Analysis
-
max time kernel
149s -
max time network
114s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 01:12
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
67d6f69a040c9096573aba3748954a90_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
67d6f69a040c9096573aba3748954a90_NeikiAnalytics.exe
-
Size
306KB
-
MD5
67d6f69a040c9096573aba3748954a90
-
SHA1
4fc4c28e79e5388b8538bfcde5f893c93f937a89
-
SHA256
ad5c9443d462de158b47993a1ff106ff7ce8e77c895af27f789f545e6dc635d8
-
SHA512
de7ef64916046bc9b2ef6fae6dfc9895ef0ce9b92eaa4efa96863f59cdf486ecca4d25cb668e31bea29db48a1e1fee884f5f6181782de69d9d05005105b8c72f
-
SSDEEP
3072:PhOm2sI93UufdC67cihfmCiiiXAQ5lpBoG74Abtud+3SomfOTr00d:Pcm7ImGddXtWrXF5lpKGsAbA+3pB0S
Malware Config
Signatures
-
Detect Blackmoon payload 61 IoCs
resource yara_rule behavioral2/memory/4968-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3696-12-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2980-13-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2904-19-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5092-30-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2284-31-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2896-41-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4296-49-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2492-55-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2892-61-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4588-62-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2344-70-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3832-81-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4892-86-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3040-79-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/900-93-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2044-102-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4468-108-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/440-111-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3420-117-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4756-126-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3020-141-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4524-145-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1892-160-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2672-167-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3764-176-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/684-185-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3284-182-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1600-193-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4700-197-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1168-205-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/744-209-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1368-216-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4396-220-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2812-227-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2988-237-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3332-254-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/824-259-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2868-278-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3392-285-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4500-305-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/440-309-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4164-321-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5044-349-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4852-360-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/632-366-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2220-370-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2348-374-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/728-378-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4396-398-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3356-437-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1192-462-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/440-475-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/316-498-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5040-508-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3056-550-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4896-631-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4492-669-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3532-856-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2324-1022-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4520-1102-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 3696 nnbbtb.exe 2980 dvdvp.exe 2904 rffffll.exe 5092 jddvd.exe 2284 rlrlxxf.exe 2896 ntbhbh.exe 4296 bbnhhn.exe 2492 vpvvp.exe 2892 hnhhbh.exe 4588 rfrlffr.exe 2344 xxrrlll.exe 3040 hnbhbn.exe 3832 ddddd.exe 4892 xrxrrxx.exe 900 rlfxlff.exe 2044 5lfxlfr.exe 4468 dvjdp.exe 440 3lxrffx.exe 3420 9llflfl.exe 4756 thhnhh.exe 4312 rffxfrr.exe 868 hbthbb.exe 3020 dpdpp.exe 4524 lxrlxrl.exe 4060 nnttth.exe 1012 pppjd.exe 1892 lfrflfl.exe 2672 bbbbhn.exe 3764 fxfxxxr.exe 3284 tthhtb.exe 684 pjjjd.exe 1600 xlxrrrr.exe 2236 bhbbnn.exe 4700 ppdvp.exe 2372 lfxfrxx.exe 1168 tthbhh.exe 744 tbbnhn.exe 1368 vdddd.exe 4396 fxlfxxr.exe 4968 nbtbtn.exe 2812 3pdjv.exe 1932 9flfxxr.exe 448 3bbbtn.exe 2988 ttnhtn.exe 4268 vjjjp.exe 1428 7xrxrrl.exe 2532 lrxflxl.exe 940 thnnht.exe 3332 dvvdj.exe 1412 fxxrxfl.exe 824 xxflrrr.exe 4444 tthbbb.exe 5036 jjjdd.exe 3604 jdvpj.exe 2344 xxllfff.exe 2868 thtnht.exe 3176 pjvjp.exe 3392 lllrfxr.exe 2180 5flfffr.exe 2332 nhhtnb.exe 1224 ddvvp.exe 920 3rlrrrf.exe 2380 xflffxl.exe 4500 thhbbn.exe -
resource yara_rule behavioral2/memory/4968-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3696-12-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2980-13-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2904-19-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5092-30-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2284-31-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2896-41-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4296-43-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4296-49-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2492-55-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2892-61-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4588-62-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2344-70-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3832-81-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4892-86-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3040-79-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/900-93-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2044-102-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4468-108-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/440-111-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3420-117-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4756-126-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3020-141-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4524-145-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1892-160-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2672-167-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3764-176-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/684-185-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3284-182-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1600-193-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4700-197-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2372-200-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1168-205-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/744-209-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1368-216-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4396-220-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2812-227-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2988-237-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/940-247-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3332-254-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/824-259-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3604-268-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2868-278-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3392-285-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2380-298-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4500-305-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/440-309-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3952-313-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4164-317-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4164-321-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5044-349-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4852-360-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/632-366-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2220-370-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2348-374-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/728-378-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1968-391-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4396-398-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1544-411-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3356-433-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3356-437-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1192-462-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/440-475-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1656-485-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4968 wrote to memory of 3696 4968 67d6f69a040c9096573aba3748954a90_NeikiAnalytics.exe 82 PID 4968 wrote to memory of 3696 4968 67d6f69a040c9096573aba3748954a90_NeikiAnalytics.exe 82 PID 4968 wrote to memory of 3696 4968 67d6f69a040c9096573aba3748954a90_NeikiAnalytics.exe 82 PID 3696 wrote to memory of 2980 3696 nnbbtb.exe 83 PID 3696 wrote to memory of 2980 3696 nnbbtb.exe 83 PID 3696 wrote to memory of 2980 3696 nnbbtb.exe 83 PID 2980 wrote to memory of 2904 2980 dvdvp.exe 84 PID 2980 wrote to memory of 2904 2980 dvdvp.exe 84 PID 2980 wrote to memory of 2904 2980 dvdvp.exe 84 PID 2904 wrote to memory of 5092 2904 rffffll.exe 85 PID 2904 wrote to memory of 5092 2904 rffffll.exe 85 PID 2904 wrote to memory of 5092 2904 rffffll.exe 85 PID 5092 wrote to memory of 2284 5092 jddvd.exe 86 PID 5092 wrote to memory of 2284 5092 jddvd.exe 86 PID 5092 wrote to memory of 2284 5092 jddvd.exe 86 PID 2284 wrote to memory of 2896 2284 rlrlxxf.exe 87 PID 2284 wrote to memory of 2896 2284 rlrlxxf.exe 87 PID 2284 wrote to memory of 2896 2284 rlrlxxf.exe 87 PID 2896 wrote to memory of 4296 2896 ntbhbh.exe 88 PID 2896 wrote to memory of 4296 2896 ntbhbh.exe 88 PID 2896 wrote to memory of 4296 2896 ntbhbh.exe 88 PID 4296 wrote to memory of 2492 4296 bbnhhn.exe 89 PID 4296 wrote to memory of 2492 4296 bbnhhn.exe 89 PID 4296 wrote to memory of 2492 4296 bbnhhn.exe 89 PID 2492 wrote to memory of 2892 2492 vpvvp.exe 90 PID 2492 wrote to memory of 2892 2492 vpvvp.exe 90 PID 2492 wrote to memory of 2892 2492 vpvvp.exe 90 PID 2892 wrote to memory of 4588 2892 hnhhbh.exe 91 PID 2892 wrote to memory of 4588 2892 hnhhbh.exe 91 PID 2892 wrote to memory of 4588 2892 hnhhbh.exe 91 PID 4588 wrote to memory of 2344 4588 rfrlffr.exe 92 PID 4588 wrote to memory of 2344 4588 rfrlffr.exe 92 PID 4588 wrote to memory of 2344 4588 rfrlffr.exe 92 PID 2344 wrote to memory of 3040 2344 xxrrlll.exe 93 PID 2344 wrote to memory of 3040 2344 xxrrlll.exe 93 PID 2344 wrote to memory of 3040 2344 xxrrlll.exe 93 PID 3040 wrote to memory of 3832 3040 hnbhbn.exe 94 PID 3040 wrote to memory of 3832 3040 hnbhbn.exe 94 PID 3040 wrote to memory of 3832 3040 hnbhbn.exe 94 PID 3832 wrote to memory of 4892 3832 ddddd.exe 95 PID 3832 wrote to memory of 4892 3832 ddddd.exe 95 PID 3832 wrote to memory of 4892 3832 ddddd.exe 95 PID 4892 wrote to memory of 900 4892 xrxrrxx.exe 96 PID 4892 wrote to memory of 900 4892 xrxrrxx.exe 96 PID 4892 wrote to memory of 900 4892 xrxrrxx.exe 96 PID 900 wrote to memory of 2044 900 rlfxlff.exe 97 PID 900 wrote to memory of 2044 900 rlfxlff.exe 97 PID 900 wrote to memory of 2044 900 rlfxlff.exe 97 PID 2044 wrote to memory of 4468 2044 5lfxlfr.exe 99 PID 2044 wrote to memory of 4468 2044 5lfxlfr.exe 99 PID 2044 wrote to memory of 4468 2044 5lfxlfr.exe 99 PID 4468 wrote to memory of 440 4468 dvjdp.exe 100 PID 4468 wrote to memory of 440 4468 dvjdp.exe 100 PID 4468 wrote to memory of 440 4468 dvjdp.exe 100 PID 440 wrote to memory of 3420 440 3lxrffx.exe 101 PID 440 wrote to memory of 3420 440 3lxrffx.exe 101 PID 440 wrote to memory of 3420 440 3lxrffx.exe 101 PID 3420 wrote to memory of 4756 3420 9llflfl.exe 102 PID 3420 wrote to memory of 4756 3420 9llflfl.exe 102 PID 3420 wrote to memory of 4756 3420 9llflfl.exe 102 PID 4756 wrote to memory of 4312 4756 thhnhh.exe 103 PID 4756 wrote to memory of 4312 4756 thhnhh.exe 103 PID 4756 wrote to memory of 4312 4756 thhnhh.exe 103 PID 4312 wrote to memory of 868 4312 rffxfrr.exe 104
Processes
-
C:\Users\Admin\AppData\Local\Temp\67d6f69a040c9096573aba3748954a90_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\67d6f69a040c9096573aba3748954a90_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4968 -
\??\c:\nnbbtb.exec:\nnbbtb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3696 -
\??\c:\dvdvp.exec:\dvdvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2980 -
\??\c:\rffffll.exec:\rffffll.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2904 -
\??\c:\jddvd.exec:\jddvd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5092 -
\??\c:\rlrlxxf.exec:\rlrlxxf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2284 -
\??\c:\ntbhbh.exec:\ntbhbh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2896 -
\??\c:\bbnhhn.exec:\bbnhhn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4296 -
\??\c:\vpvvp.exec:\vpvvp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2492 -
\??\c:\hnhhbh.exec:\hnhhbh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2892 -
\??\c:\rfrlffr.exec:\rfrlffr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4588 -
\??\c:\xxrrlll.exec:\xxrrlll.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2344 -
\??\c:\hnbhbn.exec:\hnbhbn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3040 -
\??\c:\ddddd.exec:\ddddd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3832 -
\??\c:\xrxrrxx.exec:\xrxrrxx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4892 -
\??\c:\rlfxlff.exec:\rlfxlff.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:900 -
\??\c:\5lfxlfr.exec:\5lfxlfr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2044 -
\??\c:\dvjdp.exec:\dvjdp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4468 -
\??\c:\3lxrffx.exec:\3lxrffx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:440 -
\??\c:\9llflfl.exec:\9llflfl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3420 -
\??\c:\thhnhh.exec:\thhnhh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4756 -
\??\c:\rffxfrr.exec:\rffxfrr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4312 -
\??\c:\hbthbb.exec:\hbthbb.exe23⤵
- Executes dropped EXE
PID:868 -
\??\c:\dpdpp.exec:\dpdpp.exe24⤵
- Executes dropped EXE
PID:3020 -
\??\c:\lxrlxrl.exec:\lxrlxrl.exe25⤵
- Executes dropped EXE
PID:4524 -
\??\c:\nnttth.exec:\nnttth.exe26⤵
- Executes dropped EXE
PID:4060 -
\??\c:\pppjd.exec:\pppjd.exe27⤵
- Executes dropped EXE
PID:1012 -
\??\c:\lfrflfl.exec:\lfrflfl.exe28⤵
- Executes dropped EXE
PID:1892 -
\??\c:\bbbbhn.exec:\bbbbhn.exe29⤵
- Executes dropped EXE
PID:2672 -
\??\c:\fxfxxxr.exec:\fxfxxxr.exe30⤵
- Executes dropped EXE
PID:3764 -
\??\c:\tthhtb.exec:\tthhtb.exe31⤵
- Executes dropped EXE
PID:3284 -
\??\c:\pjjjd.exec:\pjjjd.exe32⤵
- Executes dropped EXE
PID:684 -
\??\c:\xlxrrrr.exec:\xlxrrrr.exe33⤵
- Executes dropped EXE
PID:1600 -
\??\c:\bhbbnn.exec:\bhbbnn.exe34⤵
- Executes dropped EXE
PID:2236 -
\??\c:\ppdvp.exec:\ppdvp.exe35⤵
- Executes dropped EXE
PID:4700 -
\??\c:\lfxfrxx.exec:\lfxfrxx.exe36⤵
- Executes dropped EXE
PID:2372 -
\??\c:\tthbhh.exec:\tthbhh.exe37⤵
- Executes dropped EXE
PID:1168 -
\??\c:\tbbnhn.exec:\tbbnhn.exe38⤵
- Executes dropped EXE
PID:744 -
\??\c:\vdddd.exec:\vdddd.exe39⤵
- Executes dropped EXE
PID:1368 -
\??\c:\fxlfxxr.exec:\fxlfxxr.exe40⤵
- Executes dropped EXE
PID:4396 -
\??\c:\nbtbtn.exec:\nbtbtn.exe41⤵
- Executes dropped EXE
PID:4968 -
\??\c:\3pdjv.exec:\3pdjv.exe42⤵
- Executes dropped EXE
PID:2812 -
\??\c:\9flfxxr.exec:\9flfxxr.exe43⤵
- Executes dropped EXE
PID:1932 -
\??\c:\3bbbtn.exec:\3bbbtn.exe44⤵
- Executes dropped EXE
PID:448 -
\??\c:\ttnhtn.exec:\ttnhtn.exe45⤵
- Executes dropped EXE
PID:2988 -
\??\c:\vjjjp.exec:\vjjjp.exe46⤵
- Executes dropped EXE
PID:4268 -
\??\c:\7xrxrrl.exec:\7xrxrrl.exe47⤵
- Executes dropped EXE
PID:1428 -
\??\c:\lrxflxl.exec:\lrxflxl.exe48⤵
- Executes dropped EXE
PID:2532 -
\??\c:\thnnht.exec:\thnnht.exe49⤵
- Executes dropped EXE
PID:940 -
\??\c:\dvvdj.exec:\dvvdj.exe50⤵
- Executes dropped EXE
PID:3332 -
\??\c:\fxxrxfl.exec:\fxxrxfl.exe51⤵
- Executes dropped EXE
PID:1412 -
\??\c:\xxflrrr.exec:\xxflrrr.exe52⤵
- Executes dropped EXE
PID:824 -
\??\c:\tthbbb.exec:\tthbbb.exe53⤵
- Executes dropped EXE
PID:4444 -
\??\c:\jjjdd.exec:\jjjdd.exe54⤵
- Executes dropped EXE
PID:5036 -
\??\c:\jdvpj.exec:\jdvpj.exe55⤵
- Executes dropped EXE
PID:3604 -
\??\c:\xxllfff.exec:\xxllfff.exe56⤵
- Executes dropped EXE
PID:2344 -
\??\c:\thtnht.exec:\thtnht.exe57⤵
- Executes dropped EXE
PID:2868 -
\??\c:\pjvjp.exec:\pjvjp.exe58⤵
- Executes dropped EXE
PID:3176 -
\??\c:\lllrfxr.exec:\lllrfxr.exe59⤵
- Executes dropped EXE
PID:3392 -
\??\c:\5flfffr.exec:\5flfffr.exe60⤵
- Executes dropped EXE
PID:2180 -
\??\c:\nhhtnb.exec:\nhhtnb.exe61⤵
- Executes dropped EXE
PID:2332 -
\??\c:\ddvvp.exec:\ddvvp.exe62⤵
- Executes dropped EXE
PID:1224 -
\??\c:\3rlrrrf.exec:\3rlrrrf.exe63⤵
- Executes dropped EXE
PID:920 -
\??\c:\xflffxl.exec:\xflffxl.exe64⤵
- Executes dropped EXE
PID:2380 -
\??\c:\thhbbn.exec:\thhbbn.exe65⤵
- Executes dropped EXE
PID:4500 -
\??\c:\pvjjv.exec:\pvjjv.exe66⤵PID:440
-
\??\c:\rrlfffl.exec:\rrlfffl.exe67⤵PID:3420
-
\??\c:\nhnhnh.exec:\nhnhnh.exe68⤵PID:3952
-
\??\c:\ppjpd.exec:\ppjpd.exe69⤵PID:4164
-
\??\c:\ppppd.exec:\ppppd.exe70⤵PID:4092
-
\??\c:\bnnbnn.exec:\bnnbnn.exe71⤵PID:3704
-
\??\c:\3bnhbt.exec:\3bnhbt.exe72⤵PID:3092
-
\??\c:\dvddd.exec:\dvddd.exe73⤵PID:3036
-
\??\c:\1frlffx.exec:\1frlffx.exe74⤵PID:2224
-
\??\c:\nhhhnn.exec:\nhhhnn.exe75⤵PID:3960
-
\??\c:\nhhttt.exec:\nhhttt.exe76⤵PID:1012
-
\??\c:\jdddv.exec:\jdddv.exe77⤵PID:512
-
\??\c:\xrrrlxx.exec:\xrrrlxx.exe78⤵PID:5044
-
\??\c:\9xxxlrf.exec:\9xxxlrf.exe79⤵PID:2084
-
\??\c:\bhthht.exec:\bhthht.exe80⤵PID:2384
-
\??\c:\pdvjv.exec:\pdvjv.exe81⤵PID:4964
-
\??\c:\lflfxxx.exec:\lflfxxx.exe82⤵PID:4852
-
\??\c:\thtnhn.exec:\thtnhn.exe83⤵PID:632
-
\??\c:\hbbbbh.exec:\hbbbbh.exe84⤵PID:2220
-
\??\c:\vvppj.exec:\vvppj.exe85⤵PID:2348
-
\??\c:\xlfxrrf.exec:\xlfxrrf.exe86⤵PID:728
-
\??\c:\tnbtnh.exec:\tnbtnh.exe87⤵PID:2828
-
\??\c:\pvjpp.exec:\pvjpp.exe88⤵PID:388
-
\??\c:\1ddpd.exec:\1ddpd.exe89⤵PID:1168
-
\??\c:\jdpjj.exec:\jdpjj.exe90⤵PID:4368
-
\??\c:\lfllllr.exec:\lfllllr.exe91⤵PID:1968
-
\??\c:\nhhhht.exec:\nhhhht.exe92⤵PID:4396
-
\??\c:\jdpvp.exec:\jdpvp.exe93⤵PID:4968
-
\??\c:\1xlllll.exec:\1xlllll.exe94⤵PID:1932
-
\??\c:\hhtttb.exec:\hhtttb.exe95⤵PID:2988
-
\??\c:\vdjdv.exec:\vdjdv.exe96⤵PID:4268
-
\??\c:\ffxrfxr.exec:\ffxrfxr.exe97⤵PID:1544
-
\??\c:\tbhhbb.exec:\tbhhbb.exe98⤵PID:2896
-
\??\c:\nhhbbb.exec:\nhhbbb.exe99⤵PID:940
-
\??\c:\pvdvj.exec:\pvdvj.exe100⤵PID:3332
-
\??\c:\rrrxrfx.exec:\rrrxrfx.exe101⤵PID:3760
-
\??\c:\frfxrrl.exec:\frfxrrl.exe102⤵PID:2024
-
\??\c:\bhhbbh.exec:\bhhbbh.exe103⤵PID:2888
-
\??\c:\jjjvj.exec:\jjjvj.exe104⤵PID:3356
-
\??\c:\pdddv.exec:\pdddv.exe105⤵PID:3512
-
\??\c:\5xxxrxx.exec:\5xxxrxx.exe106⤵PID:2020
-
\??\c:\rflfxxr.exec:\rflfxxr.exe107⤵PID:2400
-
\??\c:\7tnhnh.exec:\7tnhnh.exe108⤵PID:5004
-
\??\c:\jddvv.exec:\jddvv.exe109⤵PID:2928
-
\??\c:\pjvpp.exec:\pjvpp.exe110⤵PID:4520
-
\??\c:\rxlrrxr.exec:\rxlrrxr.exe111⤵PID:4332
-
\??\c:\btttnn.exec:\btttnn.exe112⤵PID:1192
-
\??\c:\5vddd.exec:\5vddd.exe113⤵PID:3088
-
\??\c:\lxlllxx.exec:\lxlllxx.exe114⤵PID:4468
-
\??\c:\rxfrlfr.exec:\rxfrlfr.exe115⤵PID:3532
-
\??\c:\5nnhbt.exec:\5nnhbt.exe116⤵PID:440
-
\??\c:\httnbt.exec:\httnbt.exe117⤵PID:1644
-
\??\c:\jvpdv.exec:\jvpdv.exe118⤵PID:832
-
\??\c:\frxrffl.exec:\frxrffl.exe119⤵PID:216
-
\??\c:\rxlfxxr.exec:\rxlfxxr.exe120⤵PID:1656
-
\??\c:\ttbbbb.exec:\ttbbbb.exe121⤵PID:3244
-
\??\c:\vpjdv.exec:\vpjdv.exe122⤵PID:3092
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-