Analysis
-
max time kernel
150s -
max time network
115s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 01:11
Behavioral task
behavioral1
Sample
6798c0237d21fdbe504b8ae4f7250450_NeikiAnalytics.exe
Resource
win7-20240221-en
7 signatures
150 seconds
General
-
Target
6798c0237d21fdbe504b8ae4f7250450_NeikiAnalytics.exe
-
Size
169KB
-
MD5
6798c0237d21fdbe504b8ae4f7250450
-
SHA1
adb3afeb25d0e6d5e2c89fe7f5c350f7c88df4b6
-
SHA256
1c3293d3f07582f50f6d67e1055811df49f0235e29f90a6413a77db5fff51bba
-
SHA512
efecd97dfb07ad81656e17c342dbf06de6148519149da12ffaa1e7f01b3fd2627f6307b70ffce0ae58363ed3e50dcf25b852d92aaba5ef98ca1e102a98b60abe
-
SSDEEP
1536:HvQBeOGtrYS3srx93UBWfwC6Ggnouy8CUYj7FK4O8A1o4XEc3YtxD8/Ai2V:HhOmTsF93UYfwC6GIoutX8Ki3c3YT8Vu
Malware Config
Signatures
-
Detect Blackmoon payload 63 IoCs
resource yara_rule behavioral2/memory/3016-30-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/1184-50-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/2412-80-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/1964-121-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/3276-239-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/3340-243-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/1880-265-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/4500-294-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/3356-301-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/1260-356-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/4468-394-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/2072-428-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/3984-601-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/64-615-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/4444-659-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/3884-875-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/4904-785-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/1796-778-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/4016-709-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/4968-658-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/4064-642-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/4044-632-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/4720-526-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/4596-525-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/216-494-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/3820-463-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/4704-420-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/2776-412-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/4776-402-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/3132-398-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/3904-374-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/3904-370-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/1828-340-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/4620-333-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/3976-328-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/4960-327-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/2396-308-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/3008-254-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/4564-248-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/1240-211-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/4376-200-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/64-192-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/3908-190-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/1828-186-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/1064-180-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/976-159-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/3664-143-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/4848-139-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/1652-126-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/1452-119-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/4052-112-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/4844-107-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/2244-87-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/3700-74-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/4564-67-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/1512-61-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/4476-51-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/2076-39-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/1224-37-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/3020-24-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/4712-13-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/3696-12-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon behavioral2/memory/3988-5-0x0000000000400000-0x0000000000446000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 3696 hhttbn.exe 4712 pdvjv.exe 3020 rffxflr.exe 3016 fxxxfrf.exe 1224 hhbbnh.exe 2076 tnhtnh.exe 1184 pjjvp.exe 4476 5lfxrrf.exe 1512 vpdvp.exe 4564 rrrfxff.exe 3700 3hhbhh.exe 2412 vpjvd.exe 4628 3hhbth.exe 2244 btnhbb.exe 4860 jdjdv.exe 2072 xflrlrx.exe 4844 jdjjd.exe 4052 flfrrxf.exe 1452 ttttnh.exe 1964 ddppv.exe 1652 rxffxxr.exe 1612 hhhbth.exe 4848 jvjdv.exe 3664 rrlfxfx.exe 3328 nbttnt.exe 3820 nnbtbn.exe 976 nnbbtn.exe 936 ntbntn.exe 2420 jvjjd.exe 1064 9rlfrll.exe 1828 nhhbbb.exe 3908 vpjvd.exe 64 xlxxfxf.exe 3776 lxxrllf.exe 4376 hnhtbt.exe 3084 bhtnhh.exe 3696 djdpp.exe 1240 jppjj.exe 3688 rrlfxfx.exe 4432 3lfffff.exe 4040 btbbtt.exe 4604 ppppj.exe 3544 vddjv.exe 2712 frfrfxx.exe 3236 hbbtnn.exe 3276 hhtntt.exe 3340 jvdvv.exe 3292 ffrrlrl.exe 4564 hbthtn.exe 3008 xrfxxlf.exe 4852 5frrlfx.exe 4256 tnhttt.exe 1880 hthhhh.exe 1796 ddpjj.exe 864 xlrrrrl.exe 2072 lxrxxfr.exe 4784 tnnttb.exe 1152 vvpjj.exe 2372 lffxxxx.exe 1164 rrxlllx.exe 3120 5nbnnt.exe 4500 nhhbbt.exe 4828 vdjdv.exe 3356 vjpjj.exe -
resource yara_rule behavioral2/memory/3988-0-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/files/0x0009000000023297-6.dat upx behavioral2/files/0x000700000002342e-16.dat upx behavioral2/memory/3016-25-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/3016-30-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/files/0x0007000000023432-44.dat upx behavioral2/memory/1184-50-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/files/0x0007000000023435-59.dat upx behavioral2/files/0x0007000000023436-68.dat upx behavioral2/files/0x0007000000023437-73.dat upx behavioral2/memory/2412-80-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/files/0x000700000002343a-89.dat upx behavioral2/files/0x000700000002343b-96.dat upx behavioral2/files/0x000700000002343f-110.dat upx behavioral2/files/0x0007000000023440-116.dat upx behavioral2/memory/1964-121-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/files/0x0007000000023441-130.dat upx behavioral2/files/0x0007000000023444-147.dat upx behavioral2/files/0x0007000000023447-164.dat upx behavioral2/files/0x0007000000023448-169.dat upx behavioral2/files/0x0007000000023449-174.dat upx behavioral2/files/0x000700000002344a-181.dat upx behavioral2/memory/3084-203-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/3276-239-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/3340-243-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/1880-265-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/2072-272-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/4500-294-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/3356-301-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/1260-356-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/4208-363-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/4468-394-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/2072-428-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/2920-569-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/3984-601-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/64-615-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/1224-619-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/4444-659-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/4752-771-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/4784-792-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/1936-856-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/3884-875-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/2420-833-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/1964-814-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/4904-785-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/1796-778-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/1044-743-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/4604-736-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/4016-709-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/4624-692-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/884-682-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/3340-675-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/4968-658-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/4064-642-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/4044-632-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/64-611-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/3984-597-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/8-553-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/4860-540-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/3616-533-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/4720-526-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/4596-525-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/216-494-0x0000000000400000-0x0000000000446000-memory.dmp upx behavioral2/memory/4440-486-0x0000000000400000-0x0000000000446000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3988 wrote to memory of 3696 3988 6798c0237d21fdbe504b8ae4f7250450_NeikiAnalytics.exe 83 PID 3988 wrote to memory of 3696 3988 6798c0237d21fdbe504b8ae4f7250450_NeikiAnalytics.exe 83 PID 3988 wrote to memory of 3696 3988 6798c0237d21fdbe504b8ae4f7250450_NeikiAnalytics.exe 83 PID 3696 wrote to memory of 4712 3696 hhttbn.exe 84 PID 3696 wrote to memory of 4712 3696 hhttbn.exe 84 PID 3696 wrote to memory of 4712 3696 hhttbn.exe 84 PID 4712 wrote to memory of 3020 4712 pdvjv.exe 85 PID 4712 wrote to memory of 3020 4712 pdvjv.exe 85 PID 4712 wrote to memory of 3020 4712 pdvjv.exe 85 PID 3020 wrote to memory of 3016 3020 rffxflr.exe 86 PID 3020 wrote to memory of 3016 3020 rffxflr.exe 86 PID 3020 wrote to memory of 3016 3020 rffxflr.exe 86 PID 3016 wrote to memory of 1224 3016 fxxxfrf.exe 88 PID 3016 wrote to memory of 1224 3016 fxxxfrf.exe 88 PID 3016 wrote to memory of 1224 3016 fxxxfrf.exe 88 PID 1224 wrote to memory of 2076 1224 hhbbnh.exe 90 PID 1224 wrote to memory of 2076 1224 hhbbnh.exe 90 PID 1224 wrote to memory of 2076 1224 hhbbnh.exe 90 PID 2076 wrote to memory of 1184 2076 tnhtnh.exe 91 PID 2076 wrote to memory of 1184 2076 tnhtnh.exe 91 PID 2076 wrote to memory of 1184 2076 tnhtnh.exe 91 PID 1184 wrote to memory of 4476 1184 pjjvp.exe 92 PID 1184 wrote to memory of 4476 1184 pjjvp.exe 92 PID 1184 wrote to memory of 4476 1184 pjjvp.exe 92 PID 4476 wrote to memory of 1512 4476 5lfxrrf.exe 301 PID 4476 wrote to memory of 1512 4476 5lfxrrf.exe 301 PID 4476 wrote to memory of 1512 4476 5lfxrrf.exe 301 PID 1512 wrote to memory of 4564 1512 vpdvp.exe 94 PID 1512 wrote to memory of 4564 1512 vpdvp.exe 94 PID 1512 wrote to memory of 4564 1512 vpdvp.exe 94 PID 4564 wrote to memory of 3700 4564 rrrfxff.exe 96 PID 4564 wrote to memory of 3700 4564 rrrfxff.exe 96 PID 4564 wrote to memory of 3700 4564 rrrfxff.exe 96 PID 3700 wrote to memory of 2412 3700 3hhbhh.exe 97 PID 3700 wrote to memory of 2412 3700 3hhbhh.exe 97 PID 3700 wrote to memory of 2412 3700 3hhbhh.exe 97 PID 2412 wrote to memory of 4628 2412 vpjvd.exe 365 PID 2412 wrote to memory of 4628 2412 vpjvd.exe 365 PID 2412 wrote to memory of 4628 2412 vpjvd.exe 365 PID 4628 wrote to memory of 2244 4628 3hhbth.exe 99 PID 4628 wrote to memory of 2244 4628 3hhbth.exe 99 PID 4628 wrote to memory of 2244 4628 3hhbth.exe 99 PID 2244 wrote to memory of 4860 2244 btnhbb.exe 100 PID 2244 wrote to memory of 4860 2244 btnhbb.exe 100 PID 2244 wrote to memory of 4860 2244 btnhbb.exe 100 PID 4860 wrote to memory of 2072 4860 jdjdv.exe 101 PID 4860 wrote to memory of 2072 4860 jdjdv.exe 101 PID 4860 wrote to memory of 2072 4860 jdjdv.exe 101 PID 2072 wrote to memory of 4844 2072 xflrlrx.exe 345 PID 2072 wrote to memory of 4844 2072 xflrlrx.exe 345 PID 2072 wrote to memory of 4844 2072 xflrlrx.exe 345 PID 4844 wrote to memory of 4052 4844 jdjjd.exe 104 PID 4844 wrote to memory of 4052 4844 jdjjd.exe 104 PID 4844 wrote to memory of 4052 4844 jdjjd.exe 104 PID 4052 wrote to memory of 1452 4052 flfrrxf.exe 105 PID 4052 wrote to memory of 1452 4052 flfrrxf.exe 105 PID 4052 wrote to memory of 1452 4052 flfrrxf.exe 105 PID 1452 wrote to memory of 1964 1452 ttttnh.exe 106 PID 1452 wrote to memory of 1964 1452 ttttnh.exe 106 PID 1452 wrote to memory of 1964 1452 ttttnh.exe 106 PID 1964 wrote to memory of 1652 1964 ddppv.exe 107 PID 1964 wrote to memory of 1652 1964 ddppv.exe 107 PID 1964 wrote to memory of 1652 1964 ddppv.exe 107 PID 1652 wrote to memory of 1612 1652 rxffxxr.exe 108
Processes
-
C:\Users\Admin\AppData\Local\Temp\2909617349\zmstage.exeC:\Users\Admin\AppData\Local\Temp\2909617349\zmstage.exe1⤵PID:4440
-
C:\Users\Admin\AppData\Local\Temp\6798c0237d21fdbe504b8ae4f7250450_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6798c0237d21fdbe504b8ae4f7250450_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3988 -
\??\c:\hhttbn.exec:\hhttbn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3696 -
\??\c:\pdvjv.exec:\pdvjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4712 -
\??\c:\rffxflr.exec:\rffxflr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3020 -
\??\c:\fxxxfrf.exec:\fxxxfrf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3016 -
\??\c:\hhbbnh.exec:\hhbbnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1224 -
\??\c:\tnhtnh.exec:\tnhtnh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2076 -
\??\c:\pjjvp.exec:\pjjvp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1184 -
\??\c:\5lfxrrf.exec:\5lfxrrf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4476 -
\??\c:\vpdvp.exec:\vpdvp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1512 -
\??\c:\rrrfxff.exec:\rrrfxff.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4564 -
\??\c:\3hhbhh.exec:\3hhbhh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3700 -
\??\c:\vpjvd.exec:\vpjvd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2412 -
\??\c:\3hhbth.exec:\3hhbth.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4628 -
\??\c:\btnhbb.exec:\btnhbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2244 -
\??\c:\jdjdv.exec:\jdjdv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4860 -
\??\c:\xflrlrx.exec:\xflrlrx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2072 -
\??\c:\jdjjd.exec:\jdjjd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4844 -
\??\c:\flfrrxf.exec:\flfrrxf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4052 -
\??\c:\ttttnh.exec:\ttttnh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1452 -
\??\c:\ddppv.exec:\ddppv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1964 -
\??\c:\rxffxxr.exec:\rxffxxr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1652 -
\??\c:\hhhbth.exec:\hhhbth.exe23⤵
- Executes dropped EXE
PID:1612 -
\??\c:\jvjdv.exec:\jvjdv.exe24⤵
- Executes dropped EXE
PID:4848 -
\??\c:\rrlfxfx.exec:\rrlfxfx.exe25⤵
- Executes dropped EXE
PID:3664 -
\??\c:\nbttnt.exec:\nbttnt.exe26⤵
- Executes dropped EXE
PID:3328 -
\??\c:\nnbtbn.exec:\nnbtbn.exe27⤵
- Executes dropped EXE
PID:3820 -
\??\c:\nnbbtn.exec:\nnbbtn.exe28⤵
- Executes dropped EXE
PID:976 -
\??\c:\ntbntn.exec:\ntbntn.exe29⤵
- Executes dropped EXE
PID:936 -
\??\c:\jvjjd.exec:\jvjjd.exe30⤵
- Executes dropped EXE
PID:2420 -
\??\c:\9rlfrll.exec:\9rlfrll.exe31⤵
- Executes dropped EXE
PID:1064 -
\??\c:\nhhbbb.exec:\nhhbbb.exe32⤵
- Executes dropped EXE
PID:1828 -
\??\c:\vpjvd.exec:\vpjvd.exe33⤵
- Executes dropped EXE
PID:3908 -
\??\c:\xlxxfxf.exec:\xlxxfxf.exe34⤵
- Executes dropped EXE
PID:64 -
\??\c:\lxxrllf.exec:\lxxrllf.exe35⤵
- Executes dropped EXE
PID:3776 -
\??\c:\hnhtbt.exec:\hnhtbt.exe36⤵
- Executes dropped EXE
PID:4376 -
\??\c:\bhtnhh.exec:\bhtnhh.exe37⤵
- Executes dropped EXE
PID:3084 -
\??\c:\djdpp.exec:\djdpp.exe38⤵
- Executes dropped EXE
PID:3696 -
\??\c:\jppjj.exec:\jppjj.exe39⤵
- Executes dropped EXE
PID:1240 -
\??\c:\rrlfxfx.exec:\rrlfxfx.exe40⤵
- Executes dropped EXE
PID:3688 -
\??\c:\3lfffff.exec:\3lfffff.exe41⤵
- Executes dropped EXE
PID:4432 -
\??\c:\btbbtt.exec:\btbbtt.exe42⤵
- Executes dropped EXE
PID:4040 -
\??\c:\ppppj.exec:\ppppj.exe43⤵
- Executes dropped EXE
PID:4604 -
\??\c:\vddjv.exec:\vddjv.exe44⤵
- Executes dropped EXE
PID:3544 -
\??\c:\frfrfxx.exec:\frfrfxx.exe45⤵
- Executes dropped EXE
PID:2712 -
\??\c:\hbbtnn.exec:\hbbtnn.exe46⤵
- Executes dropped EXE
PID:3236 -
\??\c:\hhtntt.exec:\hhtntt.exe47⤵
- Executes dropped EXE
PID:3276 -
\??\c:\jvdvv.exec:\jvdvv.exe48⤵
- Executes dropped EXE
PID:3340 -
\??\c:\ffrrlrl.exec:\ffrrlrl.exe49⤵
- Executes dropped EXE
PID:3292 -
\??\c:\hbthtn.exec:\hbthtn.exe50⤵
- Executes dropped EXE
PID:4564 -
\??\c:\xrfxxlf.exec:\xrfxxlf.exe51⤵
- Executes dropped EXE
PID:3008 -
\??\c:\5frrlfx.exec:\5frrlfx.exe52⤵
- Executes dropped EXE
PID:4852 -
\??\c:\tnhttt.exec:\tnhttt.exe53⤵
- Executes dropped EXE
PID:4256 -
\??\c:\hthhhh.exec:\hthhhh.exe54⤵
- Executes dropped EXE
PID:1880 -
\??\c:\ddpjj.exec:\ddpjj.exe55⤵
- Executes dropped EXE
PID:1796 -
\??\c:\xlrrrrl.exec:\xlrrrrl.exe56⤵
- Executes dropped EXE
PID:864 -
\??\c:\lxrxxfr.exec:\lxrxxfr.exe57⤵
- Executes dropped EXE
PID:2072 -
\??\c:\tnnttb.exec:\tnnttb.exe58⤵
- Executes dropped EXE
PID:4784 -
\??\c:\vvpjj.exec:\vvpjj.exe59⤵
- Executes dropped EXE
PID:1152 -
\??\c:\lffxxxx.exec:\lffxxxx.exe60⤵
- Executes dropped EXE
PID:2372 -
\??\c:\rrxlllx.exec:\rrxlllx.exe61⤵
- Executes dropped EXE
PID:1164 -
\??\c:\5nbnnt.exec:\5nbnnt.exe62⤵
- Executes dropped EXE
PID:3120 -
\??\c:\nhhbbt.exec:\nhhbbt.exe63⤵
- Executes dropped EXE
PID:4500 -
\??\c:\vdjdv.exec:\vdjdv.exe64⤵
- Executes dropped EXE
PID:4828 -
\??\c:\vjpjj.exec:\vjpjj.exe65⤵
- Executes dropped EXE
PID:3356 -
\??\c:\rffxrfx.exec:\rffxrfx.exe66⤵PID:4068
-
\??\c:\fxrfllf.exec:\fxrfllf.exe67⤵PID:4176
-
\??\c:\hthtbb.exec:\hthtbb.exe68⤵PID:2396
-
\??\c:\hhtbtn.exec:\hhtbtn.exe69⤵PID:1372
-
\??\c:\dvppj.exec:\dvppj.exe70⤵PID:3272
-
\??\c:\jdjvp.exec:\jdjvp.exe71⤵PID:2504
-
\??\c:\rlrlffx.exec:\rlrlffx.exe72⤵PID:2236
-
\??\c:\frrlfll.exec:\frrlfll.exe73⤵PID:4960
-
\??\c:\tnnnhh.exec:\tnnnhh.exe74⤵PID:3976
-
\??\c:\bbntnh.exec:\bbntnh.exe75⤵PID:4620
-
\??\c:\pvjdd.exec:\pvjdd.exe76⤵PID:3500
-
\??\c:\lfxfffl.exec:\lfxfffl.exe77⤵PID:1828
-
\??\c:\frrlrlf.exec:\frrlrlf.exe78⤵PID:4716
-
\??\c:\btbhnn.exec:\btbhnn.exe79⤵PID:5028
-
\??\c:\dvppj.exec:\dvppj.exe80⤵PID:3988
-
\??\c:\pvjpj.exec:\pvjpj.exe81⤵PID:1260
-
\??\c:\rlfrflf.exec:\rlfrflf.exe82⤵PID:2476
-
\??\c:\thhhhb.exec:\thhhhb.exe83⤵PID:844
-
\??\c:\pdpjj.exec:\pdpjj.exe84⤵PID:4208
-
\??\c:\jdjpv.exec:\jdjpv.exe85⤵PID:4164
-
\??\c:\7rffllr.exec:\7rffllr.exe86⤵PID:3904
-
\??\c:\rlrrlll.exec:\rlrrlll.exe87⤵PID:880
-
\??\c:\bnttnt.exec:\bnttnt.exe88⤵PID:1112
-
\??\c:\thnnhh.exec:\thnnhh.exe89⤵PID:3884
-
\??\c:\dvvpv.exec:\dvvpv.exe90⤵PID:3620
-
\??\c:\xfrfrxf.exec:\xfrfrxf.exe91⤵PID:1416
-
\??\c:\tbhhbn.exec:\tbhhbn.exe92⤵PID:4468
-
\??\c:\bhbhnn.exec:\bhbhnn.exe93⤵PID:3132
-
\??\c:\vvvpd.exec:\vvvpd.exe94⤵PID:4776
-
\??\c:\xfxflfl.exec:\xfxflfl.exe95⤵PID:4564
-
\??\c:\xffrrlx.exec:\xffrrlx.exe96⤵PID:4968
-
\??\c:\nbntht.exec:\nbntht.exe97⤵PID:2776
-
\??\c:\pjpvd.exec:\pjpvd.exe98⤵PID:2468
-
\??\c:\vjpjj.exec:\vjpjj.exe99⤵PID:4704
-
\??\c:\rxxrllf.exec:\rxxrllf.exe100⤵PID:2196
-
\??\c:\tnnhbt.exec:\tnnhbt.exe101⤵PID:2072
-
\??\c:\hbnbbb.exec:\hbnbbb.exe102⤵PID:4784
-
\??\c:\dvjvd.exec:\dvjvd.exe103⤵PID:3968
-
\??\c:\dpjdj.exec:\dpjdj.exe104⤵PID:2156
-
\??\c:\xrflllr.exec:\xrflllr.exe105⤵PID:4428
-
\??\c:\hnhthn.exec:\hnhthn.exe106⤵PID:4292
-
\??\c:\nbhbhh.exec:\nbhbhh.exe107⤵PID:3992
-
\??\c:\fflflfl.exec:\fflflfl.exe108⤵PID:4828
-
\??\c:\nhbnnt.exec:\nhbnnt.exe109⤵PID:3664
-
\??\c:\pdjjd.exec:\pdjjd.exe110⤵PID:4068
-
\??\c:\vdvpd.exec:\vdvpd.exe111⤵PID:4176
-
\??\c:\7rffrrl.exec:\7rffrrl.exe112⤵PID:3820
-
\??\c:\llfrfrx.exec:\llfrfrx.exe113⤵PID:536
-
\??\c:\hbhtbt.exec:\hbhtbt.exe114⤵PID:4016
-
\??\c:\htnhht.exec:\htnhht.exe115⤵PID:2388
-
\??\c:\vvddj.exec:\vvddj.exe116⤵PID:3708
-
\??\c:\xfflrrf.exec:\xfflrrf.exe117⤵PID:3984
-
\??\c:\xlxfffr.exec:\xlxfffr.exe118⤵PID:3380
-
\??\c:\htbtbb.exec:\htbtbb.exe119⤵PID:1220
-
\??\c:\tbhhhn.exec:\tbhhhn.exe120⤵PID:4440
-
\??\c:\jdvjd.exec:\jdvjd.exe121⤵PID:4156
-
\??\c:\jvdvp.exec:\jvdvp.exe122⤵PID:3988
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-