Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 01:11
Behavioral task
behavioral1
Sample
9ef8e1bd065c95a7c24bbd7b2e31a326bf61e325b5b1a24c51c7b1bca07bc0e8.exe
Resource
win7-20240419-en
6 signatures
150 seconds
General
-
Target
9ef8e1bd065c95a7c24bbd7b2e31a326bf61e325b5b1a24c51c7b1bca07bc0e8.exe
-
Size
379KB
-
MD5
8aad41aef25a2f63a1aabf01d34f130b
-
SHA1
cedc6bd99abe522e55908a3e6006464b32d4079e
-
SHA256
9ef8e1bd065c95a7c24bbd7b2e31a326bf61e325b5b1a24c51c7b1bca07bc0e8
-
SHA512
25a886db2867fc9610447cc8cfe7d353b4d55993da821c3b6d08700d4fc5264a9a6d51dad5016fa086db1f9f23d3f65a36759802c6c7badc2560b23b3483e915
-
SSDEEP
6144:Ocm4FmowdHoSsm4FIc1/cm4FmowdHoSsiNlcJcmHYC9/jvvfwL+TLPfSRcm4FVo6:w4wFHoSl4h4wFHoS24yTgL+zfu4/FHoy
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral1/memory/2424-7-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2680-18-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2632-29-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2724-37-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2740-49-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2524-57-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2604-67-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2604-66-0x0000000001D10000-0x0000000001D82000-memory.dmp family_blackmoon behavioral1/memory/2508-69-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2508-77-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2408-79-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/1324-95-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2800-97-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2800-106-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2592-115-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/1912-127-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/836-135-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2160-137-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2160-146-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2160-145-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/1804-147-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/1804-157-0x0000000001CE0000-0x0000000001D52000-memory.dmp family_blackmoon behavioral1/memory/1804-156-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2024-165-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2208-176-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/1808-174-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2208-185-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/1748-193-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2776-195-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/1908-204-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/1908-212-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/408-217-0x0000000001D10000-0x0000000001D82000-memory.dmp family_blackmoon behavioral1/memory/324-230-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/1704-232-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/1704-240-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/1544-243-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2180-251-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2180-260-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/944-261-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/3004-278-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/1608-295-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/1528-306-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2940-305-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/1528-310-0x0000000000480000-0x00000000004F2000-memory.dmp family_blackmoon behavioral1/memory/1528-315-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/1044-322-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2684-323-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2684-330-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2632-337-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2224-344-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2224-345-0x0000000000480000-0x00000000004F2000-memory.dmp family_blackmoon behavioral1/memory/2512-353-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2652-352-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2156-366-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2956-378-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2956-379-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/1324-400-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2856-408-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2856-407-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2736-416-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2736-415-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2376-423-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2376-422-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral1/memory/2184-431-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral1/files/0x000b0000000122ee-10.dat UPX behavioral1/memory/2424-7-0x0000000000400000-0x0000000000472000-memory.dmp UPX behavioral1/files/0x0039000000013362-16.dat UPX behavioral1/memory/2680-18-0x0000000000400000-0x0000000000472000-memory.dmp UPX behavioral1/memory/2632-26-0x0000000000480000-0x00000000004F2000-memory.dmp UPX behavioral1/files/0x00090000000134f5-30.dat UPX behavioral1/memory/2632-29-0x0000000000400000-0x0000000000472000-memory.dmp UPX behavioral1/files/0x0008000000013a15-38.dat UPX behavioral1/memory/2724-37-0x0000000000400000-0x0000000000472000-memory.dmp UPX behavioral1/memory/2740-43-0x0000000000220000-0x0000000000292000-memory.dmp UPX behavioral1/memory/2740-49-0x0000000000400000-0x0000000000472000-memory.dmp UPX behavioral1/files/0x0008000000013a65-50.dat UPX behavioral1/files/0x0008000000013a85-58.dat UPX behavioral1/memory/2524-57-0x0000000000400000-0x0000000000472000-memory.dmp UPX behavioral1/files/0x000a000000013b02-68.dat UPX behavioral1/memory/2604-67-0x0000000000400000-0x0000000000472000-memory.dmp UPX behavioral1/memory/2508-69-0x0000000000400000-0x0000000000472000-memory.dmp UPX behavioral1/files/0x000800000001451d-78.dat UPX behavioral1/memory/2508-77-0x0000000000400000-0x0000000000472000-memory.dmp UPX behavioral1/memory/2408-79-0x0000000000400000-0x0000000000472000-memory.dmp UPX behavioral1/files/0x0006000000014525-86.dat UPX behavioral1/memory/1324-95-0x0000000000400000-0x0000000000472000-memory.dmp UPX behavioral1/files/0x00060000000145c9-96.dat UPX behavioral1/memory/2800-97-0x0000000000400000-0x0000000000472000-memory.dmp UPX behavioral1/files/0x00060000000145d4-104.dat UPX behavioral1/memory/2800-106-0x0000000000400000-0x0000000000472000-memory.dmp UPX behavioral1/files/0x003900000001340e-116.dat UPX behavioral1/memory/2592-115-0x0000000000400000-0x0000000000472000-memory.dmp UPX behavioral1/files/0x00060000000146a7-124.dat UPX behavioral1/memory/1912-127-0x0000000000400000-0x0000000000472000-memory.dmp UPX behavioral1/files/0x0006000000014730-136.dat UPX behavioral1/memory/836-135-0x0000000000400000-0x0000000000472000-memory.dmp UPX behavioral1/memory/2160-137-0x0000000000400000-0x0000000000472000-memory.dmp UPX behavioral1/files/0x000600000001474b-143.dat UPX behavioral1/memory/2160-146-0x0000000000400000-0x0000000000472000-memory.dmp UPX behavioral1/memory/2160-145-0x0000000000400000-0x0000000000472000-memory.dmp UPX behavioral1/memory/1804-147-0x0000000000400000-0x0000000000472000-memory.dmp UPX behavioral1/files/0x000600000001475f-155.dat UPX behavioral1/memory/1804-157-0x0000000001CE0000-0x0000000001D52000-memory.dmp UPX behavioral1/memory/1804-156-0x0000000000400000-0x0000000000472000-memory.dmp UPX behavioral1/memory/2024-165-0x0000000000400000-0x0000000000472000-memory.dmp UPX behavioral1/files/0x00060000000148af-167.dat UPX behavioral1/memory/2208-176-0x0000000000400000-0x0000000000472000-memory.dmp UPX behavioral1/files/0x0006000000014a29-175.dat UPX behavioral1/memory/1808-174-0x0000000000400000-0x0000000000472000-memory.dmp UPX behavioral1/files/0x0006000000014c0b-183.dat UPX behavioral1/memory/2208-185-0x0000000000400000-0x0000000000472000-memory.dmp UPX behavioral1/files/0x0006000000014d0f-194.dat UPX behavioral1/memory/1748-193-0x0000000000400000-0x0000000000472000-memory.dmp UPX behavioral1/memory/2776-195-0x0000000000400000-0x0000000000472000-memory.dmp UPX behavioral1/files/0x0006000000014fac-205.dat UPX behavioral1/memory/1908-204-0x0000000000400000-0x0000000000472000-memory.dmp UPX behavioral1/files/0x0006000000015077-213.dat UPX behavioral1/memory/1908-212-0x0000000000400000-0x0000000000472000-memory.dmp UPX behavioral1/memory/408-217-0x0000000001D10000-0x0000000001D82000-memory.dmp UPX behavioral1/files/0x00060000000150aa-220.dat UPX behavioral1/memory/324-230-0x0000000000400000-0x0000000000472000-memory.dmp UPX behavioral1/files/0x000600000001523e-231.dat UPX behavioral1/memory/1704-232-0x0000000000400000-0x0000000000472000-memory.dmp UPX behavioral1/memory/1704-240-0x0000000000400000-0x0000000000472000-memory.dmp UPX behavioral1/files/0x000600000001543a-241.dat UPX behavioral1/memory/1544-243-0x0000000000400000-0x0000000000472000-memory.dmp UPX behavioral1/memory/2180-251-0x0000000000400000-0x0000000000472000-memory.dmp UPX behavioral1/files/0x00060000000155e8-250.dat UPX -
Executes dropped EXE 64 IoCs
pid Process 2680 hhnnbb.exe 2632 7dpvd.exe 2724 bthnnt.exe 2740 dvpdj.exe 2524 ddpvp.exe 2604 xrllllx.exe 2508 ffxlxfr.exe 2408 jjjpj.exe 1324 bbnhtb.exe 2800 vdpdp.exe 2592 7bthnt.exe 1912 vdvvd.exe 836 vvjpd.exe 2160 lllxllf.exe 1804 bthnbb.exe 2024 fxllxxr.exe 1808 vdpdv.exe 2208 fxrrxlr.exe 1748 3xlrflr.exe 2776 nnhtnt.exe 1908 dvdjp.exe 408 nnhtnn.exe 324 thbbnn.exe 1704 pdvvp.exe 1544 pdpjj.exe 2180 lfrxffx.exe 944 flxffrx.exe 2140 nnhbnb.exe 3004 hhthtb.exe 1608 dvdjd.exe 2940 httnnh.exe 1528 fxrlxxl.exe 1044 pdjpp.exe 2684 rrlxrfx.exe 2632 1ntthn.exe 2224 jjdpj.exe 2652 rlxxrxf.exe 2512 ttnnhh.exe 2820 xrllffr.exe 2156 5tbnhn.exe 2956 dddpj.exe 296 ffxfrfl.exe 2408 tbtbhn.exe 1324 dvjjd.exe 2856 7llfrfr.exe 2736 1hbntb.exe 2376 5xfxfrx.exe 2184 1nhhnt.exe 1444 bbthtb.exe 2380 7xrrxxl.exe 1208 9ddjd.exe 1032 lxrrxfr.exe 1784 ddpdp.exe 2528 9pdjp.exe 756 5btbnn.exe 1748 3jpjd.exe 1628 hhhnbh.exe 3068 jjjpv.exe 3052 fxrxllx.exe 1956 7tttbb.exe 612 3jvjd.exe 1296 llfrxrl.exe 1560 pjdpp.exe 956 vvppj.exe -
resource yara_rule behavioral1/memory/2424-0-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral1/memory/2424-8-0x0000000000300000-0x0000000000372000-memory.dmp upx behavioral1/files/0x000b0000000122ee-10.dat upx behavioral1/memory/2424-7-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral1/memory/2424-6-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral1/files/0x0039000000013362-16.dat upx behavioral1/memory/2632-19-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral1/memory/2680-18-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral1/memory/2632-26-0x0000000000480000-0x00000000004F2000-memory.dmp upx behavioral1/files/0x00090000000134f5-30.dat upx behavioral1/memory/2632-29-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral1/files/0x0008000000013a15-38.dat upx behavioral1/memory/2724-37-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral1/memory/2740-39-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral1/memory/2740-43-0x0000000000220000-0x0000000000292000-memory.dmp upx behavioral1/memory/2740-49-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral1/files/0x0008000000013a65-50.dat upx behavioral1/files/0x0008000000013a85-58.dat upx behavioral1/memory/2524-57-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral1/files/0x000a000000013b02-68.dat upx behavioral1/memory/2604-67-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral1/memory/2508-69-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral1/files/0x000800000001451d-78.dat upx behavioral1/memory/2508-77-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral1/memory/2408-79-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral1/files/0x0006000000014525-86.dat upx behavioral1/memory/1324-95-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral1/files/0x00060000000145c9-96.dat upx behavioral1/memory/2800-97-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral1/files/0x00060000000145d4-104.dat upx behavioral1/memory/2800-106-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral1/memory/2592-109-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral1/memory/1912-117-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral1/files/0x003900000001340e-116.dat upx behavioral1/memory/2592-115-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral1/memory/1912-121-0x0000000000480000-0x00000000004F2000-memory.dmp upx behavioral1/files/0x00060000000146a7-124.dat upx behavioral1/memory/1912-127-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral1/files/0x0006000000014730-136.dat upx behavioral1/memory/836-135-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral1/memory/2160-137-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral1/files/0x000600000001474b-143.dat upx behavioral1/memory/2160-146-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral1/memory/2160-145-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral1/memory/1804-147-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral1/files/0x000600000001475f-155.dat upx behavioral1/memory/1804-157-0x0000000001CE0000-0x0000000001D52000-memory.dmp upx behavioral1/memory/1804-156-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral1/memory/2024-165-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral1/files/0x00060000000148af-167.dat upx behavioral1/memory/2208-176-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral1/files/0x0006000000014a29-175.dat upx behavioral1/memory/1808-174-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral1/files/0x0006000000014c0b-183.dat upx behavioral1/memory/2208-185-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral1/files/0x0006000000014d0f-194.dat upx behavioral1/memory/1748-193-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral1/memory/2776-195-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral1/files/0x0006000000014fac-205.dat upx behavioral1/memory/1908-204-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral1/files/0x0006000000015077-213.dat upx behavioral1/memory/1908-212-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral1/memory/408-217-0x0000000001D10000-0x0000000001D82000-memory.dmp upx behavioral1/files/0x00060000000150aa-220.dat upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2424 wrote to memory of 2680 2424 9ef8e1bd065c95a7c24bbd7b2e31a326bf61e325b5b1a24c51c7b1bca07bc0e8.exe 28 PID 2424 wrote to memory of 2680 2424 9ef8e1bd065c95a7c24bbd7b2e31a326bf61e325b5b1a24c51c7b1bca07bc0e8.exe 28 PID 2424 wrote to memory of 2680 2424 9ef8e1bd065c95a7c24bbd7b2e31a326bf61e325b5b1a24c51c7b1bca07bc0e8.exe 28 PID 2424 wrote to memory of 2680 2424 9ef8e1bd065c95a7c24bbd7b2e31a326bf61e325b5b1a24c51c7b1bca07bc0e8.exe 28 PID 2680 wrote to memory of 2632 2680 hhnnbb.exe 29 PID 2680 wrote to memory of 2632 2680 hhnnbb.exe 29 PID 2680 wrote to memory of 2632 2680 hhnnbb.exe 29 PID 2680 wrote to memory of 2632 2680 hhnnbb.exe 29 PID 2632 wrote to memory of 2724 2632 7dpvd.exe 30 PID 2632 wrote to memory of 2724 2632 7dpvd.exe 30 PID 2632 wrote to memory of 2724 2632 7dpvd.exe 30 PID 2632 wrote to memory of 2724 2632 7dpvd.exe 30 PID 2724 wrote to memory of 2740 2724 bthnnt.exe 31 PID 2724 wrote to memory of 2740 2724 bthnnt.exe 31 PID 2724 wrote to memory of 2740 2724 bthnnt.exe 31 PID 2724 wrote to memory of 2740 2724 bthnnt.exe 31 PID 2740 wrote to memory of 2524 2740 dvpdj.exe 32 PID 2740 wrote to memory of 2524 2740 dvpdj.exe 32 PID 2740 wrote to memory of 2524 2740 dvpdj.exe 32 PID 2740 wrote to memory of 2524 2740 dvpdj.exe 32 PID 2524 wrote to memory of 2604 2524 ddpvp.exe 33 PID 2524 wrote to memory of 2604 2524 ddpvp.exe 33 PID 2524 wrote to memory of 2604 2524 ddpvp.exe 33 PID 2524 wrote to memory of 2604 2524 ddpvp.exe 33 PID 2604 wrote to memory of 2508 2604 xrllllx.exe 34 PID 2604 wrote to memory of 2508 2604 xrllllx.exe 34 PID 2604 wrote to memory of 2508 2604 xrllllx.exe 34 PID 2604 wrote to memory of 2508 2604 xrllllx.exe 34 PID 2508 wrote to memory of 2408 2508 ffxlxfr.exe 35 PID 2508 wrote to memory of 2408 2508 ffxlxfr.exe 35 PID 2508 wrote to memory of 2408 2508 ffxlxfr.exe 35 PID 2508 wrote to memory of 2408 2508 ffxlxfr.exe 35 PID 2408 wrote to memory of 1324 2408 jjjpj.exe 36 PID 2408 wrote to memory of 1324 2408 jjjpj.exe 36 PID 2408 wrote to memory of 1324 2408 jjjpj.exe 36 PID 2408 wrote to memory of 1324 2408 jjjpj.exe 36 PID 1324 wrote to memory of 2800 1324 bbnhtb.exe 37 PID 1324 wrote to memory of 2800 1324 bbnhtb.exe 37 PID 1324 wrote to memory of 2800 1324 bbnhtb.exe 37 PID 1324 wrote to memory of 2800 1324 bbnhtb.exe 37 PID 2800 wrote to memory of 2592 2800 vdpdp.exe 38 PID 2800 wrote to memory of 2592 2800 vdpdp.exe 38 PID 2800 wrote to memory of 2592 2800 vdpdp.exe 38 PID 2800 wrote to memory of 2592 2800 vdpdp.exe 38 PID 2592 wrote to memory of 1912 2592 7bthnt.exe 39 PID 2592 wrote to memory of 1912 2592 7bthnt.exe 39 PID 2592 wrote to memory of 1912 2592 7bthnt.exe 39 PID 2592 wrote to memory of 1912 2592 7bthnt.exe 39 PID 1912 wrote to memory of 836 1912 vdvvd.exe 40 PID 1912 wrote to memory of 836 1912 vdvvd.exe 40 PID 1912 wrote to memory of 836 1912 vdvvd.exe 40 PID 1912 wrote to memory of 836 1912 vdvvd.exe 40 PID 836 wrote to memory of 2160 836 vvjpd.exe 41 PID 836 wrote to memory of 2160 836 vvjpd.exe 41 PID 836 wrote to memory of 2160 836 vvjpd.exe 41 PID 836 wrote to memory of 2160 836 vvjpd.exe 41 PID 2160 wrote to memory of 1804 2160 lllxllf.exe 42 PID 2160 wrote to memory of 1804 2160 lllxllf.exe 42 PID 2160 wrote to memory of 1804 2160 lllxllf.exe 42 PID 2160 wrote to memory of 1804 2160 lllxllf.exe 42 PID 1804 wrote to memory of 2024 1804 bthnbb.exe 43 PID 1804 wrote to memory of 2024 1804 bthnbb.exe 43 PID 1804 wrote to memory of 2024 1804 bthnbb.exe 43 PID 1804 wrote to memory of 2024 1804 bthnbb.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\9ef8e1bd065c95a7c24bbd7b2e31a326bf61e325b5b1a24c51c7b1bca07bc0e8.exe"C:\Users\Admin\AppData\Local\Temp\9ef8e1bd065c95a7c24bbd7b2e31a326bf61e325b5b1a24c51c7b1bca07bc0e8.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2424 -
\??\c:\hhnnbb.exec:\hhnnbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2680 -
\??\c:\7dpvd.exec:\7dpvd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2632 -
\??\c:\bthnnt.exec:\bthnnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2724 -
\??\c:\dvpdj.exec:\dvpdj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2740 -
\??\c:\ddpvp.exec:\ddpvp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2524 -
\??\c:\xrllllx.exec:\xrllllx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2604 -
\??\c:\ffxlxfr.exec:\ffxlxfr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2508 -
\??\c:\jjjpj.exec:\jjjpj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2408 -
\??\c:\bbnhtb.exec:\bbnhtb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1324 -
\??\c:\vdpdp.exec:\vdpdp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2800 -
\??\c:\7bthnt.exec:\7bthnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2592 -
\??\c:\vdvvd.exec:\vdvvd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1912 -
\??\c:\vvjpd.exec:\vvjpd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:836 -
\??\c:\lllxllf.exec:\lllxllf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2160 -
\??\c:\bthnbb.exec:\bthnbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1804 -
\??\c:\fxllxxr.exec:\fxllxxr.exe17⤵
- Executes dropped EXE
PID:2024 -
\??\c:\vdpdv.exec:\vdpdv.exe18⤵
- Executes dropped EXE
PID:1808 -
\??\c:\fxrrxlr.exec:\fxrrxlr.exe19⤵
- Executes dropped EXE
PID:2208 -
\??\c:\3xlrflr.exec:\3xlrflr.exe20⤵
- Executes dropped EXE
PID:1748 -
\??\c:\nnhtnt.exec:\nnhtnt.exe21⤵
- Executes dropped EXE
PID:2776 -
\??\c:\dvdjp.exec:\dvdjp.exe22⤵
- Executes dropped EXE
PID:1908 -
\??\c:\nnhtnn.exec:\nnhtnn.exe23⤵
- Executes dropped EXE
PID:408 -
\??\c:\thbbnn.exec:\thbbnn.exe24⤵
- Executes dropped EXE
PID:324 -
\??\c:\pdvvp.exec:\pdvvp.exe25⤵
- Executes dropped EXE
PID:1704 -
\??\c:\pdpjj.exec:\pdpjj.exe26⤵
- Executes dropped EXE
PID:1544 -
\??\c:\lfrxffx.exec:\lfrxffx.exe27⤵
- Executes dropped EXE
PID:2180 -
\??\c:\flxffrx.exec:\flxffrx.exe28⤵
- Executes dropped EXE
PID:944 -
\??\c:\nnhbnb.exec:\nnhbnb.exe29⤵
- Executes dropped EXE
PID:2140 -
\??\c:\hhthtb.exec:\hhthtb.exe30⤵
- Executes dropped EXE
PID:3004 -
\??\c:\dvdjd.exec:\dvdjd.exe31⤵
- Executes dropped EXE
PID:1608 -
\??\c:\httnnh.exec:\httnnh.exe32⤵
- Executes dropped EXE
PID:2940 -
\??\c:\fxrlxxl.exec:\fxrlxxl.exe33⤵
- Executes dropped EXE
PID:1528 -
\??\c:\pdjpp.exec:\pdjpp.exe34⤵
- Executes dropped EXE
PID:1044 -
\??\c:\rrlxrfx.exec:\rrlxrfx.exe35⤵
- Executes dropped EXE
PID:2684 -
\??\c:\1ntthn.exec:\1ntthn.exe36⤵
- Executes dropped EXE
PID:2632 -
\??\c:\jjdpj.exec:\jjdpj.exe37⤵
- Executes dropped EXE
PID:2224 -
\??\c:\rlxxrxf.exec:\rlxxrxf.exe38⤵
- Executes dropped EXE
PID:2652 -
\??\c:\ttnnhh.exec:\ttnnhh.exe39⤵
- Executes dropped EXE
PID:2512 -
\??\c:\xrllffr.exec:\xrllffr.exe40⤵
- Executes dropped EXE
PID:2820 -
\??\c:\5tbnhn.exec:\5tbnhn.exe41⤵
- Executes dropped EXE
PID:2156 -
\??\c:\dddpj.exec:\dddpj.exe42⤵
- Executes dropped EXE
PID:2956 -
\??\c:\ffxfrfl.exec:\ffxfrfl.exe43⤵
- Executes dropped EXE
PID:296 -
\??\c:\tbtbhn.exec:\tbtbhn.exe44⤵
- Executes dropped EXE
PID:2408 -
\??\c:\dvjjd.exec:\dvjjd.exe45⤵
- Executes dropped EXE
PID:1324 -
\??\c:\7llfrfr.exec:\7llfrfr.exe46⤵
- Executes dropped EXE
PID:2856 -
\??\c:\1hbntb.exec:\1hbntb.exe47⤵
- Executes dropped EXE
PID:2736 -
\??\c:\5xfxfrx.exec:\5xfxfrx.exe48⤵
- Executes dropped EXE
PID:2376 -
\??\c:\1nhhnt.exec:\1nhhnt.exe49⤵
- Executes dropped EXE
PID:2184 -
\??\c:\bbthtb.exec:\bbthtb.exe50⤵
- Executes dropped EXE
PID:1444 -
\??\c:\7xrrxxl.exec:\7xrrxxl.exe51⤵
- Executes dropped EXE
PID:2380 -
\??\c:\9ddjd.exec:\9ddjd.exe52⤵
- Executes dropped EXE
PID:1208 -
\??\c:\lxrrxfr.exec:\lxrrxfr.exe53⤵
- Executes dropped EXE
PID:1032 -
\??\c:\ddpdp.exec:\ddpdp.exe54⤵
- Executes dropped EXE
PID:1784 -
\??\c:\9pdjp.exec:\9pdjp.exe55⤵
- Executes dropped EXE
PID:2528 -
\??\c:\5btbnn.exec:\5btbnn.exe56⤵
- Executes dropped EXE
PID:756 -
\??\c:\3jpjd.exec:\3jpjd.exe57⤵
- Executes dropped EXE
PID:1748 -
\??\c:\hhhnbh.exec:\hhhnbh.exe58⤵
- Executes dropped EXE
PID:1628 -
\??\c:\jjjpv.exec:\jjjpv.exe59⤵
- Executes dropped EXE
PID:3068 -
\??\c:\fxrxllx.exec:\fxrxllx.exe60⤵
- Executes dropped EXE
PID:3052 -
\??\c:\7tttbb.exec:\7tttbb.exe61⤵
- Executes dropped EXE
PID:1956 -
\??\c:\3jvjd.exec:\3jvjd.exe62⤵
- Executes dropped EXE
PID:612 -
\??\c:\llfrxrl.exec:\llfrxrl.exe63⤵
- Executes dropped EXE
PID:1296 -
\??\c:\pjdpp.exec:\pjdpp.exe64⤵
- Executes dropped EXE
PID:1560 -
\??\c:\vvppj.exec:\vvppj.exe65⤵
- Executes dropped EXE
PID:956 -
\??\c:\lrrrfxl.exec:\lrrrfxl.exe66⤵PID:2988
-
\??\c:\nhhnhn.exec:\nhhnhn.exe67⤵PID:1636
-
\??\c:\nnnbtb.exec:\nnnbtb.exe68⤵PID:2140
-
\??\c:\jjjvp.exec:\jjjvp.exe69⤵PID:2064
-
\??\c:\frlxxff.exec:\frlxxff.exe70⤵PID:1888
-
\??\c:\btnbth.exec:\btnbth.exe71⤵PID:2424
-
\??\c:\dvpvp.exec:\dvpvp.exe72⤵PID:2584
-
\??\c:\xfrfrrl.exec:\xfrfrrl.exe73⤵PID:1496
-
\??\c:\ffxlrxl.exec:\ffxlrxl.exe74⤵PID:2712
-
\??\c:\5ntttb.exec:\5ntttb.exe75⤵PID:2876
-
\??\c:\7lffrxf.exec:\7lffrxf.exe76⤵PID:2744
-
\??\c:\9nbhtb.exec:\9nbhtb.exe77⤵PID:2652
-
\??\c:\nhhnbh.exec:\nhhnbh.exe78⤵PID:2484
-
\??\c:\ppjdp.exec:\ppjdp.exe79⤵PID:2628
-
\??\c:\ffflxfx.exec:\ffflxfx.exe80⤵PID:2660
-
\??\c:\5tthtt.exec:\5tthtt.exe81⤵PID:2332
-
\??\c:\5bbnnt.exec:\5bbnnt.exe82⤵PID:2960
-
\??\c:\pppvj.exec:\pppvj.exe83⤵PID:2668
-
\??\c:\dvpdp.exec:\dvpdp.exe84⤵PID:1816
-
\??\c:\xrrxlrl.exec:\xrrxlrl.exe85⤵PID:1836
-
\??\c:\hhthtt.exec:\hhthtt.exe86⤵PID:2120
-
\??\c:\hbtthn.exec:\hbtthn.exe87⤵PID:2736
-
\??\c:\vpdpd.exec:\vpdpd.exe88⤵PID:2784
-
\??\c:\fffxlxl.exec:\fffxlxl.exe89⤵PID:2420
-
\??\c:\hnbhbn.exec:\hnbhbn.exe90⤵PID:1844
-
\??\c:\tbbbtb.exec:\tbbbtb.exe91⤵PID:2160
-
\??\c:\pvpjv.exec:\pvpjv.exe92⤵PID:2164
-
\??\c:\vdvdv.exec:\vdvdv.exe93⤵PID:1804
-
\??\c:\3lrflrl.exec:\3lrflrl.exe94⤵PID:2176
-
\??\c:\tttbnt.exec:\tttbnt.exe95⤵PID:1808
-
\??\c:\vpjpv.exec:\vpjpv.exe96⤵PID:2936
-
\??\c:\1jvdd.exec:\1jvdd.exe97⤵PID:1764
-
\??\c:\flllffl.exec:\flllffl.exe98⤵PID:292
-
\??\c:\hhbhbt.exec:\hhbhbt.exe99⤵PID:2220
-
\??\c:\hbbhtt.exec:\hbbhtt.exe100⤵PID:2776
-
\??\c:\pppjv.exec:\pppjv.exe101⤵PID:824
-
\??\c:\jdddv.exec:\jdddv.exe102⤵PID:3068
-
\??\c:\rrxxlxl.exec:\rrxxlxl.exe103⤵PID:3052
-
\??\c:\hbtbnt.exec:\hbtbnt.exe104⤵PID:448
-
\??\c:\bbthnb.exec:\bbthnb.exe105⤵PID:1960
-
\??\c:\vvpjv.exec:\vvpjv.exe106⤵PID:2016
-
\??\c:\lxrfxxr.exec:\lxrfxxr.exe107⤵PID:1940
-
\??\c:\bbnntn.exec:\bbnntn.exe108⤵PID:608
-
\??\c:\btthbh.exec:\btthbh.exe109⤵PID:956
-
\??\c:\jdddv.exec:\jdddv.exe110⤵PID:2404
-
\??\c:\9lxlrfr.exec:\9lxlrfr.exe111⤵PID:2868
-
\??\c:\rrrllrl.exec:\rrrllrl.exe112⤵PID:3004
-
\??\c:\7nntbh.exec:\7nntbh.exe113⤵PID:888
-
\??\c:\3jjpd.exec:\3jjpd.exe114⤵PID:2064
-
\??\c:\9jjvv.exec:\9jjvv.exe115⤵PID:1640
-
\??\c:\rrrlflf.exec:\rrrlflf.exe116⤵PID:2768
-
\??\c:\7hhbnb.exec:\7hhbnb.exe117⤵PID:1528
-
\??\c:\tnhhtt.exec:\tnhhtt.exe118⤵PID:2700
-
\??\c:\jjjpv.exec:\jjjpv.exe119⤵PID:2644
-
\??\c:\flfrlfx.exec:\flfrlfx.exe120⤵PID:1924
-
\??\c:\tnhbnt.exec:\tnhbnt.exe121⤵PID:1812
-
\??\c:\bbhthh.exec:\bbhthh.exe122⤵PID:2880
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-