Analysis
-
max time kernel
158s -
max time network
161s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 13:32
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
54f43078ac9a4bcd240e21576a737316_JaffaCakes118.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
54f43078ac9a4bcd240e21576a737316_JaffaCakes118.exe
-
Size
213KB
-
MD5
54f43078ac9a4bcd240e21576a737316
-
SHA1
e77c8928fd46f0b3acaedf104ac8cff26ba3b7e1
-
SHA256
d90501b1dff26447677b837d6634b3c7a5a0111e0be0364fe3eccd6c8234c274
-
SHA512
2f4dd1f3c1b84c61e8fdd7c8fb791d25bcd04149ea0a9b6b0bf459a9b40c5fa70bef6afab0564c3d12cbefd37034e279adae1c679ffa6f23e3cf312d78600d22
-
SSDEEP
1536:evQBeOGtrYSSsrc93UBIfdC67m6AJiqzgLrTKBk3IU39TeYmKq:ehOm2sI93UufdC67ciRLPvx3teYmt
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/1184-4-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4808-10-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4748-17-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3092-20-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3132-29-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/888-36-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4576-42-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3984-48-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1352-54-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4272-60-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1124-66-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3664-72-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1464-78-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4640-84-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1596-90-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1332-93-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3864-99-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2376-109-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4644-116-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4508-125-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3296-132-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4632-138-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1376-149-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3484-152-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3284-174-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4424-193-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/228-195-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3180-205-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/5116-214-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1344-218-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1484-222-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2876-230-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3984-237-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/960-242-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4136-244-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3204-250-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4308-276-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3660-285-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1196-298-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3816-314-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4492-321-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4304-341-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1652-345-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2916-361-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/888-375-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3964-376-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3224-381-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/960-391-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/232-397-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2572-404-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3536-420-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2060-454-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4700-468-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4468-475-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4632-563-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1704-588-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3324-628-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2816-636-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2516-685-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2160-708-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2404-899-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1556-969-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2776-1294-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2808-1447-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 4808 qlh3p.exe 4748 bbxa8.exe 3092 rcc3fda.exe 3132 h611lsk.exe 888 a94n5.exe 4576 ac4w1.exe 3984 4696g9e.exe 1352 9am51.exe 4272 o31o131.exe 1124 h60b1ni.exe 3664 38ddb.exe 1464 di2rxn0.exe 4640 99173.exe 1596 ma4n457.exe 1332 6n8lc34.exe 3864 d51rcs.exe 2376 0nqcr02.exe 2172 27u2w9f.exe 4644 8785h.exe 4508 h94918t.exe 3296 uo57t.exe 4632 6e6irj9.exe 4208 co737a.exe 1376 912g7wq.exe 3484 e7c81k.exe 3904 59knc55.exe 3740 47a8v.exe 3436 8405kb2.exe 3284 lap3bnl.exe 4928 r6lg65.exe 2000 00c17.exe 4424 12rg9b.exe 228 s9k14i3.exe 2352 xg3405u.exe 1836 t150e7x.exe 3180 st193.exe 1548 19nn1u.exe 5116 0w1dp6w.exe 1344 g6044.exe 1484 b7905x.exe 4876 kq9o2f.exe 2876 t8nx9.exe 3840 196o14t.exe 3984 js69m.exe 960 1bb45.exe 4136 70m76.exe 3204 l92om.exe 3892 j23g59x.exe 1464 j5ee31.exe 3956 7h9w4.exe 4640 87571.exe 3680 tmsn281.exe 2384 3ia71w9.exe 3888 tdig9e.exe 2300 b540w.exe 4308 111jhm.exe 3500 30ww8.exe 3660 24ux35.exe 4884 s655xo.exe 4916 w21ahlf.exe 4668 xo7fc.exe 1196 881c5.exe 3296 0s815.exe 2456 2ancn4.exe -
resource yara_rule behavioral2/memory/1184-4-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4808-10-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4748-12-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4748-17-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3092-20-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3132-29-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/888-31-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/888-36-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4576-42-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3984-48-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1352-54-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4272-60-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1124-66-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3664-72-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1464-78-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4640-84-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1596-90-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1332-93-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3864-99-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2376-109-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4644-116-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4508-125-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3296-127-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3296-132-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4632-138-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1376-149-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3484-152-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3284-174-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4928-179-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4424-193-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/228-195-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3180-205-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/5116-214-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1344-218-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1484-222-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2876-227-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2876-230-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/960-238-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3984-237-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/960-242-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4136-244-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3204-250-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4308-276-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3660-285-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1196-298-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3816-314-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4492-321-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4304-341-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1652-345-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2916-361-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/888-371-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/888-375-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3964-376-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3224-381-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/960-391-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/232-397-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2572-404-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3536-420-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2060-454-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2432-461-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4700-468-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4468-475-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3600-507-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4672-513-0x0000000000400000-0x000000000042A000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1184 wrote to memory of 4808 1184 54f43078ac9a4bcd240e21576a737316_JaffaCakes118.exe 91 PID 1184 wrote to memory of 4808 1184 54f43078ac9a4bcd240e21576a737316_JaffaCakes118.exe 91 PID 1184 wrote to memory of 4808 1184 54f43078ac9a4bcd240e21576a737316_JaffaCakes118.exe 91 PID 4808 wrote to memory of 4748 4808 qlh3p.exe 92 PID 4808 wrote to memory of 4748 4808 qlh3p.exe 92 PID 4808 wrote to memory of 4748 4808 qlh3p.exe 92 PID 4748 wrote to memory of 3092 4748 bbxa8.exe 93 PID 4748 wrote to memory of 3092 4748 bbxa8.exe 93 PID 4748 wrote to memory of 3092 4748 bbxa8.exe 93 PID 3092 wrote to memory of 3132 3092 rcc3fda.exe 94 PID 3092 wrote to memory of 3132 3092 rcc3fda.exe 94 PID 3092 wrote to memory of 3132 3092 rcc3fda.exe 94 PID 3132 wrote to memory of 888 3132 h611lsk.exe 95 PID 3132 wrote to memory of 888 3132 h611lsk.exe 95 PID 3132 wrote to memory of 888 3132 h611lsk.exe 95 PID 888 wrote to memory of 4576 888 a94n5.exe 96 PID 888 wrote to memory of 4576 888 a94n5.exe 96 PID 888 wrote to memory of 4576 888 a94n5.exe 96 PID 4576 wrote to memory of 3984 4576 ac4w1.exe 97 PID 4576 wrote to memory of 3984 4576 ac4w1.exe 97 PID 4576 wrote to memory of 3984 4576 ac4w1.exe 97 PID 3984 wrote to memory of 1352 3984 4696g9e.exe 98 PID 3984 wrote to memory of 1352 3984 4696g9e.exe 98 PID 3984 wrote to memory of 1352 3984 4696g9e.exe 98 PID 1352 wrote to memory of 4272 1352 9am51.exe 99 PID 1352 wrote to memory of 4272 1352 9am51.exe 99 PID 1352 wrote to memory of 4272 1352 9am51.exe 99 PID 4272 wrote to memory of 1124 4272 o31o131.exe 100 PID 4272 wrote to memory of 1124 4272 o31o131.exe 100 PID 4272 wrote to memory of 1124 4272 o31o131.exe 100 PID 1124 wrote to memory of 3664 1124 h60b1ni.exe 101 PID 1124 wrote to memory of 3664 1124 h60b1ni.exe 101 PID 1124 wrote to memory of 3664 1124 h60b1ni.exe 101 PID 3664 wrote to memory of 1464 3664 38ddb.exe 102 PID 3664 wrote to memory of 1464 3664 38ddb.exe 102 PID 3664 wrote to memory of 1464 3664 38ddb.exe 102 PID 1464 wrote to memory of 4640 1464 di2rxn0.exe 103 PID 1464 wrote to memory of 4640 1464 di2rxn0.exe 103 PID 1464 wrote to memory of 4640 1464 di2rxn0.exe 103 PID 4640 wrote to memory of 1596 4640 99173.exe 104 PID 4640 wrote to memory of 1596 4640 99173.exe 104 PID 4640 wrote to memory of 1596 4640 99173.exe 104 PID 1596 wrote to memory of 1332 1596 ma4n457.exe 105 PID 1596 wrote to memory of 1332 1596 ma4n457.exe 105 PID 1596 wrote to memory of 1332 1596 ma4n457.exe 105 PID 1332 wrote to memory of 3864 1332 6n8lc34.exe 106 PID 1332 wrote to memory of 3864 1332 6n8lc34.exe 106 PID 1332 wrote to memory of 3864 1332 6n8lc34.exe 106 PID 3864 wrote to memory of 2376 3864 d51rcs.exe 107 PID 3864 wrote to memory of 2376 3864 d51rcs.exe 107 PID 3864 wrote to memory of 2376 3864 d51rcs.exe 107 PID 2376 wrote to memory of 2172 2376 0nqcr02.exe 108 PID 2376 wrote to memory of 2172 2376 0nqcr02.exe 108 PID 2376 wrote to memory of 2172 2376 0nqcr02.exe 108 PID 2172 wrote to memory of 4644 2172 27u2w9f.exe 109 PID 2172 wrote to memory of 4644 2172 27u2w9f.exe 109 PID 2172 wrote to memory of 4644 2172 27u2w9f.exe 109 PID 4644 wrote to memory of 4508 4644 8785h.exe 110 PID 4644 wrote to memory of 4508 4644 8785h.exe 110 PID 4644 wrote to memory of 4508 4644 8785h.exe 110 PID 4508 wrote to memory of 3296 4508 h94918t.exe 111 PID 4508 wrote to memory of 3296 4508 h94918t.exe 111 PID 4508 wrote to memory of 3296 4508 h94918t.exe 111 PID 3296 wrote to memory of 4632 3296 uo57t.exe 112
Processes
-
C:\Users\Admin\AppData\Local\Temp\54f43078ac9a4bcd240e21576a737316_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\54f43078ac9a4bcd240e21576a737316_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1184 -
\??\c:\qlh3p.exec:\qlh3p.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4808 -
\??\c:\bbxa8.exec:\bbxa8.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4748 -
\??\c:\rcc3fda.exec:\rcc3fda.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3092 -
\??\c:\h611lsk.exec:\h611lsk.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3132 -
\??\c:\a94n5.exec:\a94n5.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:888 -
\??\c:\ac4w1.exec:\ac4w1.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4576 -
\??\c:\4696g9e.exec:\4696g9e.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3984 -
\??\c:\9am51.exec:\9am51.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1352 -
\??\c:\o31o131.exec:\o31o131.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4272 -
\??\c:\h60b1ni.exec:\h60b1ni.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1124 -
\??\c:\38ddb.exec:\38ddb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3664 -
\??\c:\di2rxn0.exec:\di2rxn0.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1464 -
\??\c:\99173.exec:\99173.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4640 -
\??\c:\ma4n457.exec:\ma4n457.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1596 -
\??\c:\6n8lc34.exec:\6n8lc34.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1332 -
\??\c:\d51rcs.exec:\d51rcs.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3864 -
\??\c:\0nqcr02.exec:\0nqcr02.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2376 -
\??\c:\27u2w9f.exec:\27u2w9f.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2172 -
\??\c:\8785h.exec:\8785h.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4644 -
\??\c:\h94918t.exec:\h94918t.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4508 -
\??\c:\uo57t.exec:\uo57t.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3296 -
\??\c:\6e6irj9.exec:\6e6irj9.exe23⤵
- Executes dropped EXE
PID:4632 -
\??\c:\co737a.exec:\co737a.exe24⤵
- Executes dropped EXE
PID:4208 -
\??\c:\912g7wq.exec:\912g7wq.exe25⤵
- Executes dropped EXE
PID:1376 -
\??\c:\e7c81k.exec:\e7c81k.exe26⤵
- Executes dropped EXE
PID:3484 -
\??\c:\59knc55.exec:\59knc55.exe27⤵
- Executes dropped EXE
PID:3904 -
\??\c:\47a8v.exec:\47a8v.exe28⤵
- Executes dropped EXE
PID:3740 -
\??\c:\8405kb2.exec:\8405kb2.exe29⤵
- Executes dropped EXE
PID:3436 -
\??\c:\lap3bnl.exec:\lap3bnl.exe30⤵
- Executes dropped EXE
PID:3284 -
\??\c:\r6lg65.exec:\r6lg65.exe31⤵
- Executes dropped EXE
PID:4928 -
\??\c:\00c17.exec:\00c17.exe32⤵
- Executes dropped EXE
PID:2000 -
\??\c:\12rg9b.exec:\12rg9b.exe33⤵
- Executes dropped EXE
PID:4424 -
\??\c:\s9k14i3.exec:\s9k14i3.exe34⤵
- Executes dropped EXE
PID:228 -
\??\c:\xg3405u.exec:\xg3405u.exe35⤵
- Executes dropped EXE
PID:2352 -
\??\c:\t150e7x.exec:\t150e7x.exe36⤵
- Executes dropped EXE
PID:1836 -
\??\c:\st193.exec:\st193.exe37⤵
- Executes dropped EXE
PID:3180 -
\??\c:\19nn1u.exec:\19nn1u.exe38⤵
- Executes dropped EXE
PID:1548 -
\??\c:\0w1dp6w.exec:\0w1dp6w.exe39⤵
- Executes dropped EXE
PID:5116 -
\??\c:\g6044.exec:\g6044.exe40⤵
- Executes dropped EXE
PID:1344 -
\??\c:\b7905x.exec:\b7905x.exe41⤵
- Executes dropped EXE
PID:1484 -
\??\c:\kq9o2f.exec:\kq9o2f.exe42⤵
- Executes dropped EXE
PID:4876 -
\??\c:\t8nx9.exec:\t8nx9.exe43⤵
- Executes dropped EXE
PID:2876 -
\??\c:\196o14t.exec:\196o14t.exe44⤵
- Executes dropped EXE
PID:3840 -
\??\c:\js69m.exec:\js69m.exe45⤵
- Executes dropped EXE
PID:3984 -
\??\c:\1bb45.exec:\1bb45.exe46⤵
- Executes dropped EXE
PID:960 -
\??\c:\70m76.exec:\70m76.exe47⤵
- Executes dropped EXE
PID:4136 -
\??\c:\l92om.exec:\l92om.exe48⤵
- Executes dropped EXE
PID:3204 -
\??\c:\j23g59x.exec:\j23g59x.exe49⤵
- Executes dropped EXE
PID:3892 -
\??\c:\j5ee31.exec:\j5ee31.exe50⤵
- Executes dropped EXE
PID:1464 -
\??\c:\7h9w4.exec:\7h9w4.exe51⤵
- Executes dropped EXE
PID:3956 -
\??\c:\87571.exec:\87571.exe52⤵
- Executes dropped EXE
PID:4640 -
\??\c:\tmsn281.exec:\tmsn281.exe53⤵
- Executes dropped EXE
PID:3680 -
\??\c:\3ia71w9.exec:\3ia71w9.exe54⤵
- Executes dropped EXE
PID:2384 -
\??\c:\tdig9e.exec:\tdig9e.exe55⤵
- Executes dropped EXE
PID:3888 -
\??\c:\b540w.exec:\b540w.exe56⤵
- Executes dropped EXE
PID:2300 -
\??\c:\111jhm.exec:\111jhm.exe57⤵
- Executes dropped EXE
PID:4308 -
\??\c:\30ww8.exec:\30ww8.exe58⤵
- Executes dropped EXE
PID:3500 -
\??\c:\24ux35.exec:\24ux35.exe59⤵
- Executes dropped EXE
PID:3660 -
\??\c:\s655xo.exec:\s655xo.exe60⤵
- Executes dropped EXE
PID:4884 -
\??\c:\w21ahlf.exec:\w21ahlf.exe61⤵
- Executes dropped EXE
PID:4916 -
\??\c:\xo7fc.exec:\xo7fc.exe62⤵
- Executes dropped EXE
PID:4668 -
\??\c:\881c5.exec:\881c5.exe63⤵
- Executes dropped EXE
PID:1196 -
\??\c:\0s815.exec:\0s815.exe64⤵
- Executes dropped EXE
PID:3296 -
\??\c:\2ancn4.exec:\2ancn4.exe65⤵
- Executes dropped EXE
PID:2456 -
\??\c:\uujwk.exec:\uujwk.exe66⤵PID:3968
-
\??\c:\5xu6d.exec:\5xu6d.exe67⤵PID:1432
-
\??\c:\jm5918.exec:\jm5918.exe68⤵PID:3816
-
\??\c:\8bc9c73.exec:\8bc9c73.exe69⤵PID:3484
-
\??\c:\plsxiv.exec:\plsxiv.exe70⤵PID:4492
-
\??\c:\89g12.exec:\89g12.exe71⤵PID:1940
-
\??\c:\8n1kcsk.exec:\8n1kcsk.exe72⤵PID:1568
-
\??\c:\28xl7a.exec:\28xl7a.exe73⤵PID:4200
-
\??\c:\c732tt5.exec:\c732tt5.exe74⤵PID:3080
-
\??\c:\973rg.exec:\973rg.exe75⤵PID:3812
-
\??\c:\ca9qe71.exec:\ca9qe71.exe76⤵PID:1440
-
\??\c:\2a58v78.exec:\2a58v78.exe77⤵PID:4304
-
\??\c:\nen1b.exec:\nen1b.exe78⤵PID:1652
-
\??\c:\p1am4.exec:\p1am4.exe79⤵PID:4464
-
\??\c:\9qb765f.exec:\9qb765f.exe80⤵PID:1656
-
\??\c:\98f5qhe.exec:\98f5qhe.exe81⤵PID:3720
-
\??\c:\h607e.exec:\h607e.exe82⤵PID:4808
-
\??\c:\t4ouaqi.exec:\t4ouaqi.exe83⤵PID:2916
-
\??\c:\1c59a2.exec:\1c59a2.exe84⤵PID:4748
-
\??\c:\f649k3.exec:\f649k3.exe85⤵PID:3548
-
\??\c:\912a1.exec:\912a1.exe86⤵PID:4316
-
\??\c:\cq296.exec:\cq296.exe87⤵PID:888
-
\??\c:\mcfmq.exec:\mcfmq.exe88⤵PID:3964
-
\??\c:\9ux4f.exec:\9ux4f.exe89⤵PID:3224
-
\??\c:\vk98fg1.exec:\vk98fg1.exe90⤵PID:3108
-
\??\c:\cd21h4c.exec:\cd21h4c.exe91⤵PID:3984
-
\??\c:\1p7v9c.exec:\1p7v9c.exe92⤵PID:960
-
\??\c:\p409qb6.exec:\p409qb6.exe93⤵PID:232
-
\??\c:\dgpm3q.exec:\dgpm3q.exe94⤵PID:1144
-
\??\c:\753a61v.exec:\753a61v.exe95⤵PID:2572
-
\??\c:\7q19l.exec:\7q19l.exe96⤵PID:848
-
\??\c:\v1iug.exec:\v1iug.exe97⤵PID:2248
-
\??\c:\g9vmk.exec:\g9vmk.exe98⤵PID:3128
-
\??\c:\hxtxhdd.exec:\hxtxhdd.exe99⤵PID:3556
-
\??\c:\33e97.exec:\33e97.exe100⤵PID:404
-
\??\c:\2319up.exec:\2319up.exe101⤵PID:3536
-
\??\c:\t71ud3.exec:\t71ud3.exe102⤵PID:2300
-
\??\c:\bnn9i.exec:\bnn9i.exe103⤵PID:4128
-
\??\c:\49qokkb.exec:\49qokkb.exe104⤵PID:1620
-
\??\c:\j629f.exec:\j629f.exe105⤵PID:2988
-
\??\c:\qk5wx1x.exec:\qk5wx1x.exe106⤵PID:1640
-
\??\c:\c1313.exec:\c1313.exe107⤵PID:3604
-
\??\c:\48sh96.exec:\48sh96.exe108⤵PID:4508
-
\??\c:\652li.exec:\652li.exe109⤵PID:816
-
\??\c:\t61h93x.exec:\t61h93x.exe110⤵PID:1512
-
\??\c:\71jg9.exec:\71jg9.exe111⤵PID:2060
-
\??\c:\04i8e.exec:\04i8e.exe112⤵PID:4404
-
\??\c:\49v7o8m.exec:\49v7o8m.exe113⤵PID:1724
-
\??\c:\596sa3.exec:\596sa3.exe114⤵PID:2432
-
\??\c:\2sk37.exec:\2sk37.exe115⤵PID:4700
-
\??\c:\kfrj03.exec:\kfrj03.exe116⤵PID:3948
-
\??\c:\n39uc5e.exec:\n39uc5e.exe117⤵PID:4468
-
\??\c:\60qq39.exec:\60qq39.exe118⤵PID:4200
-
\??\c:\k6nqn1c.exec:\k6nqn1c.exe119⤵PID:2968
-
\??\c:\mgs383.exec:\mgs383.exe120⤵PID:4284
-
\??\c:\bms758s.exec:\bms758s.exe121⤵PID:5060
-
\??\c:\u973q.exec:\u973q.exe122⤵PID:928
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-