Resource
win7-20240221-en
6 signatures
150 seconds
General
-
Target
98f27fb98d5c55fe222c36feb5193ad1450d91028934a2c915621f9dcccbf477.exe
-
Size
82KB
-
MD5
50d80250393f4a7881eda2cf8897f92f
-
SHA1
48af5158219923dab71cdb82f79e65515e764e89
-
SHA256
98f27fb98d5c55fe222c36feb5193ad1450d91028934a2c915621f9dcccbf477
-
SHA512
03f4111915e0695f8bac48840bce751b66e73ce14566598742941840de5722c4a27b6eca5f3fc56706685f2504c200ff936ebbe30d1e974facf775265cfc876b
-
SSDEEP
1536:CvQBeOGtrYS3srx93UBWfwC6Ggnouy8AelS7/7VIQH28:ChOmTsF93UYfwC6GIoutAe07zVIqF
Malware Config
Signatures
-
Detect Blackmoon payload 45 IoCs
resource yara_rule behavioral1/memory/1056-1-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2052-19-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2128-39-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2696-60-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2492-70-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2328-90-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1344-80-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/372-108-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1320-127-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1952-118-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1428-135-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1920-143-0x00000000003A0000-0x00000000003C9000-memory.dmp family_blackmoon behavioral1/memory/2184-153-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3020-212-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1768-237-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1676-274-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/880-300-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1604-317-0x00000000003B0000-0x00000000003D9000-memory.dmp family_blackmoon behavioral1/memory/3016-331-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/368-265-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/920-239-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2996-227-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/764-190-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/764-189-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/2448-360-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2340-367-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2500-370-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2152-393-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/2404-406-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2184-475-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/940-470-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2664-494-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2132-501-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/832-539-0x00000000001B0000-0x00000000001D9000-memory.dmp family_blackmoon behavioral1/memory/2892-577-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/2892-575-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/2868-628-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2604-643-0x00000000003C0000-0x00000000003E9000-memory.dmp family_blackmoon behavioral1/memory/1660-679-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/904-707-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/940-759-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/956-766-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/1620-819-0x00000000002A0000-0x00000000002C9000-memory.dmp family_blackmoon behavioral1/memory/2036-873-0x00000000003B0000-0x00000000003D9000-memory.dmp family_blackmoon behavioral1/memory/1656-1032-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral1/memory/1056-1-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/files/0x000b000000014fe1-8.dat UPX behavioral1/memory/2052-9-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2052-13-0x0000000000220000-0x0000000000249000-memory.dmp UPX behavioral1/files/0x00090000000155e2-20.dat UPX behavioral1/memory/2052-19-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/files/0x0008000000015c23-28.dat UPX behavioral1/files/0x0007000000015c2f-41.dat UPX behavioral1/files/0x0007000000015c3c-49.dat UPX behavioral1/memory/2696-50-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2524-40-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2128-39-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/files/0x0009000000015c52-58.dat UPX behavioral1/memory/2696-60-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2492-61-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2492-70-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/files/0x0009000000015ec0-71.dat UPX behavioral1/files/0x0006000000016042-82.dat UPX behavioral1/files/0x000600000001604b-92.dat UPX behavioral1/memory/2328-90-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2328-88-0x0000000000220000-0x0000000000249000-memory.dmp UPX behavioral1/memory/2328-81-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1344-80-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/files/0x0006000000016283-100.dat UPX behavioral1/memory/1952-109-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/372-108-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/files/0x0006000000016332-106.dat UPX behavioral1/files/0x0006000000016476-119.dat UPX behavioral1/files/0x00060000000165ae-126.dat UPX behavioral1/memory/1320-127-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1952-118-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1428-135-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/files/0x000600000001663d-134.dat UPX behavioral1/files/0x000900000001560a-144.dat UPX behavioral1/files/0x00060000000167db-154.dat UPX behavioral1/memory/2184-153-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/files/0x0006000000016b5e-164.dat UPX behavioral1/memory/1428-173-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/files/0x0006000000016b96-172.dat UPX behavioral1/files/0x0006000000016c23-201.dat UPX behavioral1/memory/3020-212-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/files/0x0006000000016ca9-218.dat UPX behavioral1/files/0x0006000000016c90-211.dat UPX behavioral1/files/0x0006000000016ccf-228.dat UPX behavioral1/memory/1768-237-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/files/0x0006000000016cf0-247.dat UPX behavioral1/files/0x0006000000016d01-256.dat UPX behavioral1/memory/1676-274-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/files/0x0006000000016d36-283.dat UPX behavioral1/files/0x0006000000016d41-291.dat UPX behavioral1/files/0x0006000000016d4a-301.dat UPX behavioral1/memory/880-300-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/3016-328-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/files/0x0006000000016d24-276.dat UPX behavioral1/files/0x0006000000016d11-266.dat UPX behavioral1/memory/368-265-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/920-239-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/files/0x0006000000016cd4-238.dat UPX behavioral1/memory/2996-227-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/files/0x0006000000016c1a-193.dat UPX behavioral1/memory/764-190-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/files/0x0006000000016c10-182.dat UPX behavioral1/memory/2448-360-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2340-367-0x0000000000400000-0x0000000000429000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 2052 hpnrd.exe 2080 vlftbrd.exe 2128 trdxn.exe 2524 xbtvhpl.exe 2696 xrjdlh.exe 2492 bhvdjbp.exe 1344 rrbddb.exe 2328 xpxnrv.exe 2764 tvnnt.exe 372 drtdnjr.exe 1952 tjrvnfr.exe 1320 nltpxpt.exe 1428 hntxl.exe 1920 prnhb.exe 2184 xnhpx.exe 1616 hnpflpn.exe 860 rtldnb.exe 1108 bdttx.exe 764 vtxvx.exe 1756 xlttrff.exe 2400 vjfhtd.exe 3020 nhhjvvf.exe 2996 nhhdlpp.exe 1768 nvbfvn.exe 920 vtxdjpn.exe 2984 xrntdbd.exe 368 fpvfl.exe 1676 hpdflx.exe 864 bpnrvjh.exe 3028 rvrvvx.exe 880 fhvbfn.exe 2212 bbttjfd.exe 2076 vdrrhh.exe 1604 hjnrtt.exe 2844 tbnltj.exe 3016 vjpff.exe 2472 ljhhntl.exe 2480 xfbjt.exe 2464 bvxdn.exe 2448 jnphpnv.exe 2340 rdbhh.exe 2500 jndpdt.exe 2352 nhbhvtn.exe 2388 hddtxpv.exe 2152 ftttxh.exe 324 dplhv.exe 2404 ddrpvxt.exe 1308 dnthltb.exe 904 nxdbdf.exe 1124 txfnlnh.exe 572 vrvdtdd.exe 1704 tblrdfj.exe 2176 vpnld.exe 2184 dbdlnxj.exe 1916 dldtrlh.exe 1648 ppxnx.exe 1188 tvxdvtf.exe 940 txtlp.exe 1688 tdnvtpf.exe 1596 vxdpvp.exe 2664 ptbrpx.exe 2132 bvddp.exe 832 fjlntp.exe 2996 jthvvjj.exe -
resource yara_rule behavioral1/memory/1056-1-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1056-7-0x0000000000220000-0x0000000000249000-memory.dmp upx behavioral1/files/0x000b000000014fe1-8.dat upx behavioral1/memory/2052-9-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2052-13-0x0000000000220000-0x0000000000249000-memory.dmp upx behavioral1/files/0x00090000000155e2-20.dat upx behavioral1/memory/2052-19-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/files/0x0008000000015c23-28.dat upx behavioral1/files/0x0007000000015c2f-41.dat upx behavioral1/files/0x0007000000015c3c-49.dat upx behavioral1/memory/2696-50-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2524-40-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2128-39-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/files/0x0009000000015c52-58.dat upx behavioral1/memory/2696-60-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2492-61-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2492-70-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/files/0x0009000000015ec0-71.dat upx behavioral1/files/0x0006000000016042-82.dat upx behavioral1/files/0x000600000001604b-92.dat upx behavioral1/memory/2328-90-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2328-88-0x0000000000220000-0x0000000000249000-memory.dmp upx behavioral1/memory/2328-81-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1344-80-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/files/0x0006000000016283-100.dat upx behavioral1/memory/1952-109-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/372-108-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/files/0x0006000000016332-106.dat upx behavioral1/files/0x0006000000016476-119.dat upx behavioral1/files/0x00060000000165ae-126.dat upx behavioral1/memory/1320-127-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1952-118-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1428-135-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/files/0x000600000001663d-134.dat upx behavioral1/files/0x000900000001560a-144.dat upx behavioral1/files/0x00060000000167db-154.dat upx behavioral1/memory/2184-153-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/files/0x0006000000016b5e-164.dat upx behavioral1/memory/1428-173-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/files/0x0006000000016b96-172.dat upx behavioral1/files/0x0006000000016c23-201.dat upx behavioral1/memory/3020-212-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/files/0x0006000000016ca9-218.dat upx behavioral1/files/0x0006000000016c90-211.dat upx behavioral1/files/0x0006000000016ccf-228.dat upx behavioral1/memory/1768-237-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/files/0x0006000000016cf0-247.dat upx behavioral1/files/0x0006000000016d01-256.dat upx behavioral1/memory/1676-274-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/files/0x0006000000016d36-283.dat upx behavioral1/files/0x0006000000016d41-291.dat upx behavioral1/files/0x0006000000016d4a-301.dat upx behavioral1/memory/880-300-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3016-328-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/files/0x0006000000016d24-276.dat upx behavioral1/files/0x0006000000016d11-266.dat upx behavioral1/memory/368-265-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/920-239-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/files/0x0006000000016cd4-238.dat upx behavioral1/memory/2996-227-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/files/0x0006000000016c1a-193.dat upx behavioral1/memory/764-190-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/files/0x0006000000016c10-182.dat upx behavioral1/memory/2448-360-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1056 wrote to memory of 2052 1056 98f27fb98d5c55fe222c36feb5193ad1450d91028934a2c915621f9dcccbf477.exe 28 PID 1056 wrote to memory of 2052 1056 98f27fb98d5c55fe222c36feb5193ad1450d91028934a2c915621f9dcccbf477.exe 28 PID 1056 wrote to memory of 2052 1056 98f27fb98d5c55fe222c36feb5193ad1450d91028934a2c915621f9dcccbf477.exe 28 PID 1056 wrote to memory of 2052 1056 98f27fb98d5c55fe222c36feb5193ad1450d91028934a2c915621f9dcccbf477.exe 28 PID 2052 wrote to memory of 2080 2052 hpnrd.exe 29 PID 2052 wrote to memory of 2080 2052 hpnrd.exe 29 PID 2052 wrote to memory of 2080 2052 hpnrd.exe 29 PID 2052 wrote to memory of 2080 2052 hpnrd.exe 29 PID 2080 wrote to memory of 2128 2080 vlftbrd.exe 30 PID 2080 wrote to memory of 2128 2080 vlftbrd.exe 30 PID 2080 wrote to memory of 2128 2080 vlftbrd.exe 30 PID 2080 wrote to memory of 2128 2080 vlftbrd.exe 30 PID 2128 wrote to memory of 2524 2128 trdxn.exe 31 PID 2128 wrote to memory of 2524 2128 trdxn.exe 31 PID 2128 wrote to memory of 2524 2128 trdxn.exe 31 PID 2128 wrote to memory of 2524 2128 trdxn.exe 31 PID 2524 wrote to memory of 2696 2524 xbtvhpl.exe 32 PID 2524 wrote to memory of 2696 2524 xbtvhpl.exe 32 PID 2524 wrote to memory of 2696 2524 xbtvhpl.exe 32 PID 2524 wrote to memory of 2696 2524 xbtvhpl.exe 32 PID 2696 wrote to memory of 2492 2696 xrjdlh.exe 33 PID 2696 wrote to memory of 2492 2696 xrjdlh.exe 33 PID 2696 wrote to memory of 2492 2696 xrjdlh.exe 33 PID 2696 wrote to memory of 2492 2696 xrjdlh.exe 33 PID 2492 wrote to memory of 1344 2492 bhvdjbp.exe 34 PID 2492 wrote to memory of 1344 2492 bhvdjbp.exe 34 PID 2492 wrote to memory of 1344 2492 bhvdjbp.exe 34 PID 2492 wrote to memory of 1344 2492 bhvdjbp.exe 34 PID 1344 wrote to memory of 2328 1344 rrbddb.exe 35 PID 1344 wrote to memory of 2328 1344 rrbddb.exe 35 PID 1344 wrote to memory of 2328 1344 rrbddb.exe 35 PID 1344 wrote to memory of 2328 1344 rrbddb.exe 35 PID 2328 wrote to memory of 2764 2328 xpxnrv.exe 36 PID 2328 wrote to memory of 2764 2328 xpxnrv.exe 36 PID 2328 wrote to memory of 2764 2328 xpxnrv.exe 36 PID 2328 wrote to memory of 2764 2328 xpxnrv.exe 36 PID 2764 wrote to memory of 372 2764 tvnnt.exe 37 PID 2764 wrote to memory of 372 2764 tvnnt.exe 37 PID 2764 wrote to memory of 372 2764 tvnnt.exe 37 PID 2764 wrote to memory of 372 2764 tvnnt.exe 37 PID 372 wrote to memory of 1952 372 drtdnjr.exe 38 PID 372 wrote to memory of 1952 372 drtdnjr.exe 38 PID 372 wrote to memory of 1952 372 drtdnjr.exe 38 PID 372 wrote to memory of 1952 372 drtdnjr.exe 38 PID 1952 wrote to memory of 1320 1952 tjrvnfr.exe 39 PID 1952 wrote to memory of 1320 1952 tjrvnfr.exe 39 PID 1952 wrote to memory of 1320 1952 tjrvnfr.exe 39 PID 1952 wrote to memory of 1320 1952 tjrvnfr.exe 39 PID 1320 wrote to memory of 1428 1320 nltpxpt.exe 40 PID 1320 wrote to memory of 1428 1320 nltpxpt.exe 40 PID 1320 wrote to memory of 1428 1320 nltpxpt.exe 40 PID 1320 wrote to memory of 1428 1320 nltpxpt.exe 40 PID 1428 wrote to memory of 1920 1428 hntxl.exe 41 PID 1428 wrote to memory of 1920 1428 hntxl.exe 41 PID 1428 wrote to memory of 1920 1428 hntxl.exe 41 PID 1428 wrote to memory of 1920 1428 hntxl.exe 41 PID 1920 wrote to memory of 2184 1920 prnhb.exe 42 PID 1920 wrote to memory of 2184 1920 prnhb.exe 42 PID 1920 wrote to memory of 2184 1920 prnhb.exe 42 PID 1920 wrote to memory of 2184 1920 prnhb.exe 42 PID 2184 wrote to memory of 1616 2184 xnhpx.exe 43 PID 2184 wrote to memory of 1616 2184 xnhpx.exe 43 PID 2184 wrote to memory of 1616 2184 xnhpx.exe 43 PID 2184 wrote to memory of 1616 2184 xnhpx.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\98f27fb98d5c55fe222c36feb5193ad1450d91028934a2c915621f9dcccbf477.exe"C:\Users\Admin\AppData\Local\Temp\98f27fb98d5c55fe222c36feb5193ad1450d91028934a2c915621f9dcccbf477.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1056 -
\??\c:\hpnrd.exec:\hpnrd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2052 -
\??\c:\vlftbrd.exec:\vlftbrd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2080 -
\??\c:\trdxn.exec:\trdxn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2128 -
\??\c:\xbtvhpl.exec:\xbtvhpl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2524 -
\??\c:\xrjdlh.exec:\xrjdlh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2696 -
\??\c:\bhvdjbp.exec:\bhvdjbp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2492 -
\??\c:\rrbddb.exec:\rrbddb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1344 -
\??\c:\xpxnrv.exec:\xpxnrv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2328 -
\??\c:\tvnnt.exec:\tvnnt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2764 -
\??\c:\drtdnjr.exec:\drtdnjr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:372 -
\??\c:\tjrvnfr.exec:\tjrvnfr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1952 -
\??\c:\nltpxpt.exec:\nltpxpt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1320 -
\??\c:\hntxl.exec:\hntxl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1428 -
\??\c:\prnhb.exec:\prnhb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1920 -
\??\c:\xnhpx.exec:\xnhpx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2184 -
\??\c:\hnpflpn.exec:\hnpflpn.exe17⤵
- Executes dropped EXE
PID:1616 -
\??\c:\rtldnb.exec:\rtldnb.exe18⤵
- Executes dropped EXE
PID:860 -
\??\c:\bdttx.exec:\bdttx.exe19⤵
- Executes dropped EXE
PID:1108 -
\??\c:\vtxvx.exec:\vtxvx.exe20⤵
- Executes dropped EXE
PID:764 -
\??\c:\xlttrff.exec:\xlttrff.exe21⤵
- Executes dropped EXE
PID:1756 -
\??\c:\vjfhtd.exec:\vjfhtd.exe22⤵
- Executes dropped EXE
PID:2400 -
\??\c:\nhhjvvf.exec:\nhhjvvf.exe23⤵
- Executes dropped EXE
PID:3020 -
\??\c:\nhhdlpp.exec:\nhhdlpp.exe24⤵
- Executes dropped EXE
PID:2996 -
\??\c:\nvbfvn.exec:\nvbfvn.exe25⤵
- Executes dropped EXE
PID:1768 -
\??\c:\vtxdjpn.exec:\vtxdjpn.exe26⤵
- Executes dropped EXE
PID:920 -
\??\c:\xrntdbd.exec:\xrntdbd.exe27⤵
- Executes dropped EXE
PID:2984 -
\??\c:\fpvfl.exec:\fpvfl.exe28⤵
- Executes dropped EXE
PID:368 -
\??\c:\hpdflx.exec:\hpdflx.exe29⤵
- Executes dropped EXE
PID:1676 -
\??\c:\bpnrvjh.exec:\bpnrvjh.exe30⤵
- Executes dropped EXE
PID:864 -
\??\c:\rvrvvx.exec:\rvrvvx.exe31⤵
- Executes dropped EXE
PID:3028 -
\??\c:\fhvbfn.exec:\fhvbfn.exe32⤵
- Executes dropped EXE
PID:880 -
\??\c:\bbttjfd.exec:\bbttjfd.exe33⤵
- Executes dropped EXE
PID:2212 -
\??\c:\vdrrhh.exec:\vdrrhh.exe34⤵
- Executes dropped EXE
PID:2076 -
\??\c:\hjnrtt.exec:\hjnrtt.exe35⤵
- Executes dropped EXE
PID:1604 -
\??\c:\tbnltj.exec:\tbnltj.exe36⤵
- Executes dropped EXE
PID:2844 -
\??\c:\vjpff.exec:\vjpff.exe37⤵
- Executes dropped EXE
PID:3016 -
\??\c:\ljhhntl.exec:\ljhhntl.exe38⤵
- Executes dropped EXE
PID:2472 -
\??\c:\xfbjt.exec:\xfbjt.exe39⤵
- Executes dropped EXE
PID:2480 -
\??\c:\bvxdn.exec:\bvxdn.exe40⤵
- Executes dropped EXE
PID:2464 -
\??\c:\jnphpnv.exec:\jnphpnv.exe41⤵
- Executes dropped EXE
PID:2448 -
\??\c:\rdbhh.exec:\rdbhh.exe42⤵
- Executes dropped EXE
PID:2340 -
\??\c:\jndpdt.exec:\jndpdt.exe43⤵
- Executes dropped EXE
PID:2500 -
\??\c:\nhbhvtn.exec:\nhbhvtn.exe44⤵
- Executes dropped EXE
PID:2352 -
\??\c:\hddtxpv.exec:\hddtxpv.exe45⤵
- Executes dropped EXE
PID:2388 -
\??\c:\ftttxh.exec:\ftttxh.exe46⤵
- Executes dropped EXE
PID:2152 -
\??\c:\dplhv.exec:\dplhv.exe47⤵
- Executes dropped EXE
PID:324 -
\??\c:\ddrpvxt.exec:\ddrpvxt.exe48⤵
- Executes dropped EXE
PID:2404 -
\??\c:\dnthltb.exec:\dnthltb.exe49⤵
- Executes dropped EXE
PID:1308 -
\??\c:\nxdbdf.exec:\nxdbdf.exe50⤵
- Executes dropped EXE
PID:904 -
\??\c:\txfnlnh.exec:\txfnlnh.exe51⤵
- Executes dropped EXE
PID:1124 -
\??\c:\vrvdtdd.exec:\vrvdtdd.exe52⤵
- Executes dropped EXE
PID:572 -
\??\c:\tblrdfj.exec:\tblrdfj.exe53⤵
- Executes dropped EXE
PID:1704 -
\??\c:\vpnld.exec:\vpnld.exe54⤵
- Executes dropped EXE
PID:2176 -
\??\c:\dbdlnxj.exec:\dbdlnxj.exe55⤵
- Executes dropped EXE
PID:2184 -
\??\c:\dldtrlh.exec:\dldtrlh.exe56⤵
- Executes dropped EXE
PID:1916 -
\??\c:\ppxnx.exec:\ppxnx.exe57⤵
- Executes dropped EXE
PID:1648 -
\??\c:\tvxdvtf.exec:\tvxdvtf.exe58⤵
- Executes dropped EXE
PID:1188 -
\??\c:\txtlp.exec:\txtlp.exe59⤵
- Executes dropped EXE
PID:940 -
\??\c:\tdnvtpf.exec:\tdnvtpf.exe60⤵
- Executes dropped EXE
PID:1688 -
\??\c:\vxdpvp.exec:\vxdpvp.exe61⤵
- Executes dropped EXE
PID:1596 -
\??\c:\ptbrpx.exec:\ptbrpx.exe62⤵
- Executes dropped EXE
PID:2664 -
\??\c:\bvddp.exec:\bvddp.exe63⤵
- Executes dropped EXE
PID:2132 -
\??\c:\fjlntp.exec:\fjlntp.exe64⤵
- Executes dropped EXE
PID:832 -
\??\c:\jthvvjj.exec:\jthvvjj.exe65⤵
- Executes dropped EXE
PID:2996 -
\??\c:\vfjphv.exec:\vfjphv.exe66⤵PID:720
-
\??\c:\jdjrxjn.exec:\jdjrxjn.exe67⤵PID:1968
-
\??\c:\ptppfpx.exec:\ptppfpx.exe68⤵PID:1964
-
\??\c:\ltnpvx.exec:\ltnpvx.exe69⤵PID:1816
-
\??\c:\fhdvxth.exec:\fhdvxth.exe70⤵PID:3008
-
\??\c:\tvdbvp.exec:\tvdbvp.exe71⤵PID:2676
-
\??\c:\nhvdpfn.exec:\nhvdpfn.exe72⤵PID:2888
-
\??\c:\xlxnx.exec:\xlxnx.exe73⤵PID:1160
-
\??\c:\tpxfdf.exec:\tpxfdf.exe74⤵PID:1764
-
\??\c:\ntxlj.exec:\ntxlj.exe75⤵PID:2892
-
\??\c:\thljrtn.exec:\thljrtn.exe76⤵PID:2836
-
\??\c:\rhfdph.exec:\rhfdph.exe77⤵PID:2212
-
\??\c:\xtnrblb.exec:\xtnrblb.exe78⤵PID:2228
-
\??\c:\tlrbnf.exec:\tlrbnf.exe79⤵PID:2248
-
\??\c:\bbjdxr.exec:\bbjdxr.exe80⤵PID:2896
-
\??\c:\nbnld.exec:\nbnld.exe81⤵PID:2476
-
\??\c:\nndrthl.exec:\nndrthl.exe82⤵PID:3016
-
\??\c:\xbpbxhh.exec:\xbpbxhh.exe83⤵PID:2868
-
\??\c:\dpfnv.exec:\dpfnv.exe84⤵PID:2700
-
\??\c:\xlvttl.exec:\xlvttl.exe85⤵PID:1556
-
\??\c:\pdfnrn.exec:\pdfnrn.exe86⤵PID:2604
-
\??\c:\lvtxv.exec:\lvtxv.exe87⤵PID:2380
-
\??\c:\jrbblfx.exec:\jrbblfx.exe88⤵PID:1344
-
\??\c:\hhfdd.exec:\hhfdd.exe89⤵PID:2772
-
\??\c:\bhxlvfx.exec:\bhxlvfx.exe90⤵PID:2388
-
\??\c:\lnvdd.exec:\lnvdd.exe91⤵PID:1660
-
\??\c:\pnlpxv.exec:\pnlpxv.exe92⤵PID:760
-
\??\c:\dxnvlpp.exec:\dxnvlpp.exe93⤵PID:1348
-
\??\c:\hvnrdp.exec:\hvnrdp.exe94⤵PID:1424
-
\??\c:\ntfvnfr.exec:\ntfvnfr.exe95⤵PID:904
-
\??\c:\prxjhbx.exec:\prxjhbx.exe96⤵PID:2200
-
\??\c:\fxnfbv.exec:\fxnfbv.exe97⤵PID:828
-
\??\c:\npbdlh.exec:\npbdlh.exe98⤵PID:1476
-
\??\c:\jfxhj.exec:\jfxhj.exe99⤵PID:2192
-
\??\c:\vxnndlv.exec:\vxnndlv.exe100⤵PID:2012
-
\??\c:\jhxfhpr.exec:\jhxfhpr.exe101⤵PID:2280
-
\??\c:\xblnx.exec:\xblnx.exe102⤵PID:944
-
\??\c:\rjrpf.exec:\rjrpf.exe103⤵PID:940
-
\??\c:\dfndrl.exec:\dfndrl.exe104⤵PID:956
-
\??\c:\vjntjj.exec:\vjntjj.exe105⤵PID:1956
-
\??\c:\htxfppj.exec:\htxfppj.exe106⤵PID:1772
-
\??\c:\dpvvl.exec:\dpvvl.exe107⤵PID:436
-
\??\c:\rvbdtr.exec:\rvbdtr.exe108⤵PID:1288
-
\??\c:\fjvhx.exec:\fjvhx.exe109⤵PID:1988
-
\??\c:\xnbrb.exec:\xnbrb.exe110⤵PID:980
-
\??\c:\lbtphhh.exec:\lbtphhh.exe111⤵PID:2416
-
\??\c:\vpvhfv.exec:\vpvhfv.exe112⤵PID:1700
-
\??\c:\xhhvbtd.exec:\xhhvbtd.exe113⤵PID:1620
-
\??\c:\rfdhfpr.exec:\rfdhfpr.exe114⤵PID:2060
-
\??\c:\bnxdf.exec:\bnxdf.exe115⤵PID:2976
-
\??\c:\thlxxr.exec:\thlxxr.exe116⤵PID:2088
-
\??\c:\thtxb.exec:\thtxb.exe117⤵PID:2260
-
\??\c:\bnnrv.exec:\bnnrv.exe118⤵PID:1668
-
\??\c:\lvxflfb.exec:\lvxflfb.exe119⤵PID:2728
-
\??\c:\vtddl.exec:\vtddl.exe120⤵PID:880
-
\??\c:\tpxtd.exec:\tpxtd.exe121⤵PID:2036
-
\??\c:\pdtpdlx.exec:\pdtpdlx.exe122⤵PID:2836
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-