Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
25/05/2024, 01:13
Behavioral task
behavioral1
Sample
9a3469cd99a838abfaa4bd8b4f014ce0c976385175965828f4c42223d26e311c.exe
Resource
win7-20240220-en
windows7-x64
6 signatures
150 seconds
General
-
Target
9a3469cd99a838abfaa4bd8b4f014ce0c976385175965828f4c42223d26e311c.exe
-
Size
149KB
-
MD5
72d0d2fac5289c067cafd5da1e10e378
-
SHA1
12c5e4d358ac7f76b79c4895b2870317f79bc62a
-
SHA256
9a3469cd99a838abfaa4bd8b4f014ce0c976385175965828f4c42223d26e311c
-
SHA512
3b22d763e729ad6d54816d946463c6c583d4e9a121abb00536454d4e797ba0ad386c07d4224a74ddd9d3496c55071dfaadeba0354b99de2daeb8de9f154811a6
-
SSDEEP
3072:khOmTsF93UYfwC6GIoutpYcvrqrE66kropO6BWlPFH4tz:kcm4FmowdHoSphraHcpOFltH4tz
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/3632-4-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4236-7-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4912-13-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2404-18-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4100-25-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4112-35-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4232-40-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/916-43-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2132-52-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1468-58-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1056-65-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4268-67-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2780-72-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2864-89-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2324-98-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1936-97-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1440-113-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3684-115-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3696-124-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1412-126-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4104-142-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2856-149-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1744-159-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1744-165-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1356-175-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/8-181-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3532-186-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4544-202-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1448-212-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4556-217-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4364-223-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1820-235-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3964-237-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3788-246-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4028-248-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1468-257-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/688-267-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1112-277-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/428-279-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3356-295-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2760-299-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3312-305-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4884-307-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2228-318-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2228-321-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/448-323-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1628-335-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1432-351-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5044-367-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/744-383-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1600-431-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1108-456-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4592-463-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4872-468-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2772-537-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4232-548-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4268-563-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2228-603-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3328-632-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4900-652-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4364-656-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2876-685-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3448-827-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4584-877-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/3632-0-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3632-4-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0006000000023276-3.dat UPX behavioral2/memory/4236-7-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00080000000233bb-11.dat UPX behavioral2/memory/4912-13-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233bf-12.dat UPX behavioral2/memory/2404-18-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233c0-21.dat UPX behavioral2/memory/4100-25-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233c1-28.dat UPX behavioral2/files/0x00070000000233c3-34.dat UPX behavioral2/memory/4112-35-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4232-36-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233c4-39.dat UPX behavioral2/memory/4232-40-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/916-43-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233c5-45.dat UPX behavioral2/files/0x00070000000233c6-50.dat UPX behavioral2/memory/2132-52-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233c7-56.dat UPX behavioral2/memory/1468-58-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233c8-62.dat UPX behavioral2/memory/1056-65-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4268-67-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233c9-70.dat UPX behavioral2/memory/2780-72-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233ca-75.dat UPX behavioral2/memory/4956-78-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233cb-81.dat UPX behavioral2/files/0x00070000000233cc-86.dat UPX behavioral2/memory/1936-90-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2864-89-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233cd-93.dat UPX behavioral2/memory/2324-98-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1936-97-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233ce-101.dat UPX behavioral2/files/0x00070000000233cf-107.dat UPX behavioral2/memory/1440-108-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233d0-111.dat UPX behavioral2/memory/1440-113-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3684-115-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233d1-118.dat UPX behavioral2/files/0x00070000000233d2-123.dat UPX behavioral2/memory/3696-124-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1412-126-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233d4-129.dat UPX behavioral2/files/0x00070000000233d5-135.dat UPX behavioral2/memory/4104-142-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233d6-140.dat UPX behavioral2/files/0x00070000000233d7-145.dat UPX behavioral2/memory/2856-149-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233d8-151.dat UPX behavioral2/files/0x00070000000233d9-157.dat UPX behavioral2/memory/1744-159-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00080000000233bc-162.dat UPX behavioral2/memory/1744-165-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233da-168.dat UPX behavioral2/memory/1356-175-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233db-174.dat UPX behavioral2/files/0x00070000000233dc-179.dat UPX behavioral2/memory/8-181-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3532-186-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233dd-187.dat UPX -
Executes dropped EXE 64 IoCs
pid Process 4236 jvdvv.exe 4912 frllxrr.exe 2404 3btnnb.exe 4100 bnnbnh.exe 4112 vpdvp.exe 4232 rrfrxrl.exe 916 htbttt.exe 2132 jdjjj.exe 1468 thnhnn.exe 1056 9jdpj.exe 4268 xrfxrxr.exe 2780 btbtnh.exe 4956 5nhbtt.exe 2864 ppppd.exe 1936 rrlxxll.exe 2324 9ttnhh.exe 3560 nhtbtt.exe 1440 pjdvv.exe 3684 9xrlllf.exe 3696 7ttnbt.exe 1412 ppdpv.exe 4592 9ffrxfl.exe 4104 bhnhbb.exe 644 jpvjd.exe 2856 lffxllx.exe 4796 3flfxfx.exe 1744 nntnhb.exe 4880 5xrlfxl.exe 1356 tttntt.exe 8 pjppv.exe 3532 flrlfxr.exe 3984 9nhbtt.exe 4700 jddpp.exe 3268 vjppj.exe 4544 9lfxxrr.exe 2332 htbttt.exe 1052 nbbhth.exe 1448 rlxrxrx.exe 3980 9llfffl.exe 4556 7tbttn.exe 4364 nthbtt.exe 1464 9vddd.exe 4912 rflffff.exe 800 nhhttn.exe 1820 jddvv.exe 3964 jdpjv.exe 3888 fxxrlxr.exe 3788 thtnhh.exe 4028 dpvpp.exe 3692 vppjj.exe 1468 9xfxxfx.exe 3960 fxxrrrr.exe 3044 nnnnhb.exe 688 hthhhh.exe 3884 vpvpd.exe 1656 xlxxrrr.exe 1112 frrrrxr.exe 428 nhnnbh.exe 1544 nntthh.exe 1616 jvvpp.exe 4576 dpvpj.exe 2768 lxlfffl.exe 3356 bbhhbb.exe 2760 hnttnt.exe -
resource yara_rule behavioral2/memory/3632-0-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3632-4-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0006000000023276-3.dat upx behavioral2/memory/4236-7-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00080000000233bb-11.dat upx behavioral2/memory/4912-13-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233bf-12.dat upx behavioral2/memory/2404-18-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233c0-21.dat upx behavioral2/memory/4100-25-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233c1-28.dat upx behavioral2/files/0x00070000000233c3-34.dat upx behavioral2/memory/4112-35-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4232-36-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233c4-39.dat upx behavioral2/memory/4232-40-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/916-43-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233c5-45.dat upx behavioral2/files/0x00070000000233c6-50.dat upx behavioral2/memory/2132-52-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233c7-56.dat upx behavioral2/memory/1468-58-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233c8-62.dat upx behavioral2/memory/1056-65-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4268-67-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233c9-70.dat upx behavioral2/memory/2780-72-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233ca-75.dat upx behavioral2/memory/4956-78-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233cb-81.dat upx behavioral2/files/0x00070000000233cc-86.dat upx behavioral2/memory/1936-90-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2864-89-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233cd-93.dat upx behavioral2/memory/2324-98-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1936-97-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233ce-101.dat upx behavioral2/files/0x00070000000233cf-107.dat upx behavioral2/memory/1440-108-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233d0-111.dat upx behavioral2/memory/1440-113-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3684-115-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233d1-118.dat upx behavioral2/files/0x00070000000233d2-123.dat upx behavioral2/memory/3696-124-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1412-126-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233d4-129.dat upx behavioral2/files/0x00070000000233d5-135.dat upx behavioral2/memory/4104-142-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233d6-140.dat upx behavioral2/files/0x00070000000233d7-145.dat upx behavioral2/memory/2856-149-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233d8-151.dat upx behavioral2/files/0x00070000000233d9-157.dat upx behavioral2/memory/1744-159-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00080000000233bc-162.dat upx behavioral2/memory/1744-165-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233da-168.dat upx behavioral2/memory/1356-175-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233db-174.dat upx behavioral2/files/0x00070000000233dc-179.dat upx behavioral2/memory/8-181-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3532-186-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233dd-187.dat upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3632 wrote to memory of 4236 3632 9a3469cd99a838abfaa4bd8b4f014ce0c976385175965828f4c42223d26e311c.exe 82 PID 3632 wrote to memory of 4236 3632 9a3469cd99a838abfaa4bd8b4f014ce0c976385175965828f4c42223d26e311c.exe 82 PID 3632 wrote to memory of 4236 3632 9a3469cd99a838abfaa4bd8b4f014ce0c976385175965828f4c42223d26e311c.exe 82 PID 4236 wrote to memory of 4912 4236 jvdvv.exe 83 PID 4236 wrote to memory of 4912 4236 jvdvv.exe 83 PID 4236 wrote to memory of 4912 4236 jvdvv.exe 83 PID 4912 wrote to memory of 2404 4912 frllxrr.exe 84 PID 4912 wrote to memory of 2404 4912 frllxrr.exe 84 PID 4912 wrote to memory of 2404 4912 frllxrr.exe 84 PID 2404 wrote to memory of 4100 2404 3btnnb.exe 85 PID 2404 wrote to memory of 4100 2404 3btnnb.exe 85 PID 2404 wrote to memory of 4100 2404 3btnnb.exe 85 PID 4100 wrote to memory of 4112 4100 bnnbnh.exe 86 PID 4100 wrote to memory of 4112 4100 bnnbnh.exe 86 PID 4100 wrote to memory of 4112 4100 bnnbnh.exe 86 PID 4112 wrote to memory of 4232 4112 vpdvp.exe 87 PID 4112 wrote to memory of 4232 4112 vpdvp.exe 87 PID 4112 wrote to memory of 4232 4112 vpdvp.exe 87 PID 4232 wrote to memory of 916 4232 rrfrxrl.exe 88 PID 4232 wrote to memory of 916 4232 rrfrxrl.exe 88 PID 4232 wrote to memory of 916 4232 rrfrxrl.exe 88 PID 916 wrote to memory of 2132 916 htbttt.exe 89 PID 916 wrote to memory of 2132 916 htbttt.exe 89 PID 916 wrote to memory of 2132 916 htbttt.exe 89 PID 2132 wrote to memory of 1468 2132 jdjjj.exe 90 PID 2132 wrote to memory of 1468 2132 jdjjj.exe 90 PID 2132 wrote to memory of 1468 2132 jdjjj.exe 90 PID 1468 wrote to memory of 1056 1468 thnhnn.exe 91 PID 1468 wrote to memory of 1056 1468 thnhnn.exe 91 PID 1468 wrote to memory of 1056 1468 thnhnn.exe 91 PID 1056 wrote to memory of 4268 1056 9jdpj.exe 92 PID 1056 wrote to memory of 4268 1056 9jdpj.exe 92 PID 1056 wrote to memory of 4268 1056 9jdpj.exe 92 PID 4268 wrote to memory of 2780 4268 xrfxrxr.exe 93 PID 4268 wrote to memory of 2780 4268 xrfxrxr.exe 93 PID 4268 wrote to memory of 2780 4268 xrfxrxr.exe 93 PID 2780 wrote to memory of 4956 2780 btbtnh.exe 94 PID 2780 wrote to memory of 4956 2780 btbtnh.exe 94 PID 2780 wrote to memory of 4956 2780 btbtnh.exe 94 PID 4956 wrote to memory of 2864 4956 5nhbtt.exe 95 PID 4956 wrote to memory of 2864 4956 5nhbtt.exe 95 PID 4956 wrote to memory of 2864 4956 5nhbtt.exe 95 PID 2864 wrote to memory of 1936 2864 ppppd.exe 96 PID 2864 wrote to memory of 1936 2864 ppppd.exe 96 PID 2864 wrote to memory of 1936 2864 ppppd.exe 96 PID 1936 wrote to memory of 2324 1936 rrlxxll.exe 97 PID 1936 wrote to memory of 2324 1936 rrlxxll.exe 97 PID 1936 wrote to memory of 2324 1936 rrlxxll.exe 97 PID 2324 wrote to memory of 3560 2324 9ttnhh.exe 98 PID 2324 wrote to memory of 3560 2324 9ttnhh.exe 98 PID 2324 wrote to memory of 3560 2324 9ttnhh.exe 98 PID 3560 wrote to memory of 1440 3560 nhtbtt.exe 99 PID 3560 wrote to memory of 1440 3560 nhtbtt.exe 99 PID 3560 wrote to memory of 1440 3560 nhtbtt.exe 99 PID 1440 wrote to memory of 3684 1440 pjdvv.exe 100 PID 1440 wrote to memory of 3684 1440 pjdvv.exe 100 PID 1440 wrote to memory of 3684 1440 pjdvv.exe 100 PID 3684 wrote to memory of 3696 3684 9xrlllf.exe 101 PID 3684 wrote to memory of 3696 3684 9xrlllf.exe 101 PID 3684 wrote to memory of 3696 3684 9xrlllf.exe 101 PID 3696 wrote to memory of 1412 3696 7ttnbt.exe 102 PID 3696 wrote to memory of 1412 3696 7ttnbt.exe 102 PID 3696 wrote to memory of 1412 3696 7ttnbt.exe 102 PID 1412 wrote to memory of 4592 1412 ppdpv.exe 103
Processes
-
C:\Users\Admin\AppData\Local\Temp\9a3469cd99a838abfaa4bd8b4f014ce0c976385175965828f4c42223d26e311c.exe"C:\Users\Admin\AppData\Local\Temp\9a3469cd99a838abfaa4bd8b4f014ce0c976385175965828f4c42223d26e311c.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3632 -
\??\c:\jvdvv.exec:\jvdvv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4236 -
\??\c:\frllxrr.exec:\frllxrr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4912 -
\??\c:\3btnnb.exec:\3btnnb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2404 -
\??\c:\bnnbnh.exec:\bnnbnh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4100 -
\??\c:\vpdvp.exec:\vpdvp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4112 -
\??\c:\rrfrxrl.exec:\rrfrxrl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4232 -
\??\c:\htbttt.exec:\htbttt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:916 -
\??\c:\jdjjj.exec:\jdjjj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2132 -
\??\c:\thnhnn.exec:\thnhnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1468 -
\??\c:\9jdpj.exec:\9jdpj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1056 -
\??\c:\xrfxrxr.exec:\xrfxrxr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4268 -
\??\c:\btbtnh.exec:\btbtnh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2780 -
\??\c:\5nhbtt.exec:\5nhbtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4956 -
\??\c:\ppppd.exec:\ppppd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2864 -
\??\c:\rrlxxll.exec:\rrlxxll.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1936 -
\??\c:\9ttnhh.exec:\9ttnhh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2324 -
\??\c:\nhtbtt.exec:\nhtbtt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3560 -
\??\c:\pjdvv.exec:\pjdvv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1440 -
\??\c:\9xrlllf.exec:\9xrlllf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3684 -
\??\c:\7ttnbt.exec:\7ttnbt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3696 -
\??\c:\ppdpv.exec:\ppdpv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1412 -
\??\c:\9ffrxfl.exec:\9ffrxfl.exe23⤵
- Executes dropped EXE
PID:4592 -
\??\c:\bhnhbb.exec:\bhnhbb.exe24⤵
- Executes dropped EXE
PID:4104 -
\??\c:\jpvjd.exec:\jpvjd.exe25⤵
- Executes dropped EXE
PID:644 -
\??\c:\lffxllx.exec:\lffxllx.exe26⤵
- Executes dropped EXE
PID:2856 -
\??\c:\3flfxfx.exec:\3flfxfx.exe27⤵
- Executes dropped EXE
PID:4796 -
\??\c:\nntnhb.exec:\nntnhb.exe28⤵
- Executes dropped EXE
PID:1744 -
\??\c:\5xrlfxl.exec:\5xrlfxl.exe29⤵
- Executes dropped EXE
PID:4880 -
\??\c:\tttntt.exec:\tttntt.exe30⤵
- Executes dropped EXE
PID:1356 -
\??\c:\pjppv.exec:\pjppv.exe31⤵
- Executes dropped EXE
PID:8 -
\??\c:\flrlfxr.exec:\flrlfxr.exe32⤵
- Executes dropped EXE
PID:3532 -
\??\c:\9nhbtt.exec:\9nhbtt.exe33⤵
- Executes dropped EXE
PID:3984 -
\??\c:\jddpp.exec:\jddpp.exe34⤵
- Executes dropped EXE
PID:4700 -
\??\c:\vjppj.exec:\vjppj.exe35⤵
- Executes dropped EXE
PID:3268 -
\??\c:\9lfxxrr.exec:\9lfxxrr.exe36⤵
- Executes dropped EXE
PID:4544 -
\??\c:\htbttt.exec:\htbttt.exe37⤵
- Executes dropped EXE
PID:2332 -
\??\c:\nbbhth.exec:\nbbhth.exe38⤵
- Executes dropped EXE
PID:1052 -
\??\c:\rlxrxrx.exec:\rlxrxrx.exe39⤵
- Executes dropped EXE
PID:1448 -
\??\c:\9llfffl.exec:\9llfffl.exe40⤵
- Executes dropped EXE
PID:3980 -
\??\c:\7tbttn.exec:\7tbttn.exe41⤵
- Executes dropped EXE
PID:4556 -
\??\c:\nthbtt.exec:\nthbtt.exe42⤵
- Executes dropped EXE
PID:4364 -
\??\c:\9vddd.exec:\9vddd.exe43⤵
- Executes dropped EXE
PID:1464 -
\??\c:\rflffff.exec:\rflffff.exe44⤵
- Executes dropped EXE
PID:4912 -
\??\c:\nhhttn.exec:\nhhttn.exe45⤵
- Executes dropped EXE
PID:800 -
\??\c:\jddvv.exec:\jddvv.exe46⤵
- Executes dropped EXE
PID:1820 -
\??\c:\jdpjv.exec:\jdpjv.exe47⤵
- Executes dropped EXE
PID:3964 -
\??\c:\fxxrlxr.exec:\fxxrlxr.exe48⤵
- Executes dropped EXE
PID:3888 -
\??\c:\thtnhh.exec:\thtnhh.exe49⤵
- Executes dropped EXE
PID:3788 -
\??\c:\dpvpp.exec:\dpvpp.exe50⤵
- Executes dropped EXE
PID:4028 -
\??\c:\vppjj.exec:\vppjj.exe51⤵
- Executes dropped EXE
PID:3692 -
\??\c:\9xfxxfx.exec:\9xfxxfx.exe52⤵
- Executes dropped EXE
PID:1468 -
\??\c:\fxxrrrr.exec:\fxxrrrr.exe53⤵
- Executes dropped EXE
PID:3960 -
\??\c:\nnnnhb.exec:\nnnnhb.exe54⤵
- Executes dropped EXE
PID:3044 -
\??\c:\hthhhh.exec:\hthhhh.exe55⤵
- Executes dropped EXE
PID:688 -
\??\c:\vpvpd.exec:\vpvpd.exe56⤵
- Executes dropped EXE
PID:3884 -
\??\c:\xlxxrrr.exec:\xlxxrrr.exe57⤵
- Executes dropped EXE
PID:1656 -
\??\c:\frrrrxr.exec:\frrrrxr.exe58⤵
- Executes dropped EXE
PID:1112 -
\??\c:\nhnnbh.exec:\nhnnbh.exe59⤵
- Executes dropped EXE
PID:428 -
\??\c:\nntthh.exec:\nntthh.exe60⤵
- Executes dropped EXE
PID:1544 -
\??\c:\jvvpp.exec:\jvvpp.exe61⤵
- Executes dropped EXE
PID:1616 -
\??\c:\dpvpj.exec:\dpvpj.exe62⤵
- Executes dropped EXE
PID:4576 -
\??\c:\lxlfffl.exec:\lxlfffl.exe63⤵
- Executes dropped EXE
PID:2768 -
\??\c:\bbhhbb.exec:\bbhhbb.exe64⤵
- Executes dropped EXE
PID:3356 -
\??\c:\hnttnt.exec:\hnttnt.exe65⤵
- Executes dropped EXE
PID:2760 -
\??\c:\pjpjd.exec:\pjpjd.exe66⤵PID:3312
-
\??\c:\thhhbb.exec:\thhhbb.exe67⤵PID:4884
-
\??\c:\jdddd.exec:\jdddd.exe68⤵PID:4752
-
\??\c:\ppvvp.exec:\ppvvp.exe69⤵PID:4608
-
\??\c:\1llrlxx.exec:\1llrlxx.exe70⤵PID:2228
-
\??\c:\9hhbtt.exec:\9hhbtt.exe71⤵PID:448
-
\??\c:\1pvjj.exec:\1pvjj.exe72⤵PID:5020
-
\??\c:\rfxrllf.exec:\rfxrllf.exe73⤵PID:4536
-
\??\c:\7hnhbt.exec:\7hnhbt.exe74⤵PID:1628
-
\??\c:\dvdvv.exec:\dvdvv.exe75⤵PID:2572
-
\??\c:\7vvjj.exec:\7vvjj.exe76⤵PID:3396
-
\??\c:\3xxrlff.exec:\3xxrlff.exe77⤵PID:1184
-
\??\c:\ntnbtt.exec:\ntnbtt.exe78⤵PID:8
-
\??\c:\bnhbnb.exec:\bnhbnb.exe79⤵PID:1432
-
\??\c:\ppjdv.exec:\ppjdv.exe80⤵PID:4392
-
\??\c:\fflfrrr.exec:\fflfrrr.exe81⤵PID:3256
-
\??\c:\fxxlfff.exec:\fxxlfff.exe82⤵PID:3328
-
\??\c:\nhhhtt.exec:\nhhhtt.exe83⤵PID:5028
-
\??\c:\9pvvv.exec:\9pvvv.exe84⤵PID:5044
-
\??\c:\pddvv.exec:\pddvv.exe85⤵PID:3300
-
\??\c:\llxxxff.exec:\llxxxff.exe86⤵PID:4024
-
\??\c:\btbbtt.exec:\btbbtt.exe87⤵PID:4428
-
\??\c:\9jjdd.exec:\9jjdd.exe88⤵PID:964
-
\??\c:\vjdvp.exec:\vjdvp.exe89⤵PID:744
-
\??\c:\rxffxfl.exec:\rxffxfl.exe90⤵PID:2496
-
\??\c:\hhhtnt.exec:\hhhtnt.exe91⤵PID:4948
-
\??\c:\pvjjd.exec:\pvjjd.exe92⤵PID:4336
-
\??\c:\9jjdv.exec:\9jjdv.exe93⤵PID:3112
-
\??\c:\rlrrrrr.exec:\rlrrrrr.exe94⤵PID:800
-
\??\c:\xlfxrlx.exec:\xlfxrlx.exe95⤵PID:2124
-
\??\c:\hbbbtt.exec:\hbbbtt.exe96⤵PID:4232
-
\??\c:\pdpjj.exec:\pdpjj.exe97⤵PID:1308
-
\??\c:\9ddvp.exec:\9ddvp.exe98⤵PID:2140
-
\??\c:\fxlxrrr.exec:\fxlxrrr.exe99⤵PID:1948
-
\??\c:\hbhhht.exec:\hbhhht.exe100⤵PID:3692
-
\??\c:\9ppjd.exec:\9ppjd.exe101⤵PID:1468
-
\??\c:\ddjjj.exec:\ddjjj.exe102⤵PID:3960
-
\??\c:\7rrxlll.exec:\7rrxlll.exe103⤵PID:4736
-
\??\c:\tnnhnn.exec:\tnnhnn.exe104⤵PID:1600
-
\??\c:\btbbtt.exec:\btbbtt.exe105⤵PID:2780
-
\??\c:\1vddp.exec:\1vddp.exe106⤵PID:1656
-
\??\c:\pjjjd.exec:\pjjjd.exe107⤵PID:2928
-
\??\c:\rrrlxxx.exec:\rrrlxxx.exe108⤵PID:3892
-
\??\c:\hhnhht.exec:\hhnhht.exe109⤵PID:3560
-
\??\c:\7ffffff.exec:\7ffffff.exe110⤵PID:1440
-
\??\c:\5flfxxf.exec:\5flfxxf.exe111⤵PID:3676
-
\??\c:\htnnnh.exec:\htnnnh.exe112⤵PID:1436
-
\??\c:\dddvv.exec:\dddvv.exe113⤵PID:1108
-
\??\c:\1jvvd.exec:\1jvvd.exe114⤵PID:4592
-
\??\c:\3fxrlll.exec:\3fxrlll.exe115⤵PID:4872
-
\??\c:\lfrlxxf.exec:\lfrlxxf.exe116⤵PID:4796
-
\??\c:\tnhbhh.exec:\tnhbhh.exe117⤵PID:1004
-
\??\c:\hbnhbb.exec:\hbnhbb.exe118⤵PID:3496
-
\??\c:\dvjjd.exec:\dvjjd.exe119⤵PID:2572
-
\??\c:\dpvpp.exec:\dpvpp.exe120⤵PID:5108
-
\??\c:\rflfxxr.exec:\rflfxxr.exe121⤵PID:4172
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-