Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 13:51
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d1a30917bc65b7aeac930e6a3678ba50_NeikiAnalytics.exe
Resource
win7-20240508-en
5 signatures
150 seconds
General
-
Target
d1a30917bc65b7aeac930e6a3678ba50_NeikiAnalytics.exe
-
Size
184KB
-
MD5
d1a30917bc65b7aeac930e6a3678ba50
-
SHA1
68994ca2fa7fef8a279a47109f5d46a6dc19fda3
-
SHA256
6b100678459d0d58ce2d3ede4cb29a2d8cd6db587601d30b8ab904ee41eb8f89
-
SHA512
9f23cfa712e2851c1af0bdf78f42bfd3d2aa5034ce643191bb49cd2272ddce05d508765523647d05b79da89d8d9fb60fed8791fc4e7c0ade3005a61c5ee2f2dd
-
SSDEEP
1536:PvQBeOGtrYSSsrc93UBIfdC67m6AJiqgT4+EMdbSG:PhOm2sI93UufdC67ciJTWMdbz
Malware Config
Signatures
-
Detect Blackmoon payload 61 IoCs
resource yara_rule behavioral2/memory/1464-8-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4284-6-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4332-13-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4932-25-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1488-32-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3372-34-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2916-39-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4476-46-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4564-56-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4060-60-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4736-68-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4580-76-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3572-82-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1508-91-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3496-95-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2816-113-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5044-117-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2232-125-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/900-134-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4848-132-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/624-145-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1616-152-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/744-158-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3852-163-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3732-172-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3732-173-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2284-190-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3196-200-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2288-208-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4464-215-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3912-219-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/768-223-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4496-230-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4384-236-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3144-251-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4724-270-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3020-276-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2568-282-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1668-295-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4512-300-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5032-307-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4848-311-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3752-326-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1960-346-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3536-350-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/764-376-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/760-390-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/232-434-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/368-441-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4608-459-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3536-486-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4984-502-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4056-535-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4060-542-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2816-567-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3384-623-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4588-653-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3596-660-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4756-794-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4272-856-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/436-877-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 1464 5hbbbb.exe 4332 jjdpp.exe 4932 jjvpv.exe 1488 5ntttt.exe 3372 ppjjp.exe 2916 9lrrlll.exe 4476 bbtnnb.exe 4564 rlxrlfx.exe 4060 7nhbbn.exe 4736 jpjjj.exe 4580 frxxrrl.exe 3572 nntttt.exe 1152 lfllrrx.exe 1508 rrxxrrr.exe 3496 bbhhbh.exe 3268 1pvvp.exe 2816 1rfffff.exe 1376 bbhttt.exe 5044 jvpdd.exe 2232 3jpjj.exe 900 tthbtt.exe 4848 bttttt.exe 2604 ddjjj.exe 624 ffllllr.exe 1616 thnttb.exe 744 btbttt.exe 3852 dvvdv.exe 3732 rrfxllx.exe 3980 1hnhhn.exe 408 9rrrrxf.exe 2284 1hnnhh.exe 3660 bntthh.exe 752 xrffrrr.exe 3196 xrxrrrl.exe 1440 hhbbhh.exe 2288 hhnnhn.exe 2888 7jjjd.exe 4464 fxlxxff.exe 3912 nhnnnn.exe 768 vdvdj.exe 4092 llxrrrr.exe 4496 9llllrr.exe 3832 nhbhhh.exe 4384 nttbtb.exe 4100 vjvvp.exe 3148 rrxxflr.exe 4460 htttbb.exe 536 ppddp.exe 3144 llrxxrx.exe 4668 rlxffll.exe 4060 vjvdd.exe 1232 xfffxxx.exe 3272 nbbtht.exe 4724 1hhbbh.exe 3484 pjjjd.exe 3020 1ffrxxx.exe 2568 bttthn.exe 3268 btbbbb.exe 2228 1jvpp.exe 3920 5ffxxrr.exe 1668 xxffflr.exe 1904 nntnnn.exe 4512 1pvvv.exe 5072 pdjpp.exe -
resource yara_rule behavioral2/memory/1464-8-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4284-6-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4932-18-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4332-13-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4932-25-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1488-26-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1488-32-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3372-34-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2916-39-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4476-46-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4564-51-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4564-56-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4060-60-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4736-68-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4580-70-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4580-76-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3572-82-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1508-91-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3496-95-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2816-113-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5044-117-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2232-125-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/900-134-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4848-132-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/624-145-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1616-152-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/744-158-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3852-163-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3732-172-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3732-173-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2284-190-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3196-200-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1440-201-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2288-208-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4464-215-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3912-219-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/768-223-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4496-230-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4384-236-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3148-241-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3144-251-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4724-270-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3484-271-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3020-276-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2568-282-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1668-295-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4512-300-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5032-307-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4848-311-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3752-326-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3460-339-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1960-346-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3536-350-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1656-363-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/764-376-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/760-386-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/760-390-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3132-400-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1152-413-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2404-417-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/232-434-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/368-441-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4928-451-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4608-459-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4284 wrote to memory of 1464 4284 d1a30917bc65b7aeac930e6a3678ba50_NeikiAnalytics.exe 82 PID 4284 wrote to memory of 1464 4284 d1a30917bc65b7aeac930e6a3678ba50_NeikiAnalytics.exe 82 PID 4284 wrote to memory of 1464 4284 d1a30917bc65b7aeac930e6a3678ba50_NeikiAnalytics.exe 82 PID 1464 wrote to memory of 4332 1464 5hbbbb.exe 83 PID 1464 wrote to memory of 4332 1464 5hbbbb.exe 83 PID 1464 wrote to memory of 4332 1464 5hbbbb.exe 83 PID 4332 wrote to memory of 4932 4332 jjdpp.exe 84 PID 4332 wrote to memory of 4932 4332 jjdpp.exe 84 PID 4332 wrote to memory of 4932 4332 jjdpp.exe 84 PID 4932 wrote to memory of 1488 4932 jjvpv.exe 85 PID 4932 wrote to memory of 1488 4932 jjvpv.exe 85 PID 4932 wrote to memory of 1488 4932 jjvpv.exe 85 PID 1488 wrote to memory of 3372 1488 5ntttt.exe 86 PID 1488 wrote to memory of 3372 1488 5ntttt.exe 86 PID 1488 wrote to memory of 3372 1488 5ntttt.exe 86 PID 3372 wrote to memory of 2916 3372 ppjjp.exe 87 PID 3372 wrote to memory of 2916 3372 ppjjp.exe 87 PID 3372 wrote to memory of 2916 3372 ppjjp.exe 87 PID 2916 wrote to memory of 4476 2916 9lrrlll.exe 88 PID 2916 wrote to memory of 4476 2916 9lrrlll.exe 88 PID 2916 wrote to memory of 4476 2916 9lrrlll.exe 88 PID 4476 wrote to memory of 4564 4476 bbtnnb.exe 89 PID 4476 wrote to memory of 4564 4476 bbtnnb.exe 89 PID 4476 wrote to memory of 4564 4476 bbtnnb.exe 89 PID 4564 wrote to memory of 4060 4564 rlxrlfx.exe 90 PID 4564 wrote to memory of 4060 4564 rlxrlfx.exe 90 PID 4564 wrote to memory of 4060 4564 rlxrlfx.exe 90 PID 4060 wrote to memory of 4736 4060 7nhbbn.exe 91 PID 4060 wrote to memory of 4736 4060 7nhbbn.exe 91 PID 4060 wrote to memory of 4736 4060 7nhbbn.exe 91 PID 4736 wrote to memory of 4580 4736 jpjjj.exe 92 PID 4736 wrote to memory of 4580 4736 jpjjj.exe 92 PID 4736 wrote to memory of 4580 4736 jpjjj.exe 92 PID 4580 wrote to memory of 3572 4580 frxxrrl.exe 93 PID 4580 wrote to memory of 3572 4580 frxxrrl.exe 93 PID 4580 wrote to memory of 3572 4580 frxxrrl.exe 93 PID 3572 wrote to memory of 1152 3572 nntttt.exe 94 PID 3572 wrote to memory of 1152 3572 nntttt.exe 94 PID 3572 wrote to memory of 1152 3572 nntttt.exe 94 PID 1152 wrote to memory of 1508 1152 lfllrrx.exe 95 PID 1152 wrote to memory of 1508 1152 lfllrrx.exe 95 PID 1152 wrote to memory of 1508 1152 lfllrrx.exe 95 PID 1508 wrote to memory of 3496 1508 rrxxrrr.exe 96 PID 1508 wrote to memory of 3496 1508 rrxxrrr.exe 96 PID 1508 wrote to memory of 3496 1508 rrxxrrr.exe 96 PID 3496 wrote to memory of 3268 3496 bbhhbh.exe 97 PID 3496 wrote to memory of 3268 3496 bbhhbh.exe 97 PID 3496 wrote to memory of 3268 3496 bbhhbh.exe 97 PID 3268 wrote to memory of 2816 3268 1pvvp.exe 98 PID 3268 wrote to memory of 2816 3268 1pvvp.exe 98 PID 3268 wrote to memory of 2816 3268 1pvvp.exe 98 PID 2816 wrote to memory of 1376 2816 1rfffff.exe 99 PID 2816 wrote to memory of 1376 2816 1rfffff.exe 99 PID 2816 wrote to memory of 1376 2816 1rfffff.exe 99 PID 1376 wrote to memory of 5044 1376 bbhttt.exe 100 PID 1376 wrote to memory of 5044 1376 bbhttt.exe 100 PID 1376 wrote to memory of 5044 1376 bbhttt.exe 100 PID 5044 wrote to memory of 2232 5044 jvpdd.exe 101 PID 5044 wrote to memory of 2232 5044 jvpdd.exe 101 PID 5044 wrote to memory of 2232 5044 jvpdd.exe 101 PID 2232 wrote to memory of 900 2232 3jpjj.exe 102 PID 2232 wrote to memory of 900 2232 3jpjj.exe 102 PID 2232 wrote to memory of 900 2232 3jpjj.exe 102 PID 900 wrote to memory of 4848 900 tthbtt.exe 103
Processes
-
C:\Users\Admin\AppData\Local\Temp\d1a30917bc65b7aeac930e6a3678ba50_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d1a30917bc65b7aeac930e6a3678ba50_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4284 -
\??\c:\5hbbbb.exec:\5hbbbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1464 -
\??\c:\jjdpp.exec:\jjdpp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4332 -
\??\c:\jjvpv.exec:\jjvpv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4932 -
\??\c:\5ntttt.exec:\5ntttt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1488 -
\??\c:\ppjjp.exec:\ppjjp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3372 -
\??\c:\9lrrlll.exec:\9lrrlll.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2916 -
\??\c:\bbtnnb.exec:\bbtnnb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4476 -
\??\c:\rlxrlfx.exec:\rlxrlfx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4564 -
\??\c:\7nhbbn.exec:\7nhbbn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4060 -
\??\c:\jpjjj.exec:\jpjjj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4736 -
\??\c:\frxxrrl.exec:\frxxrrl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4580 -
\??\c:\nntttt.exec:\nntttt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3572 -
\??\c:\lfllrrx.exec:\lfllrrx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1152 -
\??\c:\rrxxrrr.exec:\rrxxrrr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1508 -
\??\c:\bbhhbh.exec:\bbhhbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3496 -
\??\c:\1pvvp.exec:\1pvvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3268 -
\??\c:\1rfffff.exec:\1rfffff.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2816 -
\??\c:\bbhttt.exec:\bbhttt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1376 -
\??\c:\jvpdd.exec:\jvpdd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5044 -
\??\c:\3jpjj.exec:\3jpjj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2232 -
\??\c:\tthbtt.exec:\tthbtt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:900 -
\??\c:\bttttt.exec:\bttttt.exe23⤵
- Executes dropped EXE
PID:4848 -
\??\c:\ddjjj.exec:\ddjjj.exe24⤵
- Executes dropped EXE
PID:2604 -
\??\c:\ffllllr.exec:\ffllllr.exe25⤵
- Executes dropped EXE
PID:624 -
\??\c:\thnttb.exec:\thnttb.exe26⤵
- Executes dropped EXE
PID:1616 -
\??\c:\btbttt.exec:\btbttt.exe27⤵
- Executes dropped EXE
PID:744 -
\??\c:\dvvdv.exec:\dvvdv.exe28⤵
- Executes dropped EXE
PID:3852 -
\??\c:\rrfxllx.exec:\rrfxllx.exe29⤵
- Executes dropped EXE
PID:3732 -
\??\c:\1hnhhn.exec:\1hnhhn.exe30⤵
- Executes dropped EXE
PID:3980 -
\??\c:\9rrrrxf.exec:\9rrrrxf.exe31⤵
- Executes dropped EXE
PID:408 -
\??\c:\1hnnhh.exec:\1hnnhh.exe32⤵
- Executes dropped EXE
PID:2284 -
\??\c:\bntthh.exec:\bntthh.exe33⤵
- Executes dropped EXE
PID:3660 -
\??\c:\xrffrrr.exec:\xrffrrr.exe34⤵
- Executes dropped EXE
PID:752 -
\??\c:\xrxrrrl.exec:\xrxrrrl.exe35⤵
- Executes dropped EXE
PID:3196 -
\??\c:\hhbbhh.exec:\hhbbhh.exe36⤵
- Executes dropped EXE
PID:1440 -
\??\c:\hhnnhn.exec:\hhnnhn.exe37⤵
- Executes dropped EXE
PID:2288 -
\??\c:\7jjjd.exec:\7jjjd.exe38⤵
- Executes dropped EXE
PID:2888 -
\??\c:\fxlxxff.exec:\fxlxxff.exe39⤵
- Executes dropped EXE
PID:4464 -
\??\c:\nhnnnn.exec:\nhnnnn.exe40⤵
- Executes dropped EXE
PID:3912 -
\??\c:\vdvdj.exec:\vdvdj.exe41⤵
- Executes dropped EXE
PID:768 -
\??\c:\llxrrrr.exec:\llxrrrr.exe42⤵
- Executes dropped EXE
PID:4092 -
\??\c:\9llllrr.exec:\9llllrr.exe43⤵
- Executes dropped EXE
PID:4496 -
\??\c:\nhbhhh.exec:\nhbhhh.exe44⤵
- Executes dropped EXE
PID:3832 -
\??\c:\nttbtb.exec:\nttbtb.exe45⤵
- Executes dropped EXE
PID:4384 -
\??\c:\vjvvp.exec:\vjvvp.exe46⤵
- Executes dropped EXE
PID:4100 -
\??\c:\rrxxflr.exec:\rrxxflr.exe47⤵
- Executes dropped EXE
PID:3148 -
\??\c:\htttbb.exec:\htttbb.exe48⤵
- Executes dropped EXE
PID:4460 -
\??\c:\ppddp.exec:\ppddp.exe49⤵
- Executes dropped EXE
PID:536 -
\??\c:\llrxxrx.exec:\llrxxrx.exe50⤵
- Executes dropped EXE
PID:3144 -
\??\c:\rlxffll.exec:\rlxffll.exe51⤵
- Executes dropped EXE
PID:4668 -
\??\c:\vjvdd.exec:\vjvdd.exe52⤵
- Executes dropped EXE
PID:4060 -
\??\c:\xfffxxx.exec:\xfffxxx.exe53⤵
- Executes dropped EXE
PID:1232 -
\??\c:\nbbtht.exec:\nbbtht.exe54⤵
- Executes dropped EXE
PID:3272 -
\??\c:\1hhbbh.exec:\1hhbbh.exe55⤵
- Executes dropped EXE
PID:4724 -
\??\c:\pjjjd.exec:\pjjjd.exe56⤵
- Executes dropped EXE
PID:3484 -
\??\c:\1ffrxxx.exec:\1ffrxxx.exe57⤵
- Executes dropped EXE
PID:3020 -
\??\c:\bttthn.exec:\bttthn.exe58⤵
- Executes dropped EXE
PID:2568 -
\??\c:\btbbbb.exec:\btbbbb.exe59⤵
- Executes dropped EXE
PID:3268 -
\??\c:\1jvpp.exec:\1jvpp.exe60⤵
- Executes dropped EXE
PID:2228 -
\??\c:\5ffxxrr.exec:\5ffxxrr.exe61⤵
- Executes dropped EXE
PID:3920 -
\??\c:\xxffflr.exec:\xxffflr.exe62⤵
- Executes dropped EXE
PID:1668 -
\??\c:\nntnnn.exec:\nntnnn.exe63⤵
- Executes dropped EXE
PID:1904 -
\??\c:\1pvvv.exec:\1pvvv.exe64⤵
- Executes dropped EXE
PID:4512 -
\??\c:\pdjpp.exec:\pdjpp.exe65⤵
- Executes dropped EXE
PID:5072 -
\??\c:\rfrrrrr.exec:\rfrrrrr.exe66⤵PID:5032
-
\??\c:\lrffrxr.exec:\lrffrxr.exe67⤵PID:4848
-
\??\c:\httntt.exec:\httntt.exe68⤵PID:4928
-
\??\c:\dpdvv.exec:\dpdvv.exe69⤵PID:1144
-
\??\c:\ppdvp.exec:\ppdvp.exe70⤵PID:664
-
\??\c:\lrrlxxx.exec:\lrrlxxx.exe71⤵PID:3752
-
\??\c:\rlrrlll.exec:\rlrrlll.exe72⤵PID:4040
-
\??\c:\htbbtb.exec:\htbbtb.exe73⤵PID:3732
-
\??\c:\vpppp.exec:\vpppp.exe74⤵PID:936
-
\??\c:\1vddd.exec:\1vddd.exe75⤵PID:5108
-
\??\c:\rfrrxfl.exec:\rfrrxfl.exe76⤵PID:3460
-
\??\c:\rllffxr.exec:\rllffxr.exe77⤵PID:1960
-
\??\c:\hhtnhh.exec:\hhtnhh.exe78⤵PID:3536
-
\??\c:\jdppd.exec:\jdppd.exe79⤵PID:3540
-
\??\c:\1pddd.exec:\1pddd.exe80⤵PID:4196
-
\??\c:\rlflfff.exec:\rlflfff.exe81⤵PID:2196
-
\??\c:\ffxrrrl.exec:\ffxrrrl.exe82⤵PID:4448
-
\??\c:\3tbbbb.exec:\3tbbbb.exe83⤵PID:1656
-
\??\c:\hnnnbh.exec:\hnnnbh.exe84⤵PID:4356
-
\??\c:\ddddv.exec:\ddddv.exe85⤵PID:3600
-
\??\c:\1pppd.exec:\1pppd.exe86⤵PID:764
-
\??\c:\3rflrrf.exec:\3rflrrf.exe87⤵PID:4332
-
\??\c:\lxlrlrr.exec:\lxlrlrr.exe88⤵PID:4092
-
\??\c:\bntnbb.exec:\bntnbb.exe89⤵PID:2588
-
\??\c:\djjdd.exec:\djjdd.exe90⤵PID:760
-
\??\c:\dvvvj.exec:\dvvvj.exe91⤵PID:2280
-
\??\c:\9lllfff.exec:\9lllfff.exe92⤵PID:3568
-
\??\c:\lrlrrxx.exec:\lrlrrxx.exe93⤵PID:3084
-
\??\c:\hbttnt.exec:\hbttnt.exe94⤵PID:3132
-
\??\c:\vvppp.exec:\vvppp.exe95⤵PID:1256
-
\??\c:\pjppp.exec:\pjppp.exe96⤵PID:4736
-
\??\c:\fflllll.exec:\fflllll.exe97⤵PID:4580
-
\??\c:\rrlrlrr.exec:\rrlrlrr.exe98⤵PID:1152
-
\??\c:\nnhhtb.exec:\nnhhtb.exe99⤵PID:2404
-
\??\c:\5vvvp.exec:\5vvvp.exe100⤵PID:4312
-
\??\c:\pvjjd.exec:\pvjjd.exe101⤵PID:2600
-
\??\c:\frrllfl.exec:\frrllfl.exe102⤵PID:1492
-
\??\c:\7nbbtb.exec:\7nbbtb.exe103⤵PID:232
-
\??\c:\btbbtt.exec:\btbbtt.exe104⤵PID:5044
-
\??\c:\jdjjd.exec:\jdjjd.exe105⤵PID:368
-
\??\c:\pjppp.exec:\pjppp.exe106⤵PID:5072
-
\??\c:\xfxxrxr.exec:\xfxxrxr.exe107⤵PID:4508
-
\??\c:\9rffffx.exec:\9rffffx.exe108⤵PID:4164
-
\??\c:\nttttt.exec:\nttttt.exe109⤵PID:4928
-
\??\c:\nhnhhh.exec:\nhnhhh.exe110⤵PID:3960
-
\??\c:\llfxflr.exec:\llfxflr.exe111⤵PID:4608
-
\??\c:\tttttt.exec:\tttttt.exe112⤵PID:3108
-
\??\c:\vdjjj.exec:\vdjjj.exe113⤵PID:1368
-
\??\c:\jdppp.exec:\jdppp.exe114⤵PID:408
-
\??\c:\ffrrxfl.exec:\ffrrxfl.exe115⤵PID:4444
-
\??\c:\bntbbh.exec:\bntbbh.exe116⤵PID:1716
-
\??\c:\vpdjj.exec:\vpdjj.exe117⤵PID:396
-
\??\c:\fxlflll.exec:\fxlflll.exe118⤵PID:3548
-
\??\c:\7lxxffl.exec:\7lxxffl.exe119⤵PID:3536
-
\??\c:\7hhnnt.exec:\7hhnnt.exe120⤵PID:3540
-
\??\c:\nbhbbt.exec:\nbhbbt.exe121⤵PID:4196
-
\??\c:\vjddv.exec:\vjddv.exe122⤵PID:2196
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-