Analysis
-
max time kernel
150s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 00:55
Behavioral task
behavioral1
Sample
98f27fb98d5c55fe222c36feb5193ad1450d91028934a2c915621f9dcccbf477.exe
Resource
win7-20240221-en
6 signatures
150 seconds
General
-
Target
98f27fb98d5c55fe222c36feb5193ad1450d91028934a2c915621f9dcccbf477.exe
-
Size
82KB
-
MD5
50d80250393f4a7881eda2cf8897f92f
-
SHA1
48af5158219923dab71cdb82f79e65515e764e89
-
SHA256
98f27fb98d5c55fe222c36feb5193ad1450d91028934a2c915621f9dcccbf477
-
SHA512
03f4111915e0695f8bac48840bce751b66e73ce14566598742941840de5722c4a27b6eca5f3fc56706685f2504c200ff936ebbe30d1e974facf775265cfc876b
-
SSDEEP
1536:CvQBeOGtrYS3srx93UBWfwC6Ggnouy8AelS7/7VIQH28:ChOmTsF93UYfwC6GIoutAe07zVIqF
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/4864-2-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1704-10-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3760-21-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/912-27-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2052-32-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3864-18-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2528-43-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1020-48-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4860-54-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4632-57-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2072-70-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2172-76-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3572-82-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1112-86-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1196-94-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4476-99-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4140-105-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1812-111-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3032-128-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3696-130-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3068-143-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1320-147-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2980-156-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2908-161-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4408-182-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1908-191-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4308-192-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2412-200-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2140-215-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2208-222-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1364-227-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4624-237-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/740-245-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3848-257-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2488-262-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2544-274-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4424-279-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/536-294-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1920-296-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1040-306-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2828-321-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2772-326-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1892-335-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4504-339-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1744-360-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1744-363-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5012-379-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1532-383-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4636-391-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/348-412-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3464-416-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2892-438-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4668-480-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/628-484-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4808-498-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1544-556-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3964-636-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4548-666-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5020-730-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5000-765-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/212-787-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2604-939-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1828-1017-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3836-1024-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/files/0x000600000002326f-3.dat UPX behavioral2/memory/4864-2-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1704-6-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1704-10-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x00080000000233e1-11.dat UPX behavioral2/memory/3864-12-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x00070000000233e5-14.dat UPX behavioral2/memory/3760-21-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x00070000000233e6-23.dat UPX behavioral2/memory/912-27-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x00070000000233e7-29.dat UPX behavioral2/files/0x00070000000233e9-35.dat UPX behavioral2/memory/2052-32-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3864-18-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x00070000000233ea-40.dat UPX behavioral2/memory/2528-43-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1020-48-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x00070000000233eb-46.dat UPX behavioral2/files/0x00070000000233ec-52.dat UPX behavioral2/memory/4860-54-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4632-57-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x00070000000233ed-61.dat UPX behavioral2/files/0x00070000000233ee-65.dat UPX behavioral2/files/0x00070000000233ef-69.dat UPX behavioral2/memory/2072-70-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x00070000000233f0-74.dat UPX behavioral2/memory/2172-76-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x00070000000233f1-80.dat UPX behavioral2/memory/3572-82-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1112-86-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x00070000000233f2-88.dat UPX behavioral2/files/0x00070000000233f3-92.dat UPX behavioral2/memory/1196-94-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x00070000000233f4-97.dat UPX behavioral2/memory/4476-99-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4140-105-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x00070000000233f5-103.dat UPX behavioral2/files/0x00070000000233f6-109.dat UPX behavioral2/memory/1812-111-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x00070000000233f7-115.dat UPX behavioral2/files/0x00070000000233f8-120.dat UPX behavioral2/files/0x00070000000233f9-125.dat UPX behavioral2/memory/3032-128-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3696-130-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x00070000000233fa-132.dat UPX behavioral2/files/0x00070000000233fb-137.dat UPX behavioral2/memory/3068-143-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x00070000000233fc-144.dat UPX behavioral2/memory/1320-147-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x00070000000233fd-150.dat UPX behavioral2/files/0x00070000000233ff-154.dat UPX behavioral2/memory/2980-156-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2908-161-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x00080000000233e2-162.dat UPX behavioral2/files/0x0007000000023401-171.dat UPX behavioral2/files/0x0007000000023400-167.dat UPX behavioral2/files/0x0007000000023402-178.dat UPX behavioral2/files/0x0007000000023403-183.dat UPX behavioral2/memory/4408-182-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1908-191-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4308-192-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2412-200-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2140-215-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2208-222-0x0000000000400000-0x0000000000429000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 1704 lxrllfx.exe 3864 pvdjv.exe 3760 lllfxxr.exe 912 httnhh.exe 2052 5btnbb.exe 2528 dddpd.exe 1020 rrrfxxl.exe 4860 frlfxfx.exe 4632 5pdvp.exe 2796 vddvp.exe 2072 xrxrxxx.exe 2172 nhhbtn.exe 3572 vppjd.exe 1112 1lfxllx.exe 1196 bnbttt.exe 4476 1pvvp.exe 4140 fxxrllf.exe 1812 hnntnn.exe 2940 dvvpd.exe 1668 dvjdp.exe 3032 lffxxxx.exe 3696 hbnhnn.exe 5116 hbbthh.exe 3068 9vddp.exe 1320 rrfrffr.exe 2980 btbbnn.exe 2908 pdjdj.exe 1624 dddpp.exe 4436 rrrrlll.exe 3656 7nbbtb.exe 4408 nbtthn.exe 3424 fxrrlfl.exe 1908 hhtbhb.exe 4308 3pvpp.exe 348 dppjj.exe 2412 ffffxlf.exe 2636 fxfflll.exe 2876 nbhhbb.exe 392 pvjjj.exe 2140 jdvpj.exe 2660 rflllfl.exe 2208 rlrlflf.exe 1016 dpvvv.exe 1364 xlllfff.exe 4644 ntntnn.exe 4624 djjjj.exe 5008 lflxxxr.exe 1968 hthbbb.exe 740 lrlfxfx.exe 2024 xxfxrrr.exe 2736 hbhhhb.exe 3848 bbttnn.exe 996 llxxfxf.exe 2488 thtnhh.exe 3864 nthbbb.exe 1128 1nttnn.exe 2544 pjvjv.exe 3444 lrxlrfx.exe 4424 nhhhhh.exe 4412 hhbnnh.exe 3868 dvjdp.exe 4004 lrfxllx.exe 536 vdppj.exe 1920 nhbhbh.exe -
resource yara_rule behavioral2/files/0x000600000002326f-3.dat upx behavioral2/memory/4864-2-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1704-6-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1704-10-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x00080000000233e1-11.dat upx behavioral2/memory/3864-12-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x00070000000233e5-14.dat upx behavioral2/memory/3760-21-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x00070000000233e6-23.dat upx behavioral2/memory/912-27-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x00070000000233e7-29.dat upx behavioral2/files/0x00070000000233e9-35.dat upx behavioral2/memory/2052-32-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3864-18-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x00070000000233ea-40.dat upx behavioral2/memory/2528-43-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1020-48-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x00070000000233eb-46.dat upx behavioral2/files/0x00070000000233ec-52.dat upx behavioral2/memory/4860-54-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4632-57-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x00070000000233ed-61.dat upx behavioral2/files/0x00070000000233ee-65.dat upx behavioral2/files/0x00070000000233ef-69.dat upx behavioral2/memory/2072-70-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x00070000000233f0-74.dat upx behavioral2/memory/2172-76-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x00070000000233f1-80.dat upx behavioral2/memory/3572-82-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1112-86-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x00070000000233f2-88.dat upx behavioral2/files/0x00070000000233f3-92.dat upx behavioral2/memory/1196-94-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x00070000000233f4-97.dat upx behavioral2/memory/4476-99-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4140-105-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x00070000000233f5-103.dat upx behavioral2/files/0x00070000000233f6-109.dat upx behavioral2/memory/1812-111-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x00070000000233f7-115.dat upx behavioral2/files/0x00070000000233f8-120.dat upx behavioral2/files/0x00070000000233f9-125.dat upx behavioral2/memory/3032-128-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3696-130-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x00070000000233fa-132.dat upx behavioral2/files/0x00070000000233fb-137.dat upx behavioral2/memory/3068-143-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x00070000000233fc-144.dat upx behavioral2/memory/1320-147-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x00070000000233fd-150.dat upx behavioral2/files/0x00070000000233ff-154.dat upx behavioral2/memory/2980-156-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2908-161-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x00080000000233e2-162.dat upx behavioral2/files/0x0007000000023401-171.dat upx behavioral2/files/0x0007000000023400-167.dat upx behavioral2/files/0x0007000000023402-178.dat upx behavioral2/files/0x0007000000023403-183.dat upx behavioral2/memory/4408-182-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1908-191-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4308-192-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2412-200-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2140-215-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2208-222-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4864 wrote to memory of 1704 4864 98f27fb98d5c55fe222c36feb5193ad1450d91028934a2c915621f9dcccbf477.exe 82 PID 4864 wrote to memory of 1704 4864 98f27fb98d5c55fe222c36feb5193ad1450d91028934a2c915621f9dcccbf477.exe 82 PID 4864 wrote to memory of 1704 4864 98f27fb98d5c55fe222c36feb5193ad1450d91028934a2c915621f9dcccbf477.exe 82 PID 1704 wrote to memory of 3864 1704 lxrllfx.exe 83 PID 1704 wrote to memory of 3864 1704 lxrllfx.exe 83 PID 1704 wrote to memory of 3864 1704 lxrllfx.exe 83 PID 3864 wrote to memory of 3760 3864 pvdjv.exe 84 PID 3864 wrote to memory of 3760 3864 pvdjv.exe 84 PID 3864 wrote to memory of 3760 3864 pvdjv.exe 84 PID 3760 wrote to memory of 912 3760 lllfxxr.exe 85 PID 3760 wrote to memory of 912 3760 lllfxxr.exe 85 PID 3760 wrote to memory of 912 3760 lllfxxr.exe 85 PID 912 wrote to memory of 2052 912 httnhh.exe 86 PID 912 wrote to memory of 2052 912 httnhh.exe 86 PID 912 wrote to memory of 2052 912 httnhh.exe 86 PID 2052 wrote to memory of 2528 2052 5btnbb.exe 87 PID 2052 wrote to memory of 2528 2052 5btnbb.exe 87 PID 2052 wrote to memory of 2528 2052 5btnbb.exe 87 PID 2528 wrote to memory of 1020 2528 dddpd.exe 88 PID 2528 wrote to memory of 1020 2528 dddpd.exe 88 PID 2528 wrote to memory of 1020 2528 dddpd.exe 88 PID 1020 wrote to memory of 4860 1020 rrrfxxl.exe 89 PID 1020 wrote to memory of 4860 1020 rrrfxxl.exe 89 PID 1020 wrote to memory of 4860 1020 rrrfxxl.exe 89 PID 4860 wrote to memory of 4632 4860 frlfxfx.exe 90 PID 4860 wrote to memory of 4632 4860 frlfxfx.exe 90 PID 4860 wrote to memory of 4632 4860 frlfxfx.exe 90 PID 4632 wrote to memory of 2796 4632 5pdvp.exe 91 PID 4632 wrote to memory of 2796 4632 5pdvp.exe 91 PID 4632 wrote to memory of 2796 4632 5pdvp.exe 91 PID 2796 wrote to memory of 2072 2796 vddvp.exe 92 PID 2796 wrote to memory of 2072 2796 vddvp.exe 92 PID 2796 wrote to memory of 2072 2796 vddvp.exe 92 PID 2072 wrote to memory of 2172 2072 xrxrxxx.exe 93 PID 2072 wrote to memory of 2172 2072 xrxrxxx.exe 93 PID 2072 wrote to memory of 2172 2072 xrxrxxx.exe 93 PID 2172 wrote to memory of 3572 2172 nhhbtn.exe 94 PID 2172 wrote to memory of 3572 2172 nhhbtn.exe 94 PID 2172 wrote to memory of 3572 2172 nhhbtn.exe 94 PID 3572 wrote to memory of 1112 3572 vppjd.exe 95 PID 3572 wrote to memory of 1112 3572 vppjd.exe 95 PID 3572 wrote to memory of 1112 3572 vppjd.exe 95 PID 1112 wrote to memory of 1196 1112 1lfxllx.exe 96 PID 1112 wrote to memory of 1196 1112 1lfxllx.exe 96 PID 1112 wrote to memory of 1196 1112 1lfxllx.exe 96 PID 1196 wrote to memory of 4476 1196 bnbttt.exe 97 PID 1196 wrote to memory of 4476 1196 bnbttt.exe 97 PID 1196 wrote to memory of 4476 1196 bnbttt.exe 97 PID 4476 wrote to memory of 4140 4476 1pvvp.exe 98 PID 4476 wrote to memory of 4140 4476 1pvvp.exe 98 PID 4476 wrote to memory of 4140 4476 1pvvp.exe 98 PID 4140 wrote to memory of 1812 4140 fxxrllf.exe 99 PID 4140 wrote to memory of 1812 4140 fxxrllf.exe 99 PID 4140 wrote to memory of 1812 4140 fxxrllf.exe 99 PID 1812 wrote to memory of 2940 1812 hnntnn.exe 100 PID 1812 wrote to memory of 2940 1812 hnntnn.exe 100 PID 1812 wrote to memory of 2940 1812 hnntnn.exe 100 PID 2940 wrote to memory of 1668 2940 dvvpd.exe 101 PID 2940 wrote to memory of 1668 2940 dvvpd.exe 101 PID 2940 wrote to memory of 1668 2940 dvvpd.exe 101 PID 1668 wrote to memory of 3032 1668 dvjdp.exe 102 PID 1668 wrote to memory of 3032 1668 dvjdp.exe 102 PID 1668 wrote to memory of 3032 1668 dvjdp.exe 102 PID 3032 wrote to memory of 3696 3032 lffxxxx.exe 103
Processes
-
C:\Users\Admin\AppData\Local\Temp\98f27fb98d5c55fe222c36feb5193ad1450d91028934a2c915621f9dcccbf477.exe"C:\Users\Admin\AppData\Local\Temp\98f27fb98d5c55fe222c36feb5193ad1450d91028934a2c915621f9dcccbf477.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4864 -
\??\c:\lxrllfx.exec:\lxrllfx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1704 -
\??\c:\pvdjv.exec:\pvdjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3864 -
\??\c:\lllfxxr.exec:\lllfxxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3760 -
\??\c:\httnhh.exec:\httnhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:912 -
\??\c:\5btnbb.exec:\5btnbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2052 -
\??\c:\dddpd.exec:\dddpd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2528 -
\??\c:\rrrfxxl.exec:\rrrfxxl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1020 -
\??\c:\frlfxfx.exec:\frlfxfx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4860 -
\??\c:\5pdvp.exec:\5pdvp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4632 -
\??\c:\vddvp.exec:\vddvp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2796 -
\??\c:\xrxrxxx.exec:\xrxrxxx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2072 -
\??\c:\nhhbtn.exec:\nhhbtn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2172 -
\??\c:\vppjd.exec:\vppjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3572 -
\??\c:\1lfxllx.exec:\1lfxllx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1112 -
\??\c:\bnbttt.exec:\bnbttt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1196 -
\??\c:\1pvvp.exec:\1pvvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4476 -
\??\c:\fxxrllf.exec:\fxxrllf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4140 -
\??\c:\hnntnn.exec:\hnntnn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1812 -
\??\c:\dvvpd.exec:\dvvpd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2940 -
\??\c:\dvjdp.exec:\dvjdp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1668 -
\??\c:\lffxxxx.exec:\lffxxxx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3032 -
\??\c:\hbnhnn.exec:\hbnhnn.exe23⤵
- Executes dropped EXE
PID:3696 -
\??\c:\hbbthh.exec:\hbbthh.exe24⤵
- Executes dropped EXE
PID:5116 -
\??\c:\9vddp.exec:\9vddp.exe25⤵
- Executes dropped EXE
PID:3068 -
\??\c:\rrfrffr.exec:\rrfrffr.exe26⤵
- Executes dropped EXE
PID:1320 -
\??\c:\btbbnn.exec:\btbbnn.exe27⤵
- Executes dropped EXE
PID:2980 -
\??\c:\pdjdj.exec:\pdjdj.exe28⤵
- Executes dropped EXE
PID:2908 -
\??\c:\dddpp.exec:\dddpp.exe29⤵
- Executes dropped EXE
PID:1624 -
\??\c:\rrrrlll.exec:\rrrrlll.exe30⤵
- Executes dropped EXE
PID:4436 -
\??\c:\7nbbtb.exec:\7nbbtb.exe31⤵
- Executes dropped EXE
PID:3656 -
\??\c:\nbtthn.exec:\nbtthn.exe32⤵
- Executes dropped EXE
PID:4408 -
\??\c:\fxrrlfl.exec:\fxrrlfl.exe33⤵
- Executes dropped EXE
PID:3424 -
\??\c:\hhtbhb.exec:\hhtbhb.exe34⤵
- Executes dropped EXE
PID:1908 -
\??\c:\3pvpp.exec:\3pvpp.exe35⤵
- Executes dropped EXE
PID:4308 -
\??\c:\dppjj.exec:\dppjj.exe36⤵
- Executes dropped EXE
PID:348 -
\??\c:\ffffxlf.exec:\ffffxlf.exe37⤵
- Executes dropped EXE
PID:2412 -
\??\c:\fxfflll.exec:\fxfflll.exe38⤵
- Executes dropped EXE
PID:2636 -
\??\c:\nbhhbb.exec:\nbhhbb.exe39⤵
- Executes dropped EXE
PID:2876 -
\??\c:\pvjjj.exec:\pvjjj.exe40⤵
- Executes dropped EXE
PID:392 -
\??\c:\jdvpj.exec:\jdvpj.exe41⤵
- Executes dropped EXE
PID:2140 -
\??\c:\rflllfl.exec:\rflllfl.exe42⤵
- Executes dropped EXE
PID:2660 -
\??\c:\rlrlflf.exec:\rlrlflf.exe43⤵
- Executes dropped EXE
PID:2208 -
\??\c:\dpvvv.exec:\dpvvv.exe44⤵
- Executes dropped EXE
PID:1016 -
\??\c:\xlllfff.exec:\xlllfff.exe45⤵
- Executes dropped EXE
PID:1364 -
\??\c:\ntntnn.exec:\ntntnn.exe46⤵
- Executes dropped EXE
PID:4644 -
\??\c:\djjjj.exec:\djjjj.exe47⤵
- Executes dropped EXE
PID:4624 -
\??\c:\lflxxxr.exec:\lflxxxr.exe48⤵
- Executes dropped EXE
PID:5008 -
\??\c:\hthbbb.exec:\hthbbb.exe49⤵
- Executes dropped EXE
PID:1968 -
\??\c:\lrlfxfx.exec:\lrlfxfx.exe50⤵
- Executes dropped EXE
PID:740 -
\??\c:\xxfxrrr.exec:\xxfxrrr.exe51⤵
- Executes dropped EXE
PID:2024 -
\??\c:\hbhhhb.exec:\hbhhhb.exe52⤵
- Executes dropped EXE
PID:2736 -
\??\c:\bbttnn.exec:\bbttnn.exe53⤵
- Executes dropped EXE
PID:3848 -
\??\c:\llxxfxf.exec:\llxxfxf.exe54⤵
- Executes dropped EXE
PID:996 -
\??\c:\thtnhh.exec:\thtnhh.exe55⤵
- Executes dropped EXE
PID:2488 -
\??\c:\nthbbb.exec:\nthbbb.exe56⤵
- Executes dropped EXE
PID:3864 -
\??\c:\1nttnn.exec:\1nttnn.exe57⤵
- Executes dropped EXE
PID:1128 -
\??\c:\pjvjv.exec:\pjvjv.exe58⤵
- Executes dropped EXE
PID:2544 -
\??\c:\lrxlrfx.exec:\lrxlrfx.exe59⤵
- Executes dropped EXE
PID:3444 -
\??\c:\nhhhhh.exec:\nhhhhh.exe60⤵
- Executes dropped EXE
PID:4424 -
\??\c:\hhbnnh.exec:\hhbnnh.exe61⤵
- Executes dropped EXE
PID:4412 -
\??\c:\dvjdp.exec:\dvjdp.exe62⤵
- Executes dropped EXE
PID:3868 -
\??\c:\lrfxllx.exec:\lrfxllx.exe63⤵
- Executes dropped EXE
PID:4004 -
\??\c:\vdppj.exec:\vdppj.exe64⤵
- Executes dropped EXE
PID:536 -
\??\c:\nhbhbh.exec:\nhbhbh.exe65⤵
- Executes dropped EXE
PID:1920 -
\??\c:\dppvd.exec:\dppvd.exe66⤵PID:3968
-
\??\c:\3rllllf.exec:\3rllllf.exe67⤵PID:1436
-
\??\c:\flxrrrr.exec:\flxrrrr.exe68⤵PID:1040
-
\??\c:\bbbbtt.exec:\bbbbtt.exe69⤵PID:1976
-
\??\c:\vpppp.exec:\vpppp.exe70⤵PID:2812
-
\??\c:\ppjdj.exec:\ppjdj.exe71⤵PID:4912
-
\??\c:\7frlfxf.exec:\7frlfxf.exe72⤵PID:2828
-
\??\c:\rlxxxfl.exec:\rlxxxfl.exe73⤵PID:2128
-
\??\c:\hhttnn.exec:\hhttnn.exe74⤵PID:2772
-
\??\c:\djdvp.exec:\djdvp.exe75⤵PID:1652
-
\??\c:\vdvdj.exec:\vdvdj.exe76⤵PID:1892
-
\??\c:\xflrrrf.exec:\xflrrrf.exe77⤵PID:4504
-
\??\c:\hbbbbb.exec:\hbbbbb.exe78⤵PID:1900
-
\??\c:\vvdvp.exec:\vvdvp.exe79⤵PID:4256
-
\??\c:\rlrlxxf.exec:\rlrlxxf.exe80⤵PID:396
-
\??\c:\9rrrllf.exec:\9rrrllf.exe81⤵PID:3800
-
\??\c:\bhthhh.exec:\bhthhh.exe82⤵PID:3956
-
\??\c:\tnbtnt.exec:\tnbtnt.exe83⤵PID:1772
-
\??\c:\3dddp.exec:\3dddp.exe84⤵PID:1744
-
\??\c:\jdpjj.exec:\jdpjj.exe85⤵PID:3636
-
\??\c:\lxfxxrl.exec:\lxfxxrl.exe86⤵PID:4660
-
\??\c:\nhnhht.exec:\nhnhht.exe87⤵PID:3392
-
\??\c:\tntnbb.exec:\tntnbb.exe88⤵PID:3088
-
\??\c:\dvpjv.exec:\dvpjv.exe89⤵PID:5012
-
\??\c:\vjpvd.exec:\vjpvd.exe90⤵PID:1532
-
\??\c:\frxrllf.exec:\frxrllf.exe91⤵PID:1624
-
\??\c:\7bnbtt.exec:\7bnbtt.exe92⤵PID:2864
-
\??\c:\pdvjv.exec:\pdvjv.exe93⤵PID:4636
-
\??\c:\vppjd.exec:\vppjd.exe94⤵PID:752
-
\??\c:\pdpjd.exec:\pdpjd.exe95⤵PID:1176
-
\??\c:\xllfxrf.exec:\xllfxrf.exe96⤵PID:3352
-
\??\c:\5fflfff.exec:\5fflfff.exe97⤵PID:2460
-
\??\c:\thhhhb.exec:\thhhhb.exe98⤵PID:2192
-
\??\c:\jvddv.exec:\jvddv.exe99⤵PID:348
-
\??\c:\fllfxxr.exec:\fllfxxr.exe100⤵PID:2628
-
\??\c:\nnhnhn.exec:\nnhnhn.exe101⤵PID:3464
-
\??\c:\tntnhh.exec:\tntnhh.exe102⤵PID:2396
-
\??\c:\dvdvv.exec:\dvdvv.exe103⤵PID:4564
-
\??\c:\djddv.exec:\djddv.exe104⤵PID:4056
-
\??\c:\rfrfxxx.exec:\rfrfxxx.exe105⤵PID:1360
-
\??\c:\lllrlxr.exec:\lllrlxr.exe106⤵PID:1016
-
\??\c:\1rrllrx.exec:\1rrllrx.exe107⤵PID:2892
-
\??\c:\fxfxxxl.exec:\fxfxxxl.exe108⤵PID:116
-
\??\c:\nntnhh.exec:\nntnhh.exe109⤵PID:4536
-
\??\c:\hnnbnb.exec:\hnnbnb.exe110⤵PID:4852
-
\??\c:\dddvp.exec:\dddvp.exe111⤵PID:2380
-
\??\c:\frrlfff.exec:\frrlfff.exe112⤵PID:4376
-
\??\c:\bnnnnt.exec:\bnnnnt.exe113⤵PID:3964
-
\??\c:\tnntnb.exec:\tnntnb.exe114⤵PID:4440
-
\??\c:\1dvpp.exec:\1dvpp.exe115⤵PID:3524
-
\??\c:\pvpdv.exec:\pvpdv.exe116⤵PID:452
-
\??\c:\rlrllfr.exec:\rlrllfr.exe117⤵PID:1472
-
\??\c:\xflxxrf.exec:\xflxxrf.exe118⤵PID:2488
-
\??\c:\nbhbtt.exec:\nbhbtt.exe119⤵PID:4848
-
\??\c:\9vpjj.exec:\9vpjj.exe120⤵PID:4668
-
\??\c:\lrrlffx.exec:\lrrlffx.exe121⤵PID:628
-
\??\c:\nhnhhh.exec:\nhnhhh.exe122⤵PID:4672
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-