Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 13:36
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
cf58772b0e081fe51838564c365befa0_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
cf58772b0e081fe51838564c365befa0_NeikiAnalytics.exe
-
Size
393KB
-
MD5
cf58772b0e081fe51838564c365befa0
-
SHA1
a791d9a26f96a268de78eb12056a82516e64dbf3
-
SHA256
3394c4c6f06b87ae9c3b441f120e82122b2c2a3d2e9865e7dd773f21ae57a0ef
-
SHA512
e6054ceb73f9833d87deb8779816ee64b15fa17ecd6d66705d7c378b13bb956a83c4a97d0cade0f14eafedc46f6976fa9cb4853b994e8cc495441f0890976ce8
-
SSDEEP
6144:Acm7ImGddX5WrXF5lpKGYV0aTk/BO0XJm4UEPOshN/xdKnvP48bmRE:m7TcJWjdpKGATTk/jYIOWN/KnnPN
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/1804-0-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1804-5-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3936-12-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2508-18-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3576-25-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/964-27-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4328-31-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4316-48-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4744-57-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4332-54-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1952-63-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4908-69-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2988-74-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/5012-81-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1912-87-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3452-96-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4684-102-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4796-117-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1380-120-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/232-129-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2788-137-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2152-148-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4188-161-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/400-155-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/364-176-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3528-177-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/824-184-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3284-193-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/752-199-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3756-203-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/912-211-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1360-215-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1564-223-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1192-227-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/884-240-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2460-241-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3460-255-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3176-259-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1104-261-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4744-268-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1988-272-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/5012-279-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4756-283-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1220-297-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2112-302-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4640-321-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4076-334-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/400-338-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4284-345-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4740-360-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/956-364-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4120-371-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2936-394-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2476-429-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/496-470-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3936-532-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1192-538-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3156-551-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2260-574-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4380-576-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3900-589-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2108-611-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3548-723-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/620-904-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 3936 ppjdp.exe 2508 1lxrxxl.exe 3576 ddvjd.exe 964 fffxxxr.exe 4328 bnnnnh.exe 1920 1hhhbb.exe 4316 djvpj.exe 4332 5frlfxx.exe 4744 5bbtnh.exe 1952 pvppj.exe 4908 5ntnhh.exe 2988 jjdvp.exe 5012 bbbbtb.exe 1912 nbhhbt.exe 3452 pjpjd.exe 4684 jvpjv.exe 3112 lrrlxrl.exe 2204 5djdv.exe 4796 fffxllf.exe 1380 1ppdp.exe 232 fffxxrr.exe 1376 3ddvj.exe 2788 7rrxrlf.exe 2152 9llxrxl.exe 1652 7ffxrlx.exe 400 pjpvv.exe 4188 rlffflr.exe 928 hbbnbt.exe 364 3hnhtn.exe 3528 bbhbtt.exe 824 frrrflf.exe 4068 hnbbhb.exe 3284 pvdvp.exe 752 1xxrlfx.exe 3756 9ttnhh.exe 5044 1dvpv.exe 912 fxxffxx.exe 1360 xrxrrrr.exe 3816 djddd.exe 1564 3bnbbt.exe 1192 7frlfxr.exe 1232 hhnhnh.exe 2136 pdddv.exe 2368 xxrlrrr.exe 884 rlfxxll.exe 2460 hhnhhb.exe 3156 vjppj.exe 4456 ffffxxx.exe 3460 3nthbh.exe 3176 frxxrfx.exe 1104 nntnbt.exe 4744 pdjvj.exe 1988 nbnnnt.exe 3924 jpdvd.exe 5012 lxlxfxf.exe 4756 rxlfrrx.exe 5076 vpddj.exe 2836 xrlffff.exe 4424 bnbnnh.exe 1220 7jjvp.exe 2112 pvvjd.exe 3096 7rlfrxr.exe 1928 nbbtnn.exe 3492 jppjd.exe -
resource yara_rule behavioral2/memory/1804-5-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3936-12-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2508-18-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3576-25-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/964-27-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4328-31-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4316-43-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4316-48-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4744-57-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4332-54-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1952-63-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4908-69-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2988-74-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/5012-81-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1912-87-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3452-96-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4684-102-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4796-117-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1380-120-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/232-129-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2788-137-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2152-148-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4188-161-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/400-155-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/364-176-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3528-177-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/824-184-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3284-193-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/752-199-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3756-203-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/5044-204-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/912-211-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1360-215-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1564-223-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1192-227-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/884-240-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2460-241-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3156-245-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3460-255-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3176-259-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1104-261-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4744-268-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1988-272-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/5012-279-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4756-283-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4424-290-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1220-297-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2112-298-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2112-302-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4640-321-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4076-334-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/400-338-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4284-345-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3376-346-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3140-356-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4740-360-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/956-364-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4120-371-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1208-390-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2936-394-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4280-413-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2476-429-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/496-470-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1612-480-0x0000000000400000-0x000000000042A000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1804 wrote to memory of 3936 1804 cf58772b0e081fe51838564c365befa0_NeikiAnalytics.exe 82 PID 1804 wrote to memory of 3936 1804 cf58772b0e081fe51838564c365befa0_NeikiAnalytics.exe 82 PID 1804 wrote to memory of 3936 1804 cf58772b0e081fe51838564c365befa0_NeikiAnalytics.exe 82 PID 3936 wrote to memory of 2508 3936 ppjdp.exe 83 PID 3936 wrote to memory of 2508 3936 ppjdp.exe 83 PID 3936 wrote to memory of 2508 3936 ppjdp.exe 83 PID 2508 wrote to memory of 3576 2508 1lxrxxl.exe 84 PID 2508 wrote to memory of 3576 2508 1lxrxxl.exe 84 PID 2508 wrote to memory of 3576 2508 1lxrxxl.exe 84 PID 3576 wrote to memory of 964 3576 ddvjd.exe 85 PID 3576 wrote to memory of 964 3576 ddvjd.exe 85 PID 3576 wrote to memory of 964 3576 ddvjd.exe 85 PID 964 wrote to memory of 4328 964 fffxxxr.exe 86 PID 964 wrote to memory of 4328 964 fffxxxr.exe 86 PID 964 wrote to memory of 4328 964 fffxxxr.exe 86 PID 4328 wrote to memory of 1920 4328 bnnnnh.exe 87 PID 4328 wrote to memory of 1920 4328 bnnnnh.exe 87 PID 4328 wrote to memory of 1920 4328 bnnnnh.exe 87 PID 1920 wrote to memory of 4316 1920 1hhhbb.exe 88 PID 1920 wrote to memory of 4316 1920 1hhhbb.exe 88 PID 1920 wrote to memory of 4316 1920 1hhhbb.exe 88 PID 4316 wrote to memory of 4332 4316 djvpj.exe 89 PID 4316 wrote to memory of 4332 4316 djvpj.exe 89 PID 4316 wrote to memory of 4332 4316 djvpj.exe 89 PID 4332 wrote to memory of 4744 4332 5frlfxx.exe 90 PID 4332 wrote to memory of 4744 4332 5frlfxx.exe 90 PID 4332 wrote to memory of 4744 4332 5frlfxx.exe 90 PID 4744 wrote to memory of 1952 4744 5bbtnh.exe 91 PID 4744 wrote to memory of 1952 4744 5bbtnh.exe 91 PID 4744 wrote to memory of 1952 4744 5bbtnh.exe 91 PID 1952 wrote to memory of 4908 1952 pvppj.exe 92 PID 1952 wrote to memory of 4908 1952 pvppj.exe 92 PID 1952 wrote to memory of 4908 1952 pvppj.exe 92 PID 4908 wrote to memory of 2988 4908 5ntnhh.exe 93 PID 4908 wrote to memory of 2988 4908 5ntnhh.exe 93 PID 4908 wrote to memory of 2988 4908 5ntnhh.exe 93 PID 2988 wrote to memory of 5012 2988 jjdvp.exe 94 PID 2988 wrote to memory of 5012 2988 jjdvp.exe 94 PID 2988 wrote to memory of 5012 2988 jjdvp.exe 94 PID 5012 wrote to memory of 1912 5012 bbbbtb.exe 95 PID 5012 wrote to memory of 1912 5012 bbbbtb.exe 95 PID 5012 wrote to memory of 1912 5012 bbbbtb.exe 95 PID 1912 wrote to memory of 3452 1912 nbhhbt.exe 97 PID 1912 wrote to memory of 3452 1912 nbhhbt.exe 97 PID 1912 wrote to memory of 3452 1912 nbhhbt.exe 97 PID 3452 wrote to memory of 4684 3452 pjpjd.exe 98 PID 3452 wrote to memory of 4684 3452 pjpjd.exe 98 PID 3452 wrote to memory of 4684 3452 pjpjd.exe 98 PID 4684 wrote to memory of 3112 4684 jvpjv.exe 99 PID 4684 wrote to memory of 3112 4684 jvpjv.exe 99 PID 4684 wrote to memory of 3112 4684 jvpjv.exe 99 PID 3112 wrote to memory of 2204 3112 lrrlxrl.exe 101 PID 3112 wrote to memory of 2204 3112 lrrlxrl.exe 101 PID 3112 wrote to memory of 2204 3112 lrrlxrl.exe 101 PID 2204 wrote to memory of 4796 2204 5djdv.exe 102 PID 2204 wrote to memory of 4796 2204 5djdv.exe 102 PID 2204 wrote to memory of 4796 2204 5djdv.exe 102 PID 4796 wrote to memory of 1380 4796 fffxllf.exe 103 PID 4796 wrote to memory of 1380 4796 fffxllf.exe 103 PID 4796 wrote to memory of 1380 4796 fffxllf.exe 103 PID 1380 wrote to memory of 232 1380 1ppdp.exe 104 PID 1380 wrote to memory of 232 1380 1ppdp.exe 104 PID 1380 wrote to memory of 232 1380 1ppdp.exe 104 PID 232 wrote to memory of 1376 232 fffxxrr.exe 105
Processes
-
C:\Users\Admin\AppData\Local\Temp\cf58772b0e081fe51838564c365befa0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cf58772b0e081fe51838564c365befa0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1804 -
\??\c:\ppjdp.exec:\ppjdp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3936 -
\??\c:\1lxrxxl.exec:\1lxrxxl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2508 -
\??\c:\ddvjd.exec:\ddvjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3576 -
\??\c:\fffxxxr.exec:\fffxxxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:964 -
\??\c:\bnnnnh.exec:\bnnnnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4328 -
\??\c:\1hhhbb.exec:\1hhhbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1920 -
\??\c:\djvpj.exec:\djvpj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4316 -
\??\c:\5frlfxx.exec:\5frlfxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4332 -
\??\c:\5bbtnh.exec:\5bbtnh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4744 -
\??\c:\pvppj.exec:\pvppj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1952 -
\??\c:\5ntnhh.exec:\5ntnhh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4908 -
\??\c:\jjdvp.exec:\jjdvp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2988 -
\??\c:\bbbbtb.exec:\bbbbtb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5012 -
\??\c:\nbhhbt.exec:\nbhhbt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1912 -
\??\c:\pjpjd.exec:\pjpjd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3452 -
\??\c:\jvpjv.exec:\jvpjv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4684 -
\??\c:\lrrlxrl.exec:\lrrlxrl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3112 -
\??\c:\5djdv.exec:\5djdv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2204 -
\??\c:\fffxllf.exec:\fffxllf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4796 -
\??\c:\1ppdp.exec:\1ppdp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1380 -
\??\c:\fffxxrr.exec:\fffxxrr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:232 -
\??\c:\3ddvj.exec:\3ddvj.exe23⤵
- Executes dropped EXE
PID:1376 -
\??\c:\7rrxrlf.exec:\7rrxrlf.exe24⤵
- Executes dropped EXE
PID:2788 -
\??\c:\9llxrxl.exec:\9llxrxl.exe25⤵
- Executes dropped EXE
PID:2152 -
\??\c:\7ffxrlx.exec:\7ffxrlx.exe26⤵
- Executes dropped EXE
PID:1652 -
\??\c:\pjpvv.exec:\pjpvv.exe27⤵
- Executes dropped EXE
PID:400 -
\??\c:\rlffflr.exec:\rlffflr.exe28⤵
- Executes dropped EXE
PID:4188 -
\??\c:\hbbnbt.exec:\hbbnbt.exe29⤵
- Executes dropped EXE
PID:928 -
\??\c:\3hnhtn.exec:\3hnhtn.exe30⤵
- Executes dropped EXE
PID:364 -
\??\c:\bbhbtt.exec:\bbhbtt.exe31⤵
- Executes dropped EXE
PID:3528 -
\??\c:\frrrflf.exec:\frrrflf.exe32⤵
- Executes dropped EXE
PID:824 -
\??\c:\hnbbhb.exec:\hnbbhb.exe33⤵
- Executes dropped EXE
PID:4068 -
\??\c:\pvdvp.exec:\pvdvp.exe34⤵
- Executes dropped EXE
PID:3284 -
\??\c:\1xxrlfx.exec:\1xxrlfx.exe35⤵
- Executes dropped EXE
PID:752 -
\??\c:\9ttnhh.exec:\9ttnhh.exe36⤵
- Executes dropped EXE
PID:3756 -
\??\c:\1dvpv.exec:\1dvpv.exe37⤵
- Executes dropped EXE
PID:5044 -
\??\c:\fxxffxx.exec:\fxxffxx.exe38⤵
- Executes dropped EXE
PID:912 -
\??\c:\xrxrrrr.exec:\xrxrrrr.exe39⤵
- Executes dropped EXE
PID:1360 -
\??\c:\djddd.exec:\djddd.exe40⤵
- Executes dropped EXE
PID:3816 -
\??\c:\xrxxrrr.exec:\xrxxrrr.exe41⤵PID:600
-
\??\c:\3bnbbt.exec:\3bnbbt.exe42⤵
- Executes dropped EXE
PID:1564 -
\??\c:\7frlfxr.exec:\7frlfxr.exe43⤵
- Executes dropped EXE
PID:1192 -
\??\c:\hhnhnh.exec:\hhnhnh.exe44⤵
- Executes dropped EXE
PID:1232 -
\??\c:\pdddv.exec:\pdddv.exe45⤵
- Executes dropped EXE
PID:2136 -
\??\c:\xxrlrrr.exec:\xxrlrrr.exe46⤵
- Executes dropped EXE
PID:2368 -
\??\c:\rlfxxll.exec:\rlfxxll.exe47⤵
- Executes dropped EXE
PID:884 -
\??\c:\hhnhhb.exec:\hhnhhb.exe48⤵
- Executes dropped EXE
PID:2460 -
\??\c:\vjppj.exec:\vjppj.exe49⤵
- Executes dropped EXE
PID:3156 -
\??\c:\ffffxxx.exec:\ffffxxx.exe50⤵
- Executes dropped EXE
PID:4456 -
\??\c:\3nthbh.exec:\3nthbh.exe51⤵
- Executes dropped EXE
PID:3460 -
\??\c:\frxxrfx.exec:\frxxrfx.exe52⤵
- Executes dropped EXE
PID:3176 -
\??\c:\nntnbt.exec:\nntnbt.exe53⤵
- Executes dropped EXE
PID:1104 -
\??\c:\pdjvj.exec:\pdjvj.exe54⤵
- Executes dropped EXE
PID:4744 -
\??\c:\nbnnnt.exec:\nbnnnt.exe55⤵
- Executes dropped EXE
PID:1988 -
\??\c:\jpdvd.exec:\jpdvd.exe56⤵
- Executes dropped EXE
PID:3924 -
\??\c:\lxlxfxf.exec:\lxlxfxf.exe57⤵
- Executes dropped EXE
PID:5012 -
\??\c:\rxlfrrx.exec:\rxlfrrx.exe58⤵
- Executes dropped EXE
PID:4756 -
\??\c:\vpddj.exec:\vpddj.exe59⤵
- Executes dropped EXE
PID:5076 -
\??\c:\xrlffff.exec:\xrlffff.exe60⤵
- Executes dropped EXE
PID:2836 -
\??\c:\bnbnnh.exec:\bnbnnh.exe61⤵
- Executes dropped EXE
PID:4424 -
\??\c:\7jjvp.exec:\7jjvp.exe62⤵
- Executes dropped EXE
PID:1220 -
\??\c:\pvvjd.exec:\pvvjd.exe63⤵
- Executes dropped EXE
PID:2112 -
\??\c:\7rlfrxr.exec:\7rlfrxr.exe64⤵
- Executes dropped EXE
PID:3096 -
\??\c:\nbbtnn.exec:\nbbtnn.exe65⤵
- Executes dropped EXE
PID:1928 -
\??\c:\jppjd.exec:\jppjd.exe66⤵
- Executes dropped EXE
PID:3492 -
\??\c:\rxxlfxl.exec:\rxxlfxl.exe67⤵PID:4376
-
\??\c:\7bthhn.exec:\7bthhn.exe68⤵PID:880
-
\??\c:\hnbtnh.exec:\hnbtnh.exe69⤵PID:4640
-
\??\c:\9vjvp.exec:\9vjvp.exe70⤵PID:4752
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe71⤵PID:620
-
\??\c:\thnhbn.exec:\thnhbn.exe72⤵PID:4732
-
\??\c:\xxrlxrr.exec:\xxrlxrr.exe73⤵PID:4076
-
\??\c:\htbbtb.exec:\htbbtb.exe74⤵PID:400
-
\??\c:\nhhhhn.exec:\nhhhhn.exe75⤵PID:2656
-
\??\c:\jpvpj.exec:\jpvpj.exe76⤵PID:4284
-
\??\c:\3rrlfff.exec:\3rrlfff.exe77⤵PID:3376
-
\??\c:\ffxxrrl.exec:\ffxxrrl.exe78⤵PID:4104
-
\??\c:\hhnbbt.exec:\hhnbbt.exe79⤵PID:4724
-
\??\c:\bnnhhn.exec:\bnnhhn.exe80⤵PID:3140
-
\??\c:\jppdv.exec:\jppdv.exe81⤵PID:4740
-
\??\c:\frrlxxx.exec:\frrlxxx.exe82⤵PID:956
-
\??\c:\lxlfxxr.exec:\lxlfxxr.exe83⤵PID:4120
-
\??\c:\hbbtbt.exec:\hbbtbt.exe84⤵PID:3636
-
\??\c:\dppjd.exec:\dppjd.exe85⤵PID:5044
-
\??\c:\vpjvj.exec:\vpjvj.exe86⤵PID:4480
-
\??\c:\rrxxrrx.exec:\rrxxrrx.exe87⤵PID:4980
-
\??\c:\thhbtn.exec:\thhbtn.exe88⤵PID:4360
-
\??\c:\bnntnn.exec:\bnntnn.exe89⤵PID:3936
-
\??\c:\vdpjd.exec:\vdpjd.exe90⤵PID:1208
-
\??\c:\pjpjd.exec:\pjpjd.exe91⤵PID:2936
-
\??\c:\rxlfxxr.exec:\rxlfxxr.exe92⤵PID:5028
-
\??\c:\5bbbtt.exec:\5bbbtt.exe93⤵PID:2548
-
\??\c:\htbnhb.exec:\htbnhb.exe94⤵PID:4296
-
\??\c:\jpppj.exec:\jpppj.exe95⤵PID:1924
-
\??\c:\xrlffxx.exec:\xrlffxx.exe96⤵PID:4456
-
\??\c:\hhnnhh.exec:\hhnnhh.exe97⤵PID:4280
-
\??\c:\hnttnn.exec:\hnttnn.exe98⤵PID:3036
-
\??\c:\jdjpj.exec:\jdjpj.exe99⤵PID:2216
-
\??\c:\9lrlllr.exec:\9lrlllr.exe100⤵PID:1680
-
\??\c:\xfrllll.exec:\xfrllll.exe101⤵PID:2476
-
\??\c:\ttbbtb.exec:\ttbbtb.exe102⤵PID:1912
-
\??\c:\dpppj.exec:\dpppj.exe103⤵PID:3240
-
\??\c:\rrrxxff.exec:\rrrxxff.exe104⤵PID:4380
-
\??\c:\9bhbbh.exec:\9bhbbh.exe105⤵PID:4424
-
\??\c:\9ppjp.exec:\9ppjp.exe106⤵PID:1684
-
\??\c:\7xxrrrx.exec:\7xxrrrx.exe107⤵PID:2580
-
\??\c:\hbhbbh.exec:\hbhbbh.exe108⤵PID:4796
-
\??\c:\jvppv.exec:\jvppv.exe109⤵PID:3760
-
\??\c:\vvpjp.exec:\vvpjp.exe110⤵PID:5020
-
\??\c:\htbthh.exec:\htbthh.exe111⤵PID:1080
-
\??\c:\9vvjd.exec:\9vvjd.exe112⤵PID:3080
-
\??\c:\1jpjj.exec:\1jpjj.exe113⤵PID:4368
-
\??\c:\3lfxffx.exec:\3lfxffx.exe114⤵PID:4900
-
\??\c:\1hnhbh.exec:\1hnhbh.exe115⤵PID:496
-
\??\c:\hnhbtn.exec:\hnhbtn.exe116⤵PID:4568
-
\??\c:\jdjjv.exec:\jdjjv.exe117⤵PID:4732
-
\??\c:\lxxfxrl.exec:\lxxfxrl.exe118⤵PID:1612
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe119⤵PID:400
-
\??\c:\ttbnnn.exec:\ttbnnn.exe120⤵PID:2656
-
\??\c:\ppdvv.exec:\ppdvv.exe121⤵PID:4760
-
\??\c:\llxxrrr.exec:\llxxrrr.exe122⤵PID:3528
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-