Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
21-05-2024 18:32
Behavioral task
behavioral1
Sample
0b424e839f9cbb4717973767b7580a00cad364c9b77985ec3dd3e75db5d9d2f0.exe
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
General
-
Target
0b424e839f9cbb4717973767b7580a00cad364c9b77985ec3dd3e75db5d9d2f0.exe
-
Size
61KB
-
MD5
367c2ebaaec4e4c5e090e7634cf67289
-
SHA1
d113c1f7bf2bcc1b572fac85b5b13e1074a659ef
-
SHA256
0b424e839f9cbb4717973767b7580a00cad364c9b77985ec3dd3e75db5d9d2f0
-
SHA512
6fe346e735310626a55ed8e49b68ed440f2de1a8bf8668c9460f1d98319c34c27296189118391780b7c29954ce7be99b239a9304b4ffa8da3e2cb5f59d415ef5
-
SSDEEP
1536:zvQBeOGtrYS3srx93UBWfwC6Ggnouy8iT4+EMdbV5f:zhOmTsF93UYfwC6GIoutiTWMdbv
Malware Config
Signatures
-
Detect Blackmoon payload 47 IoCs
resource yara_rule behavioral1/memory/1984-6-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1872-16-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2660-23-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2276-33-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2568-41-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2576-57-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2664-60-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2688-76-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2688-74-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/2512-84-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2152-93-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1456-108-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2280-123-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/624-131-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2256-139-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1012-144-0x0000000000250000-0x0000000000277000-memory.dmp family_blackmoon behavioral1/memory/2232-156-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2816-176-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2432-185-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1164-192-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1896-215-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/996-232-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2900-287-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2036-302-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2252-314-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2276-325-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2456-326-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2568-337-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2672-338-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2492-369-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2748-396-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2260-405-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1864-431-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2340-465-0x0000000000230000-0x0000000000257000-memory.dmp family_blackmoon behavioral1/memory/348-530-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2016-554-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1512-953-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/936-1086-0x00000000003C0000-0x00000000003E7000-memory.dmp family_blackmoon behavioral1/memory/2004-1089-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/2508-1098-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/2832-1114-0x0000000076CC0000-0x0000000076DDF000-memory.dmp family_blackmoon behavioral1/memory/2168-1156-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2832-9817-0x0000000076BC0000-0x0000000076CBA000-memory.dmp family_blackmoon behavioral1/memory/2832-9816-0x0000000076CC0000-0x0000000076DDF000-memory.dmp family_blackmoon behavioral1/memory/2832-10078-0x0000000076CC0000-0x0000000076DDF000-memory.dmp family_blackmoon behavioral1/memory/2832-18635-0x0000000076CC0000-0x0000000076DDF000-memory.dmp family_blackmoon behavioral1/memory/2832-22654-0x0000000076BC0000-0x0000000076CBA000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral1/memory/1984-0-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x000d000000012334-7.dat UPX behavioral1/memory/1984-6-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1872-8-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x002f0000000146e6-15.dat UPX behavioral1/memory/1872-16-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0008000000014971-25.dat UPX behavioral1/memory/2660-23-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2276-33-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0007000000014b27-32.dat UPX behavioral1/memory/2568-41-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0007000000014b63-40.dat UPX behavioral1/files/0x0007000000014baa-48.dat UPX behavioral1/memory/2576-49-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0009000000014e51-56.dat UPX behavioral1/memory/2576-57-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2664-60-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0008000000015ce1-66.dat UPX behavioral1/files/0x0006000000015ceb-73.dat UPX behavioral1/memory/2688-76-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2512-84-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0006000000015d07-82.dat UPX behavioral1/files/0x0006000000015d28-92.dat UPX behavioral1/memory/2152-93-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0006000000015d4a-100.dat UPX behavioral1/files/0x0006000000015d56-107.dat UPX behavioral1/memory/1456-108-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0006000000015d5e-115.dat UPX behavioral1/files/0x0006000000015d67-122.dat UPX behavioral1/memory/2280-123-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0006000000015d6f-130.dat UPX behavioral1/memory/624-131-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0006000000015d79-138.dat UPX behavioral1/memory/2256-139-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1012-144-0x0000000000250000-0x0000000000277000-memory.dmp UPX behavioral1/files/0x0006000000015d87-147.dat UPX behavioral1/files/0x0006000000015d8f-154.dat UPX behavioral1/memory/2232-156-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0006000000015d9b-162.dat UPX behavioral1/files/0x002f000000014708-169.dat UPX behavioral1/memory/2816-176-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0006000000015e3a-177.dat UPX behavioral1/memory/2432-185-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0006000000015eaf-184.dat UPX behavioral1/files/0x0006000000015f6d-193.dat UPX behavioral1/memory/1164-192-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0006000000015fe9-200.dat UPX behavioral1/files/0x0006000000016117-207.dat UPX behavioral1/memory/1896-208-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1896-215-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x00060000000161e7-216.dat UPX behavioral1/files/0x000600000001630b-223.dat UPX behavioral1/files/0x00060000000164b2-230.dat UPX behavioral1/memory/996-232-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/files/0x0006000000016572-238.dat UPX behavioral1/files/0x000600000001661c-245.dat UPX behavioral1/files/0x0006000000016843-252.dat UPX behavioral1/memory/2020-265-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2900-287-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2036-302-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2252-308-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2252-314-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2276-325-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2456-326-0x0000000000400000-0x0000000000427000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 1872 rxlxllf.exe 2660 26242.exe 2276 xlffllx.exe 2568 q80282.exe 2684 9tnbhh.exe 2576 9fffllr.exe 2664 428462.exe 2688 xlxfffl.exe 2512 dvjpd.exe 2152 fxflxfr.exe 1848 q20682.exe 1456 0462888.exe 2744 lfxxlrl.exe 2280 btbbtt.exe 624 6044288.exe 2256 1hbnbh.exe 1012 pjvdd.exe 1620 8244068.exe 2232 1pjjd.exe 1824 nhhnnt.exe 2816 8202462.exe 2432 604022.exe 1164 vdvpj.exe 1628 xxfllxl.exe 3008 i484682.exe 1896 2028042.exe 2408 g0886.exe 2148 864604.exe 996 4640642.exe 1604 042406.exe 348 lflflrf.exe 1500 jvvvv.exe 2508 nhtbnt.exe 2020 dvjdp.exe 2856 5xrxrrx.exe 2072 4802406.exe 1776 thttbb.exe 2900 040022.exe 1712 480682.exe 2036 dvddp.exe 2780 084026.exe 2252 08062.exe 2796 vvpdp.exe 2276 djpvd.exe 2456 04802.exe 2568 vvvvp.exe 2672 o860846.exe 2756 rflllff.exe 2624 k08844.exe 2464 44622.exe 2500 g4606.exe 2492 044840.exe 2512 080662.exe 356 3xlfrxl.exe 2420 5xllrfr.exe 1848 64668.exe 2748 rlflffr.exe 2552 htbhhn.exe 2260 0422046.exe 2352 0844066.exe 2000 26224.exe 1572 3pjvd.exe 1864 88228.exe 2340 84242.exe -
resource yara_rule behavioral1/memory/1984-0-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x000d000000012334-7.dat upx behavioral1/memory/1984-6-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1872-8-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x002f0000000146e6-15.dat upx behavioral1/memory/1872-16-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0008000000014971-25.dat upx behavioral1/memory/2660-23-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2276-33-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0007000000014b27-32.dat upx behavioral1/memory/2568-41-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0007000000014b63-40.dat upx behavioral1/files/0x0007000000014baa-48.dat upx behavioral1/memory/2576-49-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0009000000014e51-56.dat upx behavioral1/memory/2576-57-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2664-60-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0008000000015ce1-66.dat upx behavioral1/files/0x0006000000015ceb-73.dat upx behavioral1/memory/2688-76-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2512-84-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015d07-82.dat upx behavioral1/files/0x0006000000015d28-92.dat upx behavioral1/memory/2152-93-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015d4a-100.dat upx behavioral1/files/0x0006000000015d56-107.dat upx behavioral1/memory/1456-108-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015d5e-115.dat upx behavioral1/files/0x0006000000015d67-122.dat upx behavioral1/memory/2280-123-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015d6f-130.dat upx behavioral1/memory/624-131-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015d79-138.dat upx behavioral1/memory/2256-139-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1012-144-0x0000000000250000-0x0000000000277000-memory.dmp upx behavioral1/files/0x0006000000015d87-147.dat upx behavioral1/files/0x0006000000015d8f-154.dat upx behavioral1/memory/2232-156-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015d9b-162.dat upx behavioral1/files/0x002f000000014708-169.dat upx behavioral1/memory/2816-176-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015e3a-177.dat upx behavioral1/memory/2432-185-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015eaf-184.dat upx behavioral1/files/0x0006000000015f6d-193.dat upx behavioral1/memory/1164-192-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015fe9-200.dat upx behavioral1/files/0x0006000000016117-207.dat upx behavioral1/memory/1896-208-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1896-215-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x00060000000161e7-216.dat upx behavioral1/files/0x000600000001630b-223.dat upx behavioral1/files/0x00060000000164b2-230.dat upx behavioral1/memory/996-232-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000016572-238.dat upx behavioral1/files/0x000600000001661c-245.dat upx behavioral1/files/0x0006000000016843-252.dat upx behavioral1/memory/2020-265-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2900-287-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2036-302-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2252-308-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2252-314-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2276-325-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2456-326-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1984 wrote to memory of 1872 1984 0b424e839f9cbb4717973767b7580a00cad364c9b77985ec3dd3e75db5d9d2f0.exe 28 PID 1984 wrote to memory of 1872 1984 0b424e839f9cbb4717973767b7580a00cad364c9b77985ec3dd3e75db5d9d2f0.exe 28 PID 1984 wrote to memory of 1872 1984 0b424e839f9cbb4717973767b7580a00cad364c9b77985ec3dd3e75db5d9d2f0.exe 28 PID 1984 wrote to memory of 1872 1984 0b424e839f9cbb4717973767b7580a00cad364c9b77985ec3dd3e75db5d9d2f0.exe 28 PID 1872 wrote to memory of 2660 1872 rxlxllf.exe 29 PID 1872 wrote to memory of 2660 1872 rxlxllf.exe 29 PID 1872 wrote to memory of 2660 1872 rxlxllf.exe 29 PID 1872 wrote to memory of 2660 1872 rxlxllf.exe 29 PID 2660 wrote to memory of 2276 2660 26242.exe 30 PID 2660 wrote to memory of 2276 2660 26242.exe 30 PID 2660 wrote to memory of 2276 2660 26242.exe 30 PID 2660 wrote to memory of 2276 2660 26242.exe 30 PID 2276 wrote to memory of 2568 2276 xlffllx.exe 31 PID 2276 wrote to memory of 2568 2276 xlffllx.exe 31 PID 2276 wrote to memory of 2568 2276 xlffllx.exe 31 PID 2276 wrote to memory of 2568 2276 xlffllx.exe 31 PID 2568 wrote to memory of 2684 2568 q80282.exe 32 PID 2568 wrote to memory of 2684 2568 q80282.exe 32 PID 2568 wrote to memory of 2684 2568 q80282.exe 32 PID 2568 wrote to memory of 2684 2568 q80282.exe 32 PID 2684 wrote to memory of 2576 2684 9tnbhh.exe 33 PID 2684 wrote to memory of 2576 2684 9tnbhh.exe 33 PID 2684 wrote to memory of 2576 2684 9tnbhh.exe 33 PID 2684 wrote to memory of 2576 2684 9tnbhh.exe 33 PID 2576 wrote to memory of 2664 2576 9fffllr.exe 34 PID 2576 wrote to memory of 2664 2576 9fffllr.exe 34 PID 2576 wrote to memory of 2664 2576 9fffllr.exe 34 PID 2576 wrote to memory of 2664 2576 9fffllr.exe 34 PID 2664 wrote to memory of 2688 2664 428462.exe 35 PID 2664 wrote to memory of 2688 2664 428462.exe 35 PID 2664 wrote to memory of 2688 2664 428462.exe 35 PID 2664 wrote to memory of 2688 2664 428462.exe 35 PID 2688 wrote to memory of 2512 2688 xlxfffl.exe 36 PID 2688 wrote to memory of 2512 2688 xlxfffl.exe 36 PID 2688 wrote to memory of 2512 2688 xlxfffl.exe 36 PID 2688 wrote to memory of 2512 2688 xlxfffl.exe 36 PID 2512 wrote to memory of 2152 2512 dvjpd.exe 37 PID 2512 wrote to memory of 2152 2512 dvjpd.exe 37 PID 2512 wrote to memory of 2152 2512 dvjpd.exe 37 PID 2512 wrote to memory of 2152 2512 dvjpd.exe 37 PID 2152 wrote to memory of 1848 2152 fxflxfr.exe 38 PID 2152 wrote to memory of 1848 2152 fxflxfr.exe 38 PID 2152 wrote to memory of 1848 2152 fxflxfr.exe 38 PID 2152 wrote to memory of 1848 2152 fxflxfr.exe 38 PID 1848 wrote to memory of 1456 1848 q20682.exe 39 PID 1848 wrote to memory of 1456 1848 q20682.exe 39 PID 1848 wrote to memory of 1456 1848 q20682.exe 39 PID 1848 wrote to memory of 1456 1848 q20682.exe 39 PID 1456 wrote to memory of 2744 1456 0462888.exe 40 PID 1456 wrote to memory of 2744 1456 0462888.exe 40 PID 1456 wrote to memory of 2744 1456 0462888.exe 40 PID 1456 wrote to memory of 2744 1456 0462888.exe 40 PID 2744 wrote to memory of 2280 2744 lfxxlrl.exe 41 PID 2744 wrote to memory of 2280 2744 lfxxlrl.exe 41 PID 2744 wrote to memory of 2280 2744 lfxxlrl.exe 41 PID 2744 wrote to memory of 2280 2744 lfxxlrl.exe 41 PID 2280 wrote to memory of 624 2280 btbbtt.exe 42 PID 2280 wrote to memory of 624 2280 btbbtt.exe 42 PID 2280 wrote to memory of 624 2280 btbbtt.exe 42 PID 2280 wrote to memory of 624 2280 btbbtt.exe 42 PID 624 wrote to memory of 2256 624 6044288.exe 43 PID 624 wrote to memory of 2256 624 6044288.exe 43 PID 624 wrote to memory of 2256 624 6044288.exe 43 PID 624 wrote to memory of 2256 624 6044288.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\0b424e839f9cbb4717973767b7580a00cad364c9b77985ec3dd3e75db5d9d2f0.exe"C:\Users\Admin\AppData\Local\Temp\0b424e839f9cbb4717973767b7580a00cad364c9b77985ec3dd3e75db5d9d2f0.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1984 -
\??\c:\rxlxllf.exec:\rxlxllf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1872 -
\??\c:\26242.exec:\26242.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2660 -
\??\c:\xlffllx.exec:\xlffllx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2276 -
\??\c:\q80282.exec:\q80282.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2568 -
\??\c:\9tnbhh.exec:\9tnbhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2684 -
\??\c:\9fffllr.exec:\9fffllr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2576 -
\??\c:\428462.exec:\428462.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2664 -
\??\c:\xlxfffl.exec:\xlxfffl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2688 -
\??\c:\dvjpd.exec:\dvjpd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2512 -
\??\c:\fxflxfr.exec:\fxflxfr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2152 -
\??\c:\q20682.exec:\q20682.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1848 -
\??\c:\0462888.exec:\0462888.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1456 -
\??\c:\lfxxlrl.exec:\lfxxlrl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2744 -
\??\c:\btbbtt.exec:\btbbtt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2280 -
\??\c:\6044288.exec:\6044288.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:624 -
\??\c:\1hbnbh.exec:\1hbnbh.exe17⤵
- Executes dropped EXE
PID:2256 -
\??\c:\pjvdd.exec:\pjvdd.exe18⤵
- Executes dropped EXE
PID:1012 -
\??\c:\8244068.exec:\8244068.exe19⤵
- Executes dropped EXE
PID:1620 -
\??\c:\1pjjd.exec:\1pjjd.exe20⤵
- Executes dropped EXE
PID:2232 -
\??\c:\nhhnnt.exec:\nhhnnt.exe21⤵
- Executes dropped EXE
PID:1824 -
\??\c:\8202462.exec:\8202462.exe22⤵
- Executes dropped EXE
PID:2816 -
\??\c:\604022.exec:\604022.exe23⤵
- Executes dropped EXE
PID:2432 -
\??\c:\vdvpj.exec:\vdvpj.exe24⤵
- Executes dropped EXE
PID:1164 -
\??\c:\xxfllxl.exec:\xxfllxl.exe25⤵
- Executes dropped EXE
PID:1628 -
\??\c:\i484682.exec:\i484682.exe26⤵
- Executes dropped EXE
PID:3008 -
\??\c:\2028042.exec:\2028042.exe27⤵
- Executes dropped EXE
PID:1896 -
\??\c:\g0886.exec:\g0886.exe28⤵
- Executes dropped EXE
PID:2408 -
\??\c:\864604.exec:\864604.exe29⤵
- Executes dropped EXE
PID:2148 -
\??\c:\4640642.exec:\4640642.exe30⤵
- Executes dropped EXE
PID:996 -
\??\c:\042406.exec:\042406.exe31⤵
- Executes dropped EXE
PID:1604 -
\??\c:\lflflrf.exec:\lflflrf.exe32⤵
- Executes dropped EXE
PID:348 -
\??\c:\jvvvv.exec:\jvvvv.exe33⤵
- Executes dropped EXE
PID:1500 -
\??\c:\nhtbnt.exec:\nhtbnt.exe34⤵
- Executes dropped EXE
PID:2508 -
\??\c:\dvjdp.exec:\dvjdp.exe35⤵
- Executes dropped EXE
PID:2020 -
\??\c:\5xrxrrx.exec:\5xrxrrx.exe36⤵
- Executes dropped EXE
PID:2856 -
\??\c:\4802406.exec:\4802406.exe37⤵
- Executes dropped EXE
PID:2072 -
\??\c:\thttbb.exec:\thttbb.exe38⤵
- Executes dropped EXE
PID:1776 -
\??\c:\040022.exec:\040022.exe39⤵
- Executes dropped EXE
PID:2900 -
\??\c:\480682.exec:\480682.exe40⤵
- Executes dropped EXE
PID:1712 -
\??\c:\dvddp.exec:\dvddp.exe41⤵
- Executes dropped EXE
PID:2036 -
\??\c:\084026.exec:\084026.exe42⤵
- Executes dropped EXE
PID:2780 -
\??\c:\08062.exec:\08062.exe43⤵
- Executes dropped EXE
PID:2252 -
\??\c:\vvpdp.exec:\vvpdp.exe44⤵
- Executes dropped EXE
PID:2796 -
\??\c:\djpvd.exec:\djpvd.exe45⤵
- Executes dropped EXE
PID:2276 -
\??\c:\04802.exec:\04802.exe46⤵
- Executes dropped EXE
PID:2456 -
\??\c:\vvvvp.exec:\vvvvp.exe47⤵
- Executes dropped EXE
PID:2568 -
\??\c:\o860846.exec:\o860846.exe48⤵
- Executes dropped EXE
PID:2672 -
\??\c:\rflllff.exec:\rflllff.exe49⤵
- Executes dropped EXE
PID:2756 -
\??\c:\k08844.exec:\k08844.exe50⤵
- Executes dropped EXE
PID:2624 -
\??\c:\44622.exec:\44622.exe51⤵
- Executes dropped EXE
PID:2464 -
\??\c:\g4606.exec:\g4606.exe52⤵
- Executes dropped EXE
PID:2500 -
\??\c:\044840.exec:\044840.exe53⤵
- Executes dropped EXE
PID:2492 -
\??\c:\080662.exec:\080662.exe54⤵
- Executes dropped EXE
PID:2512 -
\??\c:\3xlfrxl.exec:\3xlfrxl.exe55⤵
- Executes dropped EXE
PID:356 -
\??\c:\5xllrfr.exec:\5xllrfr.exe56⤵
- Executes dropped EXE
PID:2420 -
\??\c:\64668.exec:\64668.exe57⤵
- Executes dropped EXE
PID:1848 -
\??\c:\rlflffr.exec:\rlflffr.exe58⤵
- Executes dropped EXE
PID:2748 -
\??\c:\htbhhn.exec:\htbhhn.exe59⤵
- Executes dropped EXE
PID:2552 -
\??\c:\0422046.exec:\0422046.exe60⤵
- Executes dropped EXE
PID:2260 -
\??\c:\0844066.exec:\0844066.exe61⤵
- Executes dropped EXE
PID:2352 -
\??\c:\26224.exec:\26224.exe62⤵
- Executes dropped EXE
PID:2000 -
\??\c:\3pjvd.exec:\3pjvd.exe63⤵
- Executes dropped EXE
PID:1572 -
\??\c:\88228.exec:\88228.exe64⤵
- Executes dropped EXE
PID:1864 -
\??\c:\84242.exec:\84242.exe65⤵
- Executes dropped EXE
PID:2340 -
\??\c:\48224.exec:\48224.exe66⤵PID:332
-
\??\c:\hnhntb.exec:\hnhntb.exe67⤵PID:1516
-
\??\c:\nhhtbh.exec:\nhhtbh.exe68⤵PID:2128
-
\??\c:\hbhnth.exec:\hbhnth.exe69⤵PID:1284
-
\??\c:\0406484.exec:\0406484.exe70⤵PID:2816
-
\??\c:\8646224.exec:\8646224.exe71⤵PID:796
-
\??\c:\3bhhtt.exec:\3bhhtt.exe72⤵PID:1040
-
\??\c:\86880.exec:\86880.exe73⤵PID:588
-
\??\c:\ttbhnb.exec:\ttbhnb.exe74⤵PID:1628
-
\??\c:\w64084.exec:\w64084.exe75⤵PID:1836
-
\??\c:\c240228.exec:\c240228.exe76⤵PID:3056
-
\??\c:\8246680.exec:\8246680.exe77⤵PID:3068
-
\??\c:\rfrxfxf.exec:\rfrxfxf.exe78⤵PID:3028
-
\??\c:\a0442.exec:\a0442.exe79⤵PID:1528
-
\??\c:\20840.exec:\20840.exe80⤵PID:1652
-
\??\c:\xlxrflx.exec:\xlxrflx.exe81⤵PID:1320
-
\??\c:\vpjpv.exec:\vpjpv.exe82⤵PID:1604
-
\??\c:\1jddv.exec:\1jddv.exe83⤵PID:348
-
\??\c:\260046.exec:\260046.exe84⤵PID:1800
-
\??\c:\dvjpd.exec:\dvjpd.exe85⤵PID:2028
-
\??\c:\g4602.exec:\g4602.exe86⤵PID:1068
-
\??\c:\0424662.exec:\0424662.exe87⤵PID:2788
-
\??\c:\9dvdp.exec:\9dvdp.exe88⤵PID:2016
-
\??\c:\868280.exec:\868280.exe89⤵PID:2836
-
\??\c:\7vvjp.exec:\7vvjp.exe90⤵PID:1984
-
\??\c:\rrfxffl.exec:\rrfxffl.exe91⤵PID:1596
-
\??\c:\k86244.exec:\k86244.exe92⤵PID:1292
-
\??\c:\48624.exec:\48624.exe93⤵PID:2884
-
\??\c:\rrrxxxf.exec:\rrrxxxf.exe94⤵PID:3004
-
\??\c:\bbtbnt.exec:\bbtbnt.exe95⤵PID:2600
-
\??\c:\vvjpv.exec:\vvjpv.exe96⤵PID:2976
-
\??\c:\nbtttn.exec:\nbtttn.exe97⤵PID:2168
-
\??\c:\862222.exec:\862222.exe98⤵PID:2772
-
\??\c:\86846.exec:\86846.exe99⤵PID:1724
-
\??\c:\pjddj.exec:\pjddj.exe100⤵PID:2576
-
\??\c:\a2066.exec:\a2066.exe101⤵PID:2664
-
\??\c:\3fxrffl.exec:\3fxrffl.exe102⤵PID:2624
-
\??\c:\26406.exec:\26406.exe103⤵PID:2448
-
\??\c:\0888044.exec:\0888044.exe104⤵PID:2876
-
\??\c:\68404.exec:\68404.exe105⤵PID:2516
-
\??\c:\820026.exec:\820026.exe106⤵PID:2176
-
\??\c:\1thhbt.exec:\1thhbt.exe107⤵PID:1520
-
\??\c:\k82800.exec:\k82800.exe108⤵PID:2520
-
\??\c:\rfllllr.exec:\rfllllr.exe109⤵PID:2540
-
\??\c:\64284.exec:\64284.exe110⤵PID:1816
-
\??\c:\00402.exec:\00402.exe111⤵PID:2552
-
\??\c:\djjdd.exec:\djjdd.exe112⤵PID:1656
-
\??\c:\xlxrxfl.exec:\xlxrxfl.exe113⤵PID:624
-
\??\c:\26842.exec:\26842.exe114⤵PID:1908
-
\??\c:\82406.exec:\82406.exe115⤵PID:704
-
\??\c:\bthbbb.exec:\bthbbb.exe116⤵PID:892
-
\??\c:\60284.exec:\60284.exe117⤵PID:908
-
\??\c:\640028.exec:\640028.exe118⤵PID:1348
-
\??\c:\886206.exec:\886206.exe119⤵PID:880
-
\??\c:\06686.exec:\06686.exe120⤵PID:1516
-
\??\c:\886806.exec:\886806.exe121⤵PID:540
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-