Analysis
-
max time kernel
150s -
max time network
113s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 01:24
Behavioral task
behavioral1
Sample
a443e9a3616504765b50374ee5f4f1da6f4b0a432c4f1b90bb96a56545667098.exe
Resource
win7-20240508-en
6 signatures
150 seconds
General
-
Target
a443e9a3616504765b50374ee5f4f1da6f4b0a432c4f1b90bb96a56545667098.exe
-
Size
254KB
-
MD5
1e34c624b14864978148e94663db675a
-
SHA1
b240bd6b557c6f220ce51353b55bf1a911572596
-
SHA256
a443e9a3616504765b50374ee5f4f1da6f4b0a432c4f1b90bb96a56545667098
-
SHA512
2c6d12bb3558ecf7b3c99ffeaa7a81eea81836e91169757054b9912eb6fb748e0e294293286524103a1d42f82221077fdde840ca9222de985cfbcd93e523d884
-
SSDEEP
6144:kcm4FmowdHoSphraHcpOaKHpolTjZXvEQo9dfr9:y4wFHoS3eFaKHpKT9XvEhdfr9
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/116-4-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1556-10-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1552-19-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1572-18-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4244-31-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4864-43-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4080-42-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/960-53-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3948-59-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2844-69-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3200-82-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3212-84-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5012-90-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5088-99-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/592-103-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4928-109-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/332-120-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4620-126-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2044-137-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3236-142-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3348-173-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2600-183-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/436-185-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4840-190-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3080-209-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4340-213-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4344-216-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3488-227-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2632-235-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/644-239-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/372-243-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2592-247-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1160-251-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2076-258-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3212-282-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4508-287-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2480-310-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2516-331-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2204-335-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2204-339-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4776-343-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/552-357-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2164-372-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3932-376-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/208-377-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5016-395-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1412-405-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1392-411-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3064-425-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/316-451-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2480-455-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4484-472-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1756-482-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1276-528-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4104-539-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/800-593-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4480-639-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4084-675-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4108-683-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3708-702-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1844-715-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4932-732-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4820-840-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4988-979-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/116-0-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0008000000022f51-3.dat UPX behavioral2/memory/116-4-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1556-10-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002341d-8.dat UPX behavioral2/memory/1572-12-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002341e-13.dat UPX behavioral2/memory/1552-19-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1572-18-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002341f-23.dat UPX behavioral2/memory/2632-24-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023420-28.dat UPX behavioral2/memory/4244-31-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023421-34.dat UPX behavioral2/files/0x0007000000023422-39.dat UPX behavioral2/memory/4864-43-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4080-42-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023423-47.dat UPX behavioral2/files/0x0007000000023424-51.dat UPX behavioral2/memory/960-53-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023425-57.dat UPX behavioral2/memory/3948-59-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023426-63.dat UPX behavioral2/files/0x0007000000023427-68.dat UPX behavioral2/memory/2844-69-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4692-71-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023428-74.dat UPX behavioral2/files/0x0007000000023429-79.dat UPX behavioral2/memory/3200-82-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3212-84-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002342a-86.dat UPX behavioral2/memory/5012-90-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002342b-93.dat UPX behavioral2/memory/5088-95-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/5088-99-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002342d-100.dat UPX behavioral2/memory/592-103-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002342e-106.dat UPX behavioral2/memory/4928-109-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000800000002341a-111.dat UPX behavioral2/files/0x000700000002342f-118.dat UPX behavioral2/memory/332-120-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023430-123.dat UPX behavioral2/memory/4620-126-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023431-129.dat UPX behavioral2/files/0x0007000000023432-134.dat UPX behavioral2/memory/2044-137-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023433-140.dat UPX behavioral2/memory/3236-142-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023434-146.dat UPX behavioral2/files/0x0007000000023435-152.dat UPX behavioral2/files/0x0007000000023436-156.dat UPX behavioral2/files/0x0007000000023437-160.dat UPX behavioral2/files/0x0007000000023438-167.dat UPX behavioral2/files/0x0007000000023439-171.dat UPX behavioral2/memory/3348-173-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002343a-177.dat UPX behavioral2/memory/2600-183-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002343b-181.dat UPX behavioral2/memory/436-185-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4840-190-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1512-196-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3080-209-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4340-213-0x0000000000400000-0x0000000000427000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 1556 bhbhhn.exe 1572 ddjpp.exe 1552 9bntbh.exe 2632 5pvpj.exe 4244 htbbhb.exe 4080 dddvv.exe 4864 llllfff.exe 960 thbhhh.exe 3948 xrrrfff.exe 4956 9btnbb.exe 2844 vpvvv.exe 4692 hnbnbh.exe 3200 ddjjj.exe 3212 fxfrfxf.exe 5012 hhtbtb.exe 5088 pppvp.exe 592 1httbh.exe 4928 djddd.exe 3612 frfxlll.exe 332 bththb.exe 4620 ppjpj.exe 872 rlxxfff.exe 2044 dvddd.exe 3236 rxxxrxx.exe 232 vdvvv.exe 3432 frllfrr.exe 4764 pdjjj.exe 5032 flxxffx.exe 5036 nhtttn.exe 3348 dvddj.exe 2600 jpvjj.exe 436 xrrxxfr.exe 4840 hhnnnn.exe 4820 ppvvv.exe 1512 flxxlxl.exe 2160 fxxfxxx.exe 3260 hnnnnt.exe 3080 1jjpp.exe 4340 ppdvd.exe 4344 flfffxr.exe 904 nnbtbt.exe 3228 jvppd.exe 1952 djddj.exe 3488 xlrxxrr.exe 1552 tthhnh.exe 2632 9dpvv.exe 644 ffxfflr.exe 372 ffrxlll.exe 2592 hhnhbb.exe 1160 dddvp.exe 4716 lrxrrxx.exe 2076 tttthn.exe 2848 pjpdj.exe 3548 fflxlxr.exe 3184 nhhthh.exe 2628 bbnnbn.exe 3156 pdjjv.exe 3852 rrffrxr.exe 1044 jvddv.exe 3212 vjppv.exe 856 ffllfff.exe 4508 1hhbnt.exe 1732 djjdp.exe 5044 lflfxrf.exe -
resource yara_rule behavioral2/memory/116-0-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0008000000022f51-3.dat upx behavioral2/memory/116-4-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1556-10-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002341d-8.dat upx behavioral2/memory/1572-12-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002341e-13.dat upx behavioral2/memory/1552-19-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1572-18-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002341f-23.dat upx behavioral2/memory/2632-24-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023420-28.dat upx behavioral2/memory/4244-31-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023421-34.dat upx behavioral2/files/0x0007000000023422-39.dat upx behavioral2/memory/4864-43-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4080-42-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023423-47.dat upx behavioral2/files/0x0007000000023424-51.dat upx behavioral2/memory/960-53-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023425-57.dat upx behavioral2/memory/3948-59-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023426-63.dat upx behavioral2/files/0x0007000000023427-68.dat upx behavioral2/memory/2844-69-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4692-71-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023428-74.dat upx behavioral2/files/0x0007000000023429-79.dat upx behavioral2/memory/3200-82-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3212-84-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002342a-86.dat upx behavioral2/memory/5012-90-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002342b-93.dat upx behavioral2/memory/5088-95-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/5088-99-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002342d-100.dat upx behavioral2/memory/592-103-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002342e-106.dat upx behavioral2/memory/4928-109-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000800000002341a-111.dat upx behavioral2/files/0x000700000002342f-118.dat upx behavioral2/memory/332-120-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023430-123.dat upx behavioral2/memory/4620-126-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023431-129.dat upx behavioral2/files/0x0007000000023432-134.dat upx behavioral2/memory/2044-137-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023433-140.dat upx behavioral2/memory/3236-142-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023434-146.dat upx behavioral2/files/0x0007000000023435-152.dat upx behavioral2/files/0x0007000000023436-156.dat upx behavioral2/files/0x0007000000023437-160.dat upx behavioral2/files/0x0007000000023438-167.dat upx behavioral2/files/0x0007000000023439-171.dat upx behavioral2/memory/3348-173-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002343a-177.dat upx behavioral2/memory/2600-183-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002343b-181.dat upx behavioral2/memory/436-185-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4840-190-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1512-196-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3080-209-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4340-213-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 116 wrote to memory of 1556 116 a443e9a3616504765b50374ee5f4f1da6f4b0a432c4f1b90bb96a56545667098.exe 83 PID 116 wrote to memory of 1556 116 a443e9a3616504765b50374ee5f4f1da6f4b0a432c4f1b90bb96a56545667098.exe 83 PID 116 wrote to memory of 1556 116 a443e9a3616504765b50374ee5f4f1da6f4b0a432c4f1b90bb96a56545667098.exe 83 PID 1556 wrote to memory of 1572 1556 bhbhhn.exe 84 PID 1556 wrote to memory of 1572 1556 bhbhhn.exe 84 PID 1556 wrote to memory of 1572 1556 bhbhhn.exe 84 PID 1572 wrote to memory of 1552 1572 ddjpp.exe 85 PID 1572 wrote to memory of 1552 1572 ddjpp.exe 85 PID 1572 wrote to memory of 1552 1572 ddjpp.exe 85 PID 1552 wrote to memory of 2632 1552 9bntbh.exe 86 PID 1552 wrote to memory of 2632 1552 9bntbh.exe 86 PID 1552 wrote to memory of 2632 1552 9bntbh.exe 86 PID 2632 wrote to memory of 4244 2632 5pvpj.exe 87 PID 2632 wrote to memory of 4244 2632 5pvpj.exe 87 PID 2632 wrote to memory of 4244 2632 5pvpj.exe 87 PID 4244 wrote to memory of 4080 4244 htbbhb.exe 88 PID 4244 wrote to memory of 4080 4244 htbbhb.exe 88 PID 4244 wrote to memory of 4080 4244 htbbhb.exe 88 PID 4080 wrote to memory of 4864 4080 dddvv.exe 89 PID 4080 wrote to memory of 4864 4080 dddvv.exe 89 PID 4080 wrote to memory of 4864 4080 dddvv.exe 89 PID 4864 wrote to memory of 960 4864 llllfff.exe 90 PID 4864 wrote to memory of 960 4864 llllfff.exe 90 PID 4864 wrote to memory of 960 4864 llllfff.exe 90 PID 960 wrote to memory of 3948 960 thbhhh.exe 91 PID 960 wrote to memory of 3948 960 thbhhh.exe 91 PID 960 wrote to memory of 3948 960 thbhhh.exe 91 PID 3948 wrote to memory of 4956 3948 xrrrfff.exe 93 PID 3948 wrote to memory of 4956 3948 xrrrfff.exe 93 PID 3948 wrote to memory of 4956 3948 xrrrfff.exe 93 PID 4956 wrote to memory of 2844 4956 9btnbb.exe 94 PID 4956 wrote to memory of 2844 4956 9btnbb.exe 94 PID 4956 wrote to memory of 2844 4956 9btnbb.exe 94 PID 2844 wrote to memory of 4692 2844 vpvvv.exe 95 PID 2844 wrote to memory of 4692 2844 vpvvv.exe 95 PID 2844 wrote to memory of 4692 2844 vpvvv.exe 95 PID 4692 wrote to memory of 3200 4692 hnbnbh.exe 97 PID 4692 wrote to memory of 3200 4692 hnbnbh.exe 97 PID 4692 wrote to memory of 3200 4692 hnbnbh.exe 97 PID 3200 wrote to memory of 3212 3200 ddjjj.exe 98 PID 3200 wrote to memory of 3212 3200 ddjjj.exe 98 PID 3200 wrote to memory of 3212 3200 ddjjj.exe 98 PID 3212 wrote to memory of 5012 3212 fxfrfxf.exe 99 PID 3212 wrote to memory of 5012 3212 fxfrfxf.exe 99 PID 3212 wrote to memory of 5012 3212 fxfrfxf.exe 99 PID 5012 wrote to memory of 5088 5012 hhtbtb.exe 100 PID 5012 wrote to memory of 5088 5012 hhtbtb.exe 100 PID 5012 wrote to memory of 5088 5012 hhtbtb.exe 100 PID 5088 wrote to memory of 592 5088 pppvp.exe 101 PID 5088 wrote to memory of 592 5088 pppvp.exe 101 PID 5088 wrote to memory of 592 5088 pppvp.exe 101 PID 592 wrote to memory of 4928 592 1httbh.exe 102 PID 592 wrote to memory of 4928 592 1httbh.exe 102 PID 592 wrote to memory of 4928 592 1httbh.exe 102 PID 4928 wrote to memory of 3612 4928 djddd.exe 103 PID 4928 wrote to memory of 3612 4928 djddd.exe 103 PID 4928 wrote to memory of 3612 4928 djddd.exe 103 PID 3612 wrote to memory of 332 3612 frfxlll.exe 105 PID 3612 wrote to memory of 332 3612 frfxlll.exe 105 PID 3612 wrote to memory of 332 3612 frfxlll.exe 105 PID 332 wrote to memory of 4620 332 bththb.exe 106 PID 332 wrote to memory of 4620 332 bththb.exe 106 PID 332 wrote to memory of 4620 332 bththb.exe 106 PID 4620 wrote to memory of 872 4620 ppjpj.exe 107
Processes
-
C:\Users\Admin\AppData\Local\Temp\a443e9a3616504765b50374ee5f4f1da6f4b0a432c4f1b90bb96a56545667098.exe"C:\Users\Admin\AppData\Local\Temp\a443e9a3616504765b50374ee5f4f1da6f4b0a432c4f1b90bb96a56545667098.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:116 -
\??\c:\bhbhhn.exec:\bhbhhn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1556 -
\??\c:\ddjpp.exec:\ddjpp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1572 -
\??\c:\9bntbh.exec:\9bntbh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1552 -
\??\c:\5pvpj.exec:\5pvpj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2632 -
\??\c:\htbbhb.exec:\htbbhb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4244 -
\??\c:\dddvv.exec:\dddvv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4080 -
\??\c:\llllfff.exec:\llllfff.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4864 -
\??\c:\thbhhh.exec:\thbhhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:960 -
\??\c:\xrrrfff.exec:\xrrrfff.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3948 -
\??\c:\9btnbb.exec:\9btnbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4956 -
\??\c:\vpvvv.exec:\vpvvv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2844 -
\??\c:\hnbnbh.exec:\hnbnbh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4692 -
\??\c:\ddjjj.exec:\ddjjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3200 -
\??\c:\fxfrfxf.exec:\fxfrfxf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3212 -
\??\c:\hhtbtb.exec:\hhtbtb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5012 -
\??\c:\pppvp.exec:\pppvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5088 -
\??\c:\1httbh.exec:\1httbh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:592 -
\??\c:\djddd.exec:\djddd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4928 -
\??\c:\frfxlll.exec:\frfxlll.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3612 -
\??\c:\bththb.exec:\bththb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:332 -
\??\c:\ppjpj.exec:\ppjpj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4620 -
\??\c:\rlxxfff.exec:\rlxxfff.exe23⤵
- Executes dropped EXE
PID:872 -
\??\c:\dvddd.exec:\dvddd.exe24⤵
- Executes dropped EXE
PID:2044 -
\??\c:\rxxxrxx.exec:\rxxxrxx.exe25⤵
- Executes dropped EXE
PID:3236 -
\??\c:\vdvvv.exec:\vdvvv.exe26⤵
- Executes dropped EXE
PID:232 -
\??\c:\frllfrr.exec:\frllfrr.exe27⤵
- Executes dropped EXE
PID:3432 -
\??\c:\pdjjj.exec:\pdjjj.exe28⤵
- Executes dropped EXE
PID:4764 -
\??\c:\flxxffx.exec:\flxxffx.exe29⤵
- Executes dropped EXE
PID:5032 -
\??\c:\nhtttn.exec:\nhtttn.exe30⤵
- Executes dropped EXE
PID:5036 -
\??\c:\dvddj.exec:\dvddj.exe31⤵
- Executes dropped EXE
PID:3348 -
\??\c:\jpvjj.exec:\jpvjj.exe32⤵
- Executes dropped EXE
PID:2600 -
\??\c:\xrrxxfr.exec:\xrrxxfr.exe33⤵
- Executes dropped EXE
PID:436 -
\??\c:\hhnnnn.exec:\hhnnnn.exe34⤵
- Executes dropped EXE
PID:4840 -
\??\c:\ppvvv.exec:\ppvvv.exe35⤵
- Executes dropped EXE
PID:4820 -
\??\c:\flxxlxl.exec:\flxxlxl.exe36⤵
- Executes dropped EXE
PID:1512 -
\??\c:\fxxfxxx.exec:\fxxfxxx.exe37⤵
- Executes dropped EXE
PID:2160 -
\??\c:\hnnnnt.exec:\hnnnnt.exe38⤵
- Executes dropped EXE
PID:3260 -
\??\c:\1jjpp.exec:\1jjpp.exe39⤵
- Executes dropped EXE
PID:3080 -
\??\c:\ppdvd.exec:\ppdvd.exe40⤵
- Executes dropped EXE
PID:4340 -
\??\c:\flfffxr.exec:\flfffxr.exe41⤵
- Executes dropped EXE
PID:4344 -
\??\c:\nnbtbt.exec:\nnbtbt.exe42⤵
- Executes dropped EXE
PID:904 -
\??\c:\jvppd.exec:\jvppd.exe43⤵
- Executes dropped EXE
PID:3228 -
\??\c:\djddj.exec:\djddj.exe44⤵
- Executes dropped EXE
PID:1952 -
\??\c:\xlrxxrr.exec:\xlrxxrr.exe45⤵
- Executes dropped EXE
PID:3488 -
\??\c:\tthhnh.exec:\tthhnh.exe46⤵
- Executes dropped EXE
PID:1552 -
\??\c:\9dpvv.exec:\9dpvv.exe47⤵
- Executes dropped EXE
PID:2632 -
\??\c:\ffxfflr.exec:\ffxfflr.exe48⤵
- Executes dropped EXE
PID:644 -
\??\c:\ffrxlll.exec:\ffrxlll.exe49⤵
- Executes dropped EXE
PID:372 -
\??\c:\hhnhbb.exec:\hhnhbb.exe50⤵
- Executes dropped EXE
PID:2592 -
\??\c:\dddvp.exec:\dddvp.exe51⤵
- Executes dropped EXE
PID:1160 -
\??\c:\lrxrrxx.exec:\lrxrrxx.exe52⤵
- Executes dropped EXE
PID:4716 -
\??\c:\tttthn.exec:\tttthn.exe53⤵
- Executes dropped EXE
PID:2076 -
\??\c:\pjpdj.exec:\pjpdj.exe54⤵
- Executes dropped EXE
PID:2848 -
\??\c:\fflxlxr.exec:\fflxlxr.exe55⤵
- Executes dropped EXE
PID:3548 -
\??\c:\nhhthh.exec:\nhhthh.exe56⤵
- Executes dropped EXE
PID:3184 -
\??\c:\bbnnbn.exec:\bbnnbn.exe57⤵
- Executes dropped EXE
PID:2628 -
\??\c:\pdjjv.exec:\pdjjv.exe58⤵
- Executes dropped EXE
PID:3156 -
\??\c:\rrffrxr.exec:\rrffrxr.exe59⤵
- Executes dropped EXE
PID:3852 -
\??\c:\jvddv.exec:\jvddv.exe60⤵
- Executes dropped EXE
PID:1044 -
\??\c:\vjppv.exec:\vjppv.exe61⤵
- Executes dropped EXE
PID:3212 -
\??\c:\ffllfff.exec:\ffllfff.exe62⤵
- Executes dropped EXE
PID:856 -
\??\c:\1hhbnt.exec:\1hhbnt.exe63⤵
- Executes dropped EXE
PID:4508 -
\??\c:\djjdp.exec:\djjdp.exe64⤵
- Executes dropped EXE
PID:1732 -
\??\c:\lflfxrf.exec:\lflfxrf.exe65⤵
- Executes dropped EXE
PID:5044 -
\??\c:\hbbthh.exec:\hbbthh.exe66⤵PID:592
-
\??\c:\ppdvj.exec:\ppdvj.exe67⤵PID:316
-
\??\c:\vppdv.exec:\vppdv.exe68⤵PID:3876
-
\??\c:\tbbttt.exec:\tbbttt.exe69⤵PID:1916
-
\??\c:\nttttn.exec:\nttttn.exe70⤵PID:2480
-
\??\c:\pjvpd.exec:\pjvpd.exe71⤵PID:396
-
\??\c:\lxlllll.exec:\lxlllll.exe72⤵PID:4624
-
\??\c:\nhttnn.exec:\nhttnn.exe73⤵PID:3644
-
\??\c:\btbhht.exec:\btbhht.exe74⤵PID:4932
-
\??\c:\vjvvp.exec:\vjvvp.exe75⤵PID:2380
-
\??\c:\xrxrllf.exec:\xrxrllf.exe76⤵PID:2516
-
\??\c:\frffflf.exec:\frffflf.exe77⤵PID:2216
-
\??\c:\bbhhnn.exec:\bbhhnn.exe78⤵PID:2204
-
\??\c:\djdvp.exec:\djdvp.exe79⤵PID:4776
-
\??\c:\5xxlffx.exec:\5xxlffx.exe80⤵PID:4396
-
\??\c:\5thhbb.exec:\5thhbb.exe81⤵PID:380
-
\??\c:\jvppj.exec:\jvppj.exe82⤵PID:2036
-
\??\c:\rrrrrrr.exec:\rrrrrrr.exe83⤵PID:3284
-
\??\c:\fllffff.exec:\fllffff.exe84⤵PID:552
-
\??\c:\btnhhb.exec:\btnhhb.exe85⤵PID:708
-
\??\c:\ddjdp.exec:\ddjdp.exe86⤵PID:404
-
\??\c:\jdvvv.exec:\jdvvv.exe87⤵PID:5060
-
\??\c:\rxxffrl.exec:\rxxffrl.exe88⤵PID:2164
-
\??\c:\llrlflf.exec:\llrlflf.exe89⤵PID:3932
-
\??\c:\hbbnhn.exec:\hbbnhn.exe90⤵PID:208
-
\??\c:\ddvvv.exec:\ddvvv.exe91⤵PID:1396
-
\??\c:\rlfxxrx.exec:\rlfxxrx.exe92⤵PID:1556
-
\??\c:\htbtnh.exec:\htbtnh.exe93⤵PID:4572
-
\??\c:\jjjdd.exec:\jjjdd.exe94⤵PID:684
-
\??\c:\xlfxrlf.exec:\xlfxrlf.exe95⤵PID:5016
-
\??\c:\rfxlffx.exec:\rfxlffx.exe96⤵PID:2636
-
\??\c:\tbntnn.exec:\tbntnn.exe97⤵PID:644
-
\??\c:\dvjdj.exec:\dvjdj.exe98⤵PID:1412
-
\??\c:\xrxxllf.exec:\xrxxllf.exe99⤵PID:2592
-
\??\c:\rfxrlff.exec:\rfxrlff.exe100⤵PID:1392
-
\??\c:\tnttnn.exec:\tnttnn.exe101⤵PID:2076
-
\??\c:\ntnnhb.exec:\ntnnhb.exe102⤵PID:2072
-
\??\c:\ppjdp.exec:\ppjdp.exe103⤵PID:3064
-
\??\c:\ffxfxxx.exec:\ffxfxxx.exe104⤵PID:2628
-
\??\c:\hbnhtn.exec:\hbnhtn.exe105⤵PID:376
-
\??\c:\jvpjd.exec:\jvpjd.exe106⤵PID:3852
-
\??\c:\vdvdv.exec:\vdvdv.exe107⤵PID:3212
-
\??\c:\3xrffff.exec:\3xrffff.exe108⤵PID:5072
-
\??\c:\bthbhb.exec:\bthbhb.exe109⤵PID:1692
-
\??\c:\ttnhbb.exec:\ttnhbb.exe110⤵PID:4468
-
\??\c:\vpdvp.exec:\vpdvp.exe111⤵PID:316
-
\??\c:\ffllflr.exec:\ffllflr.exe112⤵PID:332
-
\??\c:\nhnhhb.exec:\nhnhhb.exe113⤵PID:2480
-
\??\c:\3nnhnh.exec:\3nnhnh.exe114⤵PID:396
-
\??\c:\pjdvv.exec:\pjdvv.exe115⤵PID:1580
-
\??\c:\frrllll.exec:\frrllll.exe116⤵PID:3304
-
\??\c:\rlrrllf.exec:\rlrrllf.exe117⤵PID:2280
-
\??\c:\3thbtn.exec:\3thbtn.exe118⤵PID:4484
-
\??\c:\dppjp.exec:\dppjp.exe119⤵PID:2216
-
\??\c:\xlxrllr.exec:\xlxrllr.exe120⤵PID:1756
-
\??\c:\tttnnn.exec:\tttnnn.exe121⤵PID:1856
-
\??\c:\dpvpp.exec:\dpvpp.exe122⤵PID:2008
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-