Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 01:21
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
69a4746e4483f64c102f1531ddd50800_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
69a4746e4483f64c102f1531ddd50800_NeikiAnalytics.exe
-
Size
473KB
-
MD5
69a4746e4483f64c102f1531ddd50800
-
SHA1
e2da8274041c61cf4a3d5128bf0073af6aa60417
-
SHA256
e8d6ce5e804341cd88f88bba798d64bbbb74cfd2663291bbdd223c92a6edc630
-
SHA512
2ca96815c9d2103be8989f78b04ce4ed99f3106bfa5d64e551ac78f8dea1d45ea1b7a09828d1f4c32d2236ba21c2c66c362fcbd20ae66e8b755b8ae35b5411cc
-
SSDEEP
6144:lcm7ImGddXmNt251UriZFwT+aZKl7pg1xBo:H7Tc2NYHUrAwT+OKLSjo
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/2796-7-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/4472-232-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/2708-280-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/964-411-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/3560-707-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/3596-551-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/1876-539-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/4976-537-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/2404-530-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/4800-509-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/536-505-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/1492-494-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/4092-490-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/3500-486-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/3960-482-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/1536-455-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/2456-450-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/1740-440-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/4188-430-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/2476-424-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/4472-422-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/972-418-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/1692-405-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/2340-403-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/2104-396-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/3660-392-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/1272-386-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/3148-384-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/4780-380-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/396-374-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/1816-372-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/5052-368-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/3704-364-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/2044-358-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/3644-356-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/1228-349-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/4848-342-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/3168-340-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/2452-335-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/2096-333-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/2160-327-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/5016-323-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/772-321-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/3440-314-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/2944-308-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/4404-303-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/4288-296-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/3468-290-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/2400-278-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/2660-272-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/4480-268-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/4852-264-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/1752-262-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/3756-256-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/3944-252-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/624-248-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/1928-244-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/4524-240-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/2036-238-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/4988-228-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/3172-224-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/2612-220-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/4508-216-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/1612-206-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 544 3thhhn.exe 3560 1hnhbb.exe 4912 djddv.exe 3960 lxrrllr.exe 2068 1bhhtn.exe 4900 hhtntn.exe 3300 vpjdj.exe 1492 5rrlxrl.exe 3544 ffrllff.exe 4380 hnbbtt.exe 3220 jvddp.exe 2016 3rxrrrl.exe 2032 3frlrrl.exe 3384 nnhbbb.exe 3780 vpvpj.exe 2112 jvdvp.exe 4816 rxflxrf.exe 4396 nhnhhb.exe 1960 bhnnnh.exe 4024 vddvp.exe 2436 flfllxx.exe 2684 tnnnhb.exe 1876 hnttnn.exe 3084 dvjjd.exe 1904 rffxrrl.exe 1816 bthhnn.exe 396 1ntnhb.exe 2556 dvvpj.exe 1128 xxlfxxr.exe 3268 ttttnn.exe 2328 5tnnhh.exe 2392 pdvjd.exe 3056 lfffxxr.exe 5040 xlrxrlf.exe 1612 tbhbtn.exe 4352 jjjpj.exe 3204 dvjdv.exe 4508 9xxrllx.exe 2612 7bbttt.exe 3172 hbbnbb.exe 4988 djvpj.exe 4472 lfllfff.exe 2036 fxrlllf.exe 4524 9ttnhn.exe 1928 9djjd.exe 624 5vddd.exe 3944 lrxrxxr.exe 3756 bbtnnb.exe 1752 pjjpp.exe 4852 dpdvp.exe 4480 llrrrxr.exe 2660 tnhbtn.exe 2400 9dppv.exe 2708 djvpp.exe 4628 lllfxxr.exe 3672 tbhbtn.exe 3468 ttbtnt.exe 4288 jjppp.exe 3500 7lllflf.exe 4404 nbnntt.exe 4204 1vppd.exe 2944 3ppjd.exe 3440 ffflfll.exe 996 hhhhhh.exe -
resource yara_rule behavioral2/memory/2796-7-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/4472-232-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/2708-280-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/964-411-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/3560-707-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/3596-551-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/1876-539-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/4976-537-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/2404-530-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/4800-509-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/536-505-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/1492-494-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/4092-490-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/3500-486-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/3960-482-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/1536-455-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/2456-450-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/1740-440-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/4188-430-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/2476-424-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/4472-422-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/972-418-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/1692-405-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/2340-403-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/2104-396-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/3660-392-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/1272-386-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/3148-384-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/4780-380-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/396-374-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/1816-372-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/5052-368-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/3704-364-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/2044-358-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/3644-356-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/1228-349-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/4848-342-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/3168-340-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/2452-335-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/2096-333-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/2160-327-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/5016-323-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/772-321-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/3440-314-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/2944-308-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/4404-303-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/4288-296-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/3468-290-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/2400-278-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/2660-272-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/4480-268-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/4852-264-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/1752-262-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/3756-256-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/3944-252-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/624-248-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/1928-244-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/4524-240-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/2036-238-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/4988-228-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/3172-224-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/2612-220-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/4508-216-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/1612-206-0x0000000000400000-0x00000000004C4000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2796 wrote to memory of 544 2796 69a4746e4483f64c102f1531ddd50800_NeikiAnalytics.exe 82 PID 2796 wrote to memory of 544 2796 69a4746e4483f64c102f1531ddd50800_NeikiAnalytics.exe 82 PID 2796 wrote to memory of 544 2796 69a4746e4483f64c102f1531ddd50800_NeikiAnalytics.exe 82 PID 544 wrote to memory of 3560 544 3thhhn.exe 83 PID 544 wrote to memory of 3560 544 3thhhn.exe 83 PID 544 wrote to memory of 3560 544 3thhhn.exe 83 PID 3560 wrote to memory of 4912 3560 1hnhbb.exe 84 PID 3560 wrote to memory of 4912 3560 1hnhbb.exe 84 PID 3560 wrote to memory of 4912 3560 1hnhbb.exe 84 PID 4912 wrote to memory of 3960 4912 djddv.exe 85 PID 4912 wrote to memory of 3960 4912 djddv.exe 85 PID 4912 wrote to memory of 3960 4912 djddv.exe 85 PID 3960 wrote to memory of 2068 3960 lxrrllr.exe 86 PID 3960 wrote to memory of 2068 3960 lxrrllr.exe 86 PID 3960 wrote to memory of 2068 3960 lxrrllr.exe 86 PID 2068 wrote to memory of 4900 2068 1bhhtn.exe 87 PID 2068 wrote to memory of 4900 2068 1bhhtn.exe 87 PID 2068 wrote to memory of 4900 2068 1bhhtn.exe 87 PID 4900 wrote to memory of 3300 4900 hhtntn.exe 88 PID 4900 wrote to memory of 3300 4900 hhtntn.exe 88 PID 4900 wrote to memory of 3300 4900 hhtntn.exe 88 PID 3300 wrote to memory of 1492 3300 vpjdj.exe 193 PID 3300 wrote to memory of 1492 3300 vpjdj.exe 193 PID 3300 wrote to memory of 1492 3300 vpjdj.exe 193 PID 1492 wrote to memory of 3544 1492 5rrlxrl.exe 90 PID 1492 wrote to memory of 3544 1492 5rrlxrl.exe 90 PID 1492 wrote to memory of 3544 1492 5rrlxrl.exe 90 PID 3544 wrote to memory of 4380 3544 ffrllff.exe 91 PID 3544 wrote to memory of 4380 3544 ffrllff.exe 91 PID 3544 wrote to memory of 4380 3544 ffrllff.exe 91 PID 4380 wrote to memory of 3220 4380 hnbbtt.exe 92 PID 4380 wrote to memory of 3220 4380 hnbbtt.exe 92 PID 4380 wrote to memory of 3220 4380 hnbbtt.exe 92 PID 3220 wrote to memory of 2016 3220 jvddp.exe 93 PID 3220 wrote to memory of 2016 3220 jvddp.exe 93 PID 3220 wrote to memory of 2016 3220 jvddp.exe 93 PID 2016 wrote to memory of 2032 2016 3rxrrrl.exe 94 PID 2016 wrote to memory of 2032 2016 3rxrrrl.exe 94 PID 2016 wrote to memory of 2032 2016 3rxrrrl.exe 94 PID 2032 wrote to memory of 3384 2032 3frlrrl.exe 95 PID 2032 wrote to memory of 3384 2032 3frlrrl.exe 95 PID 2032 wrote to memory of 3384 2032 3frlrrl.exe 95 PID 3384 wrote to memory of 3780 3384 nnhbbb.exe 96 PID 3384 wrote to memory of 3780 3384 nnhbbb.exe 96 PID 3384 wrote to memory of 3780 3384 nnhbbb.exe 96 PID 3780 wrote to memory of 2112 3780 vpvpj.exe 97 PID 3780 wrote to memory of 2112 3780 vpvpj.exe 97 PID 3780 wrote to memory of 2112 3780 vpvpj.exe 97 PID 2112 wrote to memory of 4816 2112 jvdvp.exe 98 PID 2112 wrote to memory of 4816 2112 jvdvp.exe 98 PID 2112 wrote to memory of 4816 2112 jvdvp.exe 98 PID 4816 wrote to memory of 4396 4816 rxflxrf.exe 274 PID 4816 wrote to memory of 4396 4816 rxflxrf.exe 274 PID 4816 wrote to memory of 4396 4816 rxflxrf.exe 274 PID 4396 wrote to memory of 1960 4396 nhnhhb.exe 100 PID 4396 wrote to memory of 1960 4396 nhnhhb.exe 100 PID 4396 wrote to memory of 1960 4396 nhnhhb.exe 100 PID 1960 wrote to memory of 4024 1960 bhnnnh.exe 101 PID 1960 wrote to memory of 4024 1960 bhnnnh.exe 101 PID 1960 wrote to memory of 4024 1960 bhnnnh.exe 101 PID 4024 wrote to memory of 2436 4024 vddvp.exe 102 PID 4024 wrote to memory of 2436 4024 vddvp.exe 102 PID 4024 wrote to memory of 2436 4024 vddvp.exe 102 PID 2436 wrote to memory of 2684 2436 flfllxx.exe 103
Processes
-
C:\Users\Admin\AppData\Local\Temp\69a4746e4483f64c102f1531ddd50800_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\69a4746e4483f64c102f1531ddd50800_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2796 -
\??\c:\3thhhn.exec:\3thhhn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:544 -
\??\c:\1hnhbb.exec:\1hnhbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3560 -
\??\c:\djddv.exec:\djddv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4912 -
\??\c:\lxrrllr.exec:\lxrrllr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3960 -
\??\c:\1bhhtn.exec:\1bhhtn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2068 -
\??\c:\hhtntn.exec:\hhtntn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4900 -
\??\c:\vpjdj.exec:\vpjdj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3300 -
\??\c:\5rrlxrl.exec:\5rrlxrl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1492 -
\??\c:\ffrllff.exec:\ffrllff.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3544 -
\??\c:\hnbbtt.exec:\hnbbtt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4380 -
\??\c:\jvddp.exec:\jvddp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3220 -
\??\c:\3rxrrrl.exec:\3rxrrrl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2016 -
\??\c:\3frlrrl.exec:\3frlrrl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2032 -
\??\c:\nnhbbb.exec:\nnhbbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3384 -
\??\c:\vpvpj.exec:\vpvpj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3780 -
\??\c:\jvdvp.exec:\jvdvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2112 -
\??\c:\rxflxrf.exec:\rxflxrf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4816 -
\??\c:\nhnhhb.exec:\nhnhhb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4396 -
\??\c:\bhnnnh.exec:\bhnnnh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1960 -
\??\c:\vddvp.exec:\vddvp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4024 -
\??\c:\flfllxx.exec:\flfllxx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2436 -
\??\c:\tnnnhb.exec:\tnnnhb.exe23⤵
- Executes dropped EXE
PID:2684 -
\??\c:\hnttnn.exec:\hnttnn.exe24⤵
- Executes dropped EXE
PID:1876 -
\??\c:\dvjjd.exec:\dvjjd.exe25⤵
- Executes dropped EXE
PID:3084 -
\??\c:\rffxrrl.exec:\rffxrrl.exe26⤵
- Executes dropped EXE
PID:1904 -
\??\c:\bthhnn.exec:\bthhnn.exe27⤵
- Executes dropped EXE
PID:1816 -
\??\c:\1ntnhb.exec:\1ntnhb.exe28⤵
- Executes dropped EXE
PID:396 -
\??\c:\dvvpj.exec:\dvvpj.exe29⤵
- Executes dropped EXE
PID:2556 -
\??\c:\xxlfxxr.exec:\xxlfxxr.exe30⤵
- Executes dropped EXE
PID:1128 -
\??\c:\ttttnn.exec:\ttttnn.exe31⤵
- Executes dropped EXE
PID:3268 -
\??\c:\5tnnhh.exec:\5tnnhh.exe32⤵
- Executes dropped EXE
PID:2328 -
\??\c:\pdvjd.exec:\pdvjd.exe33⤵
- Executes dropped EXE
PID:2392 -
\??\c:\lfffxxr.exec:\lfffxxr.exe34⤵
- Executes dropped EXE
PID:3056 -
\??\c:\xlrxrlf.exec:\xlrxrlf.exe35⤵
- Executes dropped EXE
PID:5040 -
\??\c:\tbhbtn.exec:\tbhbtn.exe36⤵
- Executes dropped EXE
PID:1612 -
\??\c:\jjjpj.exec:\jjjpj.exe37⤵
- Executes dropped EXE
PID:4352 -
\??\c:\dvjdv.exec:\dvjdv.exe38⤵
- Executes dropped EXE
PID:3204 -
\??\c:\9xxrllx.exec:\9xxrllx.exe39⤵
- Executes dropped EXE
PID:4508 -
\??\c:\7bbttt.exec:\7bbttt.exe40⤵
- Executes dropped EXE
PID:2612 -
\??\c:\hbbnbb.exec:\hbbnbb.exe41⤵
- Executes dropped EXE
PID:3172 -
\??\c:\djvpj.exec:\djvpj.exe42⤵
- Executes dropped EXE
PID:4988 -
\??\c:\lfllfff.exec:\lfllfff.exe43⤵
- Executes dropped EXE
PID:4472 -
\??\c:\fxrlllf.exec:\fxrlllf.exe44⤵
- Executes dropped EXE
PID:2036 -
\??\c:\9ttnhn.exec:\9ttnhn.exe45⤵
- Executes dropped EXE
PID:4524 -
\??\c:\9djjd.exec:\9djjd.exe46⤵
- Executes dropped EXE
PID:1928 -
\??\c:\5vddd.exec:\5vddd.exe47⤵
- Executes dropped EXE
PID:624 -
\??\c:\lrxrxxr.exec:\lrxrxxr.exe48⤵
- Executes dropped EXE
PID:3944 -
\??\c:\bbtnnb.exec:\bbtnnb.exe49⤵
- Executes dropped EXE
PID:3756 -
\??\c:\pjjpp.exec:\pjjpp.exe50⤵
- Executes dropped EXE
PID:1752 -
\??\c:\dpdvp.exec:\dpdvp.exe51⤵
- Executes dropped EXE
PID:4852 -
\??\c:\llrrrxr.exec:\llrrrxr.exe52⤵
- Executes dropped EXE
PID:4480 -
\??\c:\tnhbtn.exec:\tnhbtn.exe53⤵
- Executes dropped EXE
PID:2660 -
\??\c:\9dppv.exec:\9dppv.exe54⤵
- Executes dropped EXE
PID:2400 -
\??\c:\djvpp.exec:\djvpp.exe55⤵
- Executes dropped EXE
PID:2708 -
\??\c:\lllfxxr.exec:\lllfxxr.exe56⤵
- Executes dropped EXE
PID:4628 -
\??\c:\tbhbtn.exec:\tbhbtn.exe57⤵
- Executes dropped EXE
PID:3672 -
\??\c:\ttbtnt.exec:\ttbtnt.exe58⤵
- Executes dropped EXE
PID:3468 -
\??\c:\jjppp.exec:\jjppp.exe59⤵
- Executes dropped EXE
PID:4288 -
\??\c:\7lllflf.exec:\7lllflf.exe60⤵
- Executes dropped EXE
PID:3500 -
\??\c:\nbnntt.exec:\nbnntt.exe61⤵
- Executes dropped EXE
PID:4404 -
\??\c:\1vppd.exec:\1vppd.exe62⤵
- Executes dropped EXE
PID:4204 -
\??\c:\3ppjd.exec:\3ppjd.exe63⤵
- Executes dropped EXE
PID:2944 -
\??\c:\ffflfll.exec:\ffflfll.exe64⤵
- Executes dropped EXE
PID:3440 -
\??\c:\hhhhhh.exec:\hhhhhh.exe65⤵
- Executes dropped EXE
PID:996 -
\??\c:\jpvpd.exec:\jpvpd.exe66⤵PID:772
-
\??\c:\jvdvv.exec:\jvdvv.exe67⤵PID:5016
-
\??\c:\xlxllfx.exec:\xlxllfx.exe68⤵PID:2160
-
\??\c:\btbbtt.exec:\btbbtt.exe69⤵PID:2096
-
\??\c:\dvvpj.exec:\dvvpj.exe70⤵PID:2452
-
\??\c:\5fffflr.exec:\5fffflr.exe71⤵PID:3168
-
\??\c:\1flfxxr.exec:\1flfxxr.exe72⤵PID:4848
-
\??\c:\nhhhnh.exec:\nhhhnh.exe73⤵PID:1228
-
\??\c:\5dvpj.exec:\5dvpj.exe74⤵PID:3344
-
\??\c:\bthhbh.exec:\bthhbh.exe75⤵PID:3644
-
\??\c:\jddvd.exec:\jddvd.exe76⤵PID:2044
-
\??\c:\xlllxrx.exec:\xlllxrx.exe77⤵PID:3704
-
\??\c:\tbnnnn.exec:\tbnnnn.exe78⤵PID:5052
-
\??\c:\vjpjj.exec:\vjpjj.exe79⤵PID:1816
-
\??\c:\7ddvv.exec:\7ddvv.exe80⤵PID:396
-
\??\c:\lfllflf.exec:\lfllflf.exe81⤵PID:4780
-
\??\c:\nhhbbb.exec:\nhhbbb.exe82⤵PID:3148
-
\??\c:\vpddj.exec:\vpddj.exe83⤵PID:1272
-
\??\c:\lfrxxlf.exec:\lfrxxlf.exe84⤵PID:3660
-
\??\c:\5rrrllf.exec:\5rrrllf.exe85⤵PID:2104
-
\??\c:\bbttnn.exec:\bbttnn.exe86⤵PID:3244
-
\??\c:\jddvp.exec:\jddvp.exe87⤵PID:2340
-
\??\c:\fffxlff.exec:\fffxlff.exe88⤵PID:1692
-
\??\c:\flrrrrr.exec:\flrrrrr.exe89⤵PID:964
-
\??\c:\bnhbhb.exec:\bnhbhb.exe90⤵PID:4508
-
\??\c:\pppjj.exec:\pppjj.exe91⤵PID:972
-
\??\c:\llrxxlf.exec:\llrxxlf.exe92⤵PID:2476
-
\??\c:\1thbbb.exec:\1thbbb.exe93⤵PID:4472
-
\??\c:\bhnhhh.exec:\bhnhhh.exe94⤵PID:4188
-
\??\c:\7vdvp.exec:\7vdvp.exe95⤵PID:2036
-
\??\c:\xxrlflf.exec:\xxrlflf.exe96⤵PID:3812
-
\??\c:\thhbth.exec:\thhbth.exe97⤵PID:1740
-
\??\c:\dpjvj.exec:\dpjvj.exe98⤵PID:3188
-
\??\c:\lxxrflx.exec:\lxxrflx.exe99⤵PID:4216
-
\??\c:\rrrfrlf.exec:\rrrfrlf.exe100⤵PID:2456
-
\??\c:\hntnnh.exec:\hntnnh.exe101⤵PID:1664
-
\??\c:\9jjdv.exec:\9jjdv.exe102⤵PID:1536
-
\??\c:\rllfxrl.exec:\rllfxrl.exe103⤵PID:4920
-
\??\c:\rlrrlff.exec:\rlrrlff.exe104⤵PID:3868
-
\??\c:\bbnhbb.exec:\bbnhbb.exe105⤵PID:3796
-
\??\c:\jjvdj.exec:\jjvdj.exe106⤵PID:2692
-
\??\c:\pjvpd.exec:\pjvpd.exe107⤵PID:1836
-
\??\c:\lfrrlxx.exec:\lfrrlxx.exe108⤵PID:1320
-
\??\c:\nnbttt.exec:\nnbttt.exe109⤵PID:856
-
\??\c:\jdjvp.exec:\jdjvp.exe110⤵PID:3960
-
\??\c:\lfrllll.exec:\lfrllll.exe111⤵PID:3500
-
\??\c:\flxrlff.exec:\flxrlff.exe112⤵PID:4092
-
\??\c:\hnhbhh.exec:\hnhbhh.exe113⤵PID:1492
-
\??\c:\7jjdj.exec:\7jjdj.exe114⤵PID:4588
-
\??\c:\pvddp.exec:\pvddp.exe115⤵PID:4792
-
\??\c:\fxlfxxx.exec:\fxlfxxx.exe116⤵PID:536
-
\??\c:\hhbttt.exec:\hhbttt.exe117⤵PID:4280
-
\??\c:\3pddj.exec:\3pddj.exe118⤵PID:4800
-
\??\c:\pjvdv.exec:\pjvdv.exe119⤵PID:2160
-
\??\c:\rxlrllf.exec:\rxlrllf.exe120⤵PID:2096
-
\??\c:\nnnntb.exec:\nnnntb.exe121⤵PID:4172
-
\??\c:\vvppv.exec:\vvppv.exe122⤵PID:3168
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-