Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 01:29
Behavioral task
behavioral1
Sample
a616aff107e6e05fffeba5499e17bbe52d3eff9a3e9f8ded065196817b9bc620.exe
Resource
win7-20240221-en
6 signatures
150 seconds
General
-
Target
a616aff107e6e05fffeba5499e17bbe52d3eff9a3e9f8ded065196817b9bc620.exe
-
Size
81KB
-
MD5
a553a85a05b2cf25908734780b9babaf
-
SHA1
273a5b9339f8a38600d9acb0f94bbe45cc7cf07d
-
SHA256
a616aff107e6e05fffeba5499e17bbe52d3eff9a3e9f8ded065196817b9bc620
-
SHA512
f5cd6576e13b7b5aa2a1e89eef4b0910db1f6c9e44c636245046b73f9add49a68cbd25c4052bd3f32be35893a3d13d8599770c8a7dfb4f5b75958968f7eace3d
-
SSDEEP
1536:9vQBeOGtrYS3srx93UBWfwC6Ggnouy8PbhnyLFWxIF5WoZkM:9hOmTsF93UYfwC6GIoutz5yLd5tZj
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/1176-6-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2652-11-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/64-21-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2988-19-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3880-32-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1236-41-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4320-44-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4992-53-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/568-60-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2560-65-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4688-78-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1912-71-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4036-85-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2316-99-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/916-106-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4968-126-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4624-135-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4420-146-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/636-144-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3176-167-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3176-162-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3320-177-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2116-194-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1852-199-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2012-205-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3516-209-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3492-210-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2328-218-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2328-221-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1948-225-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4700-233-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4324-237-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4264-244-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4472-254-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2156-259-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1104-265-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5100-275-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4888-294-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1600-301-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/516-305-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4208-315-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3508-331-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2060-362-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3644-367-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3500-376-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4508-383-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2312-399-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/740-406-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5088-417-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/960-427-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1172-433-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2652-440-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/456-453-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1908-469-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4048-489-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/392-494-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4620-501-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2576-517-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4812-541-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/376-647-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3308-694-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2592-758-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4796-954-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3620-1018-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/1176-0-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000232a4-3.dat UPX behavioral2/memory/1176-6-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2652-7-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000900000002341b-12.dat UPX behavioral2/memory/2652-11-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023432-14.dat UPX behavioral2/memory/64-21-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2988-19-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023433-23.dat UPX behavioral2/files/0x0007000000023435-28.dat UPX behavioral2/memory/3880-32-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023436-34.dat UPX behavioral2/files/0x0007000000023437-39.dat UPX behavioral2/memory/1236-41-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4320-44-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023438-46.dat UPX behavioral2/files/0x0007000000023439-51.dat UPX behavioral2/memory/4992-53-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002343a-57.dat UPX behavioral2/memory/568-60-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002343b-63.dat UPX behavioral2/memory/2560-65-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002343c-69.dat UPX behavioral2/files/0x000700000002343d-75.dat UPX behavioral2/memory/4688-78-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1912-71-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002343e-81.dat UPX behavioral2/memory/4036-85-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002343f-87.dat UPX behavioral2/files/0x0007000000023440-92.dat UPX behavioral2/memory/2316-99-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023441-97.dat UPX behavioral2/files/0x0007000000023442-104.dat UPX behavioral2/memory/916-106-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023443-109.dat UPX behavioral2/files/0x0007000000023444-115.dat UPX behavioral2/memory/4172-117-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023445-121.dat UPX behavioral2/files/0x0007000000023446-127.dat UPX behavioral2/memory/4968-126-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023447-130.dat UPX behavioral2/memory/4624-135-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023449-138.dat UPX behavioral2/files/0x000700000002344a-142.dat UPX behavioral2/memory/4420-146-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/636-144-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002344b-149.dat UPX behavioral2/files/0x000a000000023426-155.dat UPX behavioral2/files/0x000700000002344c-159.dat UPX behavioral2/memory/3176-167-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002344d-165.dat UPX behavioral2/memory/3176-162-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002344e-172.dat UPX behavioral2/memory/3320-177-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002344f-179.dat UPX behavioral2/files/0x0007000000023450-183.dat UPX behavioral2/memory/2116-194-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1852-199-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2012-205-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3516-209-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3492-210-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2328-218-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2328-221-0x0000000000400000-0x0000000000427000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 2652 jjddv.exe 2988 pdjvj.exe 64 htnnnn.exe 3880 hhttbb.exe 676 djjvv.exe 1236 lfrrrrr.exe 4320 nnbnhn.exe 4992 djppp.exe 568 vjpvp.exe 2560 xxfxrlr.exe 1912 ttbhbt.exe 4688 5fxxlrr.exe 2728 xllllrr.exe 4036 bnnhbt.exe 4796 jdpjp.exe 2316 dpdvp.exe 916 7llfxlf.exe 392 9ttnhb.exe 1964 5vvvp.exe 4172 thhhbb.exe 4968 vdvvp.exe 2164 jvjdv.exe 4624 rrlfxxf.exe 636 nhnnbb.exe 4420 pjppj.exe 3896 dvpjd.exe 1748 3xffffr.exe 3176 tbbbtt.exe 2204 7tttnt.exe 3320 1dddv.exe 2488 lrffrrx.exe 4076 htnnth.exe 3032 vppvd.exe 2116 9lrrxxr.exe 5024 bbhhtt.exe 1852 tnnnhh.exe 2012 7djjj.exe 3516 xrffxxx.exe 3492 fxlrrxl.exe 2312 ttttth.exe 2328 vdjpp.exe 1948 vpjpj.exe 4492 xrrrrrr.exe 4700 9tbttt.exe 5088 jdjdp.exe 4324 3flllll.exe 4264 btbbnt.exe 4216 nnnhbh.exe 2388 7vjdv.exe 4472 vdpvp.exe 3880 xlrlfff.exe 2156 nbbtbt.exe 1104 hthbbh.exe 4024 vpdvv.exe 4020 3xffffx.exe 5100 1rxlflf.exe 4336 5bhtth.exe 4092 ppvpp.exe 1332 pdvjp.exe 1412 xlrrxff.exe 2068 1xfxxxx.exe 4440 nhbbbb.exe 4888 vjjjd.exe 1600 5vdjd.exe -
resource yara_rule behavioral2/memory/1176-0-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000232a4-3.dat upx behavioral2/memory/1176-6-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2652-7-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000900000002341b-12.dat upx behavioral2/memory/2652-11-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023432-14.dat upx behavioral2/memory/64-21-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2988-19-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023433-23.dat upx behavioral2/files/0x0007000000023435-28.dat upx behavioral2/memory/3880-32-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023436-34.dat upx behavioral2/files/0x0007000000023437-39.dat upx behavioral2/memory/1236-41-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4320-44-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023438-46.dat upx behavioral2/files/0x0007000000023439-51.dat upx behavioral2/memory/4992-53-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002343a-57.dat upx behavioral2/memory/568-60-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002343b-63.dat upx behavioral2/memory/2560-65-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002343c-69.dat upx behavioral2/files/0x000700000002343d-75.dat upx behavioral2/memory/4688-78-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1912-71-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002343e-81.dat upx behavioral2/memory/4036-85-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002343f-87.dat upx behavioral2/files/0x0007000000023440-92.dat upx behavioral2/memory/2316-99-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023441-97.dat upx behavioral2/files/0x0007000000023442-104.dat upx behavioral2/memory/916-106-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023443-109.dat upx behavioral2/files/0x0007000000023444-115.dat upx behavioral2/memory/4172-117-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023445-121.dat upx behavioral2/files/0x0007000000023446-127.dat upx behavioral2/memory/4968-126-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023447-130.dat upx behavioral2/memory/4624-135-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023449-138.dat upx behavioral2/files/0x000700000002344a-142.dat upx behavioral2/memory/4420-146-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/636-144-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002344b-149.dat upx behavioral2/files/0x000a000000023426-155.dat upx behavioral2/files/0x000700000002344c-159.dat upx behavioral2/memory/3176-167-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002344d-165.dat upx behavioral2/memory/3176-162-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002344e-172.dat upx behavioral2/memory/3320-177-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002344f-179.dat upx behavioral2/files/0x0007000000023450-183.dat upx behavioral2/memory/2116-194-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1852-199-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2012-205-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3516-209-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3492-210-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2328-218-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2328-221-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1176 wrote to memory of 2652 1176 a616aff107e6e05fffeba5499e17bbe52d3eff9a3e9f8ded065196817b9bc620.exe 82 PID 1176 wrote to memory of 2652 1176 a616aff107e6e05fffeba5499e17bbe52d3eff9a3e9f8ded065196817b9bc620.exe 82 PID 1176 wrote to memory of 2652 1176 a616aff107e6e05fffeba5499e17bbe52d3eff9a3e9f8ded065196817b9bc620.exe 82 PID 2652 wrote to memory of 2988 2652 jjddv.exe 83 PID 2652 wrote to memory of 2988 2652 jjddv.exe 83 PID 2652 wrote to memory of 2988 2652 jjddv.exe 83 PID 2988 wrote to memory of 64 2988 pdjvj.exe 84 PID 2988 wrote to memory of 64 2988 pdjvj.exe 84 PID 2988 wrote to memory of 64 2988 pdjvj.exe 84 PID 64 wrote to memory of 3880 64 htnnnn.exe 85 PID 64 wrote to memory of 3880 64 htnnnn.exe 85 PID 64 wrote to memory of 3880 64 htnnnn.exe 85 PID 3880 wrote to memory of 676 3880 hhttbb.exe 86 PID 3880 wrote to memory of 676 3880 hhttbb.exe 86 PID 3880 wrote to memory of 676 3880 hhttbb.exe 86 PID 676 wrote to memory of 1236 676 djjvv.exe 87 PID 676 wrote to memory of 1236 676 djjvv.exe 87 PID 676 wrote to memory of 1236 676 djjvv.exe 87 PID 1236 wrote to memory of 4320 1236 lfrrrrr.exe 88 PID 1236 wrote to memory of 4320 1236 lfrrrrr.exe 88 PID 1236 wrote to memory of 4320 1236 lfrrrrr.exe 88 PID 4320 wrote to memory of 4992 4320 nnbnhn.exe 89 PID 4320 wrote to memory of 4992 4320 nnbnhn.exe 89 PID 4320 wrote to memory of 4992 4320 nnbnhn.exe 89 PID 4992 wrote to memory of 568 4992 djppp.exe 90 PID 4992 wrote to memory of 568 4992 djppp.exe 90 PID 4992 wrote to memory of 568 4992 djppp.exe 90 PID 568 wrote to memory of 2560 568 vjpvp.exe 91 PID 568 wrote to memory of 2560 568 vjpvp.exe 91 PID 568 wrote to memory of 2560 568 vjpvp.exe 91 PID 2560 wrote to memory of 1912 2560 xxfxrlr.exe 92 PID 2560 wrote to memory of 1912 2560 xxfxrlr.exe 92 PID 2560 wrote to memory of 1912 2560 xxfxrlr.exe 92 PID 1912 wrote to memory of 4688 1912 ttbhbt.exe 93 PID 1912 wrote to memory of 4688 1912 ttbhbt.exe 93 PID 1912 wrote to memory of 4688 1912 ttbhbt.exe 93 PID 4688 wrote to memory of 2728 4688 5fxxlrr.exe 94 PID 4688 wrote to memory of 2728 4688 5fxxlrr.exe 94 PID 4688 wrote to memory of 2728 4688 5fxxlrr.exe 94 PID 2728 wrote to memory of 4036 2728 xllllrr.exe 95 PID 2728 wrote to memory of 4036 2728 xllllrr.exe 95 PID 2728 wrote to memory of 4036 2728 xllllrr.exe 95 PID 4036 wrote to memory of 4796 4036 bnnhbt.exe 96 PID 4036 wrote to memory of 4796 4036 bnnhbt.exe 96 PID 4036 wrote to memory of 4796 4036 bnnhbt.exe 96 PID 4796 wrote to memory of 2316 4796 jdpjp.exe 97 PID 4796 wrote to memory of 2316 4796 jdpjp.exe 97 PID 4796 wrote to memory of 2316 4796 jdpjp.exe 97 PID 2316 wrote to memory of 916 2316 dpdvp.exe 98 PID 2316 wrote to memory of 916 2316 dpdvp.exe 98 PID 2316 wrote to memory of 916 2316 dpdvp.exe 98 PID 916 wrote to memory of 392 916 7llfxlf.exe 99 PID 916 wrote to memory of 392 916 7llfxlf.exe 99 PID 916 wrote to memory of 392 916 7llfxlf.exe 99 PID 392 wrote to memory of 1964 392 9ttnhb.exe 100 PID 392 wrote to memory of 1964 392 9ttnhb.exe 100 PID 392 wrote to memory of 1964 392 9ttnhb.exe 100 PID 1964 wrote to memory of 4172 1964 5vvvp.exe 101 PID 1964 wrote to memory of 4172 1964 5vvvp.exe 101 PID 1964 wrote to memory of 4172 1964 5vvvp.exe 101 PID 4172 wrote to memory of 4968 4172 thhhbb.exe 102 PID 4172 wrote to memory of 4968 4172 thhhbb.exe 102 PID 4172 wrote to memory of 4968 4172 thhhbb.exe 102 PID 4968 wrote to memory of 2164 4968 vdvvp.exe 103
Processes
-
C:\Users\Admin\AppData\Local\Temp\a616aff107e6e05fffeba5499e17bbe52d3eff9a3e9f8ded065196817b9bc620.exe"C:\Users\Admin\AppData\Local\Temp\a616aff107e6e05fffeba5499e17bbe52d3eff9a3e9f8ded065196817b9bc620.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1176 -
\??\c:\jjddv.exec:\jjddv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2652 -
\??\c:\pdjvj.exec:\pdjvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2988 -
\??\c:\htnnnn.exec:\htnnnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:64 -
\??\c:\hhttbb.exec:\hhttbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3880 -
\??\c:\djjvv.exec:\djjvv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:676 -
\??\c:\lfrrrrr.exec:\lfrrrrr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1236 -
\??\c:\nnbnhn.exec:\nnbnhn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4320 -
\??\c:\djppp.exec:\djppp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4992 -
\??\c:\vjpvp.exec:\vjpvp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:568 -
\??\c:\xxfxrlr.exec:\xxfxrlr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2560 -
\??\c:\ttbhbt.exec:\ttbhbt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1912 -
\??\c:\5fxxlrr.exec:\5fxxlrr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4688 -
\??\c:\xllllrr.exec:\xllllrr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2728 -
\??\c:\bnnhbt.exec:\bnnhbt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4036 -
\??\c:\jdpjp.exec:\jdpjp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4796 -
\??\c:\dpdvp.exec:\dpdvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2316 -
\??\c:\7llfxlf.exec:\7llfxlf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:916 -
\??\c:\9ttnhb.exec:\9ttnhb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:392 -
\??\c:\5vvvp.exec:\5vvvp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1964 -
\??\c:\thhhbb.exec:\thhhbb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4172 -
\??\c:\vdvvp.exec:\vdvvp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4968 -
\??\c:\jvjdv.exec:\jvjdv.exe23⤵
- Executes dropped EXE
PID:2164 -
\??\c:\rrlfxxf.exec:\rrlfxxf.exe24⤵
- Executes dropped EXE
PID:4624 -
\??\c:\nhnnbb.exec:\nhnnbb.exe25⤵
- Executes dropped EXE
PID:636 -
\??\c:\pjppj.exec:\pjppj.exe26⤵
- Executes dropped EXE
PID:4420 -
\??\c:\dvpjd.exec:\dvpjd.exe27⤵
- Executes dropped EXE
PID:3896 -
\??\c:\3xffffr.exec:\3xffffr.exe28⤵
- Executes dropped EXE
PID:1748 -
\??\c:\tbbbtt.exec:\tbbbtt.exe29⤵
- Executes dropped EXE
PID:3176 -
\??\c:\7tttnt.exec:\7tttnt.exe30⤵
- Executes dropped EXE
PID:2204 -
\??\c:\1dddv.exec:\1dddv.exe31⤵
- Executes dropped EXE
PID:3320 -
\??\c:\lrffrrx.exec:\lrffrrx.exe32⤵
- Executes dropped EXE
PID:2488 -
\??\c:\htnnth.exec:\htnnth.exe33⤵
- Executes dropped EXE
PID:4076 -
\??\c:\vppvd.exec:\vppvd.exe34⤵
- Executes dropped EXE
PID:3032 -
\??\c:\9lrrxxr.exec:\9lrrxxr.exe35⤵
- Executes dropped EXE
PID:2116 -
\??\c:\bbhhtt.exec:\bbhhtt.exe36⤵
- Executes dropped EXE
PID:5024 -
\??\c:\tnnnhh.exec:\tnnnhh.exe37⤵
- Executes dropped EXE
PID:1852 -
\??\c:\7djjj.exec:\7djjj.exe38⤵
- Executes dropped EXE
PID:2012 -
\??\c:\xrffxxx.exec:\xrffxxx.exe39⤵
- Executes dropped EXE
PID:3516 -
\??\c:\fxlrrxl.exec:\fxlrrxl.exe40⤵
- Executes dropped EXE
PID:3492 -
\??\c:\ttttth.exec:\ttttth.exe41⤵
- Executes dropped EXE
PID:2312 -
\??\c:\vdjpp.exec:\vdjpp.exe42⤵
- Executes dropped EXE
PID:2328 -
\??\c:\vpjpj.exec:\vpjpj.exe43⤵
- Executes dropped EXE
PID:1948 -
\??\c:\xrrrrrr.exec:\xrrrrrr.exe44⤵
- Executes dropped EXE
PID:4492 -
\??\c:\9tbttt.exec:\9tbttt.exe45⤵
- Executes dropped EXE
PID:4700 -
\??\c:\jdjdp.exec:\jdjdp.exe46⤵
- Executes dropped EXE
PID:5088 -
\??\c:\3flllll.exec:\3flllll.exe47⤵
- Executes dropped EXE
PID:4324 -
\??\c:\btbbnt.exec:\btbbnt.exe48⤵
- Executes dropped EXE
PID:4264 -
\??\c:\nnnhbh.exec:\nnnhbh.exe49⤵
- Executes dropped EXE
PID:4216 -
\??\c:\7vjdv.exec:\7vjdv.exe50⤵
- Executes dropped EXE
PID:2388 -
\??\c:\vdpvp.exec:\vdpvp.exe51⤵
- Executes dropped EXE
PID:4472 -
\??\c:\xlrlfff.exec:\xlrlfff.exe52⤵
- Executes dropped EXE
PID:3880 -
\??\c:\nbbtbt.exec:\nbbtbt.exe53⤵
- Executes dropped EXE
PID:2156 -
\??\c:\hthbbh.exec:\hthbbh.exe54⤵
- Executes dropped EXE
PID:1104 -
\??\c:\vpdvv.exec:\vpdvv.exe55⤵
- Executes dropped EXE
PID:4024 -
\??\c:\3xffffx.exec:\3xffffx.exe56⤵
- Executes dropped EXE
PID:4020 -
\??\c:\1rxlflf.exec:\1rxlflf.exe57⤵
- Executes dropped EXE
PID:5100 -
\??\c:\5bhtth.exec:\5bhtth.exe58⤵
- Executes dropped EXE
PID:4336 -
\??\c:\ppvpp.exec:\ppvpp.exe59⤵
- Executes dropped EXE
PID:4092 -
\??\c:\pdvjp.exec:\pdvjp.exe60⤵
- Executes dropped EXE
PID:1332 -
\??\c:\xlrrxff.exec:\xlrrxff.exe61⤵
- Executes dropped EXE
PID:1412 -
\??\c:\1xfxxxx.exec:\1xfxxxx.exe62⤵
- Executes dropped EXE
PID:2068 -
\??\c:\nhbbbb.exec:\nhbbbb.exe63⤵
- Executes dropped EXE
PID:4440 -
\??\c:\vjjjd.exec:\vjjjd.exe64⤵
- Executes dropped EXE
PID:4888 -
\??\c:\5vdjd.exec:\5vdjd.exe65⤵
- Executes dropped EXE
PID:1600 -
\??\c:\rflfrll.exec:\rflfrll.exe66⤵PID:516
-
\??\c:\nbhtnt.exec:\nbhtnt.exe67⤵PID:2072
-
\??\c:\nhbbtt.exec:\nhbbtt.exe68⤵PID:468
-
\??\c:\dpppp.exec:\dpppp.exe69⤵PID:4208
-
\??\c:\djpdd.exec:\djpdd.exe70⤵PID:392
-
\??\c:\fxllxxx.exec:\fxllxxx.exe71⤵PID:3708
-
\??\c:\ttnnnn.exec:\ttnnnn.exe72⤵PID:4572
-
\??\c:\ddjjv.exec:\ddjjv.exe73⤵PID:4752
-
\??\c:\3flfffx.exec:\3flfffx.exe74⤵PID:3508
-
\??\c:\xxxrxxl.exec:\xxxrxxl.exe75⤵PID:1244
-
\??\c:\bnnnht.exec:\bnnnht.exe76⤵PID:4624
-
\??\c:\hnnttb.exec:\hnnttb.exe77⤵PID:3400
-
\??\c:\5jjjd.exec:\5jjjd.exe78⤵PID:1608
-
\??\c:\7lxrfxf.exec:\7lxrfxf.exe79⤵PID:1144
-
\??\c:\bhhhhh.exec:\bhhhhh.exe80⤵PID:1096
-
\??\c:\hbbhhn.exec:\hbbhhn.exe81⤵PID:1528
-
\??\c:\vdvjd.exec:\vdvjd.exe82⤵PID:1792
-
\??\c:\ffllllf.exec:\ffllllf.exe83⤵PID:1008
-
\??\c:\bbbbth.exec:\bbbbth.exe84⤵PID:2060
-
\??\c:\pdjjp.exec:\pdjjp.exe85⤵PID:3320
-
\??\c:\7jvvv.exec:\7jvvv.exe86⤵PID:3644
-
\??\c:\5lrrrrr.exec:\5lrrrrr.exe87⤵PID:4908
-
\??\c:\lrrxxxx.exec:\lrrxxxx.exe88⤵PID:3500
-
\??\c:\5nttbh.exec:\5nttbh.exe89⤵PID:3620
-
\??\c:\jdddp.exec:\jdddp.exe90⤵PID:4508
-
\??\c:\jvjjj.exec:\jvjjj.exe91⤵PID:2004
-
\??\c:\llfflfr.exec:\llfflfr.exe92⤵PID:2460
-
\??\c:\nhhnhb.exec:\nhhnhb.exe93⤵PID:3628
-
\??\c:\pjpvj.exec:\pjpvj.exe94⤵PID:3492
-
\??\c:\rxfxxxr.exec:\rxfxxxr.exe95⤵PID:2312
-
\??\c:\tnhnnn.exec:\tnhnnn.exe96⤵PID:3572
-
\??\c:\pvvvd.exec:\pvvvd.exe97⤵PID:740
-
\??\c:\nhttht.exec:\nhttht.exe98⤵PID:3384
-
\??\c:\nbbttt.exec:\nbbttt.exe99⤵PID:4280
-
\??\c:\1ddjv.exec:\1ddjv.exe100⤵PID:216
-
\??\c:\ppdvd.exec:\ppdvd.exe101⤵PID:5088
-
\??\c:\9rfxxxx.exec:\9rfxxxx.exe102⤵PID:868
-
\??\c:\tntbbh.exec:\tntbbh.exe103⤵PID:2260
-
\??\c:\tthbtb.exec:\tthbtb.exe104⤵PID:960
-
\??\c:\dppdd.exec:\dppdd.exe105⤵PID:1172
-
\??\c:\3xxfrff.exec:\3xxfrff.exe106⤵PID:2264
-
\??\c:\bnnnnn.exec:\bnnnnn.exe107⤵PID:2652
-
\??\c:\9lrlrlr.exec:\9lrlrlr.exe108⤵PID:3736
-
\??\c:\rfllfll.exec:\rfllfll.exe109⤵PID:3656
-
\??\c:\1vvvp.exec:\1vvvp.exe110⤵PID:1104
-
\??\c:\vvjjd.exec:\vvjjd.exe111⤵PID:456
-
\??\c:\lfxrrll.exec:\lfxrrll.exe112⤵PID:764
-
\??\c:\lflflfl.exec:\lflflfl.exe113⤵PID:3392
-
\??\c:\5vvvv.exec:\5vvvv.exe114⤵PID:2740
-
\??\c:\ppjdp.exec:\ppjdp.exe115⤵PID:4092
-
\??\c:\pjpjv.exec:\pjpjv.exe116⤵PID:1908
-
\??\c:\1lxrllf.exec:\1lxrllf.exe117⤵PID:1140
-
\??\c:\thbbtt.exec:\thbbtt.exe118⤵PID:1004
-
\??\c:\bnbhhb.exec:\bnbhhb.exe119⤵PID:4888
-
\??\c:\jdjpj.exec:\jdjpj.exe120⤵PID:5056
-
\??\c:\9dvdv.exec:\9dvdv.exe121⤵PID:376
-
\??\c:\rlxxffr.exec:\rlxxffr.exe122⤵PID:4048
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-