Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 01:02
Behavioral task
behavioral1
Sample
9b203c4af5a3ab5adfe832069c56b4e9a081e4e6ee60d31a424634c372f7c8c4.exe
Resource
win7-20240508-en
6 signatures
150 seconds
General
-
Target
9b203c4af5a3ab5adfe832069c56b4e9a081e4e6ee60d31a424634c372f7c8c4.exe
-
Size
279KB
-
MD5
5e2618a5f6341ee8e81d757793baa90e
-
SHA1
3a688b7a85c0908bad64fc0f7f1a443cbd38b192
-
SHA256
9b203c4af5a3ab5adfe832069c56b4e9a081e4e6ee60d31a424634c372f7c8c4
-
SHA512
d9490e5ef3cf0ef030a1bc25f7959e9c69eaa5bbe8eeaf846ab7f4314e7520347719f98fd51ad4afc07b56eace87d2a833df5f1e8eb4a3e9a335106929be4c48
-
SSDEEP
6144:7cm4FmowdHoSoXSBcm4Vcm4FmowdHoSphra+cm4FMhraHcpOaKHpC:B4wFHoSoXW434wFHoS3eg4aeFaKHpC
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral1/memory/2976-7-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/2572-56-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/2992-67-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/1176-74-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/1204-96-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/2968-93-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/2760-112-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/1568-122-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/1204-103-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/2528-84-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/2864-47-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/2688-38-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/3020-28-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/2984-18-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/1216-132-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/1644-142-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/2176-152-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/2176-151-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/532-162-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/752-171-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/2044-181-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/1728-199-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/1928-190-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/644-212-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/1052-208-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/644-218-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/2284-227-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/2284-226-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/2636-236-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/1268-248-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/884-246-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/1268-256-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/2124-258-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/2296-275-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/2296-274-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/2124-266-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/2124-265-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/2228-304-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/1712-314-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/1608-294-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/2428-285-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/2748-322-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/2852-329-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/3044-338-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/3044-337-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/2936-346-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/2672-354-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/2572-362-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/2572-361-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/2624-370-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/2460-377-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/1732-385-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/2576-392-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/288-401-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/2520-408-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/2784-417-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/1832-424-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/316-433-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/1524-440-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/1216-441-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/1216-449-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/2700-456-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/536-457-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral1/memory/536-464-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral1/memory/2976-7-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral1/files/0x000c00000001227b-11.dat UPX behavioral1/files/0x0037000000016d3d-19.dat UPX behavioral1/memory/3020-20-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral1/files/0x0008000000016d69-30.dat UPX behavioral1/memory/2688-31-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral1/files/0x0007000000016dda-40.dat UPX behavioral1/files/0x0007000000016de7-57.dat UPX behavioral1/memory/2572-56-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral1/files/0x0007000000016dde-49.dat UPX behavioral1/memory/2992-67-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral1/files/0x0007000000017477-76.dat UPX behavioral1/memory/1176-74-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral1/files/0x0009000000017042-66.dat UPX behavioral1/files/0x000500000001878d-85.dat UPX behavioral1/files/0x0006000000018bf0-95.dat UPX behavioral1/memory/2968-93-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral1/memory/1568-115-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral1/files/0x000500000001923b-114.dat UPX behavioral1/memory/2760-112-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral1/files/0x000500000001925d-124.dat UPX behavioral1/memory/1568-122-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral1/files/0x0005000000019228-105.dat UPX behavioral1/memory/1204-103-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral1/memory/2528-84-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral1/memory/2864-47-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral1/memory/2688-38-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral1/memory/3020-28-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral1/memory/2984-18-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral1/files/0x0005000000019260-133.dat UPX behavioral1/memory/1216-132-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral1/files/0x0005000000019275-144.dat UPX behavioral1/memory/1644-142-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral1/files/0x0005000000019277-154.dat UPX behavioral1/memory/2176-152-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral1/files/0x0005000000019283-164.dat UPX behavioral1/memory/532-162-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral1/files/0x000500000001933a-173.dat UPX behavioral1/memory/752-171-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral1/files/0x0005000000019381-183.dat UPX behavioral1/memory/2044-181-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral1/files/0x0036000000016d45-201.dat UPX behavioral1/memory/1728-199-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral1/files/0x000500000001939f-192.dat UPX behavioral1/memory/1928-190-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral1/files/0x00050000000193a5-210.dat UPX behavioral1/memory/644-212-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral1/memory/1052-208-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral1/files/0x00050000000193b1-220.dat UPX behavioral1/memory/644-218-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral1/files/0x0005000000019433-229.dat UPX behavioral1/memory/2284-227-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral1/files/0x000500000001943e-238.dat UPX behavioral1/memory/2636-236-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral1/files/0x0005000000019457-247.dat UPX behavioral1/memory/1268-248-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral1/memory/884-246-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral1/files/0x0005000000019462-257.dat UPX behavioral1/memory/1268-256-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral1/files/0x00050000000194a8-277.dat UPX behavioral1/memory/2296-275-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral1/memory/2296-274-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral1/files/0x0005000000019491-268.dat UPX behavioral1/memory/2124-266-0x0000000000400000-0x000000000044D000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 2984 nhbthn.exe 3020 djdpd.exe 2688 ffllfrr.exe 2864 nhthnb.exe 2572 3btnnn.exe 2992 ddddv.exe 1176 rlxflrl.exe 2528 tbttbh.exe 2968 jjdvd.exe 1204 xlflxxl.exe 2760 htttbb.exe 1568 5jdpd.exe 1216 xrxlrfx.exe 1644 7dpdp.exe 2176 tbnhtn.exe 532 jdvpd.exe 752 fxrxlxl.exe 2044 7nhbtt.exe 1928 xxxfflx.exe 1728 hbbhtn.exe 1052 7hbtbt.exe 644 jdvjv.exe 2284 7lxxffl.exe 2636 thntbb.exe 884 pdppv.exe 1268 7rxfllr.exe 2124 jdpvd.exe 2296 lflflrx.exe 2428 hhbtnt.exe 1608 jdvdd.exe 2228 5lfflff.exe 1712 thnhnn.exe 2748 dpdvd.exe 2852 lfflrff.exe 3044 5lxxffr.exe 2936 nbhbhh.exe 2672 vjvjp.exe 2572 nhnttt.exe 2624 jdvdj.exe 2460 9ttbbh.exe 1732 ppjvj.exe 2576 jddjv.exe 288 rrfrrfx.exe 2520 nnbhtt.exe 2784 dpddd.exe 1832 nnnhbh.exe 316 hhthtt.exe 1524 lfxxllx.exe 1216 1hbntb.exe 2700 1jddj.exe 536 ffxlxrl.exe 2032 dvddp.exe 680 jdvjd.exe 2044 hbhnbb.exe 2256 5jppj.exe 3016 lfxlfxr.exe 1112 5hhtht.exe 1052 jdpjp.exe 1076 7ddpp.exe 2328 llxllrl.exe 2096 frlrxxf.exe 2872 nbtbnt.exe 884 3dvpv.exe 344 xrxrxxf.exe -
resource yara_rule behavioral1/memory/2976-1-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/memory/2976-7-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/memory/2984-10-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/files/0x000c00000001227b-11.dat upx behavioral1/files/0x0037000000016d3d-19.dat upx behavioral1/memory/3020-20-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/files/0x0008000000016d69-30.dat upx behavioral1/memory/2688-31-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/files/0x0007000000016dda-40.dat upx behavioral1/files/0x0007000000016de7-57.dat upx behavioral1/memory/2572-56-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/files/0x0007000000016dde-49.dat upx behavioral1/memory/2992-67-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/files/0x0007000000017477-76.dat upx behavioral1/memory/2528-77-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/memory/1176-74-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/files/0x0009000000017042-66.dat upx behavioral1/files/0x000500000001878d-85.dat upx behavioral1/memory/1204-96-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/files/0x0006000000018bf0-95.dat upx behavioral1/memory/2968-93-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/memory/1568-115-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/files/0x000500000001923b-114.dat upx behavioral1/memory/2760-112-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/memory/1216-126-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/files/0x000500000001925d-124.dat upx behavioral1/memory/1568-122-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/files/0x0005000000019228-105.dat upx behavioral1/memory/1204-103-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/memory/2528-84-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/memory/2864-47-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/memory/2688-38-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/memory/3020-28-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/memory/2984-18-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/files/0x0005000000019260-133.dat upx behavioral1/memory/1216-132-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/memory/2176-146-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/files/0x0005000000019275-144.dat upx behavioral1/memory/1644-142-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/memory/2992-136-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/memory/532-156-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/files/0x0005000000019277-154.dat upx behavioral1/memory/2176-152-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/memory/2176-151-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/files/0x0005000000019283-164.dat upx behavioral1/memory/532-162-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/memory/2044-175-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/files/0x000500000001933a-173.dat upx behavioral1/memory/752-171-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/files/0x0005000000019381-183.dat upx behavioral1/memory/2044-181-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/memory/1928-189-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/files/0x0036000000016d45-201.dat upx behavioral1/memory/1728-199-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/files/0x000500000001939f-192.dat upx behavioral1/memory/1928-190-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/files/0x00050000000193a5-210.dat upx behavioral1/memory/644-212-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/memory/1052-208-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/files/0x00050000000193b1-220.dat upx behavioral1/memory/644-218-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/files/0x0005000000019433-229.dat upx behavioral1/memory/2284-227-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral1/memory/884-240-0x0000000000400000-0x000000000044D000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2976 wrote to memory of 2984 2976 9b203c4af5a3ab5adfe832069c56b4e9a081e4e6ee60d31a424634c372f7c8c4.exe 28 PID 2976 wrote to memory of 2984 2976 9b203c4af5a3ab5adfe832069c56b4e9a081e4e6ee60d31a424634c372f7c8c4.exe 28 PID 2976 wrote to memory of 2984 2976 9b203c4af5a3ab5adfe832069c56b4e9a081e4e6ee60d31a424634c372f7c8c4.exe 28 PID 2976 wrote to memory of 2984 2976 9b203c4af5a3ab5adfe832069c56b4e9a081e4e6ee60d31a424634c372f7c8c4.exe 28 PID 2984 wrote to memory of 3020 2984 nhbthn.exe 29 PID 2984 wrote to memory of 3020 2984 nhbthn.exe 29 PID 2984 wrote to memory of 3020 2984 nhbthn.exe 29 PID 2984 wrote to memory of 3020 2984 nhbthn.exe 29 PID 3020 wrote to memory of 2688 3020 djdpd.exe 30 PID 3020 wrote to memory of 2688 3020 djdpd.exe 30 PID 3020 wrote to memory of 2688 3020 djdpd.exe 30 PID 3020 wrote to memory of 2688 3020 djdpd.exe 30 PID 2688 wrote to memory of 2864 2688 ffllfrr.exe 31 PID 2688 wrote to memory of 2864 2688 ffllfrr.exe 31 PID 2688 wrote to memory of 2864 2688 ffllfrr.exe 31 PID 2688 wrote to memory of 2864 2688 ffllfrr.exe 31 PID 2864 wrote to memory of 2572 2864 nhthnb.exe 32 PID 2864 wrote to memory of 2572 2864 nhthnb.exe 32 PID 2864 wrote to memory of 2572 2864 nhthnb.exe 32 PID 2864 wrote to memory of 2572 2864 nhthnb.exe 32 PID 2572 wrote to memory of 2992 2572 3btnnn.exe 33 PID 2572 wrote to memory of 2992 2572 3btnnn.exe 33 PID 2572 wrote to memory of 2992 2572 3btnnn.exe 33 PID 2572 wrote to memory of 2992 2572 3btnnn.exe 33 PID 2992 wrote to memory of 1176 2992 ddddv.exe 34 PID 2992 wrote to memory of 1176 2992 ddddv.exe 34 PID 2992 wrote to memory of 1176 2992 ddddv.exe 34 PID 2992 wrote to memory of 1176 2992 ddddv.exe 34 PID 1176 wrote to memory of 2528 1176 rlxflrl.exe 35 PID 1176 wrote to memory of 2528 1176 rlxflrl.exe 35 PID 1176 wrote to memory of 2528 1176 rlxflrl.exe 35 PID 1176 wrote to memory of 2528 1176 rlxflrl.exe 35 PID 2528 wrote to memory of 2968 2528 tbttbh.exe 36 PID 2528 wrote to memory of 2968 2528 tbttbh.exe 36 PID 2528 wrote to memory of 2968 2528 tbttbh.exe 36 PID 2528 wrote to memory of 2968 2528 tbttbh.exe 36 PID 2968 wrote to memory of 1204 2968 jjdvd.exe 37 PID 2968 wrote to memory of 1204 2968 jjdvd.exe 37 PID 2968 wrote to memory of 1204 2968 jjdvd.exe 37 PID 2968 wrote to memory of 1204 2968 jjdvd.exe 37 PID 1204 wrote to memory of 2760 1204 xlflxxl.exe 38 PID 1204 wrote to memory of 2760 1204 xlflxxl.exe 38 PID 1204 wrote to memory of 2760 1204 xlflxxl.exe 38 PID 1204 wrote to memory of 2760 1204 xlflxxl.exe 38 PID 2760 wrote to memory of 1568 2760 htttbb.exe 39 PID 2760 wrote to memory of 1568 2760 htttbb.exe 39 PID 2760 wrote to memory of 1568 2760 htttbb.exe 39 PID 2760 wrote to memory of 1568 2760 htttbb.exe 39 PID 1568 wrote to memory of 1216 1568 5jdpd.exe 40 PID 1568 wrote to memory of 1216 1568 5jdpd.exe 40 PID 1568 wrote to memory of 1216 1568 5jdpd.exe 40 PID 1568 wrote to memory of 1216 1568 5jdpd.exe 40 PID 1216 wrote to memory of 1644 1216 xrxlrfx.exe 41 PID 1216 wrote to memory of 1644 1216 xrxlrfx.exe 41 PID 1216 wrote to memory of 1644 1216 xrxlrfx.exe 41 PID 1216 wrote to memory of 1644 1216 xrxlrfx.exe 41 PID 1644 wrote to memory of 2176 1644 7dpdp.exe 42 PID 1644 wrote to memory of 2176 1644 7dpdp.exe 42 PID 1644 wrote to memory of 2176 1644 7dpdp.exe 42 PID 1644 wrote to memory of 2176 1644 7dpdp.exe 42 PID 2176 wrote to memory of 532 2176 tbnhtn.exe 43 PID 2176 wrote to memory of 532 2176 tbnhtn.exe 43 PID 2176 wrote to memory of 532 2176 tbnhtn.exe 43 PID 2176 wrote to memory of 532 2176 tbnhtn.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\9b203c4af5a3ab5adfe832069c56b4e9a081e4e6ee60d31a424634c372f7c8c4.exe"C:\Users\Admin\AppData\Local\Temp\9b203c4af5a3ab5adfe832069c56b4e9a081e4e6ee60d31a424634c372f7c8c4.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2976 -
\??\c:\nhbthn.exec:\nhbthn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2984 -
\??\c:\djdpd.exec:\djdpd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3020 -
\??\c:\ffllfrr.exec:\ffllfrr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2688 -
\??\c:\nhthnb.exec:\nhthnb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2864 -
\??\c:\3btnnn.exec:\3btnnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2572 -
\??\c:\ddddv.exec:\ddddv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2992 -
\??\c:\rlxflrl.exec:\rlxflrl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1176 -
\??\c:\tbttbh.exec:\tbttbh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2528 -
\??\c:\jjdvd.exec:\jjdvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2968 -
\??\c:\xlflxxl.exec:\xlflxxl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1204 -
\??\c:\htttbb.exec:\htttbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2760 -
\??\c:\5jdpd.exec:\5jdpd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1568 -
\??\c:\xrxlrfx.exec:\xrxlrfx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1216 -
\??\c:\7dpdp.exec:\7dpdp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1644 -
\??\c:\tbnhtn.exec:\tbnhtn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2176 -
\??\c:\jdvpd.exec:\jdvpd.exe17⤵
- Executes dropped EXE
PID:532 -
\??\c:\fxrxlxl.exec:\fxrxlxl.exe18⤵
- Executes dropped EXE
PID:752 -
\??\c:\7nhbtt.exec:\7nhbtt.exe19⤵
- Executes dropped EXE
PID:2044 -
\??\c:\xxxfflx.exec:\xxxfflx.exe20⤵
- Executes dropped EXE
PID:1928 -
\??\c:\hbbhtn.exec:\hbbhtn.exe21⤵
- Executes dropped EXE
PID:1728 -
\??\c:\7hbtbt.exec:\7hbtbt.exe22⤵
- Executes dropped EXE
PID:1052 -
\??\c:\jdvjv.exec:\jdvjv.exe23⤵
- Executes dropped EXE
PID:644 -
\??\c:\7lxxffl.exec:\7lxxffl.exe24⤵
- Executes dropped EXE
PID:2284 -
\??\c:\thntbb.exec:\thntbb.exe25⤵
- Executes dropped EXE
PID:2636 -
\??\c:\pdppv.exec:\pdppv.exe26⤵
- Executes dropped EXE
PID:884 -
\??\c:\7rxfllr.exec:\7rxfllr.exe27⤵
- Executes dropped EXE
PID:1268 -
\??\c:\jdpvd.exec:\jdpvd.exe28⤵
- Executes dropped EXE
PID:2124 -
\??\c:\lflflrx.exec:\lflflrx.exe29⤵
- Executes dropped EXE
PID:2296 -
\??\c:\hhbtnt.exec:\hhbtnt.exe30⤵
- Executes dropped EXE
PID:2428 -
\??\c:\jdvdd.exec:\jdvdd.exe31⤵
- Executes dropped EXE
PID:1608 -
\??\c:\5lfflff.exec:\5lfflff.exe32⤵
- Executes dropped EXE
PID:2228 -
\??\c:\thnhnn.exec:\thnhnn.exe33⤵
- Executes dropped EXE
PID:1712 -
\??\c:\dpdvd.exec:\dpdvd.exe34⤵
- Executes dropped EXE
PID:2748 -
\??\c:\lfflrff.exec:\lfflrff.exe35⤵
- Executes dropped EXE
PID:2852 -
\??\c:\5lxxffr.exec:\5lxxffr.exe36⤵
- Executes dropped EXE
PID:3044 -
\??\c:\nbhbhh.exec:\nbhbhh.exe37⤵
- Executes dropped EXE
PID:2936 -
\??\c:\vjvjp.exec:\vjvjp.exe38⤵
- Executes dropped EXE
PID:2672 -
\??\c:\nhnttt.exec:\nhnttt.exe39⤵
- Executes dropped EXE
PID:2572 -
\??\c:\jdvdj.exec:\jdvdj.exe40⤵
- Executes dropped EXE
PID:2624 -
\??\c:\9ttbbh.exec:\9ttbbh.exe41⤵
- Executes dropped EXE
PID:2460 -
\??\c:\ppjvj.exec:\ppjvj.exe42⤵
- Executes dropped EXE
PID:1732 -
\??\c:\jddjv.exec:\jddjv.exe43⤵
- Executes dropped EXE
PID:2576 -
\??\c:\rrfrrfx.exec:\rrfrrfx.exe44⤵
- Executes dropped EXE
PID:288 -
\??\c:\nnbhtt.exec:\nnbhtt.exe45⤵
- Executes dropped EXE
PID:2520 -
\??\c:\dpddd.exec:\dpddd.exe46⤵
- Executes dropped EXE
PID:2784 -
\??\c:\nnnhbh.exec:\nnnhbh.exe47⤵
- Executes dropped EXE
PID:1832 -
\??\c:\hhthtt.exec:\hhthtt.exe48⤵
- Executes dropped EXE
PID:316 -
\??\c:\lfxxllx.exec:\lfxxllx.exe49⤵
- Executes dropped EXE
PID:1524 -
\??\c:\1hbntb.exec:\1hbntb.exe50⤵
- Executes dropped EXE
PID:1216 -
\??\c:\1jddj.exec:\1jddj.exe51⤵
- Executes dropped EXE
PID:2700 -
\??\c:\ffxlxrl.exec:\ffxlxrl.exe52⤵
- Executes dropped EXE
PID:536 -
\??\c:\dvddp.exec:\dvddp.exe53⤵
- Executes dropped EXE
PID:2032 -
\??\c:\jdvjd.exec:\jdvjd.exe54⤵
- Executes dropped EXE
PID:680 -
\??\c:\hbhnbb.exec:\hbhnbb.exe55⤵
- Executes dropped EXE
PID:2044 -
\??\c:\5jppj.exec:\5jppj.exe56⤵
- Executes dropped EXE
PID:2256 -
\??\c:\lfxlfxr.exec:\lfxlfxr.exe57⤵
- Executes dropped EXE
PID:3016 -
\??\c:\5hhtht.exec:\5hhtht.exe58⤵
- Executes dropped EXE
PID:1112 -
\??\c:\jdpjp.exec:\jdpjp.exe59⤵
- Executes dropped EXE
PID:1052 -
\??\c:\7ddpp.exec:\7ddpp.exe60⤵
- Executes dropped EXE
PID:1076 -
\??\c:\llxllrl.exec:\llxllrl.exe61⤵
- Executes dropped EXE
PID:2328 -
\??\c:\frlrxxf.exec:\frlrxxf.exe62⤵
- Executes dropped EXE
PID:2096 -
\??\c:\nbtbnt.exec:\nbtbnt.exe63⤵
- Executes dropped EXE
PID:2872 -
\??\c:\3dvpv.exec:\3dvpv.exe64⤵
- Executes dropped EXE
PID:884 -
\??\c:\xrxrxxf.exec:\xrxrxxf.exe65⤵
- Executes dropped EXE
PID:344 -
\??\c:\lxxfrfl.exec:\lxxfrfl.exe66⤵PID:908
-
\??\c:\hbnnnn.exec:\hbnnnn.exe67⤵PID:2408
-
\??\c:\7bttbn.exec:\7bttbn.exe68⤵PID:1196
-
\??\c:\vvpvj.exec:\vvpvj.exe69⤵PID:2016
-
\??\c:\xxrxlrx.exec:\xxrxlrx.exe70⤵PID:1676
-
\??\c:\5hbhbh.exec:\5hbhbh.exe71⤵PID:2372
-
\??\c:\nbbhbh.exec:\nbbhbh.exe72⤵PID:2548
-
\??\c:\vdjvv.exec:\vdjvv.exe73⤵PID:2380
-
\??\c:\flxrfff.exec:\flxrfff.exe74⤵PID:1976
-
\??\c:\3xrrxxl.exec:\3xrrxxl.exe75⤵PID:2736
-
\??\c:\tnnhbt.exec:\tnnhbt.exe76⤵PID:2688
-
\??\c:\7vppd.exec:\7vppd.exe77⤵PID:2580
-
\??\c:\5pddj.exec:\5pddj.exe78⤵PID:2840
-
\??\c:\xlxxxxf.exec:\xlxxxxf.exe79⤵PID:2620
-
\??\c:\hhbbnt.exec:\hhbbnt.exe80⤵PID:2468
-
\??\c:\3bttth.exec:\3bttth.exe81⤵PID:2568
-
\??\c:\pdvdj.exec:\pdvdj.exe82⤵PID:2964
-
\??\c:\jdpjv.exec:\jdpjv.exe83⤵PID:2444
-
\??\c:\fllfrxr.exec:\fllfrxr.exe84⤵PID:376
-
\??\c:\hbhntt.exec:\hbhntt.exe85⤵PID:2796
-
\??\c:\nhtthb.exec:\nhtthb.exe86⤵PID:2556
-
\??\c:\3djdp.exec:\3djdp.exe87⤵PID:1564
-
\??\c:\jdjvp.exec:\jdjvp.exe88⤵PID:316
-
\??\c:\ffrxlrx.exec:\ffrxlrx.exe89⤵PID:2156
-
\??\c:\tnhbnt.exec:\tnhbnt.exe90⤵PID:2176
-
\??\c:\bbtnhn.exec:\bbtnhn.exe91⤵PID:576
-
\??\c:\djpjd.exec:\djpjd.exe92⤵PID:536
-
\??\c:\ppjpd.exec:\ppjpd.exe93⤵PID:2004
-
\??\c:\ffxfrfr.exec:\ffxfrfr.exe94⤵PID:2540
-
\??\c:\7thhbb.exec:\7thhbb.exe95⤵PID:2920
-
\??\c:\btthnt.exec:\btthnt.exe96⤵PID:2196
-
\??\c:\vjdjv.exec:\vjdjv.exe97⤵PID:2800
-
\??\c:\lllxffr.exec:\lllxffr.exe98⤵PID:1692
-
\??\c:\fxrrllf.exec:\fxrrllf.exe99⤵PID:444
-
\??\c:\tnhnbb.exec:\tnhnbb.exe100⤵PID:2884
-
\??\c:\nnhthn.exec:\nnhthn.exe101⤵PID:1456
-
\??\c:\7jdvj.exec:\7jdvj.exe102⤵PID:952
-
\??\c:\9dpjd.exec:\9dpjd.exe103⤵PID:956
-
\??\c:\xrllrrx.exec:\xrllrrx.exe104⤵PID:800
-
\??\c:\nthtnb.exec:\nthtnb.exe105⤵PID:1936
-
\??\c:\hthhtt.exec:\hthhtt.exe106⤵PID:1276
-
\??\c:\jdpvj.exec:\jdpvj.exe107⤵PID:616
-
\??\c:\5dvdp.exec:\5dvdp.exe108⤵PID:2084
-
\??\c:\3rlrrlr.exec:\3rlrrlr.exe109⤵PID:1896
-
\??\c:\1rlxffr.exec:\1rlxffr.exe110⤵PID:2848
-
\??\c:\tbnbbn.exec:\tbnbbn.exe111⤵PID:1632
-
\??\c:\btbbht.exec:\btbbht.exe112⤵PID:1504
-
\??\c:\pjdjv.exec:\pjdjv.exe113⤵PID:2984
-
\??\c:\pjdpv.exec:\pjdpv.exe114⤵PID:2716
-
\??\c:\5rffrxl.exec:\5rffrxl.exe115⤵PID:3032
-
\??\c:\tnnbnb.exec:\tnnbnb.exe116⤵PID:2676
-
\??\c:\9tbbbh.exec:\9tbbbh.exe117⤵PID:2492
-
\??\c:\jjpvv.exec:\jjpvv.exe118⤵PID:2268
-
\??\c:\9pjjj.exec:\9pjjj.exe119⤵PID:2840
-
\??\c:\frllrrx.exec:\frllrrx.exe120⤵PID:2512
-
\??\c:\3ttnth.exec:\3ttnth.exe121⤵PID:2468
-
\??\c:\7jjjv.exec:\7jjjv.exe122⤵PID:2568
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-