Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
29/05/2024, 22:19
Behavioral task
behavioral1
Sample
610e3c565f34be2da5563915af3c294664aaf95aa48ff829f2a422b7596c04ca.exe
Resource
win7-20240220-en
6 signatures
150 seconds
General
-
Target
610e3c565f34be2da5563915af3c294664aaf95aa48ff829f2a422b7596c04ca.exe
-
Size
92KB
-
MD5
c098394f2c5ecb807974f70c0f8b6439
-
SHA1
76960e053746ea3fbbbe16f00deb8b6e2076e68b
-
SHA256
610e3c565f34be2da5563915af3c294664aaf95aa48ff829f2a422b7596c04ca
-
SHA512
91ba4e0bb8f069b3b5ab3273fcbd1c747f9eae2a5439d67f60c187395fe4c789970d9db0f037dbeaf326cfba68f98d35e20d154b1c010862d155c6bed06660c2
-
SSDEEP
1536:8vQBeOGtrYS3srx93UBWfwC6Ggnouy80fg3Cip8iXAsG5M0u5YoWp5:8hOmTsF93UYfwC6GIout0fmCiiiXA6m7
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/244-5-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/868-9-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/64-14-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1484-18-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/676-27-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4744-32-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1816-37-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/456-43-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1660-49-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1720-54-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2280-65-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1584-73-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4960-83-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1240-92-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2248-101-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4792-97-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2008-110-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4848-112-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4620-117-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4816-125-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3688-141-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3800-148-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3652-157-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4304-167-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1680-172-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/400-177-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5008-176-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1928-185-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1948-188-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2680-189-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/664-200-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/540-202-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1840-206-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5052-218-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4940-225-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4308-229-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1412-234-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2728-237-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4888-245-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4932-248-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4880-251-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2916-257-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4656-263-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5076-266-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/804-273-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3592-284-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3308-305-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3640-307-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4304-315-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4388-324-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2660-333-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/464-366-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1720-369-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4568-371-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1908-375-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3308-436-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1852-441-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1112-446-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4356-512-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3352-561-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4748-605-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4908-665-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3500-1100-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4940-1255-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/244-0-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000232a4-3.dat UPX behavioral2/memory/244-5-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000900000002341b-8.dat UPX behavioral2/memory/868-9-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023432-11.dat UPX behavioral2/memory/64-14-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023433-19.dat UPX behavioral2/memory/1484-18-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/676-21-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023434-24.dat UPX behavioral2/files/0x0007000000023435-29.dat UPX behavioral2/memory/676-27-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4744-32-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023437-34.dat UPX behavioral2/memory/1816-37-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/456-43-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023439-45.dat UPX behavioral2/files/0x0007000000023438-40.dat UPX behavioral2/files/0x000700000002343a-48.dat UPX behavioral2/memory/1660-49-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002343b-53.dat UPX behavioral2/memory/1720-54-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002343c-58.dat UPX behavioral2/files/0x000700000002343d-63.dat UPX behavioral2/files/0x000700000002343e-67.dat UPX behavioral2/memory/2280-65-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002343f-71.dat UPX behavioral2/memory/1584-73-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023440-77.dat UPX behavioral2/files/0x0007000000023441-81.dat UPX behavioral2/memory/4960-83-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023442-86.dat UPX behavioral2/files/0x0007000000023443-89.dat UPX behavioral2/memory/1240-92-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023444-94.dat UPX behavioral2/files/0x0007000000023445-99.dat UPX behavioral2/memory/2248-101-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023446-104.dat UPX behavioral2/memory/4792-97-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023447-108.dat UPX behavioral2/memory/2008-110-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4848-112-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023448-115.dat UPX behavioral2/memory/4620-117-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023449-119.dat UPX behavioral2/files/0x000700000002344a-124.dat UPX behavioral2/memory/4816-125-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002344b-128.dat UPX behavioral2/files/0x000700000002344c-132.dat UPX behavioral2/files/0x000700000002344d-136.dat UPX behavioral2/files/0x000700000002344e-140.dat UPX behavioral2/memory/3688-141-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023450-146.dat UPX behavioral2/memory/3800-148-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023451-150.dat UPX behavioral2/memory/3652-157-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4304-167-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1680-172-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/400-177-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/5008-176-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1928-185-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1948-188-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2680-189-0x0000000000400000-0x0000000000427000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 868 btbttt.exe 64 9btnbb.exe 1484 ddppj.exe 676 rxfxflr.exe 3736 nbnntn.exe 4744 thbhhn.exe 1816 pjjjv.exe 456 llllffl.exe 1660 lfllfff.exe 1720 tbbtnh.exe 4360 pdddj.exe 2584 pvdjj.exe 2280 xlllrxf.exe 2736 nbbbtt.exe 1584 jvdvv.exe 1552 vdvjp.exe 4960 9rrlfrl.exe 1240 rlrxrrl.exe 4356 nhbbbt.exe 4792 dvdvp.exe 2248 pddvp.exe 2008 xlxxrrr.exe 4848 1bhhbh.exe 4620 nnnhhn.exe 812 dppjj.exe 4816 dpvpd.exe 1932 1lxxrrr.exe 1528 bnbhbh.exe 3688 jvvpj.exe 2060 rxxllrl.exe 3800 7lrlllr.exe 3596 nbhhbn.exe 3652 bntntt.exe 3500 9jvvp.exe 4380 5rfxfxf.exe 3420 xxlfxff.exe 4432 tbhnhb.exe 4304 1nnhbb.exe 1068 djvpp.exe 1680 9vdvv.exe 400 rlxxxxf.exe 5008 xlrlrrl.exe 1280 thnttb.exe 4912 bbnthn.exe 1928 pjjjd.exe 1948 xrrllff.exe 2680 xlrlfxr.exe 2908 5hnbbb.exe 1864 ddvvv.exe 244 lllllrl.exe 664 1llxxrr.exe 540 bnhttn.exe 1840 vdddd.exe 2548 pvjdv.exe 1236 3rxrrrl.exe 3736 3rrfxfx.exe 4992 7hnttb.exe 4024 3hnntb.exe 5052 3jpjp.exe 1520 vpjdv.exe 4748 fxfxffl.exe 4940 fllrrxx.exe 4308 bnnttn.exe 4684 tnhhhn.exe -
resource yara_rule behavioral2/memory/244-0-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000232a4-3.dat upx behavioral2/memory/244-5-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000900000002341b-8.dat upx behavioral2/memory/868-9-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023432-11.dat upx behavioral2/memory/64-14-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023433-19.dat upx behavioral2/memory/1484-18-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/676-21-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023434-24.dat upx behavioral2/files/0x0007000000023435-29.dat upx behavioral2/memory/676-27-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4744-32-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023437-34.dat upx behavioral2/memory/1816-37-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/456-43-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023439-45.dat upx behavioral2/files/0x0007000000023438-40.dat upx behavioral2/files/0x000700000002343a-48.dat upx behavioral2/memory/1660-49-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002343b-53.dat upx behavioral2/memory/1720-54-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002343c-58.dat upx behavioral2/files/0x000700000002343d-63.dat upx behavioral2/files/0x000700000002343e-67.dat upx behavioral2/memory/2280-65-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002343f-71.dat upx behavioral2/memory/1584-73-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023440-77.dat upx behavioral2/files/0x0007000000023441-81.dat upx behavioral2/memory/4960-83-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023442-86.dat upx behavioral2/files/0x0007000000023443-89.dat upx behavioral2/memory/1240-92-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023444-94.dat upx behavioral2/files/0x0007000000023445-99.dat upx behavioral2/memory/2248-101-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023446-104.dat upx behavioral2/memory/4792-97-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023447-108.dat upx behavioral2/memory/2008-110-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4848-112-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023448-115.dat upx behavioral2/memory/4620-117-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023449-119.dat upx behavioral2/files/0x000700000002344a-124.dat upx behavioral2/memory/4816-125-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002344b-128.dat upx behavioral2/files/0x000700000002344c-132.dat upx behavioral2/files/0x000700000002344d-136.dat upx behavioral2/files/0x000700000002344e-140.dat upx behavioral2/memory/3688-141-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023450-146.dat upx behavioral2/memory/3800-148-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023451-150.dat upx behavioral2/memory/3652-157-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4304-167-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1680-172-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/400-177-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/5008-176-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1928-185-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1948-188-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2680-189-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 244 wrote to memory of 868 244 610e3c565f34be2da5563915af3c294664aaf95aa48ff829f2a422b7596c04ca.exe 82 PID 244 wrote to memory of 868 244 610e3c565f34be2da5563915af3c294664aaf95aa48ff829f2a422b7596c04ca.exe 82 PID 244 wrote to memory of 868 244 610e3c565f34be2da5563915af3c294664aaf95aa48ff829f2a422b7596c04ca.exe 82 PID 868 wrote to memory of 64 868 btbttt.exe 83 PID 868 wrote to memory of 64 868 btbttt.exe 83 PID 868 wrote to memory of 64 868 btbttt.exe 83 PID 64 wrote to memory of 1484 64 9btnbb.exe 84 PID 64 wrote to memory of 1484 64 9btnbb.exe 84 PID 64 wrote to memory of 1484 64 9btnbb.exe 84 PID 1484 wrote to memory of 676 1484 ddppj.exe 85 PID 1484 wrote to memory of 676 1484 ddppj.exe 85 PID 1484 wrote to memory of 676 1484 ddppj.exe 85 PID 676 wrote to memory of 3736 676 rxfxflr.exe 86 PID 676 wrote to memory of 3736 676 rxfxflr.exe 86 PID 676 wrote to memory of 3736 676 rxfxflr.exe 86 PID 3736 wrote to memory of 4744 3736 nbnntn.exe 87 PID 3736 wrote to memory of 4744 3736 nbnntn.exe 87 PID 3736 wrote to memory of 4744 3736 nbnntn.exe 87 PID 4744 wrote to memory of 1816 4744 thbhhn.exe 88 PID 4744 wrote to memory of 1816 4744 thbhhn.exe 88 PID 4744 wrote to memory of 1816 4744 thbhhn.exe 88 PID 1816 wrote to memory of 456 1816 pjjjv.exe 89 PID 1816 wrote to memory of 456 1816 pjjjv.exe 89 PID 1816 wrote to memory of 456 1816 pjjjv.exe 89 PID 456 wrote to memory of 1660 456 llllffl.exe 90 PID 456 wrote to memory of 1660 456 llllffl.exe 90 PID 456 wrote to memory of 1660 456 llllffl.exe 90 PID 1660 wrote to memory of 1720 1660 lfllfff.exe 91 PID 1660 wrote to memory of 1720 1660 lfllfff.exe 91 PID 1660 wrote to memory of 1720 1660 lfllfff.exe 91 PID 1720 wrote to memory of 4360 1720 tbbtnh.exe 92 PID 1720 wrote to memory of 4360 1720 tbbtnh.exe 92 PID 1720 wrote to memory of 4360 1720 tbbtnh.exe 92 PID 4360 wrote to memory of 2584 4360 pdddj.exe 93 PID 4360 wrote to memory of 2584 4360 pdddj.exe 93 PID 4360 wrote to memory of 2584 4360 pdddj.exe 93 PID 2584 wrote to memory of 2280 2584 pvdjj.exe 94 PID 2584 wrote to memory of 2280 2584 pvdjj.exe 94 PID 2584 wrote to memory of 2280 2584 pvdjj.exe 94 PID 2280 wrote to memory of 2736 2280 xlllrxf.exe 95 PID 2280 wrote to memory of 2736 2280 xlllrxf.exe 95 PID 2280 wrote to memory of 2736 2280 xlllrxf.exe 95 PID 2736 wrote to memory of 1584 2736 nbbbtt.exe 96 PID 2736 wrote to memory of 1584 2736 nbbbtt.exe 96 PID 2736 wrote to memory of 1584 2736 nbbbtt.exe 96 PID 1584 wrote to memory of 1552 1584 jvdvv.exe 97 PID 1584 wrote to memory of 1552 1584 jvdvv.exe 97 PID 1584 wrote to memory of 1552 1584 jvdvv.exe 97 PID 1552 wrote to memory of 4960 1552 vdvjp.exe 98 PID 1552 wrote to memory of 4960 1552 vdvjp.exe 98 PID 1552 wrote to memory of 4960 1552 vdvjp.exe 98 PID 4960 wrote to memory of 1240 4960 9rrlfrl.exe 99 PID 4960 wrote to memory of 1240 4960 9rrlfrl.exe 99 PID 4960 wrote to memory of 1240 4960 9rrlfrl.exe 99 PID 1240 wrote to memory of 4356 1240 rlrxrrl.exe 100 PID 1240 wrote to memory of 4356 1240 rlrxrrl.exe 100 PID 1240 wrote to memory of 4356 1240 rlrxrrl.exe 100 PID 4356 wrote to memory of 4792 4356 nhbbbt.exe 102 PID 4356 wrote to memory of 4792 4356 nhbbbt.exe 102 PID 4356 wrote to memory of 4792 4356 nhbbbt.exe 102 PID 4792 wrote to memory of 2248 4792 dvdvp.exe 103 PID 4792 wrote to memory of 2248 4792 dvdvp.exe 103 PID 4792 wrote to memory of 2248 4792 dvdvp.exe 103 PID 2248 wrote to memory of 2008 2248 pddvp.exe 104
Processes
-
C:\Users\Admin\AppData\Local\Temp\610e3c565f34be2da5563915af3c294664aaf95aa48ff829f2a422b7596c04ca.exe"C:\Users\Admin\AppData\Local\Temp\610e3c565f34be2da5563915af3c294664aaf95aa48ff829f2a422b7596c04ca.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:244 -
\??\c:\btbttt.exec:\btbttt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:868 -
\??\c:\9btnbb.exec:\9btnbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:64 -
\??\c:\ddppj.exec:\ddppj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1484 -
\??\c:\rxfxflr.exec:\rxfxflr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:676 -
\??\c:\nbnntn.exec:\nbnntn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3736 -
\??\c:\thbhhn.exec:\thbhhn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4744 -
\??\c:\pjjjv.exec:\pjjjv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1816 -
\??\c:\llllffl.exec:\llllffl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:456 -
\??\c:\lfllfff.exec:\lfllfff.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1660 -
\??\c:\tbbtnh.exec:\tbbtnh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1720 -
\??\c:\pdddj.exec:\pdddj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4360 -
\??\c:\pvdjj.exec:\pvdjj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2584 -
\??\c:\xlllrxf.exec:\xlllrxf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2280 -
\??\c:\nbbbtt.exec:\nbbbtt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2736 -
\??\c:\jvdvv.exec:\jvdvv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1584 -
\??\c:\vdvjp.exec:\vdvjp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1552 -
\??\c:\9rrlfrl.exec:\9rrlfrl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4960 -
\??\c:\rlrxrrl.exec:\rlrxrrl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1240 -
\??\c:\nhbbbt.exec:\nhbbbt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4356 -
\??\c:\dvdvp.exec:\dvdvp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4792 -
\??\c:\pddvp.exec:\pddvp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2248 -
\??\c:\xlxxrrr.exec:\xlxxrrr.exe23⤵
- Executes dropped EXE
PID:2008 -
\??\c:\1bhhbh.exec:\1bhhbh.exe24⤵
- Executes dropped EXE
PID:4848 -
\??\c:\nnnhhn.exec:\nnnhhn.exe25⤵
- Executes dropped EXE
PID:4620 -
\??\c:\dppjj.exec:\dppjj.exe26⤵
- Executes dropped EXE
PID:812 -
\??\c:\dpvpd.exec:\dpvpd.exe27⤵
- Executes dropped EXE
PID:4816 -
\??\c:\1lxxrrr.exec:\1lxxrrr.exe28⤵
- Executes dropped EXE
PID:1932 -
\??\c:\bnbhbh.exec:\bnbhbh.exe29⤵
- Executes dropped EXE
PID:1528 -
\??\c:\jvvpj.exec:\jvvpj.exe30⤵
- Executes dropped EXE
PID:3688 -
\??\c:\rxxllrl.exec:\rxxllrl.exe31⤵
- Executes dropped EXE
PID:2060 -
\??\c:\7lrlllr.exec:\7lrlllr.exe32⤵
- Executes dropped EXE
PID:3800 -
\??\c:\nbhhbn.exec:\nbhhbn.exe33⤵
- Executes dropped EXE
PID:3596 -
\??\c:\bntntt.exec:\bntntt.exe34⤵
- Executes dropped EXE
PID:3652 -
\??\c:\9jvvp.exec:\9jvvp.exe35⤵
- Executes dropped EXE
PID:3500 -
\??\c:\5rfxfxf.exec:\5rfxfxf.exe36⤵
- Executes dropped EXE
PID:4380 -
\??\c:\xxlfxff.exec:\xxlfxff.exe37⤵
- Executes dropped EXE
PID:3420 -
\??\c:\tbhnhb.exec:\tbhnhb.exe38⤵
- Executes dropped EXE
PID:4432 -
\??\c:\1nnhbb.exec:\1nnhbb.exe39⤵
- Executes dropped EXE
PID:4304 -
\??\c:\djvpp.exec:\djvpp.exe40⤵
- Executes dropped EXE
PID:1068 -
\??\c:\9vdvv.exec:\9vdvv.exe41⤵
- Executes dropped EXE
PID:1680 -
\??\c:\rlxxxxf.exec:\rlxxxxf.exe42⤵
- Executes dropped EXE
PID:400 -
\??\c:\xlrlrrl.exec:\xlrlrrl.exe43⤵
- Executes dropped EXE
PID:5008 -
\??\c:\thnttb.exec:\thnttb.exe44⤵
- Executes dropped EXE
PID:1280 -
\??\c:\bbnthn.exec:\bbnthn.exe45⤵
- Executes dropped EXE
PID:4912 -
\??\c:\pjjjd.exec:\pjjjd.exe46⤵
- Executes dropped EXE
PID:1928 -
\??\c:\xrrllff.exec:\xrrllff.exe47⤵
- Executes dropped EXE
PID:1948 -
\??\c:\xlrlfxr.exec:\xlrlfxr.exe48⤵
- Executes dropped EXE
PID:2680 -
\??\c:\5hnbbb.exec:\5hnbbb.exe49⤵
- Executes dropped EXE
PID:2908 -
\??\c:\ddvvv.exec:\ddvvv.exe50⤵
- Executes dropped EXE
PID:1864 -
\??\c:\lllllrl.exec:\lllllrl.exe51⤵
- Executes dropped EXE
PID:244 -
\??\c:\1llxxrr.exec:\1llxxrr.exe52⤵
- Executes dropped EXE
PID:664 -
\??\c:\bnhttn.exec:\bnhttn.exe53⤵
- Executes dropped EXE
PID:540 -
\??\c:\vdddd.exec:\vdddd.exe54⤵
- Executes dropped EXE
PID:1840 -
\??\c:\pvjdv.exec:\pvjdv.exe55⤵
- Executes dropped EXE
PID:2548 -
\??\c:\3rxrrrl.exec:\3rxrrrl.exe56⤵
- Executes dropped EXE
PID:1236 -
\??\c:\3rrfxfx.exec:\3rrfxfx.exe57⤵
- Executes dropped EXE
PID:3736 -
\??\c:\7hnttb.exec:\7hnttb.exe58⤵
- Executes dropped EXE
PID:4992 -
\??\c:\3hnntb.exec:\3hnntb.exe59⤵
- Executes dropped EXE
PID:4024 -
\??\c:\3jpjp.exec:\3jpjp.exe60⤵
- Executes dropped EXE
PID:5052 -
\??\c:\vpjdv.exec:\vpjdv.exe61⤵
- Executes dropped EXE
PID:1520 -
\??\c:\fxfxffl.exec:\fxfxffl.exe62⤵
- Executes dropped EXE
PID:4748 -
\??\c:\fllrrxx.exec:\fllrrxx.exe63⤵
- Executes dropped EXE
PID:4940 -
\??\c:\bnnttn.exec:\bnnttn.exe64⤵
- Executes dropped EXE
PID:4308 -
\??\c:\tnhhhn.exec:\tnhhhn.exe65⤵
- Executes dropped EXE
PID:4684 -
\??\c:\pdddv.exec:\pdddv.exe66⤵PID:1412
-
\??\c:\jjdjp.exec:\jjdjp.exe67⤵PID:5072
-
\??\c:\ffrrlfx.exec:\ffrrlfx.exe68⤵PID:2728
-
\??\c:\xrxrrrl.exec:\xrxrrrl.exe69⤵PID:2028
-
\??\c:\btbbbh.exec:\btbbbh.exe70⤵PID:4888
-
\??\c:\btbbth.exec:\btbbth.exe71⤵PID:4932
-
\??\c:\jdpjv.exec:\jdpjv.exe72⤵PID:4880
-
\??\c:\pjjdv.exec:\pjjdv.exe73⤵PID:4316
-
\??\c:\xlfxxxx.exec:\xlfxxxx.exe74⤵PID:744
-
\??\c:\flrrrxx.exec:\flrrrxx.exe75⤵PID:2916
-
\??\c:\1htntt.exec:\1htntt.exe76⤵PID:1848
-
\??\c:\tnbttb.exec:\tnbttb.exe77⤵PID:4656
-
\??\c:\5pjdv.exec:\5pjdv.exe78⤵PID:5076
-
\??\c:\pdddd.exec:\pdddd.exe79⤵PID:3684
-
\??\c:\rffxlll.exec:\rffxlll.exe80⤵PID:3904
-
\??\c:\lfrlrrx.exec:\lfrlrrx.exe81⤵PID:804
-
\??\c:\bnbhnt.exec:\bnbhnt.exe82⤵PID:1244
-
\??\c:\thhbnt.exec:\thhbnt.exe83⤵PID:1576
-
\??\c:\pdjdd.exec:\pdjdd.exe84⤵PID:4068
-
\??\c:\pjdpd.exec:\pjdpd.exe85⤵PID:4420
-
\??\c:\ffllflf.exec:\ffllflf.exe86⤵PID:3592
-
\??\c:\fxxxfxx.exec:\fxxxfxx.exe87⤵PID:1748
-
\??\c:\1nntnt.exec:\1nntnt.exe88⤵PID:3632
-
\??\c:\nhhbnn.exec:\nhhbnn.exe89⤵PID:2544
-
\??\c:\pjjdv.exec:\pjjdv.exe90⤵PID:3688
-
\??\c:\xxxfxrr.exec:\xxxfxrr.exe91⤵PID:1780
-
\??\c:\hbttnt.exec:\hbttnt.exe92⤵PID:3152
-
\??\c:\nbnhtt.exec:\nbnhtt.exe93⤵PID:3636
-
\??\c:\7pdvp.exec:\7pdvp.exe94⤵PID:4908
-
\??\c:\xrrfffx.exec:\xrrfffx.exe95⤵PID:2052
-
\??\c:\frlllll.exec:\frlllll.exe96⤵PID:3308
-
\??\c:\nbtnnn.exec:\nbtnnn.exe97⤵PID:3640
-
\??\c:\pvvpj.exec:\pvvpj.exe98⤵PID:1852
-
\??\c:\jvvpd.exec:\jvvpd.exe99⤵PID:4432
-
\??\c:\frrlffr.exec:\frrlffr.exe100⤵PID:4304
-
\??\c:\nhbbtt.exec:\nhbbtt.exe101⤵PID:1112
-
\??\c:\hbbtnn.exec:\hbbtnn.exe102⤵PID:400
-
\??\c:\dpddp.exec:\dpddp.exe103⤵PID:2412
-
\??\c:\1jpjv.exec:\1jpjv.exe104⤵PID:4388
-
\??\c:\jdjvp.exec:\jdjvp.exe105⤵PID:3116
-
\??\c:\fxfrlxx.exec:\fxfrlxx.exe106⤵PID:608
-
\??\c:\xfflllx.exec:\xfflllx.exe107⤵PID:1688
-
\??\c:\btbbbb.exec:\btbbbb.exe108⤵PID:2660
-
\??\c:\bbtnnn.exec:\bbtnnn.exe109⤵PID:3200
-
\??\c:\vjjdd.exec:\vjjdd.exe110⤵PID:4280
-
\??\c:\vpdvv.exec:\vpdvv.exe111⤵PID:412
-
\??\c:\rrrrfff.exec:\rrrrfff.exe112⤵PID:1548
-
\??\c:\7xxrxxr.exec:\7xxrxxr.exe113⤵PID:868
-
\??\c:\rrrxllr.exec:\rrrxllr.exe114⤵PID:2784
-
\??\c:\hbbbbb.exec:\hbbbbb.exe115⤵PID:540
-
\??\c:\hhbttt.exec:\hhbttt.exe116⤵PID:4040
-
\??\c:\pvvpj.exec:\pvvpj.exe117⤵PID:676
-
\??\c:\pvjdp.exec:\pvjdp.exe118⤵PID:4232
-
\??\c:\5xfxxxr.exec:\5xfxxxr.exe119⤵PID:1104
-
\??\c:\fffxxxr.exec:\fffxxxr.exe120⤵PID:4844
-
\??\c:\tnnhhh.exec:\tnnhhh.exe121⤵PID:4696
-
\??\c:\7hnnnn.exec:\7hnnnn.exe122⤵PID:808
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-