Analysis
-
max time kernel
150s -
max time network
112s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 01:44
Behavioral task
behavioral1
Sample
ab181b12849cdf018f23cb5396e7443ddaa34e381b9da662acd4db1695cc26ba.exe
Resource
win7-20240215-en
6 signatures
150 seconds
General
-
Target
ab181b12849cdf018f23cb5396e7443ddaa34e381b9da662acd4db1695cc26ba.exe
-
Size
453KB
-
MD5
ae36530839e359c87ad7aa395be0d9be
-
SHA1
114ce844a380551c1c8c3f35fb1334445cf7aacc
-
SHA256
ab181b12849cdf018f23cb5396e7443ddaa34e381b9da662acd4db1695cc26ba
-
SHA512
f05756a5b5900696b809011163e0a722ea7915d488a384abf5c72399fe6b51465f4d64045111d9f8a2981088bfe257e015dcfcce3be378c23cd152de4b81b48e
-
SSDEEP
6144:rcm4FmowdHoSphraHcpOaKHpXfRo0V8JcgE+ezpg1xrloBNTNmz:x4wFHoS3eFaKHpv/VycgE81lgW
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/3572-5-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4976-18-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3096-30-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/896-25-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/960-14-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/868-13-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1568-43-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3732-44-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2996-50-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2996-55-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1216-63-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4392-69-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2932-79-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2208-89-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4612-92-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1032-104-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4488-113-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4552-119-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2484-131-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2760-133-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/644-138-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4720-145-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1484-151-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4888-157-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2480-162-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4372-169-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3280-184-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4852-196-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3008-215-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2892-222-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2476-226-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4976-231-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3872-232-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3868-239-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4064-252-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3336-253-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2996-260-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3144-264-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4392-268-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4508-275-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/464-280-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1252-284-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4128-291-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4128-295-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4488-303-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4488-307-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2532-320-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3608-327-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3448-343-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2920-347-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3524-373-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2100-406-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2388-413-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4128-444-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4164-463-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1880-480-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1384-533-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/516-555-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2904-589-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4868-650-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2892-660-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2100-673-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3272-674-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3852-708-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/3572-0-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3572-5-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002327d-3.dat UPX behavioral2/files/0x0007000000023415-10.dat UPX behavioral2/files/0x0007000000023416-16.dat UPX behavioral2/memory/4976-18-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023417-23.dat UPX behavioral2/files/0x0007000000023418-28.dat UPX behavioral2/memory/3096-30-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/896-25-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/960-14-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/868-13-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023419-36.dat UPX behavioral2/memory/1568-37-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002341a-40.dat UPX behavioral2/memory/1568-43-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3732-44-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002341b-48.dat UPX behavioral2/memory/2996-50-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002341c-53.dat UPX behavioral2/memory/2996-55-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002341d-59.dat UPX behavioral2/memory/1216-63-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002341e-65.dat UPX behavioral2/memory/4392-69-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002341f-71.dat UPX behavioral2/files/0x0007000000023420-76.dat UPX behavioral2/memory/2932-79-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023421-82.dat UPX behavioral2/files/0x0007000000023422-87.dat UPX behavioral2/memory/2208-89-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4612-92-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023423-95.dat UPX behavioral2/memory/2864-97-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023424-100.dat UPX behavioral2/memory/1032-104-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000900000002340e-106.dat UPX behavioral2/files/0x0007000000023425-111.dat UPX behavioral2/memory/4488-113-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023427-117.dat UPX behavioral2/memory/4552-119-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023428-123.dat UPX behavioral2/files/0x0007000000023429-129.dat UPX behavioral2/memory/2484-131-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2760-133-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002342a-136.dat UPX behavioral2/memory/644-138-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4720-145-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002342b-142.dat UPX behavioral2/files/0x000700000002342c-147.dat UPX behavioral2/memory/1484-151-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002342d-154.dat UPX behavioral2/memory/4888-157-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2480-162-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002342e-160.dat UPX behavioral2/files/0x000700000002342f-166.dat UPX behavioral2/memory/4372-169-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023430-171.dat UPX behavioral2/files/0x0007000000023431-176.dat UPX behavioral2/files/0x0007000000023432-181.dat UPX behavioral2/memory/3280-184-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023433-188.dat UPX behavioral2/memory/4852-196-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3008-215-0x0000000000400000-0x0000000000427000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 868 vpvpp.exe 960 xrrlffx.exe 4976 bbnhtn.exe 896 jdjdp.exe 3096 frxrlfx.exe 1568 1tnhbh.exe 3732 jdjvj.exe 2996 xxrlxxf.exe 4804 vjppj.exe 1216 hbnhbh.exe 4392 ddjjj.exe 1336 lffxxxx.exe 2932 nhtnnb.exe 2208 pjvvv.exe 4612 bttnhh.exe 2864 vjvpp.exe 1032 httnnn.exe 4488 dvdvj.exe 4552 rlllffl.exe 4368 pvdvp.exe 2484 rxfxxrl.exe 2760 jjjjd.exe 644 xrfxxll.exe 4720 5btnnt.exe 1484 xrllfll.exe 4888 bbhbbb.exe 2480 7nhnbn.exe 4372 dvjjp.exe 2612 xrlfxxx.exe 4628 xflfxxr.exe 3280 rffxxxx.exe 4564 hnnhhh.exe 1644 ddddv.exe 4852 xfxxrxx.exe 4008 nhhhbb.exe 1040 jvdvv.exe 4236 vjpjj.exe 1652 7xfxllf.exe 3008 nnhhhh.exe 940 hnnnnn.exe 2892 dpvpp.exe 2476 xxxrrfx.exe 4976 tthhnh.exe 3872 dpddp.exe 3272 xxfxflr.exe 3868 lxrrllf.exe 1936 9nnhhh.exe 724 pjppd.exe 4064 xxxxllf.exe 3336 rlrlllr.exe 2996 tthnhh.exe 3144 vdjdd.exe 1784 xffxrll.exe 4392 3nbtnn.exe 4508 ddjpv.exe 464 fflfxff.exe 1252 hhttbt.exe 2208 vvppj.exe 4612 lfxrrlf.exe 4128 vvdvd.exe 4744 rllfxxx.exe 2604 lffxxxx.exe 4488 bnhbtt.exe 5032 pvddd.exe -
resource yara_rule behavioral2/memory/3572-0-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3572-5-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002327d-3.dat upx behavioral2/files/0x0007000000023415-10.dat upx behavioral2/files/0x0007000000023416-16.dat upx behavioral2/memory/4976-18-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023417-23.dat upx behavioral2/files/0x0007000000023418-28.dat upx behavioral2/memory/3096-30-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/896-25-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/960-14-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/868-13-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023419-36.dat upx behavioral2/memory/1568-37-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002341a-40.dat upx behavioral2/memory/1568-43-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3732-44-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002341b-48.dat upx behavioral2/memory/2996-50-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002341c-53.dat upx behavioral2/memory/2996-55-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002341d-59.dat upx behavioral2/memory/1216-63-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002341e-65.dat upx behavioral2/memory/4392-69-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002341f-71.dat upx behavioral2/files/0x0007000000023420-76.dat upx behavioral2/memory/2932-79-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023421-82.dat upx behavioral2/files/0x0007000000023422-87.dat upx behavioral2/memory/2208-89-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4612-92-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023423-95.dat upx behavioral2/memory/2864-97-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023424-100.dat upx behavioral2/memory/1032-104-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000900000002340e-106.dat upx behavioral2/files/0x0007000000023425-111.dat upx behavioral2/memory/4488-113-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023427-117.dat upx behavioral2/memory/4552-119-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023428-123.dat upx behavioral2/files/0x0007000000023429-129.dat upx behavioral2/memory/2484-131-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2760-133-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002342a-136.dat upx behavioral2/memory/644-138-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4720-145-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002342b-142.dat upx behavioral2/files/0x000700000002342c-147.dat upx behavioral2/memory/1484-151-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002342d-154.dat upx behavioral2/memory/4888-157-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2480-162-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002342e-160.dat upx behavioral2/files/0x000700000002342f-166.dat upx behavioral2/memory/4372-169-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023430-171.dat upx behavioral2/files/0x0007000000023431-176.dat upx behavioral2/files/0x0007000000023432-181.dat upx behavioral2/memory/3280-184-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023433-188.dat upx behavioral2/memory/4852-196-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3008-215-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3572 wrote to memory of 868 3572 ab181b12849cdf018f23cb5396e7443ddaa34e381b9da662acd4db1695cc26ba.exe 82 PID 3572 wrote to memory of 868 3572 ab181b12849cdf018f23cb5396e7443ddaa34e381b9da662acd4db1695cc26ba.exe 82 PID 3572 wrote to memory of 868 3572 ab181b12849cdf018f23cb5396e7443ddaa34e381b9da662acd4db1695cc26ba.exe 82 PID 868 wrote to memory of 960 868 vpvpp.exe 83 PID 868 wrote to memory of 960 868 vpvpp.exe 83 PID 868 wrote to memory of 960 868 vpvpp.exe 83 PID 960 wrote to memory of 4976 960 xrrlffx.exe 84 PID 960 wrote to memory of 4976 960 xrrlffx.exe 84 PID 960 wrote to memory of 4976 960 xrrlffx.exe 84 PID 4976 wrote to memory of 896 4976 bbnhtn.exe 85 PID 4976 wrote to memory of 896 4976 bbnhtn.exe 85 PID 4976 wrote to memory of 896 4976 bbnhtn.exe 85 PID 896 wrote to memory of 3096 896 jdjdp.exe 86 PID 896 wrote to memory of 3096 896 jdjdp.exe 86 PID 896 wrote to memory of 3096 896 jdjdp.exe 86 PID 3096 wrote to memory of 1568 3096 frxrlfx.exe 87 PID 3096 wrote to memory of 1568 3096 frxrlfx.exe 87 PID 3096 wrote to memory of 1568 3096 frxrlfx.exe 87 PID 1568 wrote to memory of 3732 1568 1tnhbh.exe 88 PID 1568 wrote to memory of 3732 1568 1tnhbh.exe 88 PID 1568 wrote to memory of 3732 1568 1tnhbh.exe 88 PID 3732 wrote to memory of 2996 3732 jdjvj.exe 89 PID 3732 wrote to memory of 2996 3732 jdjvj.exe 89 PID 3732 wrote to memory of 2996 3732 jdjvj.exe 89 PID 2996 wrote to memory of 4804 2996 xxrlxxf.exe 90 PID 2996 wrote to memory of 4804 2996 xxrlxxf.exe 90 PID 2996 wrote to memory of 4804 2996 xxrlxxf.exe 90 PID 4804 wrote to memory of 1216 4804 vjppj.exe 92 PID 4804 wrote to memory of 1216 4804 vjppj.exe 92 PID 4804 wrote to memory of 1216 4804 vjppj.exe 92 PID 1216 wrote to memory of 4392 1216 hbnhbh.exe 93 PID 1216 wrote to memory of 4392 1216 hbnhbh.exe 93 PID 1216 wrote to memory of 4392 1216 hbnhbh.exe 93 PID 4392 wrote to memory of 1336 4392 ddjjj.exe 94 PID 4392 wrote to memory of 1336 4392 ddjjj.exe 94 PID 4392 wrote to memory of 1336 4392 ddjjj.exe 94 PID 1336 wrote to memory of 2932 1336 lffxxxx.exe 95 PID 1336 wrote to memory of 2932 1336 lffxxxx.exe 95 PID 1336 wrote to memory of 2932 1336 lffxxxx.exe 95 PID 2932 wrote to memory of 2208 2932 nhtnnb.exe 96 PID 2932 wrote to memory of 2208 2932 nhtnnb.exe 96 PID 2932 wrote to memory of 2208 2932 nhtnnb.exe 96 PID 2208 wrote to memory of 4612 2208 pjvvv.exe 98 PID 2208 wrote to memory of 4612 2208 pjvvv.exe 98 PID 2208 wrote to memory of 4612 2208 pjvvv.exe 98 PID 4612 wrote to memory of 2864 4612 bttnhh.exe 99 PID 4612 wrote to memory of 2864 4612 bttnhh.exe 99 PID 4612 wrote to memory of 2864 4612 bttnhh.exe 99 PID 2864 wrote to memory of 1032 2864 vjvpp.exe 100 PID 2864 wrote to memory of 1032 2864 vjvpp.exe 100 PID 2864 wrote to memory of 1032 2864 vjvpp.exe 100 PID 1032 wrote to memory of 4488 1032 httnnn.exe 101 PID 1032 wrote to memory of 4488 1032 httnnn.exe 101 PID 1032 wrote to memory of 4488 1032 httnnn.exe 101 PID 4488 wrote to memory of 4552 4488 dvdvj.exe 102 PID 4488 wrote to memory of 4552 4488 dvdvj.exe 102 PID 4488 wrote to memory of 4552 4488 dvdvj.exe 102 PID 4552 wrote to memory of 4368 4552 rlllffl.exe 103 PID 4552 wrote to memory of 4368 4552 rlllffl.exe 103 PID 4552 wrote to memory of 4368 4552 rlllffl.exe 103 PID 4368 wrote to memory of 2484 4368 pvdvp.exe 104 PID 4368 wrote to memory of 2484 4368 pvdvp.exe 104 PID 4368 wrote to memory of 2484 4368 pvdvp.exe 104 PID 2484 wrote to memory of 2760 2484 rxfxxrl.exe 106
Processes
-
C:\Users\Admin\AppData\Local\Temp\ab181b12849cdf018f23cb5396e7443ddaa34e381b9da662acd4db1695cc26ba.exe"C:\Users\Admin\AppData\Local\Temp\ab181b12849cdf018f23cb5396e7443ddaa34e381b9da662acd4db1695cc26ba.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3572 -
\??\c:\vpvpp.exec:\vpvpp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:868 -
\??\c:\xrrlffx.exec:\xrrlffx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:960 -
\??\c:\bbnhtn.exec:\bbnhtn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4976 -
\??\c:\jdjdp.exec:\jdjdp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:896 -
\??\c:\frxrlfx.exec:\frxrlfx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3096 -
\??\c:\1tnhbh.exec:\1tnhbh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1568 -
\??\c:\jdjvj.exec:\jdjvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3732 -
\??\c:\xxrlxxf.exec:\xxrlxxf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2996 -
\??\c:\vjppj.exec:\vjppj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4804 -
\??\c:\hbnhbh.exec:\hbnhbh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1216 -
\??\c:\ddjjj.exec:\ddjjj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4392 -
\??\c:\lffxxxx.exec:\lffxxxx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1336 -
\??\c:\nhtnnb.exec:\nhtnnb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2932 -
\??\c:\pjvvv.exec:\pjvvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2208 -
\??\c:\bttnhh.exec:\bttnhh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4612 -
\??\c:\vjvpp.exec:\vjvpp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2864 -
\??\c:\httnnn.exec:\httnnn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1032 -
\??\c:\dvdvj.exec:\dvdvj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4488 -
\??\c:\rlllffl.exec:\rlllffl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4552 -
\??\c:\pvdvp.exec:\pvdvp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4368 -
\??\c:\rxfxxrl.exec:\rxfxxrl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2484 -
\??\c:\jjjjd.exec:\jjjjd.exe23⤵
- Executes dropped EXE
PID:2760 -
\??\c:\xrfxxll.exec:\xrfxxll.exe24⤵
- Executes dropped EXE
PID:644 -
\??\c:\5btnnt.exec:\5btnnt.exe25⤵
- Executes dropped EXE
PID:4720 -
\??\c:\xrllfll.exec:\xrllfll.exe26⤵
- Executes dropped EXE
PID:1484 -
\??\c:\bbhbbb.exec:\bbhbbb.exe27⤵
- Executes dropped EXE
PID:4888 -
\??\c:\7nhnbn.exec:\7nhnbn.exe28⤵
- Executes dropped EXE
PID:2480 -
\??\c:\dvjjp.exec:\dvjjp.exe29⤵
- Executes dropped EXE
PID:4372 -
\??\c:\xrlfxxx.exec:\xrlfxxx.exe30⤵
- Executes dropped EXE
PID:2612 -
\??\c:\xflfxxr.exec:\xflfxxr.exe31⤵
- Executes dropped EXE
PID:4628 -
\??\c:\rffxxxx.exec:\rffxxxx.exe32⤵
- Executes dropped EXE
PID:3280 -
\??\c:\hnnhhh.exec:\hnnhhh.exe33⤵
- Executes dropped EXE
PID:4564 -
\??\c:\ddddv.exec:\ddddv.exe34⤵
- Executes dropped EXE
PID:1644 -
\??\c:\xfxxrxx.exec:\xfxxrxx.exe35⤵
- Executes dropped EXE
PID:4852 -
\??\c:\nhhhbb.exec:\nhhhbb.exe36⤵
- Executes dropped EXE
PID:4008 -
\??\c:\jvdvv.exec:\jvdvv.exe37⤵
- Executes dropped EXE
PID:1040 -
\??\c:\vjpjj.exec:\vjpjj.exe38⤵
- Executes dropped EXE
PID:4236 -
\??\c:\7xfxllf.exec:\7xfxllf.exe39⤵
- Executes dropped EXE
PID:1652 -
\??\c:\nnhhhh.exec:\nnhhhh.exe40⤵
- Executes dropped EXE
PID:3008 -
\??\c:\hnnnnn.exec:\hnnnnn.exe41⤵
- Executes dropped EXE
PID:940 -
\??\c:\dpvpp.exec:\dpvpp.exe42⤵
- Executes dropped EXE
PID:2892 -
\??\c:\xxxrrfx.exec:\xxxrrfx.exe43⤵
- Executes dropped EXE
PID:2476 -
\??\c:\tthhnh.exec:\tthhnh.exe44⤵
- Executes dropped EXE
PID:4976 -
\??\c:\dpddp.exec:\dpddp.exe45⤵
- Executes dropped EXE
PID:3872 -
\??\c:\xxfxflr.exec:\xxfxflr.exe46⤵
- Executes dropped EXE
PID:3272 -
\??\c:\lxrrllf.exec:\lxrrllf.exe47⤵
- Executes dropped EXE
PID:3868 -
\??\c:\9nnhhh.exec:\9nnhhh.exe48⤵
- Executes dropped EXE
PID:1936 -
\??\c:\pjppd.exec:\pjppd.exe49⤵
- Executes dropped EXE
PID:724 -
\??\c:\xxxxllf.exec:\xxxxllf.exe50⤵
- Executes dropped EXE
PID:4064 -
\??\c:\rlrlllr.exec:\rlrlllr.exe51⤵
- Executes dropped EXE
PID:3336 -
\??\c:\tthnhh.exec:\tthnhh.exe52⤵
- Executes dropped EXE
PID:2996 -
\??\c:\vdjdd.exec:\vdjdd.exe53⤵
- Executes dropped EXE
PID:3144 -
\??\c:\xffxrll.exec:\xffxrll.exe54⤵
- Executes dropped EXE
PID:1784 -
\??\c:\3nbtnn.exec:\3nbtnn.exe55⤵
- Executes dropped EXE
PID:4392 -
\??\c:\ddjpv.exec:\ddjpv.exe56⤵
- Executes dropped EXE
PID:4508 -
\??\c:\fflfxff.exec:\fflfxff.exe57⤵
- Executes dropped EXE
PID:464 -
\??\c:\hhttbt.exec:\hhttbt.exe58⤵
- Executes dropped EXE
PID:1252 -
\??\c:\vvppj.exec:\vvppj.exe59⤵
- Executes dropped EXE
PID:2208 -
\??\c:\lfxrrlf.exec:\lfxrrlf.exe60⤵
- Executes dropped EXE
PID:4612 -
\??\c:\vvdvd.exec:\vvdvd.exe61⤵
- Executes dropped EXE
PID:4128 -
\??\c:\rllfxxx.exec:\rllfxxx.exe62⤵
- Executes dropped EXE
PID:4744 -
\??\c:\lffxxxx.exec:\lffxxxx.exe63⤵
- Executes dropped EXE
PID:2604 -
\??\c:\bnhbtt.exec:\bnhbtt.exe64⤵
- Executes dropped EXE
PID:4488 -
\??\c:\pvddd.exec:\pvddd.exe65⤵
- Executes dropped EXE
PID:5032 -
\??\c:\lffxxrr.exec:\lffxxrr.exe66⤵PID:2912
-
\??\c:\frrlfxr.exec:\frrlfxr.exe67⤵PID:4168
-
\??\c:\bbbtbb.exec:\bbbtbb.exe68⤵PID:2532
-
\??\c:\ppjvv.exec:\ppjvv.exe69⤵PID:2484
-
\??\c:\rrrrrrr.exec:\rrrrrrr.exe70⤵PID:3608
-
\??\c:\bbhbbb.exec:\bbhbbb.exe71⤵PID:644
-
\??\c:\vjjdv.exec:\vjjdv.exe72⤵PID:4908
-
\??\c:\llxflfl.exec:\llxflfl.exe73⤵PID:3752
-
\??\c:\bnbnhb.exec:\bnbnhb.exe74⤵PID:2064
-
\??\c:\bnnhtt.exec:\bnnhtt.exe75⤵PID:3448
-
\??\c:\vjdpd.exec:\vjdpd.exe76⤵PID:2920
-
\??\c:\7xlxxrx.exec:\7xlxxrx.exe77⤵PID:4780
-
\??\c:\nhtnhh.exec:\nhtnhh.exe78⤵PID:3592
-
\??\c:\hhnhbn.exec:\hhnhbn.exe79⤵PID:4200
-
\??\c:\pvvvj.exec:\pvvvj.exe80⤵PID:4972
-
\??\c:\xffrfrf.exec:\xffrfrf.exe81⤵PID:5000
-
\??\c:\nnhtnn.exec:\nnhtnn.exe82⤵PID:1052
-
\??\c:\thhbtt.exec:\thhbtt.exe83⤵PID:1644
-
\??\c:\pvjdp.exec:\pvjdp.exe84⤵PID:3524
-
\??\c:\ffxrlff.exec:\ffxrlff.exe85⤵PID:4008
-
\??\c:\nbhbth.exec:\nbhbth.exe86⤵PID:3308
-
\??\c:\pjpjd.exec:\pjpjd.exe87⤵PID:1604
-
\??\c:\pdjdd.exec:\pdjdd.exe88⤵PID:3572
-
\??\c:\llxxlll.exec:\llxxlll.exe89⤵PID:1384
-
\??\c:\7nthtb.exec:\7nthtb.exe90⤵PID:868
-
\??\c:\dvjjv.exec:\dvjjv.exe91⤵PID:4024
-
\??\c:\pddvv.exec:\pddvv.exe92⤵PID:1696
-
\??\c:\xxrlrxl.exec:\xxrlrxl.exe93⤵PID:2468
-
\??\c:\tntnhb.exec:\tntnhb.exe94⤵PID:2100
-
\??\c:\dvjdp.exec:\dvjdp.exe95⤵PID:2576
-
\??\c:\frlfrrl.exec:\frlfrrl.exe96⤵PID:2388
-
\??\c:\1lrlxrx.exec:\1lrlxrx.exe97⤵PID:3612
-
\??\c:\ttbbbn.exec:\ttbbbn.exe98⤵PID:5012
-
\??\c:\jvpdp.exec:\jvpdp.exe99⤵PID:2128
-
\??\c:\flfllxl.exec:\flfllxl.exe100⤵PID:3144
-
\??\c:\hbtnbb.exec:\hbtnbb.exe101⤵PID:4624
-
\??\c:\bhnnhh.exec:\bhnnhh.exe102⤵PID:4324
-
\??\c:\dpdjd.exec:\dpdjd.exe103⤵PID:3904
-
\??\c:\rffxrxf.exec:\rffxrxf.exe104⤵PID:4796
-
\??\c:\fllxrxx.exec:\fllxrxx.exe105⤵PID:4404
-
\??\c:\hhbttt.exec:\hhbttt.exe106⤵PID:4128
-
\??\c:\vjjjv.exec:\vjjjv.exe107⤵PID:2904
-
\??\c:\xflfrrr.exec:\xflfrrr.exe108⤵PID:2756
-
\??\c:\5hbthb.exec:\5hbthb.exe109⤵PID:4068
-
\??\c:\vjvjj.exec:\vjvjj.exe110⤵PID:5032
-
\??\c:\rrrrrxx.exec:\rrrrrxx.exe111⤵PID:2912
-
\??\c:\btnnhh.exec:\btnnhh.exe112⤵PID:4164
-
\??\c:\jvvvv.exec:\jvvvv.exe113⤵PID:1204
-
\??\c:\lflflxf.exec:\lflflxf.exe114⤵PID:4956
-
\??\c:\nnbbbh.exec:\nnbbbh.exe115⤵PID:5116
-
\??\c:\dvvdp.exec:\dvvdp.exe116⤵PID:1880
-
\??\c:\flrlfxr.exec:\flrlfxr.exe117⤵PID:4580
-
\??\c:\rllfxrl.exec:\rllfxrl.exe118⤵PID:2064
-
\??\c:\bttnhh.exec:\bttnhh.exe119⤵PID:5068
-
\??\c:\pvppp.exec:\pvppp.exe120⤵PID:2920
-
\??\c:\rrlxrxr.exec:\rrlxrxr.exe121⤵PID:1944
-
\??\c:\thhbnh.exec:\thhbnh.exe122⤵PID:2700
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-