Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
28-05-2024 21:30
Behavioral task
behavioral1
Sample
52e99bce8a655504a1f863258411e35d3f5f11878b9a18c263920c3a48317aea.exe
Resource
win7-20240419-en
windows7-x64
6 signatures
150 seconds
General
-
Target
52e99bce8a655504a1f863258411e35d3f5f11878b9a18c263920c3a48317aea.exe
-
Size
76KB
-
MD5
0ee137ecbc2743936f07e1e510da7ab6
-
SHA1
796dc40751f3ebe9175e8f16f81f5575159f2221
-
SHA256
52e99bce8a655504a1f863258411e35d3f5f11878b9a18c263920c3a48317aea
-
SHA512
72dc3dc52bc3758b971c48a7f75712444619656ae8b34bc140d0f9758e987eaf407245e2bd25bf21229112b789fa64a6260f0339cf080e0a1a06b6e85f4050f2
-
SSDEEP
1536:9vQBeOGtrYS3srx93UBWfwC6Ggnouy8PbhnyLFWoFLAxZhMDzE8H:9hOmTsF93UYfwC6GIoutz5yLpOSDV
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/1492-1-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/808-12-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4068-14-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1528-24-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/896-30-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/768-33-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2876-39-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5004-45-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1100-54-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4984-65-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5052-70-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4176-76-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3740-88-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/428-94-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4680-106-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2024-108-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4084-127-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2204-138-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2460-144-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3020-151-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/532-163-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4816-169-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2552-190-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1036-201-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1844-202-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3704-213-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3140-226-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4432-230-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2992-232-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1528-245-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/908-249-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2092-253-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/316-257-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3240-261-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1956-269-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5052-282-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4980-288-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1944-292-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2712-296-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/776-298-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4132-304-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5080-309-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3012-319-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4736-323-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/772-329-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3504-351-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3156-355-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3996-371-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4968-375-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4696-410-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1600-414-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4068-433-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2536-490-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4592-518-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2620-545-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3116-549-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3208-557-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3732-598-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2328-633-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1956-638-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2700-654-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1676-668-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4864-715-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4132-823-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/1492-1-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0009000000023422-3.dat UPX behavioral2/memory/808-5-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0008000000023425-9.dat UPX behavioral2/memory/808-12-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4068-14-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023429-13.dat UPX behavioral2/memory/1528-18-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1528-24-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002342a-25.dat UPX behavioral2/files/0x000700000002342c-28.dat UPX behavioral2/memory/896-30-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/768-33-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002342d-35.dat UPX behavioral2/memory/2876-39-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002342e-42.dat UPX behavioral2/files/0x000700000002342f-47.dat UPX behavioral2/memory/5004-45-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023430-55.dat UPX behavioral2/memory/1100-54-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023431-58.dat UPX behavioral2/files/0x0007000000023432-63.dat UPX behavioral2/memory/4984-65-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/5052-70-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023433-69.dat UPX behavioral2/files/0x0007000000023434-74.dat UPX behavioral2/memory/4176-76-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023435-80.dat UPX behavioral2/files/0x0007000000023436-85.dat UPX behavioral2/memory/3740-88-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/428-94-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023437-92.dat UPX behavioral2/files/0x0007000000023438-97.dat UPX behavioral2/memory/4680-100-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023439-103.dat UPX behavioral2/memory/4680-106-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2024-108-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002343a-111.dat UPX behavioral2/files/0x000700000002343b-115.dat UPX behavioral2/files/0x000700000002343c-120.dat UPX behavioral2/files/0x000700000002343d-125.dat UPX behavioral2/memory/4084-127-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002343e-131.dat UPX behavioral2/files/0x000700000002343f-136.dat UPX behavioral2/memory/2204-138-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023440-142.dat UPX behavioral2/memory/2460-144-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023441-148.dat UPX behavioral2/memory/3020-151-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023442-155.dat UPX behavioral2/files/0x0008000000023426-160.dat UPX behavioral2/memory/532-163-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023443-166.dat UPX behavioral2/memory/4816-169-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023444-171.dat UPX behavioral2/files/0x0007000000023445-176.dat UPX behavioral2/files/0x0007000000023446-181.dat UPX behavioral2/memory/2552-190-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3768-194-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1036-201-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1844-202-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3704-213-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2004-219-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3140-226-0x0000000000400000-0x0000000000427000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 808 pjppv.exe 4068 ffxfrxx.exe 1528 thbbtb.exe 896 7hnbnh.exe 768 vpjdp.exe 2876 lxllxxx.exe 5004 hbhhnn.exe 1100 bthbnn.exe 1220 vpjjp.exe 4984 xxxlxlr.exe 5052 nttthh.exe 4176 thnhbh.exe 2700 ddvpd.exe 3740 rfrxxxx.exe 428 1bnbtb.exe 2100 dpdvd.exe 4680 pjpjj.exe 2024 frlffff.exe 3892 hnnnbn.exe 4512 jdvjp.exe 4084 vvdjj.exe 1536 rrrlrrx.exe 2204 tbhhnh.exe 2460 lllfxxx.exe 3020 hnbhhh.exe 1012 vdvvv.exe 532 5flfxlr.exe 3796 tnttnn.exe 4816 nhtntt.exe 3996 pvpvd.exe 4968 llrxflx.exe 5108 tbhttn.exe 2552 nttbbb.exe 2200 pdpvd.exe 3768 xfxlxlx.exe 1036 rlxrllx.exe 1844 nbhnbn.exe 5104 ttbhth.exe 4988 pvppj.exe 3704 jdpjj.exe 1468 ffflfxx.exe 2004 3rfxrxr.exe 3140 ttbttb.exe 4432 vjvvv.exe 2992 7vvpp.exe 3228 5flfflf.exe 4068 1hhhhh.exe 1528 1nthhh.exe 908 ddvvp.exe 2092 pjdjv.exe 316 xrllrrx.exe 3240 thnhhb.exe 2124 jppdj.exe 4328 ddpjd.exe 1956 xxxrxxl.exe 4752 bbtnbh.exe 4656 btbnnh.exe 3356 jvpdp.exe 5052 rxfxrrf.exe 4980 xfrlffx.exe 1944 hnhbbb.exe 2712 ppvjv.exe 776 rlxlrlr.exe 4132 lrflrfr.exe -
resource yara_rule behavioral2/memory/1492-1-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0009000000023422-3.dat upx behavioral2/memory/808-5-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0008000000023425-9.dat upx behavioral2/memory/808-12-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4068-14-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023429-13.dat upx behavioral2/memory/1528-18-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1528-24-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002342a-25.dat upx behavioral2/files/0x000700000002342c-28.dat upx behavioral2/memory/896-30-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/768-33-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002342d-35.dat upx behavioral2/memory/2876-39-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002342e-42.dat upx behavioral2/files/0x000700000002342f-47.dat upx behavioral2/memory/5004-45-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023430-55.dat upx behavioral2/memory/1100-54-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023431-58.dat upx behavioral2/files/0x0007000000023432-63.dat upx behavioral2/memory/4984-65-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/5052-70-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023433-69.dat upx behavioral2/files/0x0007000000023434-74.dat upx behavioral2/memory/4176-76-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023435-80.dat upx behavioral2/files/0x0007000000023436-85.dat upx behavioral2/memory/3740-88-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/428-94-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023437-92.dat upx behavioral2/files/0x0007000000023438-97.dat upx behavioral2/memory/4680-100-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023439-103.dat upx behavioral2/memory/4680-106-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2024-108-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002343a-111.dat upx behavioral2/files/0x000700000002343b-115.dat upx behavioral2/files/0x000700000002343c-120.dat upx behavioral2/files/0x000700000002343d-125.dat upx behavioral2/memory/4084-127-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002343e-131.dat upx behavioral2/files/0x000700000002343f-136.dat upx behavioral2/memory/2204-138-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023440-142.dat upx behavioral2/memory/2460-144-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023441-148.dat upx behavioral2/memory/3020-151-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023442-155.dat upx behavioral2/files/0x0008000000023426-160.dat upx behavioral2/memory/532-163-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023443-166.dat upx behavioral2/memory/4816-169-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023444-171.dat upx behavioral2/files/0x0007000000023445-176.dat upx behavioral2/files/0x0007000000023446-181.dat upx behavioral2/memory/2552-190-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3768-194-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1036-201-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1844-202-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3704-213-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2004-219-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3140-226-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1492 wrote to memory of 808 1492 52e99bce8a655504a1f863258411e35d3f5f11878b9a18c263920c3a48317aea.exe 81 PID 1492 wrote to memory of 808 1492 52e99bce8a655504a1f863258411e35d3f5f11878b9a18c263920c3a48317aea.exe 81 PID 1492 wrote to memory of 808 1492 52e99bce8a655504a1f863258411e35d3f5f11878b9a18c263920c3a48317aea.exe 81 PID 808 wrote to memory of 4068 808 pjppv.exe 82 PID 808 wrote to memory of 4068 808 pjppv.exe 82 PID 808 wrote to memory of 4068 808 pjppv.exe 82 PID 4068 wrote to memory of 1528 4068 ffxfrxx.exe 83 PID 4068 wrote to memory of 1528 4068 ffxfrxx.exe 83 PID 4068 wrote to memory of 1528 4068 ffxfrxx.exe 83 PID 1528 wrote to memory of 896 1528 thbbtb.exe 84 PID 1528 wrote to memory of 896 1528 thbbtb.exe 84 PID 1528 wrote to memory of 896 1528 thbbtb.exe 84 PID 896 wrote to memory of 768 896 7hnbnh.exe 85 PID 896 wrote to memory of 768 896 7hnbnh.exe 85 PID 896 wrote to memory of 768 896 7hnbnh.exe 85 PID 768 wrote to memory of 2876 768 vpjdp.exe 86 PID 768 wrote to memory of 2876 768 vpjdp.exe 86 PID 768 wrote to memory of 2876 768 vpjdp.exe 86 PID 2876 wrote to memory of 5004 2876 lxllxxx.exe 87 PID 2876 wrote to memory of 5004 2876 lxllxxx.exe 87 PID 2876 wrote to memory of 5004 2876 lxllxxx.exe 87 PID 5004 wrote to memory of 1100 5004 hbhhnn.exe 88 PID 5004 wrote to memory of 1100 5004 hbhhnn.exe 88 PID 5004 wrote to memory of 1100 5004 hbhhnn.exe 88 PID 1100 wrote to memory of 1220 1100 bthbnn.exe 89 PID 1100 wrote to memory of 1220 1100 bthbnn.exe 89 PID 1100 wrote to memory of 1220 1100 bthbnn.exe 89 PID 1220 wrote to memory of 4984 1220 vpjjp.exe 90 PID 1220 wrote to memory of 4984 1220 vpjjp.exe 90 PID 1220 wrote to memory of 4984 1220 vpjjp.exe 90 PID 4984 wrote to memory of 5052 4984 xxxlxlr.exe 91 PID 4984 wrote to memory of 5052 4984 xxxlxlr.exe 91 PID 4984 wrote to memory of 5052 4984 xxxlxlr.exe 91 PID 5052 wrote to memory of 4176 5052 nttthh.exe 92 PID 5052 wrote to memory of 4176 5052 nttthh.exe 92 PID 5052 wrote to memory of 4176 5052 nttthh.exe 92 PID 4176 wrote to memory of 2700 4176 thnhbh.exe 93 PID 4176 wrote to memory of 2700 4176 thnhbh.exe 93 PID 4176 wrote to memory of 2700 4176 thnhbh.exe 93 PID 2700 wrote to memory of 3740 2700 ddvpd.exe 94 PID 2700 wrote to memory of 3740 2700 ddvpd.exe 94 PID 2700 wrote to memory of 3740 2700 ddvpd.exe 94 PID 3740 wrote to memory of 428 3740 rfrxxxx.exe 95 PID 3740 wrote to memory of 428 3740 rfrxxxx.exe 95 PID 3740 wrote to memory of 428 3740 rfrxxxx.exe 95 PID 428 wrote to memory of 2100 428 1bnbtb.exe 96 PID 428 wrote to memory of 2100 428 1bnbtb.exe 96 PID 428 wrote to memory of 2100 428 1bnbtb.exe 96 PID 2100 wrote to memory of 4680 2100 dpdvd.exe 97 PID 2100 wrote to memory of 4680 2100 dpdvd.exe 97 PID 2100 wrote to memory of 4680 2100 dpdvd.exe 97 PID 4680 wrote to memory of 2024 4680 pjpjj.exe 98 PID 4680 wrote to memory of 2024 4680 pjpjj.exe 98 PID 4680 wrote to memory of 2024 4680 pjpjj.exe 98 PID 2024 wrote to memory of 3892 2024 frlffff.exe 99 PID 2024 wrote to memory of 3892 2024 frlffff.exe 99 PID 2024 wrote to memory of 3892 2024 frlffff.exe 99 PID 3892 wrote to memory of 4512 3892 hnnnbn.exe 100 PID 3892 wrote to memory of 4512 3892 hnnnbn.exe 100 PID 3892 wrote to memory of 4512 3892 hnnnbn.exe 100 PID 4512 wrote to memory of 4084 4512 jdvjp.exe 101 PID 4512 wrote to memory of 4084 4512 jdvjp.exe 101 PID 4512 wrote to memory of 4084 4512 jdvjp.exe 101 PID 4084 wrote to memory of 1536 4084 vvdjj.exe 103
Processes
-
C:\Users\Admin\AppData\Local\Temp\52e99bce8a655504a1f863258411e35d3f5f11878b9a18c263920c3a48317aea.exe"C:\Users\Admin\AppData\Local\Temp\52e99bce8a655504a1f863258411e35d3f5f11878b9a18c263920c3a48317aea.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1492 -
\??\c:\pjppv.exec:\pjppv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:808 -
\??\c:\ffxfrxx.exec:\ffxfrxx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4068 -
\??\c:\thbbtb.exec:\thbbtb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1528 -
\??\c:\7hnbnh.exec:\7hnbnh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:896 -
\??\c:\vpjdp.exec:\vpjdp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:768 -
\??\c:\lxllxxx.exec:\lxllxxx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2876 -
\??\c:\hbhhnn.exec:\hbhhnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5004 -
\??\c:\bthbnn.exec:\bthbnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1100 -
\??\c:\vpjjp.exec:\vpjjp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1220 -
\??\c:\xxxlxlr.exec:\xxxlxlr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4984 -
\??\c:\nttthh.exec:\nttthh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5052 -
\??\c:\thnhbh.exec:\thnhbh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4176 -
\??\c:\ddvpd.exec:\ddvpd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2700 -
\??\c:\rfrxxxx.exec:\rfrxxxx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3740 -
\??\c:\1bnbtb.exec:\1bnbtb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:428 -
\??\c:\dpdvd.exec:\dpdvd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2100 -
\??\c:\pjpjj.exec:\pjpjj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4680 -
\??\c:\frlffff.exec:\frlffff.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2024 -
\??\c:\hnnnbn.exec:\hnnnbn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3892 -
\??\c:\jdvjp.exec:\jdvjp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4512 -
\??\c:\vvdjj.exec:\vvdjj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4084 -
\??\c:\rrrlrrx.exec:\rrrlrrx.exe23⤵
- Executes dropped EXE
PID:1536 -
\??\c:\tbhhnh.exec:\tbhhnh.exe24⤵
- Executes dropped EXE
PID:2204 -
\??\c:\lllfxxx.exec:\lllfxxx.exe25⤵
- Executes dropped EXE
PID:2460 -
\??\c:\hnbhhh.exec:\hnbhhh.exe26⤵
- Executes dropped EXE
PID:3020 -
\??\c:\vdvvv.exec:\vdvvv.exe27⤵
- Executes dropped EXE
PID:1012 -
\??\c:\5flfxlr.exec:\5flfxlr.exe28⤵
- Executes dropped EXE
PID:532 -
\??\c:\tnttnn.exec:\tnttnn.exe29⤵
- Executes dropped EXE
PID:3796 -
\??\c:\nhtntt.exec:\nhtntt.exe30⤵
- Executes dropped EXE
PID:4816 -
\??\c:\pvpvd.exec:\pvpvd.exe31⤵
- Executes dropped EXE
PID:3996 -
\??\c:\llrxflx.exec:\llrxflx.exe32⤵
- Executes dropped EXE
PID:4968 -
\??\c:\tbhttn.exec:\tbhttn.exe33⤵
- Executes dropped EXE
PID:5108 -
\??\c:\nttbbb.exec:\nttbbb.exe34⤵
- Executes dropped EXE
PID:2552 -
\??\c:\pdpvd.exec:\pdpvd.exe35⤵
- Executes dropped EXE
PID:2200 -
\??\c:\xfxlxlx.exec:\xfxlxlx.exe36⤵
- Executes dropped EXE
PID:3768 -
\??\c:\rlxrllx.exec:\rlxrllx.exe37⤵
- Executes dropped EXE
PID:1036 -
\??\c:\nbhnbn.exec:\nbhnbn.exe38⤵
- Executes dropped EXE
PID:1844 -
\??\c:\ttbhth.exec:\ttbhth.exe39⤵
- Executes dropped EXE
PID:5104 -
\??\c:\pvppj.exec:\pvppj.exe40⤵
- Executes dropped EXE
PID:4988 -
\??\c:\jdpjj.exec:\jdpjj.exe41⤵
- Executes dropped EXE
PID:3704 -
\??\c:\ffflfxx.exec:\ffflfxx.exe42⤵
- Executes dropped EXE
PID:1468 -
\??\c:\3rfxrxr.exec:\3rfxrxr.exe43⤵
- Executes dropped EXE
PID:2004 -
\??\c:\ttbttb.exec:\ttbttb.exe44⤵
- Executes dropped EXE
PID:3140 -
\??\c:\vjvvv.exec:\vjvvv.exe45⤵
- Executes dropped EXE
PID:4432 -
\??\c:\7vvpp.exec:\7vvpp.exe46⤵
- Executes dropped EXE
PID:2992 -
\??\c:\5flfflf.exec:\5flfflf.exe47⤵
- Executes dropped EXE
PID:3228 -
\??\c:\1hhhhh.exec:\1hhhhh.exe48⤵
- Executes dropped EXE
PID:4068 -
\??\c:\1nthhh.exec:\1nthhh.exe49⤵
- Executes dropped EXE
PID:1528 -
\??\c:\ddvvp.exec:\ddvvp.exe50⤵
- Executes dropped EXE
PID:908 -
\??\c:\pjdjv.exec:\pjdjv.exe51⤵
- Executes dropped EXE
PID:2092 -
\??\c:\xrllrrx.exec:\xrllrrx.exe52⤵
- Executes dropped EXE
PID:316 -
\??\c:\thnhhb.exec:\thnhhb.exe53⤵
- Executes dropped EXE
PID:3240 -
\??\c:\jppdj.exec:\jppdj.exe54⤵
- Executes dropped EXE
PID:2124 -
\??\c:\ddpjd.exec:\ddpjd.exe55⤵
- Executes dropped EXE
PID:4328 -
\??\c:\xxxrxxl.exec:\xxxrxxl.exe56⤵
- Executes dropped EXE
PID:1956 -
\??\c:\bbtnbh.exec:\bbtnbh.exe57⤵
- Executes dropped EXE
PID:4752 -
\??\c:\btbnnh.exec:\btbnnh.exe58⤵
- Executes dropped EXE
PID:4656 -
\??\c:\jvpdp.exec:\jvpdp.exe59⤵
- Executes dropped EXE
PID:3356 -
\??\c:\rxfxrrf.exec:\rxfxrrf.exe60⤵
- Executes dropped EXE
PID:5052 -
\??\c:\xfrlffx.exec:\xfrlffx.exe61⤵
- Executes dropped EXE
PID:4980 -
\??\c:\hnhbbb.exec:\hnhbbb.exe62⤵
- Executes dropped EXE
PID:1944 -
\??\c:\ppvjv.exec:\ppvjv.exe63⤵
- Executes dropped EXE
PID:2712 -
\??\c:\rlxlrlr.exec:\rlxlrlr.exe64⤵
- Executes dropped EXE
PID:776 -
\??\c:\lrflrfr.exec:\lrflrfr.exe65⤵
- Executes dropped EXE
PID:4132 -
\??\c:\nthhhn.exec:\nthhhn.exe66⤵PID:3964
-
\??\c:\vpjdv.exec:\vpjdv.exe67⤵PID:5080
-
\??\c:\jjjvd.exec:\jjjvd.exe68⤵PID:4268
-
\??\c:\xrxxlrr.exec:\xrxxlrr.exe69⤵PID:4692
-
\??\c:\5bnnhn.exec:\5bnnhn.exe70⤵PID:3012
-
\??\c:\5tttnn.exec:\5tttnn.exe71⤵PID:4736
-
\??\c:\jppjd.exec:\jppjd.exe72⤵PID:772
-
\??\c:\pvjpp.exec:\pvjpp.exe73⤵PID:4976
-
\??\c:\5llxxrf.exec:\5llxxrf.exe74⤵PID:4324
-
\??\c:\nnbtnt.exec:\nnbtnt.exe75⤵PID:4104
-
\??\c:\thbbhb.exec:\thbbhb.exe76⤵PID:3820
-
\??\c:\jjpdj.exec:\jjpdj.exe77⤵PID:3804
-
\??\c:\rxrffll.exec:\rxrffll.exe78⤵PID:5084
-
\??\c:\hhbhbn.exec:\hhbhbn.exe79⤵PID:3504
-
\??\c:\ppppp.exec:\ppppp.exe80⤵PID:2920
-
\??\c:\pjvdv.exec:\pjvdv.exe81⤵PID:3156
-
\??\c:\llfrlrl.exec:\llfrlrl.exe82⤵PID:3352
-
\??\c:\lflxfff.exec:\lflxfff.exe83⤵PID:1148
-
\??\c:\nnntnb.exec:\nnntnb.exe84⤵PID:976
-
\??\c:\5vvvp.exec:\5vvvp.exe85⤵PID:3700
-
\??\c:\jpvpj.exec:\jpvpj.exe86⤵PID:3996
-
\??\c:\xrxrrrl.exec:\xrxrrrl.exe87⤵PID:4968
-
\??\c:\tnnntt.exec:\tnnntt.exe88⤵PID:1540
-
\??\c:\ddvpd.exec:\ddvpd.exe89⤵PID:2452
-
\??\c:\dpvpd.exec:\dpvpd.exe90⤵PID:3560
-
\??\c:\ffxxrrr.exec:\ffxxrrr.exe91⤵PID:3120
-
\??\c:\nntbhh.exec:\nntbhh.exe92⤵PID:4032
-
\??\c:\vvvpp.exec:\vvvpp.exe93⤵PID:884
-
\??\c:\ddvpd.exec:\ddvpd.exe94⤵PID:4732
-
\??\c:\rrflxlf.exec:\rrflxlf.exe95⤵PID:1048
-
\??\c:\hnbnhb.exec:\hnbnhb.exe96⤵PID:1152
-
\??\c:\bthnht.exec:\bthnht.exe97⤵PID:4696
-
\??\c:\pdjjj.exec:\pdjjj.exe98⤵PID:1600
-
\??\c:\flllrxr.exec:\flllrxr.exe99⤵PID:3948
-
\??\c:\5lfxrrf.exec:\5lfxrrf.exe100⤵PID:820
-
\??\c:\nbnhbb.exec:\nbnhbb.exe101⤵PID:2820
-
\??\c:\dvddv.exec:\dvddv.exe102⤵PID:4016
-
\??\c:\vppjv.exec:\vppjv.exe103⤵PID:4892
-
\??\c:\xxllxlx.exec:\xxllxlx.exe104⤵PID:4068
-
\??\c:\1xxrllf.exec:\1xxrllf.exe105⤵PID:4808
-
\??\c:\5bbbtb.exec:\5bbbtb.exe106⤵PID:908
-
\??\c:\tntnnb.exec:\tntnnb.exe107⤵PID:1772
-
\??\c:\5jjpv.exec:\5jjpv.exe108⤵PID:3136
-
\??\c:\rxfxxxx.exec:\rxfxxxx.exe109⤵PID:3240
-
\??\c:\1thbhh.exec:\1thbhh.exe110⤵PID:2124
-
\??\c:\vvpjd.exec:\vvpjd.exe111⤵PID:4328
-
\??\c:\djpvj.exec:\djpvj.exe112⤵PID:4492
-
\??\c:\5rrrllf.exec:\5rrrllf.exe113⤵PID:4984
-
\??\c:\frxlfxx.exec:\frxlfxx.exe114⤵PID:3520
-
\??\c:\hhhthh.exec:\hhhthh.exe115⤵PID:4612
-
\??\c:\dvvpj.exec:\dvvpj.exe116⤵PID:4996
-
\??\c:\bbnhhn.exec:\bbnhhn.exe117⤵PID:2116
-
\??\c:\vdvpp.exec:\vdvpp.exe118⤵PID:2700
-
\??\c:\jpjdp.exec:\jpjdp.exe119⤵PID:3884
-
\??\c:\fxrffxf.exec:\fxrffxf.exe120⤵PID:1676
-
\??\c:\bbnnhb.exec:\bbnnhb.exe121⤵PID:2052
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-