Analysis
-
max time kernel
150s -
max time network
113s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
25/05/2024, 23:24
Behavioral task
behavioral1
Sample
75dfa16ae1283525daec95ad94425c428c094876652e4ef0b5fda837171f81a8.exe
Resource
win7-20240215-en
windows7-x64
6 signatures
150 seconds
General
-
Target
75dfa16ae1283525daec95ad94425c428c094876652e4ef0b5fda837171f81a8.exe
-
Size
122KB
-
MD5
476137f02f36a53cc65ab150dee8d90a
-
SHA1
ede7022930c3bc43da8d2c2e1b0acb41f9f438b3
-
SHA256
75dfa16ae1283525daec95ad94425c428c094876652e4ef0b5fda837171f81a8
-
SHA512
776af485fd15d7a113f51b1a517d503069000ab2d0adeaba1cfc7bfc417539c89fb03975b96e6d7777519d1d2e01315f0a56625f1f47be3c902f5f7855b4bc45
-
SSDEEP
3072:9hOmTsF93UYfwC6GIoutz5yLpcka62c+8+dRN1X:9cm4FmowdHoSZ6lCXr
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/4848-6-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2656-14-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/224-15-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/452-23-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2476-29-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1964-33-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4216-38-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2972-50-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1972-64-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5032-70-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3188-83-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3768-92-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1496-98-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/464-109-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2360-116-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2164-121-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2984-132-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4284-135-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2704-150-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2704-155-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4276-160-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3572-169-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3748-170-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4416-181-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4984-195-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2068-200-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5112-204-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2356-207-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4572-214-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4608-220-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3096-223-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1776-227-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1620-233-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3052-240-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1032-244-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4592-248-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1304-255-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2268-263-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4428-269-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3236-277-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1328-294-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4604-303-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3680-321-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4836-330-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2620-334-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4660-346-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3748-352-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4080-359-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2604-362-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/8-421-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1952-440-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4476-451-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4636-452-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2112-486-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4352-488-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/836-508-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1524-553-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/740-574-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3128-616-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4804-638-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3572-645-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4776-656-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1812-671-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1224-682-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/4848-0-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0008000000022f51-3.dat UPX behavioral2/memory/4848-6-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2656-7-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2656-14-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023414-17.dat UPX behavioral2/memory/224-15-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023413-11.dat UPX behavioral2/memory/452-23-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023415-24.dat UPX behavioral2/memory/2476-29-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023416-30.dat UPX behavioral2/memory/1964-33-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023417-36.dat UPX behavioral2/memory/4216-38-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023418-42.dat UPX behavioral2/files/0x0007000000023419-46.dat UPX behavioral2/memory/2972-50-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002341a-54.dat UPX behavioral2/files/0x000700000002341b-57.dat UPX behavioral2/files/0x000700000002341c-62.dat UPX behavioral2/memory/1972-64-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002341d-68.dat UPX behavioral2/memory/5032-70-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002341e-74.dat UPX behavioral2/files/0x000700000002341f-80.dat UPX behavioral2/memory/3188-83-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023420-85.dat UPX behavioral2/files/0x0007000000023421-90.dat UPX behavioral2/memory/3768-92-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023422-99.dat UPX behavioral2/memory/1496-98-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023423-104.dat UPX behavioral2/files/0x0007000000023424-107.dat UPX behavioral2/memory/464-109-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2360-111-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023425-117.dat UPX behavioral2/memory/2360-116-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023426-120.dat UPX behavioral2/memory/2164-121-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023427-126.dat UPX behavioral2/files/0x0007000000023428-130.dat UPX behavioral2/memory/2984-132-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023429-137.dat UPX behavioral2/memory/4284-135-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002342a-142.dat UPX behavioral2/files/0x000700000002342b-147.dat UPX behavioral2/memory/2704-150-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002342c-153.dat UPX behavioral2/memory/4276-157-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2704-155-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002342d-161.dat UPX behavioral2/memory/4276-160-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3572-169-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002342f-173.dat UPX behavioral2/memory/3748-170-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002342e-166.dat UPX behavioral2/files/0x0007000000023430-178.dat UPX behavioral2/memory/4416-181-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023431-183.dat UPX behavioral2/memory/4984-195-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2068-200-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/5112-204-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2356-207-0x0000000000400000-0x0000000000427000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 2656 djpvj.exe 224 nbnnhn.exe 452 nhhhhn.exe 2476 rlffxxf.exe 1964 hhhbbt.exe 4216 3pvvp.exe 1392 rflxxxx.exe 2972 nbbbtb.exe 3724 dpjpp.exe 1972 ppppj.exe 5032 llflllr.exe 2504 nntbnn.exe 2884 1vpdp.exe 3188 7xfxxxx.exe 3768 nbbbbb.exe 1496 vpdvv.exe 444 rxffrrr.exe 464 bnbbtn.exe 2360 9jvpv.exe 2164 7rrrrrr.exe 3604 nhnbbb.exe 2984 jjddj.exe 4284 xxflffx.exe 524 rflffff.exe 3088 hhtthn.exe 2704 vpddd.exe 4276 vdjdv.exe 3572 ntnhht.exe 3748 tbbbtt.exe 3356 vjpjj.exe 4416 xxxrrrl.exe 3808 hbtnhh.exe 4600 vjpvp.exe 4984 djpvv.exe 2068 xlxrxfx.exe 2328 thntbb.exe 5112 vpddd.exe 2356 jddvp.exe 4572 xxrlfxl.exe 4712 bnbbhh.exe 4608 nbbhhh.exe 3096 vpjpj.exe 1776 7jpvv.exe 1620 jpdjv.exe 1524 9xfflrr.exe 3052 tthbhh.exe 1032 jddjv.exe 4592 dvjjj.exe 532 xrxrrrr.exe 4816 7tttnn.exe 1304 ppvdj.exe 4676 vvddd.exe 2268 rfrxllx.exe 4428 rfffxrl.exe 1676 3nhhhb.exe 3236 ddpjj.exe 4584 vjjjj.exe 1060 fxxxxll.exe 4636 fflrrxx.exe 4596 nbhhhh.exe 812 3hnntb.exe 1328 jvddd.exe 1100 pvvpp.exe 4604 xfxflrx.exe -
resource yara_rule behavioral2/memory/4848-0-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0008000000022f51-3.dat upx behavioral2/memory/4848-6-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2656-7-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2656-14-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023414-17.dat upx behavioral2/memory/224-15-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023413-11.dat upx behavioral2/memory/452-23-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023415-24.dat upx behavioral2/memory/2476-29-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023416-30.dat upx behavioral2/memory/1964-33-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023417-36.dat upx behavioral2/memory/4216-38-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023418-42.dat upx behavioral2/files/0x0007000000023419-46.dat upx behavioral2/memory/2972-50-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002341a-54.dat upx behavioral2/files/0x000700000002341b-57.dat upx behavioral2/files/0x000700000002341c-62.dat upx behavioral2/memory/1972-64-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002341d-68.dat upx behavioral2/memory/5032-70-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002341e-74.dat upx behavioral2/files/0x000700000002341f-80.dat upx behavioral2/memory/3188-83-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023420-85.dat upx behavioral2/files/0x0007000000023421-90.dat upx behavioral2/memory/3768-92-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023422-99.dat upx behavioral2/memory/1496-98-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023423-104.dat upx behavioral2/files/0x0007000000023424-107.dat upx behavioral2/memory/464-109-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2360-111-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023425-117.dat upx behavioral2/memory/2360-116-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023426-120.dat upx behavioral2/memory/2164-121-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023427-126.dat upx behavioral2/files/0x0007000000023428-130.dat upx behavioral2/memory/2984-132-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023429-137.dat upx behavioral2/memory/4284-135-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002342a-142.dat upx behavioral2/files/0x000700000002342b-147.dat upx behavioral2/memory/2704-150-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002342c-153.dat upx behavioral2/memory/4276-157-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2704-155-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002342d-161.dat upx behavioral2/memory/4276-160-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3572-169-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002342f-173.dat upx behavioral2/memory/3748-170-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002342e-166.dat upx behavioral2/files/0x0007000000023430-178.dat upx behavioral2/memory/4416-181-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023431-183.dat upx behavioral2/memory/4984-195-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2068-200-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/5112-204-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2356-207-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4848 wrote to memory of 2656 4848 75dfa16ae1283525daec95ad94425c428c094876652e4ef0b5fda837171f81a8.exe 83 PID 4848 wrote to memory of 2656 4848 75dfa16ae1283525daec95ad94425c428c094876652e4ef0b5fda837171f81a8.exe 83 PID 4848 wrote to memory of 2656 4848 75dfa16ae1283525daec95ad94425c428c094876652e4ef0b5fda837171f81a8.exe 83 PID 2656 wrote to memory of 224 2656 djpvj.exe 84 PID 2656 wrote to memory of 224 2656 djpvj.exe 84 PID 2656 wrote to memory of 224 2656 djpvj.exe 84 PID 224 wrote to memory of 452 224 nbnnhn.exe 85 PID 224 wrote to memory of 452 224 nbnnhn.exe 85 PID 224 wrote to memory of 452 224 nbnnhn.exe 85 PID 452 wrote to memory of 2476 452 nhhhhn.exe 86 PID 452 wrote to memory of 2476 452 nhhhhn.exe 86 PID 452 wrote to memory of 2476 452 nhhhhn.exe 86 PID 2476 wrote to memory of 1964 2476 rlffxxf.exe 87 PID 2476 wrote to memory of 1964 2476 rlffxxf.exe 87 PID 2476 wrote to memory of 1964 2476 rlffxxf.exe 87 PID 1964 wrote to memory of 4216 1964 hhhbbt.exe 88 PID 1964 wrote to memory of 4216 1964 hhhbbt.exe 88 PID 1964 wrote to memory of 4216 1964 hhhbbt.exe 88 PID 4216 wrote to memory of 1392 4216 3pvvp.exe 89 PID 4216 wrote to memory of 1392 4216 3pvvp.exe 89 PID 4216 wrote to memory of 1392 4216 3pvvp.exe 89 PID 1392 wrote to memory of 2972 1392 rflxxxx.exe 90 PID 1392 wrote to memory of 2972 1392 rflxxxx.exe 90 PID 1392 wrote to memory of 2972 1392 rflxxxx.exe 90 PID 2972 wrote to memory of 3724 2972 nbbbtb.exe 91 PID 2972 wrote to memory of 3724 2972 nbbbtb.exe 91 PID 2972 wrote to memory of 3724 2972 nbbbtb.exe 91 PID 3724 wrote to memory of 1972 3724 dpjpp.exe 92 PID 3724 wrote to memory of 1972 3724 dpjpp.exe 92 PID 3724 wrote to memory of 1972 3724 dpjpp.exe 92 PID 1972 wrote to memory of 5032 1972 ppppj.exe 94 PID 1972 wrote to memory of 5032 1972 ppppj.exe 94 PID 1972 wrote to memory of 5032 1972 ppppj.exe 94 PID 5032 wrote to memory of 2504 5032 llflllr.exe 95 PID 5032 wrote to memory of 2504 5032 llflllr.exe 95 PID 5032 wrote to memory of 2504 5032 llflllr.exe 95 PID 2504 wrote to memory of 2884 2504 nntbnn.exe 96 PID 2504 wrote to memory of 2884 2504 nntbnn.exe 96 PID 2504 wrote to memory of 2884 2504 nntbnn.exe 96 PID 2884 wrote to memory of 3188 2884 1vpdp.exe 97 PID 2884 wrote to memory of 3188 2884 1vpdp.exe 97 PID 2884 wrote to memory of 3188 2884 1vpdp.exe 97 PID 3188 wrote to memory of 3768 3188 7xfxxxx.exe 98 PID 3188 wrote to memory of 3768 3188 7xfxxxx.exe 98 PID 3188 wrote to memory of 3768 3188 7xfxxxx.exe 98 PID 3768 wrote to memory of 1496 3768 nbbbbb.exe 99 PID 3768 wrote to memory of 1496 3768 nbbbbb.exe 99 PID 3768 wrote to memory of 1496 3768 nbbbbb.exe 99 PID 1496 wrote to memory of 444 1496 vpdvv.exe 100 PID 1496 wrote to memory of 444 1496 vpdvv.exe 100 PID 1496 wrote to memory of 444 1496 vpdvv.exe 100 PID 444 wrote to memory of 464 444 rxffrrr.exe 101 PID 444 wrote to memory of 464 444 rxffrrr.exe 101 PID 444 wrote to memory of 464 444 rxffrrr.exe 101 PID 464 wrote to memory of 2360 464 bnbbtn.exe 102 PID 464 wrote to memory of 2360 464 bnbbtn.exe 102 PID 464 wrote to memory of 2360 464 bnbbtn.exe 102 PID 2360 wrote to memory of 2164 2360 9jvpv.exe 103 PID 2360 wrote to memory of 2164 2360 9jvpv.exe 103 PID 2360 wrote to memory of 2164 2360 9jvpv.exe 103 PID 2164 wrote to memory of 3604 2164 7rrrrrr.exe 104 PID 2164 wrote to memory of 3604 2164 7rrrrrr.exe 104 PID 2164 wrote to memory of 3604 2164 7rrrrrr.exe 104 PID 3604 wrote to memory of 2984 3604 nhnbbb.exe 105
Processes
-
C:\Users\Admin\AppData\Local\Temp\75dfa16ae1283525daec95ad94425c428c094876652e4ef0b5fda837171f81a8.exe"C:\Users\Admin\AppData\Local\Temp\75dfa16ae1283525daec95ad94425c428c094876652e4ef0b5fda837171f81a8.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4848 -
\??\c:\djpvj.exec:\djpvj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2656 -
\??\c:\nbnnhn.exec:\nbnnhn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:224 -
\??\c:\nhhhhn.exec:\nhhhhn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:452 -
\??\c:\rlffxxf.exec:\rlffxxf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2476 -
\??\c:\hhhbbt.exec:\hhhbbt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1964 -
\??\c:\3pvvp.exec:\3pvvp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4216 -
\??\c:\rflxxxx.exec:\rflxxxx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1392 -
\??\c:\nbbbtb.exec:\nbbbtb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2972 -
\??\c:\dpjpp.exec:\dpjpp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3724 -
\??\c:\ppppj.exec:\ppppj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1972 -
\??\c:\llflllr.exec:\llflllr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5032 -
\??\c:\nntbnn.exec:\nntbnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2504 -
\??\c:\1vpdp.exec:\1vpdp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2884 -
\??\c:\7xfxxxx.exec:\7xfxxxx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3188 -
\??\c:\nbbbbb.exec:\nbbbbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3768 -
\??\c:\vpdvv.exec:\vpdvv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1496 -
\??\c:\rxffrrr.exec:\rxffrrr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:444 -
\??\c:\bnbbtn.exec:\bnbbtn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:464 -
\??\c:\9jvpv.exec:\9jvpv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2360 -
\??\c:\7rrrrrr.exec:\7rrrrrr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2164 -
\??\c:\nhnbbb.exec:\nhnbbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3604 -
\??\c:\jjddj.exec:\jjddj.exe23⤵
- Executes dropped EXE
PID:2984 -
\??\c:\xxflffx.exec:\xxflffx.exe24⤵
- Executes dropped EXE
PID:4284 -
\??\c:\rflffff.exec:\rflffff.exe25⤵
- Executes dropped EXE
PID:524 -
\??\c:\hhtthn.exec:\hhtthn.exe26⤵
- Executes dropped EXE
PID:3088 -
\??\c:\vpddd.exec:\vpddd.exe27⤵
- Executes dropped EXE
PID:2704 -
\??\c:\vdjdv.exec:\vdjdv.exe28⤵
- Executes dropped EXE
PID:4276 -
\??\c:\ntnhht.exec:\ntnhht.exe29⤵
- Executes dropped EXE
PID:3572 -
\??\c:\tbbbtt.exec:\tbbbtt.exe30⤵
- Executes dropped EXE
PID:3748 -
\??\c:\vjpjj.exec:\vjpjj.exe31⤵
- Executes dropped EXE
PID:3356 -
\??\c:\xxxrrrl.exec:\xxxrrrl.exe32⤵
- Executes dropped EXE
PID:4416 -
\??\c:\hbtnhh.exec:\hbtnhh.exe33⤵
- Executes dropped EXE
PID:3808 -
\??\c:\vjpvp.exec:\vjpvp.exe34⤵
- Executes dropped EXE
PID:4600 -
\??\c:\djpvv.exec:\djpvv.exe35⤵
- Executes dropped EXE
PID:4984 -
\??\c:\xlxrxfx.exec:\xlxrxfx.exe36⤵
- Executes dropped EXE
PID:2068 -
\??\c:\thntbb.exec:\thntbb.exe37⤵
- Executes dropped EXE
PID:2328 -
\??\c:\vpddd.exec:\vpddd.exe38⤵
- Executes dropped EXE
PID:5112 -
\??\c:\jddvp.exec:\jddvp.exe39⤵
- Executes dropped EXE
PID:2356 -
\??\c:\xxrlfxl.exec:\xxrlfxl.exe40⤵
- Executes dropped EXE
PID:4572 -
\??\c:\bnbbhh.exec:\bnbbhh.exe41⤵
- Executes dropped EXE
PID:4712 -
\??\c:\nbbhhh.exec:\nbbhhh.exe42⤵
- Executes dropped EXE
PID:4608 -
\??\c:\vpjpj.exec:\vpjpj.exe43⤵
- Executes dropped EXE
PID:3096 -
\??\c:\7jpvv.exec:\7jpvv.exe44⤵
- Executes dropped EXE
PID:1776 -
\??\c:\jpdjv.exec:\jpdjv.exe45⤵
- Executes dropped EXE
PID:1620 -
\??\c:\9xfflrr.exec:\9xfflrr.exe46⤵
- Executes dropped EXE
PID:1524 -
\??\c:\tthbhh.exec:\tthbhh.exe47⤵
- Executes dropped EXE
PID:3052 -
\??\c:\jddjv.exec:\jddjv.exe48⤵
- Executes dropped EXE
PID:1032 -
\??\c:\dvjjj.exec:\dvjjj.exe49⤵
- Executes dropped EXE
PID:4592 -
\??\c:\xrxrrrr.exec:\xrxrrrr.exe50⤵
- Executes dropped EXE
PID:532 -
\??\c:\7tttnn.exec:\7tttnn.exe51⤵
- Executes dropped EXE
PID:4816 -
\??\c:\ppvdj.exec:\ppvdj.exe52⤵
- Executes dropped EXE
PID:1304 -
\??\c:\vvddd.exec:\vvddd.exe53⤵
- Executes dropped EXE
PID:4676 -
\??\c:\rfrxllx.exec:\rfrxllx.exe54⤵
- Executes dropped EXE
PID:2268 -
\??\c:\rfffxrl.exec:\rfffxrl.exe55⤵
- Executes dropped EXE
PID:4428 -
\??\c:\3nhhhb.exec:\3nhhhb.exe56⤵
- Executes dropped EXE
PID:1676 -
\??\c:\ddpjj.exec:\ddpjj.exe57⤵
- Executes dropped EXE
PID:3236 -
\??\c:\vjjjj.exec:\vjjjj.exe58⤵
- Executes dropped EXE
PID:4584 -
\??\c:\fxxxxll.exec:\fxxxxll.exe59⤵
- Executes dropped EXE
PID:1060 -
\??\c:\fflrrxx.exec:\fflrrxx.exe60⤵
- Executes dropped EXE
PID:4636 -
\??\c:\nbhhhh.exec:\nbhhhh.exe61⤵
- Executes dropped EXE
PID:4596 -
\??\c:\3hnntb.exec:\3hnntb.exe62⤵
- Executes dropped EXE
PID:812 -
\??\c:\jvddd.exec:\jvddd.exe63⤵
- Executes dropped EXE
PID:1328 -
\??\c:\pvvpp.exec:\pvvpp.exe64⤵
- Executes dropped EXE
PID:1100 -
\??\c:\xfxflrx.exec:\xfxflrx.exe65⤵
- Executes dropped EXE
PID:4604 -
\??\c:\bhttth.exec:\bhttth.exe66⤵PID:1204
-
\??\c:\djvdj.exec:\djvdj.exe67⤵PID:2164
-
\??\c:\vpjpv.exec:\vpjpv.exe68⤵PID:3660
-
\??\c:\9xllllr.exec:\9xllllr.exe69⤵PID:2332
-
\??\c:\xxxffll.exec:\xxxffll.exe70⤵PID:2216
-
\??\c:\rrrrrxx.exec:\rrrrrxx.exe71⤵PID:3680
-
\??\c:\nnbttt.exec:\nnbttt.exe72⤵PID:3616
-
\??\c:\bbbbhh.exec:\bbbbhh.exe73⤵PID:4836
-
\??\c:\9pdvd.exec:\9pdvd.exe74⤵PID:2620
-
\??\c:\xlxrrff.exec:\xlxrrff.exe75⤵PID:1680
-
\??\c:\frfllrx.exec:\frfllrx.exe76⤵PID:2280
-
\??\c:\ttbtnb.exec:\ttbtnb.exe77⤵PID:3996
-
\??\c:\tnbbhn.exec:\tnbbhn.exe78⤵PID:4660
-
\??\c:\vdjdj.exec:\vdjdj.exe79⤵PID:3748
-
\??\c:\djddd.exec:\djddd.exe80⤵PID:60
-
\??\c:\rlrllxl.exec:\rlrllxl.exe81⤵PID:4080
-
\??\c:\tbtnnt.exec:\tbtnnt.exe82⤵PID:2604
-
\??\c:\jdjpp.exec:\jdjpp.exe83⤵PID:4196
-
\??\c:\3pddd.exec:\3pddd.exe84⤵PID:1016
-
\??\c:\rrrxrxf.exec:\rrrxrxf.exe85⤵PID:404
-
\??\c:\xrrxlxx.exec:\xrrxlxx.exe86⤵PID:4072
-
\??\c:\bnntnh.exec:\bnntnh.exe87⤵PID:228
-
\??\c:\hnttbb.exec:\hnttbb.exe88⤵PID:4232
-
\??\c:\dddjj.exec:\dddjj.exe89⤵PID:1604
-
\??\c:\vvjjj.exec:\vvjjj.exe90⤵PID:4408
-
\??\c:\fxxllrx.exec:\fxxllrx.exe91⤵PID:4384
-
\??\c:\nhtbhh.exec:\nhtbhh.exe92⤵PID:2452
-
\??\c:\djddv.exec:\djddv.exe93⤵PID:4492
-
\??\c:\fxfllrr.exec:\fxfllrr.exe94⤵PID:3300
-
\??\c:\hhhbtt.exec:\hhhbtt.exe95⤵PID:4176
-
\??\c:\vvpvv.exec:\vvpvv.exe96⤵PID:3084
-
\??\c:\3jddj.exec:\3jddj.exe97⤵PID:2860
-
\??\c:\rfffffl.exec:\rfffffl.exe98⤵PID:3516
-
\??\c:\1lllxxr.exec:\1lllxxr.exe99⤵PID:2128
-
\??\c:\hhbbhh.exec:\hhbbhh.exe100⤵PID:4372
-
\??\c:\nttttt.exec:\nttttt.exe101⤵PID:2284
-
\??\c:\vpppj.exec:\vpppj.exe102⤵PID:8
-
\??\c:\ppvvd.exec:\ppvvd.exe103⤵PID:740
-
\??\c:\xlxxxff.exec:\xlxxxff.exe104⤵PID:540
-
\??\c:\fxrrrxf.exec:\fxrrrxf.exe105⤵PID:4432
-
\??\c:\nbtbbh.exec:\nbtbbh.exe106⤵PID:1720
-
\??\c:\tnnnhb.exec:\tnnnhb.exe107⤵PID:1952
-
\??\c:\jpvdv.exec:\jpvdv.exe108⤵PID:2340
-
\??\c:\jdddv.exec:\jdddv.exe109⤵PID:4584
-
\??\c:\lxlxrxf.exec:\lxlxrxf.exe110⤵PID:4476
-
\??\c:\lxllfff.exec:\lxllfff.exe111⤵PID:4636
-
\??\c:\bnntth.exec:\bnntth.exe112⤵PID:4184
-
\??\c:\ntbbbb.exec:\ntbbbb.exe113⤵PID:3988
-
\??\c:\vpvdd.exec:\vpvdd.exe114⤵PID:4456
-
\??\c:\fllfrrl.exec:\fllfrrl.exe115⤵PID:1088
-
\??\c:\lrrllrr.exec:\lrrllrr.exe116⤵PID:4604
-
\??\c:\tnhthh.exec:\tnhthh.exe117⤵PID:744
-
\??\c:\hbnnnt.exec:\hbnnnt.exe118⤵PID:1808
-
\??\c:\ppdjd.exec:\ppdjd.exe119⤵PID:3840
-
\??\c:\jjjdd.exec:\jjjdd.exe120⤵PID:3656
-
\??\c:\xxxflrf.exec:\xxxflrf.exe121⤵PID:2112
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-