Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 01:29
Behavioral task
behavioral1
Sample
a616aff107e6e05fffeba5499e17bbe52d3eff9a3e9f8ded065196817b9bc620.exe
Resource
win7-20240221-en
6 signatures
150 seconds
General
-
Target
a616aff107e6e05fffeba5499e17bbe52d3eff9a3e9f8ded065196817b9bc620.exe
-
Size
81KB
-
MD5
a553a85a05b2cf25908734780b9babaf
-
SHA1
273a5b9339f8a38600d9acb0f94bbe45cc7cf07d
-
SHA256
a616aff107e6e05fffeba5499e17bbe52d3eff9a3e9f8ded065196817b9bc620
-
SHA512
f5cd6576e13b7b5aa2a1e89eef4b0910db1f6c9e44c636245046b73f9add49a68cbd25c4052bd3f32be35893a3d13d8599770c8a7dfb4f5b75958968f7eace3d
-
SSDEEP
1536:9vQBeOGtrYS3srx93UBWfwC6Ggnouy8PbhnyLFWxIF5WoZkM:9hOmTsF93UYfwC6GIoutz5yLd5tZj
Malware Config
Signatures
-
Detect Blackmoon payload 39 IoCs
resource yara_rule behavioral1/memory/3028-7-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2744-11-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2176-28-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2524-37-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2552-58-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2104-49-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2640-46-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2824-67-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1984-82-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2380-100-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2820-116-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/2820-118-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2672-135-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1636-185-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1376-193-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/696-205-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/608-203-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1292-221-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1676-245-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1172-254-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2512-300-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2016-307-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2224-314-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2428-375-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2476-385-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/2800-402-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/344-434-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1684-460-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2284-473-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/880-480-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2188-644-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/2608-668-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1608-890-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2524-903-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2588-910-0x00000000003D0000-0x00000000003F7000-memory.dmp family_blackmoon behavioral1/memory/1376-1332-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/696-1358-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/2872-1364-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/3044-1412-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral1/memory/3028-0-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/3028-7-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x000d000000012342-8.dat UPX behavioral1/memory/2744-11-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0034000000014aa2-18.dat UPX behavioral1/memory/2176-19-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0008000000014e51-26.dat UPX behavioral1/memory/2176-28-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0007000000014f71-36.dat UPX behavioral1/memory/2524-37-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x000700000001508a-44.dat UPX behavioral1/memory/2552-58-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0007000000015653-56.dat UPX behavioral1/memory/2104-49-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2640-46-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0007000000015659-63.dat UPX behavioral1/memory/2824-67-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x000900000001566b-72.dat UPX behavioral1/memory/1984-82-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0006000000015d67-80.dat UPX behavioral1/files/0x0006000000015d6f-90.dat UPX behavioral1/memory/2380-91-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0006000000015d79-101.dat UPX behavioral1/memory/2380-100-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0006000000015d87-107.dat UPX behavioral1/memory/2820-118-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0006000000015d8f-117.dat UPX behavioral1/files/0x0006000000015d9b-126.dat UPX behavioral1/files/0x0006000000015e3a-136.dat UPX behavioral1/memory/2672-135-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0006000000015eaf-143.dat UPX behavioral1/memory/2708-144-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0006000000015f6d-151.dat UPX behavioral1/files/0x0006000000015fe9-160.dat UPX behavioral1/files/0x0006000000016117-166.dat UPX behavioral1/files/0x00060000000161e7-176.dat UPX behavioral1/files/0x000600000001630b-182.dat UPX behavioral1/memory/1636-185-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1376-193-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x00060000000164b2-194.dat UPX behavioral1/files/0x0006000000016572-201.dat UPX behavioral1/memory/696-205-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/608-203-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x000600000001661c-212.dat UPX behavioral1/memory/1292-221-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0034000000014b27-219.dat UPX behavioral1/files/0x0006000000016843-229.dat UPX behavioral1/files/0x0006000000016a9a-237.dat UPX behavioral1/files/0x0006000000016c4a-246.dat UPX behavioral1/memory/1676-245-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1172-254-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0006000000016c63-255.dat UPX behavioral1/files/0x0006000000016c6b-263.dat UPX behavioral1/files/0x0006000000016cb7-271.dat UPX behavioral1/files/0x0006000000016ce4-279.dat UPX behavioral1/memory/2904-287-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2512-300-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2016-307-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2224-314-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2428-375-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2800-402-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/344-434-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2784-447-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1684-460-0x0000000000400000-0x0000000000427000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 2744 s0448.exe 2176 o088440.exe 2524 3pdpd.exe 2640 xlxlxrx.exe 2104 9tnhnt.exe 2552 lxlfrrr.exe 2824 5lrrxfl.exe 1984 64062.exe 2476 e60028.exe 2380 nhttbh.exe 2252 48002.exe 2820 1jpvp.exe 2928 bthntb.exe 2672 2624228.exe 308 jdjjj.exe 2708 08440.exe 1796 rfxflrl.exe 2776 008662.exe 1568 886848.exe 1636 868888.exe 1376 2088468.exe 608 m0888.exe 696 vjddp.exe 1292 04668.exe 936 60020.exe 2128 86628.exe 1676 jvppd.exe 1172 xlxrffr.exe 1948 bc0866.exe 1992 jdjjd.exe 3016 rrrllxl.exe 2120 lrlrxxl.exe 2904 xrflxlx.exe 2512 00024.exe 2016 22068.exe 2224 2404826.exe 1584 3rfflxl.exe 2616 264666.exe 2216 hhbbhh.exe 2716 8026266.exe 2632 8064826.exe 2592 vdddp.exe 2724 fxrffrx.exe 3036 04886.exe 2460 ddjpj.exe 2428 xrxrlxx.exe 2496 u688062.exe 2476 btthth.exe 2604 a4406.exe 2800 w20022.exe 2948 fxlrflx.exe 2820 bntbhn.exe 2928 w80628.exe 716 640666.exe 344 00246.exe 1980 fxfxfxl.exe 2780 1dvjj.exe 2784 rlxrflf.exe 1684 bthnnn.exe 400 ppdjv.exe 2284 bthbtb.exe 880 26686.exe 1540 i660408.exe 1920 lrxrxlf.exe -
resource yara_rule behavioral1/memory/3028-0-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/3028-7-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x000d000000012342-8.dat upx behavioral1/memory/2744-11-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0034000000014aa2-18.dat upx behavioral1/memory/2176-19-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0008000000014e51-26.dat upx behavioral1/memory/2176-28-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0007000000014f71-36.dat upx behavioral1/memory/2524-37-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x000700000001508a-44.dat upx behavioral1/memory/2552-58-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0007000000015653-56.dat upx behavioral1/memory/2104-49-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2640-46-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0007000000015659-63.dat upx behavioral1/memory/2824-67-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x000900000001566b-72.dat upx behavioral1/memory/1984-82-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015d67-80.dat upx behavioral1/files/0x0006000000015d6f-90.dat upx behavioral1/memory/2380-91-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015d79-101.dat upx behavioral1/memory/2380-100-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015d87-107.dat upx behavioral1/memory/2820-118-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015d8f-117.dat upx behavioral1/files/0x0006000000015d9b-126.dat upx behavioral1/files/0x0006000000015e3a-136.dat upx behavioral1/memory/2672-135-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015eaf-143.dat upx behavioral1/memory/2708-144-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015f6d-151.dat upx behavioral1/files/0x0006000000015fe9-160.dat upx behavioral1/files/0x0006000000016117-166.dat upx behavioral1/files/0x00060000000161e7-176.dat upx behavioral1/files/0x000600000001630b-182.dat upx behavioral1/memory/1636-185-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1376-193-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x00060000000164b2-194.dat upx behavioral1/files/0x0006000000016572-201.dat upx behavioral1/memory/696-205-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/608-203-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x000600000001661c-212.dat upx behavioral1/memory/1292-221-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0034000000014b27-219.dat upx behavioral1/files/0x0006000000016843-229.dat upx behavioral1/files/0x0006000000016a9a-237.dat upx behavioral1/files/0x0006000000016c4a-246.dat upx behavioral1/memory/1676-245-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1172-254-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000016c63-255.dat upx behavioral1/files/0x0006000000016c6b-263.dat upx behavioral1/files/0x0006000000016cb7-271.dat upx behavioral1/files/0x0006000000016ce4-279.dat upx behavioral1/memory/2904-287-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2512-300-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2016-307-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2224-314-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2428-375-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2800-402-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/344-434-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2784-447-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1684-460-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3028 wrote to memory of 2744 3028 a616aff107e6e05fffeba5499e17bbe52d3eff9a3e9f8ded065196817b9bc620.exe 28 PID 3028 wrote to memory of 2744 3028 a616aff107e6e05fffeba5499e17bbe52d3eff9a3e9f8ded065196817b9bc620.exe 28 PID 3028 wrote to memory of 2744 3028 a616aff107e6e05fffeba5499e17bbe52d3eff9a3e9f8ded065196817b9bc620.exe 28 PID 3028 wrote to memory of 2744 3028 a616aff107e6e05fffeba5499e17bbe52d3eff9a3e9f8ded065196817b9bc620.exe 28 PID 2744 wrote to memory of 2176 2744 s0448.exe 29 PID 2744 wrote to memory of 2176 2744 s0448.exe 29 PID 2744 wrote to memory of 2176 2744 s0448.exe 29 PID 2744 wrote to memory of 2176 2744 s0448.exe 29 PID 2176 wrote to memory of 2524 2176 o088440.exe 30 PID 2176 wrote to memory of 2524 2176 o088440.exe 30 PID 2176 wrote to memory of 2524 2176 o088440.exe 30 PID 2176 wrote to memory of 2524 2176 o088440.exe 30 PID 2524 wrote to memory of 2640 2524 3pdpd.exe 31 PID 2524 wrote to memory of 2640 2524 3pdpd.exe 31 PID 2524 wrote to memory of 2640 2524 3pdpd.exe 31 PID 2524 wrote to memory of 2640 2524 3pdpd.exe 31 PID 2640 wrote to memory of 2104 2640 xlxlxrx.exe 32 PID 2640 wrote to memory of 2104 2640 xlxlxrx.exe 32 PID 2640 wrote to memory of 2104 2640 xlxlxrx.exe 32 PID 2640 wrote to memory of 2104 2640 xlxlxrx.exe 32 PID 2104 wrote to memory of 2552 2104 9tnhnt.exe 33 PID 2104 wrote to memory of 2552 2104 9tnhnt.exe 33 PID 2104 wrote to memory of 2552 2104 9tnhnt.exe 33 PID 2104 wrote to memory of 2552 2104 9tnhnt.exe 33 PID 2552 wrote to memory of 2824 2552 lxlfrrr.exe 34 PID 2552 wrote to memory of 2824 2552 lxlfrrr.exe 34 PID 2552 wrote to memory of 2824 2552 lxlfrrr.exe 34 PID 2552 wrote to memory of 2824 2552 lxlfrrr.exe 34 PID 2824 wrote to memory of 1984 2824 5lrrxfl.exe 35 PID 2824 wrote to memory of 1984 2824 5lrrxfl.exe 35 PID 2824 wrote to memory of 1984 2824 5lrrxfl.exe 35 PID 2824 wrote to memory of 1984 2824 5lrrxfl.exe 35 PID 1984 wrote to memory of 2476 1984 64062.exe 36 PID 1984 wrote to memory of 2476 1984 64062.exe 36 PID 1984 wrote to memory of 2476 1984 64062.exe 36 PID 1984 wrote to memory of 2476 1984 64062.exe 36 PID 2476 wrote to memory of 2380 2476 e60028.exe 37 PID 2476 wrote to memory of 2380 2476 e60028.exe 37 PID 2476 wrote to memory of 2380 2476 e60028.exe 37 PID 2476 wrote to memory of 2380 2476 e60028.exe 37 PID 2380 wrote to memory of 2252 2380 nhttbh.exe 38 PID 2380 wrote to memory of 2252 2380 nhttbh.exe 38 PID 2380 wrote to memory of 2252 2380 nhttbh.exe 38 PID 2380 wrote to memory of 2252 2380 nhttbh.exe 38 PID 2252 wrote to memory of 2820 2252 48002.exe 39 PID 2252 wrote to memory of 2820 2252 48002.exe 39 PID 2252 wrote to memory of 2820 2252 48002.exe 39 PID 2252 wrote to memory of 2820 2252 48002.exe 39 PID 2820 wrote to memory of 2928 2820 1jpvp.exe 40 PID 2820 wrote to memory of 2928 2820 1jpvp.exe 40 PID 2820 wrote to memory of 2928 2820 1jpvp.exe 40 PID 2820 wrote to memory of 2928 2820 1jpvp.exe 40 PID 2928 wrote to memory of 2672 2928 bthntb.exe 41 PID 2928 wrote to memory of 2672 2928 bthntb.exe 41 PID 2928 wrote to memory of 2672 2928 bthntb.exe 41 PID 2928 wrote to memory of 2672 2928 bthntb.exe 41 PID 2672 wrote to memory of 308 2672 2624228.exe 42 PID 2672 wrote to memory of 308 2672 2624228.exe 42 PID 2672 wrote to memory of 308 2672 2624228.exe 42 PID 2672 wrote to memory of 308 2672 2624228.exe 42 PID 308 wrote to memory of 2708 308 jdjjj.exe 43 PID 308 wrote to memory of 2708 308 jdjjj.exe 43 PID 308 wrote to memory of 2708 308 jdjjj.exe 43 PID 308 wrote to memory of 2708 308 jdjjj.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\a616aff107e6e05fffeba5499e17bbe52d3eff9a3e9f8ded065196817b9bc620.exe"C:\Users\Admin\AppData\Local\Temp\a616aff107e6e05fffeba5499e17bbe52d3eff9a3e9f8ded065196817b9bc620.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3028 -
\??\c:\s0448.exec:\s0448.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2744 -
\??\c:\o088440.exec:\o088440.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2176 -
\??\c:\3pdpd.exec:\3pdpd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2524 -
\??\c:\xlxlxrx.exec:\xlxlxrx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2640 -
\??\c:\9tnhnt.exec:\9tnhnt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2104 -
\??\c:\lxlfrrr.exec:\lxlfrrr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2552 -
\??\c:\5lrrxfl.exec:\5lrrxfl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2824 -
\??\c:\64062.exec:\64062.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1984 -
\??\c:\e60028.exec:\e60028.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2476 -
\??\c:\nhttbh.exec:\nhttbh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2380 -
\??\c:\48002.exec:\48002.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2252 -
\??\c:\1jpvp.exec:\1jpvp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2820 -
\??\c:\bthntb.exec:\bthntb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2928 -
\??\c:\2624228.exec:\2624228.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2672 -
\??\c:\jdjjj.exec:\jdjjj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:308 -
\??\c:\08440.exec:\08440.exe17⤵
- Executes dropped EXE
PID:2708 -
\??\c:\rfxflrl.exec:\rfxflrl.exe18⤵
- Executes dropped EXE
PID:1796 -
\??\c:\008662.exec:\008662.exe19⤵
- Executes dropped EXE
PID:2776 -
\??\c:\886848.exec:\886848.exe20⤵
- Executes dropped EXE
PID:1568 -
\??\c:\868888.exec:\868888.exe21⤵
- Executes dropped EXE
PID:1636 -
\??\c:\2088468.exec:\2088468.exe22⤵
- Executes dropped EXE
PID:1376 -
\??\c:\m0888.exec:\m0888.exe23⤵
- Executes dropped EXE
PID:608 -
\??\c:\vjddp.exec:\vjddp.exe24⤵
- Executes dropped EXE
PID:696 -
\??\c:\04668.exec:\04668.exe25⤵
- Executes dropped EXE
PID:1292 -
\??\c:\60020.exec:\60020.exe26⤵
- Executes dropped EXE
PID:936 -
\??\c:\86628.exec:\86628.exe27⤵
- Executes dropped EXE
PID:2128 -
\??\c:\jvppd.exec:\jvppd.exe28⤵
- Executes dropped EXE
PID:1676 -
\??\c:\xlxrffr.exec:\xlxrffr.exe29⤵
- Executes dropped EXE
PID:1172 -
\??\c:\bc0866.exec:\bc0866.exe30⤵
- Executes dropped EXE
PID:1948 -
\??\c:\jdjjd.exec:\jdjjd.exe31⤵
- Executes dropped EXE
PID:1992 -
\??\c:\rrrllxl.exec:\rrrllxl.exe32⤵
- Executes dropped EXE
PID:3016 -
\??\c:\lrlrxxl.exec:\lrlrxxl.exe33⤵
- Executes dropped EXE
PID:2120 -
\??\c:\xrflxlx.exec:\xrflxlx.exe34⤵
- Executes dropped EXE
PID:2904 -
\??\c:\00024.exec:\00024.exe35⤵
- Executes dropped EXE
PID:2512 -
\??\c:\22068.exec:\22068.exe36⤵
- Executes dropped EXE
PID:2016 -
\??\c:\2404826.exec:\2404826.exe37⤵
- Executes dropped EXE
PID:2224 -
\??\c:\3rfflxl.exec:\3rfflxl.exe38⤵
- Executes dropped EXE
PID:1584 -
\??\c:\264666.exec:\264666.exe39⤵
- Executes dropped EXE
PID:2616 -
\??\c:\hhbbhh.exec:\hhbbhh.exe40⤵
- Executes dropped EXE
PID:2216 -
\??\c:\8026266.exec:\8026266.exe41⤵
- Executes dropped EXE
PID:2716 -
\??\c:\8064826.exec:\8064826.exe42⤵
- Executes dropped EXE
PID:2632 -
\??\c:\vdddp.exec:\vdddp.exe43⤵
- Executes dropped EXE
PID:2592 -
\??\c:\fxrffrx.exec:\fxrffrx.exe44⤵
- Executes dropped EXE
PID:2724 -
\??\c:\04886.exec:\04886.exe45⤵
- Executes dropped EXE
PID:3036 -
\??\c:\ddjpj.exec:\ddjpj.exe46⤵
- Executes dropped EXE
PID:2460 -
\??\c:\xrxrlxx.exec:\xrxrlxx.exe47⤵
- Executes dropped EXE
PID:2428 -
\??\c:\u688062.exec:\u688062.exe48⤵
- Executes dropped EXE
PID:2496 -
\??\c:\btthth.exec:\btthth.exe49⤵
- Executes dropped EXE
PID:2476 -
\??\c:\a4406.exec:\a4406.exe50⤵
- Executes dropped EXE
PID:2604 -
\??\c:\w20022.exec:\w20022.exe51⤵
- Executes dropped EXE
PID:2800 -
\??\c:\fxlrflx.exec:\fxlrflx.exe52⤵
- Executes dropped EXE
PID:2948 -
\??\c:\bntbhn.exec:\bntbhn.exe53⤵
- Executes dropped EXE
PID:2820 -
\??\c:\w80628.exec:\w80628.exe54⤵
- Executes dropped EXE
PID:2928 -
\??\c:\640666.exec:\640666.exe55⤵
- Executes dropped EXE
PID:716 -
\??\c:\00246.exec:\00246.exe56⤵
- Executes dropped EXE
PID:344 -
\??\c:\fxfxfxl.exec:\fxfxfxl.exe57⤵
- Executes dropped EXE
PID:1980 -
\??\c:\1dvjj.exec:\1dvjj.exe58⤵
- Executes dropped EXE
PID:2780 -
\??\c:\rlxrflf.exec:\rlxrflf.exe59⤵
- Executes dropped EXE
PID:2784 -
\??\c:\bthnnn.exec:\bthnnn.exe60⤵
- Executes dropped EXE
PID:1684 -
\??\c:\ppdjv.exec:\ppdjv.exe61⤵
- Executes dropped EXE
PID:400 -
\??\c:\bthbtb.exec:\bthbtb.exe62⤵
- Executes dropped EXE
PID:2284 -
\??\c:\26686.exec:\26686.exe63⤵
- Executes dropped EXE
PID:880 -
\??\c:\i660408.exec:\i660408.exe64⤵
- Executes dropped EXE
PID:1540 -
\??\c:\lrxrxlf.exec:\lrxrxlf.exe65⤵
- Executes dropped EXE
PID:1920 -
\??\c:\c466280.exec:\c466280.exe66⤵PID:2872
-
\??\c:\042640.exec:\042640.exe67⤵PID:2316
-
\??\c:\q08466.exec:\q08466.exe68⤵PID:1076
-
\??\c:\0084822.exec:\0084822.exe69⤵PID:2388
-
\??\c:\ddvpj.exec:\ddvpj.exe70⤵PID:1384
-
\??\c:\1rlrxxf.exec:\1rlrxxf.exe71⤵PID:976
-
\??\c:\268062.exec:\268062.exe72⤵PID:1676
-
\??\c:\m2646.exec:\m2646.exe73⤵PID:1928
-
\??\c:\88206.exec:\88206.exe74⤵PID:2152
-
\??\c:\2222408.exec:\2222408.exe75⤵PID:2108
-
\??\c:\868022.exec:\868022.exe76⤵PID:1992
-
\??\c:\20426.exec:\20426.exe77⤵PID:3016
-
\??\c:\0084220.exec:\0084220.exe78⤵PID:1752
-
\??\c:\q80460.exec:\q80460.exe79⤵PID:1416
-
\??\c:\nthhnh.exec:\nthhnh.exe80⤵PID:1272
-
\??\c:\ppdjv.exec:\ppdjv.exe81⤵PID:2008
-
\??\c:\666026.exec:\666026.exe82⤵PID:1800
-
\??\c:\08488.exec:\08488.exe83⤵PID:2744
-
\??\c:\nnhntb.exec:\nnhntb.exe84⤵PID:2188
-
\??\c:\88824.exec:\88824.exe85⤵PID:2616
-
\??\c:\dvjdj.exec:\dvjdj.exe86⤵PID:2628
-
\??\c:\dddpv.exec:\dddpv.exe87⤵PID:2856
-
\??\c:\42440.exec:\42440.exe88⤵PID:2544
-
\??\c:\s0466.exec:\s0466.exe89⤵PID:2272
-
\??\c:\k60828.exec:\k60828.exe90⤵PID:2552
-
\??\c:\626806.exec:\626806.exe91⤵PID:2668
-
\??\c:\tnnbbh.exec:\tnnbbh.exe92⤵PID:2548
-
\??\c:\flrrfff.exec:\flrrfff.exe93⤵PID:2556
-
\??\c:\jjpjd.exec:\jjpjd.exe94⤵PID:2608
-
\??\c:\c046846.exec:\c046846.exe95⤵PID:2492
-
\??\c:\1xrrfxf.exec:\1xrrfxf.exe96⤵PID:2940
-
\??\c:\lfrxffl.exec:\lfrxffl.exe97⤵PID:2756
-
\??\c:\jdjjv.exec:\jdjjv.exe98⤵PID:2912
-
\??\c:\9dppd.exec:\9dppd.exe99⤵PID:2820
-
\??\c:\8840662.exec:\8840662.exe100⤵PID:2032
-
\??\c:\2008628.exec:\2008628.exe101⤵PID:716
-
\??\c:\6428062.exec:\6428062.exe102⤵PID:2172
-
\??\c:\frffrll.exec:\frffrll.exe103⤵PID:788
-
\??\c:\486622.exec:\486622.exe104⤵PID:1796
-
\??\c:\88884.exec:\88884.exe105⤵PID:2784
-
\??\c:\5btttt.exec:\5btttt.exe106⤵PID:1716
-
\??\c:\k60240.exec:\k60240.exe107⤵PID:1680
-
\??\c:\tnthtb.exec:\tnthtb.exe108⤵PID:1472
-
\??\c:\o428446.exec:\o428446.exe109⤵PID:2304
-
\??\c:\62868.exec:\62868.exe110⤵PID:1760
-
\??\c:\e62048.exec:\e62048.exe111⤵PID:540
-
\??\c:\ffrlxxl.exec:\ffrlxxl.exe112⤵PID:2100
-
\??\c:\604240.exec:\604240.exe113⤵PID:2064
-
\??\c:\pvdvv.exec:\pvdvv.exe114⤵PID:1648
-
\??\c:\lfrxxfr.exec:\lfrxxfr.exe115⤵PID:896
-
\??\c:\w20080.exec:\w20080.exe116⤵PID:856
-
\??\c:\82480.exec:\82480.exe117⤵PID:1552
-
\??\c:\26440.exec:\26440.exe118⤵PID:1332
-
\??\c:\flflrrr.exec:\flflrrr.exe119⤵PID:1872
-
\??\c:\5hbbhh.exec:\5hbbhh.exe120⤵PID:2808
-
\??\c:\2868866.exec:\2868866.exe121⤵PID:1356
-
\??\c:\rlflxxr.exec:\rlflxxr.exe122⤵PID:1008
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-