Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 01:02
Behavioral task
behavioral1
Sample
9b203c4af5a3ab5adfe832069c56b4e9a081e4e6ee60d31a424634c372f7c8c4.exe
Resource
win7-20240508-en
6 signatures
150 seconds
General
-
Target
9b203c4af5a3ab5adfe832069c56b4e9a081e4e6ee60d31a424634c372f7c8c4.exe
-
Size
279KB
-
MD5
5e2618a5f6341ee8e81d757793baa90e
-
SHA1
3a688b7a85c0908bad64fc0f7f1a443cbd38b192
-
SHA256
9b203c4af5a3ab5adfe832069c56b4e9a081e4e6ee60d31a424634c372f7c8c4
-
SHA512
d9490e5ef3cf0ef030a1bc25f7959e9c69eaa5bbe8eeaf846ab7f4314e7520347719f98fd51ad4afc07b56eace87d2a833df5f1e8eb4a3e9a335106929be4c48
-
SSDEEP
6144:7cm4FmowdHoSoXSBcm4Vcm4FmowdHoSphra+cm4FMhraHcpOaKHpC:B4wFHoSoXW434wFHoS3eg4aeFaKHpC
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/5100-7-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/908-8-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/908-14-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/4868-21-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/1468-28-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/3056-40-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/3444-48-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/3148-36-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/3604-53-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/344-62-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/1760-71-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/628-75-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/4876-83-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/640-97-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/4264-103-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/4264-98-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/1536-110-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/3052-118-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/1192-132-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/5088-131-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/1192-138-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/2452-151-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/1936-175-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/1004-196-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/2904-202-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/1004-199-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/2904-208-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/892-213-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/892-209-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/1852-222-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/4288-226-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/5100-230-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/232-235-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/3952-247-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/2776-257-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/4420-271-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/4876-285-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/3236-290-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/640-295-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/640-299-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/4864-314-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/4792-318-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/3880-308-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/2196-303-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/4148-294-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/2876-281-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/4592-276-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/2940-268-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/2940-263-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/3856-262-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/3056-252-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/3952-243-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/3840-242-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/644-239-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/2620-194-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/412-187-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/1936-183-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/2184-173-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/3264-166-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/3220-158-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/2452-147-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/1692-143-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/5088-125-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon behavioral2/memory/2436-123-0x0000000000400000-0x000000000044D000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/files/0x0006000000023298-3.dat UPX behavioral2/memory/5100-7-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/files/0x0008000000023420-10.dat UPX behavioral2/memory/908-14-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/files/0x0007000000023422-15.dat UPX behavioral2/memory/4868-21-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/files/0x0007000000023423-25.dat UPX behavioral2/memory/1468-28-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/memory/3148-26-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/files/0x0007000000023424-31.dat UPX behavioral2/memory/3056-40-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/files/0x0007000000023425-41.dat UPX behavioral2/memory/3444-43-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/files/0x0007000000023426-45.dat UPX behavioral2/memory/3444-48-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/memory/3604-46-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/memory/3148-36-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/memory/3604-53-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/files/0x0007000000023427-55.dat UPX behavioral2/files/0x0007000000023428-59.dat UPX behavioral2/memory/1760-64-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/memory/344-62-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/memory/1760-71-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/memory/628-69-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/files/0x0007000000023429-67.dat UPX behavioral2/files/0x000700000002342a-73.dat UPX behavioral2/memory/628-75-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/memory/4876-77-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/files/0x000700000002342b-80.dat UPX behavioral2/memory/4876-83-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/memory/1440-84-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/files/0x000700000002342c-87.dat UPX behavioral2/memory/640-97-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/files/0x000700000002342e-104.dat UPX behavioral2/memory/4264-103-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/memory/4264-98-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/memory/3052-111-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/memory/1536-110-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/files/0x000700000002342f-109.dat UPX behavioral2/memory/3052-118-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/files/0x0007000000023430-117.dat UPX behavioral2/files/0x0007000000023431-124.dat UPX behavioral2/files/0x000800000002341e-128.dat UPX behavioral2/memory/5088-131-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/memory/1192-138-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/files/0x0007000000023432-137.dat UPX behavioral2/memory/2452-151-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/files/0x0007000000023436-156.dat UPX behavioral2/memory/3264-159-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/memory/1936-175-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/files/0x000700000002343b-191.dat UPX behavioral2/memory/2620-190-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/memory/1004-196-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/files/0x000700000002343c-201.dat UPX behavioral2/memory/2904-202-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/memory/1004-199-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/memory/2904-208-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/memory/892-213-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/memory/1852-216-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/files/0x000700000002343e-215.dat UPX behavioral2/memory/892-209-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/memory/1852-222-0x0000000000400000-0x000000000044D000-memory.dmp UPX behavioral2/files/0x000700000002343f-220.dat UPX behavioral2/memory/4288-226-0x0000000000400000-0x000000000044D000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 908 dppjv.exe 4868 xrfxrrf.exe 1468 flllfff.exe 3148 lffrlll.exe 3056 tnnhtt.exe 3444 vvpjj.exe 3604 rllxllf.exe 344 jvvjd.exe 1760 ffxfrrl.exe 628 nhnhhn.exe 4876 pjdvv.exe 1440 bnnthn.exe 640 5dddv.exe 4264 djvdv.exe 1536 xxrrflf.exe 3052 9ntnhn.exe 2436 tnhhnh.exe 5088 jddjd.exe 1192 rrlfxrl.exe 1692 bhhnnt.exe 2452 djpjv.exe 3220 rflflfl.exe 3264 nhthnn.exe 2184 dvjdv.exe 1936 fxfflfl.exe 412 bbhtnn.exe 2620 rlrffxr.exe 1004 btnhnh.exe 2904 1ddpj.exe 892 tnhbbb.exe 1852 htbtnn.exe 4288 fxrlffx.exe 5100 nhhbtt.exe 232 jpppj.exe 644 vpjjp.exe 3840 1llxrrf.exe 3952 tbnbnt.exe 3056 jjppv.exe 2776 xxlllff.exe 3856 1xxxxff.exe 2940 hnnhhh.exe 4420 vppjd.exe 4592 jjvvv.exe 2876 frrxlxr.exe 4876 7rllffx.exe 3236 nhhbtn.exe 4148 vpjjj.exe 640 xxrllfx.exe 2196 nhbtnn.exe 3880 pvjjd.exe 4864 vdvpv.exe 4792 flrlfff.exe 744 bhnhbb.exe 2820 pjdvp.exe 1184 rrxflrl.exe 928 bbtnhb.exe 1144 vjvpv.exe 1692 lxfxrxr.exe 1836 fxrflfl.exe 1048 xfllfff.exe 4904 hhhnnn.exe 3748 nhhbnt.exe 868 vvpjj.exe 2344 pvdpj.exe -
resource yara_rule behavioral2/memory/5100-0-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/files/0x0006000000023298-3.dat upx behavioral2/memory/5100-7-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/memory/908-8-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/files/0x0008000000023420-10.dat upx behavioral2/memory/4868-12-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/memory/908-14-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/files/0x0007000000023422-15.dat upx behavioral2/memory/4868-21-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/memory/1468-22-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/files/0x0007000000023423-25.dat upx behavioral2/memory/1468-28-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/memory/3148-26-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/files/0x0007000000023424-31.dat upx behavioral2/memory/3056-34-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/memory/3056-40-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/files/0x0007000000023425-41.dat upx behavioral2/memory/3444-43-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/files/0x0007000000023426-45.dat upx behavioral2/memory/3444-48-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/memory/3604-46-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/memory/3148-36-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/memory/3604-53-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/memory/344-56-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/files/0x0007000000023427-55.dat upx behavioral2/files/0x0007000000023428-59.dat upx behavioral2/memory/1760-64-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/memory/344-62-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/memory/1760-71-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/memory/628-69-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/files/0x0007000000023429-67.dat upx behavioral2/files/0x000700000002342a-73.dat upx behavioral2/memory/628-75-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/memory/4876-77-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/files/0x000700000002342b-80.dat upx behavioral2/memory/4876-83-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/memory/1440-84-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/files/0x000700000002342c-87.dat upx behavioral2/memory/640-97-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/files/0x000700000002342e-104.dat upx behavioral2/memory/4264-103-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/memory/4264-98-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/memory/3052-111-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/memory/1536-110-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/files/0x000700000002342f-109.dat upx behavioral2/memory/3052-118-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/files/0x0007000000023430-117.dat upx behavioral2/memory/2436-115-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/files/0x0007000000023431-124.dat upx behavioral2/files/0x000800000002341e-128.dat upx behavioral2/memory/1192-132-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/memory/5088-131-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/memory/1192-138-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/files/0x0007000000023432-137.dat upx behavioral2/memory/1692-140-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/memory/2452-151-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/files/0x0007000000023436-156.dat upx behavioral2/memory/3264-159-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/memory/2184-167-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/memory/1936-175-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/memory/412-181-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/files/0x000700000002343b-191.dat upx behavioral2/memory/2620-190-0x0000000000400000-0x000000000044D000-memory.dmp upx behavioral2/memory/1004-196-0x0000000000400000-0x000000000044D000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5100 wrote to memory of 908 5100 9b203c4af5a3ab5adfe832069c56b4e9a081e4e6ee60d31a424634c372f7c8c4.exe 83 PID 5100 wrote to memory of 908 5100 9b203c4af5a3ab5adfe832069c56b4e9a081e4e6ee60d31a424634c372f7c8c4.exe 83 PID 5100 wrote to memory of 908 5100 9b203c4af5a3ab5adfe832069c56b4e9a081e4e6ee60d31a424634c372f7c8c4.exe 83 PID 908 wrote to memory of 4868 908 dppjv.exe 84 PID 908 wrote to memory of 4868 908 dppjv.exe 84 PID 908 wrote to memory of 4868 908 dppjv.exe 84 PID 4868 wrote to memory of 1468 4868 xrfxrrf.exe 85 PID 4868 wrote to memory of 1468 4868 xrfxrrf.exe 85 PID 4868 wrote to memory of 1468 4868 xrfxrrf.exe 85 PID 1468 wrote to memory of 3148 1468 flllfff.exe 86 PID 1468 wrote to memory of 3148 1468 flllfff.exe 86 PID 1468 wrote to memory of 3148 1468 flllfff.exe 86 PID 3148 wrote to memory of 3056 3148 lffrlll.exe 124 PID 3148 wrote to memory of 3056 3148 lffrlll.exe 124 PID 3148 wrote to memory of 3056 3148 lffrlll.exe 124 PID 3056 wrote to memory of 3444 3056 tnnhtt.exe 88 PID 3056 wrote to memory of 3444 3056 tnnhtt.exe 88 PID 3056 wrote to memory of 3444 3056 tnnhtt.exe 88 PID 3444 wrote to memory of 3604 3444 vvpjj.exe 89 PID 3444 wrote to memory of 3604 3444 vvpjj.exe 89 PID 3444 wrote to memory of 3604 3444 vvpjj.exe 89 PID 3604 wrote to memory of 344 3604 rllxllf.exe 91 PID 3604 wrote to memory of 344 3604 rllxllf.exe 91 PID 3604 wrote to memory of 344 3604 rllxllf.exe 91 PID 344 wrote to memory of 1760 344 jvvjd.exe 93 PID 344 wrote to memory of 1760 344 jvvjd.exe 93 PID 344 wrote to memory of 1760 344 jvvjd.exe 93 PID 1760 wrote to memory of 628 1760 ffxfrrl.exe 94 PID 1760 wrote to memory of 628 1760 ffxfrrl.exe 94 PID 1760 wrote to memory of 628 1760 ffxfrrl.exe 94 PID 628 wrote to memory of 4876 628 nhnhhn.exe 131 PID 628 wrote to memory of 4876 628 nhnhhn.exe 131 PID 628 wrote to memory of 4876 628 nhnhhn.exe 131 PID 4876 wrote to memory of 1440 4876 pjdvv.exe 96 PID 4876 wrote to memory of 1440 4876 pjdvv.exe 96 PID 4876 wrote to memory of 1440 4876 pjdvv.exe 96 PID 1440 wrote to memory of 640 1440 bnnthn.exe 134 PID 1440 wrote to memory of 640 1440 bnnthn.exe 134 PID 1440 wrote to memory of 640 1440 bnnthn.exe 134 PID 640 wrote to memory of 4264 640 5dddv.exe 99 PID 640 wrote to memory of 4264 640 5dddv.exe 99 PID 640 wrote to memory of 4264 640 5dddv.exe 99 PID 4264 wrote to memory of 1536 4264 djvdv.exe 100 PID 4264 wrote to memory of 1536 4264 djvdv.exe 100 PID 4264 wrote to memory of 1536 4264 djvdv.exe 100 PID 1536 wrote to memory of 3052 1536 xxrrflf.exe 101 PID 1536 wrote to memory of 3052 1536 xxrrflf.exe 101 PID 1536 wrote to memory of 3052 1536 xxrrflf.exe 101 PID 3052 wrote to memory of 2436 3052 9ntnhn.exe 102 PID 3052 wrote to memory of 2436 3052 9ntnhn.exe 102 PID 3052 wrote to memory of 2436 3052 9ntnhn.exe 102 PID 2436 wrote to memory of 5088 2436 tnhhnh.exe 104 PID 2436 wrote to memory of 5088 2436 tnhhnh.exe 104 PID 2436 wrote to memory of 5088 2436 tnhhnh.exe 104 PID 5088 wrote to memory of 1192 5088 jddjd.exe 105 PID 5088 wrote to memory of 1192 5088 jddjd.exe 105 PID 5088 wrote to memory of 1192 5088 jddjd.exe 105 PID 1192 wrote to memory of 1692 1192 rrlfxrl.exe 144 PID 1192 wrote to memory of 1692 1192 rrlfxrl.exe 144 PID 1192 wrote to memory of 1692 1192 rrlfxrl.exe 144 PID 1692 wrote to memory of 2452 1692 bhhnnt.exe 107 PID 1692 wrote to memory of 2452 1692 bhhnnt.exe 107 PID 1692 wrote to memory of 2452 1692 bhhnnt.exe 107 PID 2452 wrote to memory of 3220 2452 djpjv.exe 108
Processes
-
C:\Users\Admin\AppData\Local\Temp\9b203c4af5a3ab5adfe832069c56b4e9a081e4e6ee60d31a424634c372f7c8c4.exe"C:\Users\Admin\AppData\Local\Temp\9b203c4af5a3ab5adfe832069c56b4e9a081e4e6ee60d31a424634c372f7c8c4.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:5100 -
\??\c:\dppjv.exec:\dppjv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:908 -
\??\c:\xrfxrrf.exec:\xrfxrrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4868 -
\??\c:\flllfff.exec:\flllfff.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1468 -
\??\c:\lffrlll.exec:\lffrlll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3148 -
\??\c:\tnnhtt.exec:\tnnhtt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3056 -
\??\c:\vvpjj.exec:\vvpjj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3444 -
\??\c:\rllxllf.exec:\rllxllf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3604 -
\??\c:\jvvjd.exec:\jvvjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:344 -
\??\c:\ffxfrrl.exec:\ffxfrrl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1760 -
\??\c:\nhnhhn.exec:\nhnhhn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:628 -
\??\c:\pjdvv.exec:\pjdvv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4876 -
\??\c:\bnnthn.exec:\bnnthn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1440 -
\??\c:\5dddv.exec:\5dddv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:640 -
\??\c:\djvdv.exec:\djvdv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4264 -
\??\c:\xxrrflf.exec:\xxrrflf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1536 -
\??\c:\9ntnhn.exec:\9ntnhn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3052 -
\??\c:\tnhhnh.exec:\tnhhnh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2436 -
\??\c:\jddjd.exec:\jddjd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5088 -
\??\c:\rrlfxrl.exec:\rrlfxrl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1192 -
\??\c:\bhhnnt.exec:\bhhnnt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1692 -
\??\c:\djpjv.exec:\djpjv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2452 -
\??\c:\rflflfl.exec:\rflflfl.exe23⤵
- Executes dropped EXE
PID:3220 -
\??\c:\nhthnn.exec:\nhthnn.exe24⤵
- Executes dropped EXE
PID:3264 -
\??\c:\dvjdv.exec:\dvjdv.exe25⤵
- Executes dropped EXE
PID:2184 -
\??\c:\fxfflfl.exec:\fxfflfl.exe26⤵
- Executes dropped EXE
PID:1936 -
\??\c:\bbhtnn.exec:\bbhtnn.exe27⤵
- Executes dropped EXE
PID:412 -
\??\c:\rlrffxr.exec:\rlrffxr.exe28⤵
- Executes dropped EXE
PID:2620 -
\??\c:\btnhnh.exec:\btnhnh.exe29⤵
- Executes dropped EXE
PID:1004 -
\??\c:\1ddpj.exec:\1ddpj.exe30⤵
- Executes dropped EXE
PID:2904 -
\??\c:\tnhbbb.exec:\tnhbbb.exe31⤵
- Executes dropped EXE
PID:892 -
\??\c:\htbtnn.exec:\htbtnn.exe32⤵
- Executes dropped EXE
PID:1852 -
\??\c:\fxrlffx.exec:\fxrlffx.exe33⤵
- Executes dropped EXE
PID:4288 -
\??\c:\nhhbtt.exec:\nhhbtt.exe34⤵
- Executes dropped EXE
PID:5100 -
\??\c:\jpppj.exec:\jpppj.exe35⤵
- Executes dropped EXE
PID:232 -
\??\c:\vpjjp.exec:\vpjjp.exe36⤵
- Executes dropped EXE
PID:644 -
\??\c:\1llxrrf.exec:\1llxrrf.exe37⤵
- Executes dropped EXE
PID:3840 -
\??\c:\tbnbnt.exec:\tbnbnt.exe38⤵
- Executes dropped EXE
PID:3952 -
\??\c:\jjppv.exec:\jjppv.exe39⤵
- Executes dropped EXE
PID:3056 -
\??\c:\xxlllff.exec:\xxlllff.exe40⤵
- Executes dropped EXE
PID:2776 -
\??\c:\1xxxxff.exec:\1xxxxff.exe41⤵
- Executes dropped EXE
PID:3856 -
\??\c:\hnnhhh.exec:\hnnhhh.exe42⤵
- Executes dropped EXE
PID:2940 -
\??\c:\vppjd.exec:\vppjd.exe43⤵
- Executes dropped EXE
PID:4420 -
\??\c:\jjvvv.exec:\jjvvv.exe44⤵
- Executes dropped EXE
PID:4592 -
\??\c:\frrxlxr.exec:\frrxlxr.exe45⤵
- Executes dropped EXE
PID:2876 -
\??\c:\7rllffx.exec:\7rllffx.exe46⤵
- Executes dropped EXE
PID:4876 -
\??\c:\nhhbtn.exec:\nhhbtn.exe47⤵
- Executes dropped EXE
PID:3236 -
\??\c:\vpjjj.exec:\vpjjj.exe48⤵
- Executes dropped EXE
PID:4148 -
\??\c:\xxrllfx.exec:\xxrllfx.exe49⤵
- Executes dropped EXE
PID:640 -
\??\c:\nhbtnn.exec:\nhbtnn.exe50⤵
- Executes dropped EXE
PID:2196 -
\??\c:\pvjjd.exec:\pvjjd.exe51⤵
- Executes dropped EXE
PID:3880 -
\??\c:\vdvpv.exec:\vdvpv.exe52⤵
- Executes dropped EXE
PID:4864 -
\??\c:\flrlfff.exec:\flrlfff.exe53⤵
- Executes dropped EXE
PID:4792 -
\??\c:\bhnhbb.exec:\bhnhbb.exe54⤵
- Executes dropped EXE
PID:744 -
\??\c:\pjdvp.exec:\pjdvp.exe55⤵
- Executes dropped EXE
PID:2820 -
\??\c:\rrxflrl.exec:\rrxflrl.exe56⤵
- Executes dropped EXE
PID:1184 -
\??\c:\bbtnhb.exec:\bbtnhb.exe57⤵
- Executes dropped EXE
PID:928 -
\??\c:\vjvpv.exec:\vjvpv.exe58⤵
- Executes dropped EXE
PID:1144 -
\??\c:\lxfxrxr.exec:\lxfxrxr.exe59⤵
- Executes dropped EXE
PID:1692 -
\??\c:\fxrflfl.exec:\fxrflfl.exe60⤵
- Executes dropped EXE
PID:1836 -
\??\c:\xfllfff.exec:\xfllfff.exe61⤵
- Executes dropped EXE
PID:1048 -
\??\c:\hhhnnn.exec:\hhhnnn.exe62⤵
- Executes dropped EXE
PID:4904 -
\??\c:\nhhbnt.exec:\nhhbnt.exe63⤵
- Executes dropped EXE
PID:3748 -
\??\c:\vvpjj.exec:\vvpjj.exe64⤵
- Executes dropped EXE
PID:868 -
\??\c:\pvdpj.exec:\pvdpj.exe65⤵
- Executes dropped EXE
PID:2344 -
\??\c:\xffffll.exec:\xffffll.exe66⤵PID:3172
-
\??\c:\rrxflfl.exec:\rrxflfl.exe67⤵PID:2320
-
\??\c:\hhbtbt.exec:\hhbtbt.exe68⤵PID:4668
-
\??\c:\nhhhbt.exec:\nhhhbt.exe69⤵PID:2388
-
\??\c:\9jjvp.exec:\9jjvp.exe70⤵PID:892
-
\??\c:\xrrlffx.exec:\xrrlffx.exe71⤵PID:3244
-
\??\c:\nhttbh.exec:\nhttbh.exe72⤵PID:4680
-
\??\c:\vpddp.exec:\vpddp.exe73⤵PID:4288
-
\??\c:\7ddvp.exec:\7ddvp.exe74⤵PID:5100
-
\??\c:\lxfxxxx.exec:\lxfxxxx.exe75⤵PID:1772
-
\??\c:\bbbbhh.exec:\bbbbhh.exe76⤵PID:860
-
\??\c:\vvvpj.exec:\vvvpj.exe77⤵PID:1188
-
\??\c:\9djjv.exec:\9djjv.exe78⤵PID:3952
-
\??\c:\5lfxrlf.exec:\5lfxrlf.exe79⤵PID:1032
-
\??\c:\thnnhb.exec:\thnnhb.exe80⤵PID:3612
-
\??\c:\ddjjd.exec:\ddjjd.exe81⤵PID:1608
-
\??\c:\vjpvj.exec:\vjpvj.exe82⤵PID:2940
-
\??\c:\fffxrff.exec:\fffxrff.exe83⤵PID:2040
-
\??\c:\nntnbb.exec:\nntnbb.exe84⤵PID:1872
-
\??\c:\btnbbn.exec:\btnbbn.exe85⤵PID:2788
-
\??\c:\dvdjp.exec:\dvdjp.exe86⤵PID:3408
-
\??\c:\vddpv.exec:\vddpv.exe87⤵PID:2808
-
\??\c:\9ffxrrl.exec:\9ffxrrl.exe88⤵PID:1972
-
\??\c:\bbnnbb.exec:\bbnnbb.exe89⤵PID:2132
-
\??\c:\tbbntt.exec:\tbbntt.exe90⤵PID:4120
-
\??\c:\pddpp.exec:\pddpp.exe91⤵PID:3596
-
\??\c:\lfxxrrl.exec:\lfxxrrl.exe92⤵PID:4792
-
\??\c:\lffxxrr.exec:\lffxxrr.exe93⤵PID:3228
-
\??\c:\hhnnhh.exec:\hhnnhh.exe94⤵PID:1556
-
\??\c:\pjdvd.exec:\pjdvd.exe95⤵PID:4252
-
\??\c:\vjpvv.exec:\vjpvv.exe96⤵PID:4920
-
\??\c:\1hnhbb.exec:\1hnhbb.exe97⤵PID:1344
-
\??\c:\3pvpj.exec:\3pvpj.exe98⤵PID:544
-
\??\c:\1djdd.exec:\1djdd.exe99⤵PID:4092
-
\??\c:\rxffxrl.exec:\rxffxrl.exe100⤵PID:4564
-
\??\c:\hnhhht.exec:\hnhhht.exe101⤵PID:1048
-
\??\c:\bhbnht.exec:\bhbnht.exe102⤵PID:5012
-
\??\c:\vdjjp.exec:\vdjjp.exe103⤵PID:3748
-
\??\c:\rlffxfl.exec:\rlffxfl.exe104⤵PID:4744
-
\??\c:\ffxfrfl.exec:\ffxfrfl.exe105⤵PID:1540
-
\??\c:\7nbbhn.exec:\7nbbhn.exe106⤵PID:2780
-
\??\c:\vdpjv.exec:\vdpjv.exe107⤵PID:3020
-
\??\c:\vjpjj.exec:\vjpjj.exe108⤵PID:1220
-
\??\c:\lxxxlll.exec:\lxxxlll.exe109⤵PID:3240
-
\??\c:\hhbnhb.exec:\hhbnhb.exe110⤵PID:4284
-
\??\c:\pdpjv.exec:\pdpjv.exe111⤵PID:4700
-
\??\c:\rxlxxxl.exec:\rxlxxxl.exe112⤵PID:2160
-
\??\c:\frrrflx.exec:\frrrflx.exe113⤵PID:4708
-
\??\c:\nbhtnh.exec:\nbhtnh.exe114⤵PID:4868
-
\??\c:\pvdvj.exec:\pvdvj.exe115⤵PID:3480
-
\??\c:\5ffxrll.exec:\5ffxrll.exe116⤵PID:1228
-
\??\c:\rxfflxf.exec:\rxfflxf.exe117⤵PID:4076
-
\??\c:\1nthbt.exec:\1nthbt.exe118⤵PID:3652
-
\??\c:\hbtnbt.exec:\hbtnbt.exe119⤵PID:2116
-
\??\c:\dppdv.exec:\dppdv.exe120⤵PID:3828
-
\??\c:\lrlfrxx.exec:\lrlfrxx.exe121⤵PID:2040
-
\??\c:\nhhbhn.exec:\nhhbhn.exe122⤵PID:2536
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-