Analysis
-
max time kernel
150s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
24-05-2024 20:09
Behavioral task
behavioral1
Sample
2eb52f1de4a1e20e58b7da3ebf6358892fe2e841789681c68b1d0c369d01e0cf.exe
Resource
win7-20240508-en
windows7-x64
6 signatures
150 seconds
General
-
Target
2eb52f1de4a1e20e58b7da3ebf6358892fe2e841789681c68b1d0c369d01e0cf.exe
-
Size
351KB
-
MD5
51d6efde1fe849d030fcbfadc72015de
-
SHA1
eb63ba97f4485542128a0e73198cff2963c36df6
-
SHA256
2eb52f1de4a1e20e58b7da3ebf6358892fe2e841789681c68b1d0c369d01e0cf
-
SHA512
dc701fcbb94c69e1f53369fcd84645f3f666b53601dc311d2f11cfcc3c5d3eced4dc4583de33abc338ba8f9c2f7f89677c628d2f985053a46808e98eee954934
-
SSDEEP
6144:bcm4FmowdHoSgWrXD486jCpoAhlq1mEjBqLyOSlhNFF2C:h4wFHoSgWj168w1VjsyvhNFF2C
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/4968-6-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/628-10-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4492-16-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2792-15-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1548-26-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2880-27-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2252-37-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3360-44-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1640-49-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2068-54-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1988-64-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4020-65-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3144-74-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5096-76-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2476-80-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4212-91-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2212-99-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3604-107-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1484-112-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4536-117-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1284-123-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4600-126-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4588-134-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1604-139-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4724-145-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1292-155-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4808-159-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3136-162-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3368-163-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4852-168-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4328-175-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2864-181-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1960-183-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/700-186-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3360-204-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4632-215-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3416-220-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4028-231-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4820-234-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4168-239-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1820-246-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2316-249-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3976-261-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/776-271-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4684-290-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4336-303-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1800-312-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4996-324-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/444-325-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4608-338-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1780-353-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5116-358-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2868-382-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1148-393-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2764-413-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3872-424-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4892-438-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1464-450-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4012-484-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/232-499-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2864-521-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/436-542-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5020-570-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4296-597-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/4968-0-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000800000002342a-4.dat UPX behavioral2/memory/4968-6-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/628-10-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023431-9.dat UPX behavioral2/files/0x0007000000023432-13.dat UPX behavioral2/memory/4492-16-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2792-15-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023433-20.dat UPX behavioral2/memory/1548-21-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023434-24.dat UPX behavioral2/memory/1548-26-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2880-27-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023435-30.dat UPX behavioral2/files/0x0007000000023436-34.dat UPX behavioral2/memory/2252-37-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023437-40.dat UPX behavioral2/memory/3360-44-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023438-43.dat UPX behavioral2/files/0x0007000000023439-48.dat UPX behavioral2/memory/1640-49-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002343a-53.dat UPX behavioral2/memory/2068-54-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002343b-58.dat UPX behavioral2/files/0x000700000002343c-62.dat UPX behavioral2/memory/1988-64-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4020-65-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002343d-69.dat UPX behavioral2/memory/3144-74-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/5096-76-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002343e-73.dat UPX behavioral2/files/0x000700000002343f-78.dat UPX behavioral2/memory/2476-80-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3528-85-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023440-84.dat UPX behavioral2/files/0x0007000000023441-88.dat UPX behavioral2/memory/4212-91-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023442-93.dat UPX behavioral2/files/0x0007000000023443-97.dat UPX behavioral2/memory/2212-99-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000800000002342e-102.dat UPX behavioral2/files/0x0007000000023444-106.dat UPX behavioral2/memory/3604-107-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023445-111.dat UPX behavioral2/memory/1484-112-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023446-116.dat UPX behavioral2/memory/4536-117-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023447-121.dat UPX behavioral2/memory/1284-123-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4600-126-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023448-128.dat UPX behavioral2/files/0x0007000000023449-131.dat UPX behavioral2/files/0x000700000002344a-137.dat UPX behavioral2/memory/4588-134-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1604-139-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002344b-141.dat UPX behavioral2/files/0x000700000002344c-147.dat UPX behavioral2/memory/4724-145-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002344d-150.dat UPX behavioral2/files/0x000700000002344e-156.dat UPX behavioral2/memory/1292-155-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4808-159-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3136-162-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3368-163-0x0000000000400000-0x0000000000427000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 628 fxlfrxx.exe 2792 xllfxrl.exe 4492 5rrfrrf.exe 1548 nbbthb.exe 2880 lfrlxfx.exe 444 rflxrrl.exe 2252 pjvdp.exe 3360 3vpjv.exe 1640 rxxlxrf.exe 2068 htnhbb.exe 3396 1rffrrf.exe 1988 nhbnhb.exe 4020 xrxrfxl.exe 3144 lllfrrl.exe 5096 9jjdv.exe 2476 dppdp.exe 3528 lflxffr.exe 4212 ththbh.exe 2124 1rlxflx.exe 2212 thbnbt.exe 3604 7pjvj.exe 1484 fxxlfrl.exe 4536 ppppp.exe 1284 dvdpp.exe 4600 tbhbnh.exe 3932 bntnbt.exe 4588 fxfxxxr.exe 1604 bttnhb.exe 4724 9tbbtb.exe 4084 xfxlfrl.exe 1292 frxrllf.exe 4808 3dvjd.exe 3136 9ppdd.exe 3368 xllxlfx.exe 2388 nbhbnh.exe 4852 jdppj.exe 4336 vddpj.exe 4328 xxxlfxr.exe 1204 nhbthb.exe 4564 vvvvd.exe 2864 lflxllf.exe 1960 bnhtnh.exe 700 5tnbnn.exe 4240 vppdv.exe 2056 xxrrxfl.exe 4996 fflfrrl.exe 444 1hhtnh.exe 4908 vjdpd.exe 4544 lrxrfxr.exe 3360 xflxrlx.exe 1492 bhnnhn.exe 2932 9jjdp.exe 4780 pjpdp.exe 748 3ffxlfx.exe 4632 9bhtht.exe 4904 hhnnhb.exe 3416 vvvjv.exe 3736 xffxlfx.exe 3780 hhnnhn.exe 1828 htthnn.exe 4028 jjdvd.exe 4820 xllfxxr.exe 1932 bthbtt.exe 4168 dppjd.exe -
resource yara_rule behavioral2/memory/4968-0-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000800000002342a-4.dat upx behavioral2/memory/4968-6-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/628-10-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023431-9.dat upx behavioral2/files/0x0007000000023432-13.dat upx behavioral2/memory/4492-16-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2792-15-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023433-20.dat upx behavioral2/memory/1548-21-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023434-24.dat upx behavioral2/memory/1548-26-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2880-27-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023435-30.dat upx behavioral2/files/0x0007000000023436-34.dat upx behavioral2/memory/2252-37-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023437-40.dat upx behavioral2/memory/3360-44-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023438-43.dat upx behavioral2/files/0x0007000000023439-48.dat upx behavioral2/memory/1640-49-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002343a-53.dat upx behavioral2/memory/2068-54-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002343b-58.dat upx behavioral2/files/0x000700000002343c-62.dat upx behavioral2/memory/1988-64-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4020-65-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002343d-69.dat upx behavioral2/memory/3144-74-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/5096-76-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002343e-73.dat upx behavioral2/files/0x000700000002343f-78.dat upx behavioral2/memory/2476-80-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3528-85-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023440-84.dat upx behavioral2/files/0x0007000000023441-88.dat upx behavioral2/memory/4212-91-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023442-93.dat upx behavioral2/files/0x0007000000023443-97.dat upx behavioral2/memory/2212-99-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000800000002342e-102.dat upx behavioral2/files/0x0007000000023444-106.dat upx behavioral2/memory/3604-107-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023445-111.dat upx behavioral2/memory/1484-112-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023446-116.dat upx behavioral2/memory/4536-117-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023447-121.dat upx behavioral2/memory/1284-123-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4600-126-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023448-128.dat upx behavioral2/files/0x0007000000023449-131.dat upx behavioral2/files/0x000700000002344a-137.dat upx behavioral2/memory/4588-134-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1604-139-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002344b-141.dat upx behavioral2/files/0x000700000002344c-147.dat upx behavioral2/memory/4724-145-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002344d-150.dat upx behavioral2/files/0x000700000002344e-156.dat upx behavioral2/memory/1292-155-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4808-159-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3136-162-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3368-163-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4968 wrote to memory of 628 4968 2eb52f1de4a1e20e58b7da3ebf6358892fe2e841789681c68b1d0c369d01e0cf.exe 85 PID 4968 wrote to memory of 628 4968 2eb52f1de4a1e20e58b7da3ebf6358892fe2e841789681c68b1d0c369d01e0cf.exe 85 PID 4968 wrote to memory of 628 4968 2eb52f1de4a1e20e58b7da3ebf6358892fe2e841789681c68b1d0c369d01e0cf.exe 85 PID 628 wrote to memory of 2792 628 fxlfrxx.exe 86 PID 628 wrote to memory of 2792 628 fxlfrxx.exe 86 PID 628 wrote to memory of 2792 628 fxlfrxx.exe 86 PID 2792 wrote to memory of 4492 2792 xllfxrl.exe 87 PID 2792 wrote to memory of 4492 2792 xllfxrl.exe 87 PID 2792 wrote to memory of 4492 2792 xllfxrl.exe 87 PID 4492 wrote to memory of 1548 4492 5rrfrrf.exe 88 PID 4492 wrote to memory of 1548 4492 5rrfrrf.exe 88 PID 4492 wrote to memory of 1548 4492 5rrfrrf.exe 88 PID 1548 wrote to memory of 2880 1548 nbbthb.exe 89 PID 1548 wrote to memory of 2880 1548 nbbthb.exe 89 PID 1548 wrote to memory of 2880 1548 nbbthb.exe 89 PID 2880 wrote to memory of 444 2880 lfrlxfx.exe 90 PID 2880 wrote to memory of 444 2880 lfrlxfx.exe 90 PID 2880 wrote to memory of 444 2880 lfrlxfx.exe 90 PID 444 wrote to memory of 2252 444 rflxrrl.exe 91 PID 444 wrote to memory of 2252 444 rflxrrl.exe 91 PID 444 wrote to memory of 2252 444 rflxrrl.exe 91 PID 2252 wrote to memory of 3360 2252 pjvdp.exe 92 PID 2252 wrote to memory of 3360 2252 pjvdp.exe 92 PID 2252 wrote to memory of 3360 2252 pjvdp.exe 92 PID 3360 wrote to memory of 1640 3360 3vpjv.exe 94 PID 3360 wrote to memory of 1640 3360 3vpjv.exe 94 PID 3360 wrote to memory of 1640 3360 3vpjv.exe 94 PID 1640 wrote to memory of 2068 1640 rxxlxrf.exe 95 PID 1640 wrote to memory of 2068 1640 rxxlxrf.exe 95 PID 1640 wrote to memory of 2068 1640 rxxlxrf.exe 95 PID 2068 wrote to memory of 3396 2068 htnhbb.exe 96 PID 2068 wrote to memory of 3396 2068 htnhbb.exe 96 PID 2068 wrote to memory of 3396 2068 htnhbb.exe 96 PID 3396 wrote to memory of 1988 3396 1rffrrf.exe 98 PID 3396 wrote to memory of 1988 3396 1rffrrf.exe 98 PID 3396 wrote to memory of 1988 3396 1rffrrf.exe 98 PID 1988 wrote to memory of 4020 1988 nhbnhb.exe 99 PID 1988 wrote to memory of 4020 1988 nhbnhb.exe 99 PID 1988 wrote to memory of 4020 1988 nhbnhb.exe 99 PID 4020 wrote to memory of 3144 4020 xrxrfxl.exe 100 PID 4020 wrote to memory of 3144 4020 xrxrfxl.exe 100 PID 4020 wrote to memory of 3144 4020 xrxrfxl.exe 100 PID 3144 wrote to memory of 5096 3144 lllfrrl.exe 102 PID 3144 wrote to memory of 5096 3144 lllfrrl.exe 102 PID 3144 wrote to memory of 5096 3144 lllfrrl.exe 102 PID 5096 wrote to memory of 2476 5096 9jjdv.exe 103 PID 5096 wrote to memory of 2476 5096 9jjdv.exe 103 PID 5096 wrote to memory of 2476 5096 9jjdv.exe 103 PID 2476 wrote to memory of 3528 2476 dppdp.exe 104 PID 2476 wrote to memory of 3528 2476 dppdp.exe 104 PID 2476 wrote to memory of 3528 2476 dppdp.exe 104 PID 3528 wrote to memory of 4212 3528 lflxffr.exe 105 PID 3528 wrote to memory of 4212 3528 lflxffr.exe 105 PID 3528 wrote to memory of 4212 3528 lflxffr.exe 105 PID 4212 wrote to memory of 2124 4212 ththbh.exe 107 PID 4212 wrote to memory of 2124 4212 ththbh.exe 107 PID 4212 wrote to memory of 2124 4212 ththbh.exe 107 PID 2124 wrote to memory of 2212 2124 1rlxflx.exe 108 PID 2124 wrote to memory of 2212 2124 1rlxflx.exe 108 PID 2124 wrote to memory of 2212 2124 1rlxflx.exe 108 PID 2212 wrote to memory of 3604 2212 thbnbt.exe 109 PID 2212 wrote to memory of 3604 2212 thbnbt.exe 109 PID 2212 wrote to memory of 3604 2212 thbnbt.exe 109 PID 3604 wrote to memory of 1484 3604 7pjvj.exe 110
Processes
-
C:\Users\Admin\AppData\Local\Temp\2eb52f1de4a1e20e58b7da3ebf6358892fe2e841789681c68b1d0c369d01e0cf.exe"C:\Users\Admin\AppData\Local\Temp\2eb52f1de4a1e20e58b7da3ebf6358892fe2e841789681c68b1d0c369d01e0cf.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4968 -
\??\c:\fxlfrxx.exec:\fxlfrxx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:628 -
\??\c:\xllfxrl.exec:\xllfxrl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2792 -
\??\c:\5rrfrrf.exec:\5rrfrrf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4492 -
\??\c:\nbbthb.exec:\nbbthb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1548 -
\??\c:\lfrlxfx.exec:\lfrlxfx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2880 -
\??\c:\rflxrrl.exec:\rflxrrl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:444 -
\??\c:\pjvdp.exec:\pjvdp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2252 -
\??\c:\3vpjv.exec:\3vpjv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3360 -
\??\c:\rxxlxrf.exec:\rxxlxrf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1640 -
\??\c:\htnhbb.exec:\htnhbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2068 -
\??\c:\1rffrrf.exec:\1rffrrf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3396 -
\??\c:\nhbnhb.exec:\nhbnhb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1988 -
\??\c:\xrxrfxl.exec:\xrxrfxl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4020 -
\??\c:\lllfrrl.exec:\lllfrrl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3144 -
\??\c:\9jjdv.exec:\9jjdv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5096 -
\??\c:\dppdp.exec:\dppdp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2476 -
\??\c:\lflxffr.exec:\lflxffr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3528 -
\??\c:\ththbh.exec:\ththbh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4212 -
\??\c:\1rlxflx.exec:\1rlxflx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2124 -
\??\c:\thbnbt.exec:\thbnbt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2212 -
\??\c:\7pjvj.exec:\7pjvj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3604 -
\??\c:\fxxlfrl.exec:\fxxlfrl.exe23⤵
- Executes dropped EXE
PID:1484 -
\??\c:\ppppp.exec:\ppppp.exe24⤵
- Executes dropped EXE
PID:4536 -
\??\c:\dvdpp.exec:\dvdpp.exe25⤵
- Executes dropped EXE
PID:1284 -
\??\c:\tbhbnh.exec:\tbhbnh.exe26⤵
- Executes dropped EXE
PID:4600 -
\??\c:\bntnbt.exec:\bntnbt.exe27⤵
- Executes dropped EXE
PID:3932 -
\??\c:\fxfxxxr.exec:\fxfxxxr.exe28⤵
- Executes dropped EXE
PID:4588 -
\??\c:\bttnhb.exec:\bttnhb.exe29⤵
- Executes dropped EXE
PID:1604 -
\??\c:\9tbbtb.exec:\9tbbtb.exe30⤵
- Executes dropped EXE
PID:4724 -
\??\c:\xfxlfrl.exec:\xfxlfrl.exe31⤵
- Executes dropped EXE
PID:4084 -
\??\c:\frxrllf.exec:\frxrllf.exe32⤵
- Executes dropped EXE
PID:1292 -
\??\c:\3dvjd.exec:\3dvjd.exe33⤵
- Executes dropped EXE
PID:4808 -
\??\c:\9ppdd.exec:\9ppdd.exe34⤵
- Executes dropped EXE
PID:3136 -
\??\c:\xllxlfx.exec:\xllxlfx.exe35⤵
- Executes dropped EXE
PID:3368 -
\??\c:\nbhbnh.exec:\nbhbnh.exe36⤵
- Executes dropped EXE
PID:2388 -
\??\c:\jdppj.exec:\jdppj.exe37⤵
- Executes dropped EXE
PID:4852 -
\??\c:\vddpj.exec:\vddpj.exe38⤵
- Executes dropped EXE
PID:4336 -
\??\c:\xxxlfxr.exec:\xxxlfxr.exe39⤵
- Executes dropped EXE
PID:4328 -
\??\c:\nhbthb.exec:\nhbthb.exe40⤵
- Executes dropped EXE
PID:1204 -
\??\c:\vvvvd.exec:\vvvvd.exe41⤵
- Executes dropped EXE
PID:4564 -
\??\c:\lflxllf.exec:\lflxllf.exe42⤵
- Executes dropped EXE
PID:2864 -
\??\c:\bnhtnh.exec:\bnhtnh.exe43⤵
- Executes dropped EXE
PID:1960 -
\??\c:\5tnbnn.exec:\5tnbnn.exe44⤵
- Executes dropped EXE
PID:700 -
\??\c:\vppdv.exec:\vppdv.exe45⤵
- Executes dropped EXE
PID:4240 -
\??\c:\xxrrxfl.exec:\xxrrxfl.exe46⤵
- Executes dropped EXE
PID:2056 -
\??\c:\fflfrrl.exec:\fflfrrl.exe47⤵
- Executes dropped EXE
PID:4996 -
\??\c:\1hhtnh.exec:\1hhtnh.exe48⤵
- Executes dropped EXE
PID:444 -
\??\c:\vjdpd.exec:\vjdpd.exe49⤵
- Executes dropped EXE
PID:4908 -
\??\c:\lrxrfxr.exec:\lrxrfxr.exe50⤵
- Executes dropped EXE
PID:4544 -
\??\c:\xflxrlx.exec:\xflxrlx.exe51⤵
- Executes dropped EXE
PID:3360 -
\??\c:\bhnnhn.exec:\bhnnhn.exe52⤵
- Executes dropped EXE
PID:1492 -
\??\c:\9jjdp.exec:\9jjdp.exe53⤵
- Executes dropped EXE
PID:2932 -
\??\c:\pjpdp.exec:\pjpdp.exe54⤵
- Executes dropped EXE
PID:4780 -
\??\c:\3ffxlfx.exec:\3ffxlfx.exe55⤵
- Executes dropped EXE
PID:748 -
\??\c:\9bhtht.exec:\9bhtht.exe56⤵
- Executes dropped EXE
PID:4632 -
\??\c:\hhnnhb.exec:\hhnnhb.exe57⤵
- Executes dropped EXE
PID:4904 -
\??\c:\vvvjv.exec:\vvvjv.exe58⤵
- Executes dropped EXE
PID:3416 -
\??\c:\xffxlfx.exec:\xffxlfx.exe59⤵
- Executes dropped EXE
PID:3736 -
\??\c:\hhnnhn.exec:\hhnnhn.exe60⤵
- Executes dropped EXE
PID:3780 -
\??\c:\htthnn.exec:\htthnn.exe61⤵
- Executes dropped EXE
PID:1828 -
\??\c:\jjdvd.exec:\jjdvd.exe62⤵
- Executes dropped EXE
PID:4028 -
\??\c:\xllfxxr.exec:\xllfxxr.exe63⤵
- Executes dropped EXE
PID:4820 -
\??\c:\bthbtt.exec:\bthbtt.exe64⤵
- Executes dropped EXE
PID:1932 -
\??\c:\dppjd.exec:\dppjd.exe65⤵
- Executes dropped EXE
PID:4168 -
\??\c:\9vdvd.exec:\9vdvd.exe66⤵PID:1468
-
\??\c:\9xfffff.exec:\9xfffff.exe67⤵PID:1456
-
\??\c:\5nthtn.exec:\5nthtn.exe68⤵PID:1820
-
\??\c:\9hbttt.exec:\9hbttt.exe69⤵PID:2316
-
\??\c:\vvjvp.exec:\vvjvp.exe70⤵PID:3216
-
\??\c:\lrrrllr.exec:\lrrrllr.exe71⤵PID:336
-
\??\c:\9lllfff.exec:\9lllfff.exe72⤵PID:4920
-
\??\c:\nttnhh.exec:\nttnhh.exe73⤵PID:5008
-
\??\c:\pdjdv.exec:\pdjdv.exe74⤵PID:3976
-
\??\c:\xxlflrx.exec:\xxlflrx.exe75⤵PID:1976
-
\??\c:\5hbhth.exec:\5hbhth.exe76⤵PID:2364
-
\??\c:\htbhhn.exec:\htbhhn.exe77⤵PID:3432
-
\??\c:\pvdvp.exec:\pvdvp.exe78⤵PID:776
-
\??\c:\pppjv.exec:\pppjv.exe79⤵PID:1148
-
\??\c:\llfxrrl.exec:\llfxrrl.exe80⤵PID:440
-
\??\c:\1nbtbb.exec:\1nbtbb.exe81⤵PID:2980
-
\??\c:\vvvdd.exec:\vvvdd.exe82⤵PID:232
-
\??\c:\pdvpj.exec:\pdvpj.exe83⤵PID:2108
-
\??\c:\xxfxfff.exec:\xxfxfff.exe84⤵PID:4084
-
\??\c:\hhhbbt.exec:\hhhbbt.exe85⤵PID:1572
-
\??\c:\nbhbnn.exec:\nbhbnn.exe86⤵PID:4684
-
\??\c:\dpvpp.exec:\dpvpp.exe87⤵PID:3060
-
\??\c:\dvvpp.exec:\dvvpp.exe88⤵PID:2832
-
\??\c:\xrfxxxx.exec:\xrfxxxx.exe89⤵PID:3368
-
\??\c:\3bhbbb.exec:\3bhbbb.exe90⤵PID:2388
-
\??\c:\vvdvv.exec:\vvdvv.exe91⤵PID:1296
-
\??\c:\vvddd.exec:\vvddd.exe92⤵PID:4336
-
\??\c:\rrlfxrf.exec:\rrlfxrf.exe93⤵PID:4328
-
\??\c:\3rllfll.exec:\3rllfll.exe94⤵PID:4864
-
\??\c:\thnhhh.exec:\thnhhh.exe95⤵PID:5040
-
\??\c:\htbtnb.exec:\htbtnb.exe96⤵PID:3960
-
\??\c:\vppdj.exec:\vppdj.exe97⤵PID:1800
-
\??\c:\xlflrlr.exec:\xlflrlr.exe98⤵PID:4988
-
\??\c:\flrrlff.exec:\flrrlff.exe99⤵PID:4240
-
\??\c:\nhnhbb.exec:\nhnhbb.exe100⤵PID:2880
-
\??\c:\jdjdv.exec:\jdjdv.exe101⤵PID:4996
-
\??\c:\djdvp.exec:\djdvp.exe102⤵PID:444
-
\??\c:\jjvjd.exec:\jjvjd.exe103⤵PID:4932
-
\??\c:\5fxrllf.exec:\5fxrllf.exe104⤵PID:2672
-
\??\c:\hbhntt.exec:\hbhntt.exe105⤵PID:3360
-
\??\c:\jdjjv.exec:\jdjjv.exe106⤵PID:4004
-
\??\c:\lxxxrrl.exec:\lxxxrrl.exe107⤵PID:4608
-
\??\c:\rxffxxr.exec:\rxffxxr.exe108⤵PID:4108
-
\??\c:\bnhbtn.exec:\bnhbtn.exe109⤵PID:4380
-
\??\c:\jjjdd.exec:\jjjdd.exe110⤵PID:4696
-
\??\c:\3flfrrr.exec:\3flfrrr.exe111⤵PID:1464
-
\??\c:\fxfxfff.exec:\fxfxfff.exe112⤵PID:4020
-
\??\c:\nhbtbb.exec:\nhbtbb.exe113⤵PID:2592
-
\??\c:\thhbtn.exec:\thhbtn.exe114⤵PID:1780
-
\??\c:\jdpjp.exec:\jdpjp.exe115⤵PID:1948
-
\??\c:\xfrrlll.exec:\xfrrlll.exe116⤵PID:5116
-
\??\c:\rrxrrfx.exec:\rrxrrfx.exe117⤵PID:4232
-
\??\c:\1tnnhh.exec:\1tnnhh.exe118⤵PID:4168
-
\??\c:\bhbttn.exec:\bhbttn.exe119⤵PID:4124
-
\??\c:\9ppvp.exec:\9ppvp.exe120⤵PID:744
-
\??\c:\7dvdv.exec:\7dvdv.exe121⤵PID:4584
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-