Analysis
-
max time kernel
15s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
06-06-2024 04:41
Behavioral task
behavioral1
Sample
adce6595b67d485addd7318b3930d59e4e446e383a1b839bde7f9b08b585c2a7.exe
Resource
win7-20240220-en
6 signatures
150 seconds
General
-
Target
adce6595b67d485addd7318b3930d59e4e446e383a1b839bde7f9b08b585c2a7.exe
-
Size
334KB
-
MD5
564e9ad5fcfa227de35ad81162140bdc
-
SHA1
bfbb7a1e440c207c72f6a9a2c380c87283e3a932
-
SHA256
adce6595b67d485addd7318b3930d59e4e446e383a1b839bde7f9b08b585c2a7
-
SHA512
6aaf557e6d538d0ee98e4e8de6faad0614dbe1808eea04c2b4e786d72f2ed3908164d6e9c47bd64162db480aaa217fc5e6a9921154b12f2cf6acb554fd03a8bd
-
SSDEEP
6144:rcm4FmowdHoSphraHcpOaKHpXfRo0V8JcgE+ezpg1i/R:x4wFHoS3eFaKHpv/VycgE8oR
Malware Config
Signatures
-
Detect Blackmoon payload 41 IoCs
Processes:
resource yara_rule behavioral1/memory/3000-10-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1784-7-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2076-29-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2132-26-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2692-45-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/3004-55-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2480-65-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/2480-64-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2584-74-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2440-82-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2228-100-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2784-112-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2000-129-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2412-220-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2272-244-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1868-263-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2012-284-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1132-283-0x00000000005C0000-0x00000000005E7000-memory.dmp family_blackmoon behavioral1/memory/1740-301-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/1784-314-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2688-358-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2776-404-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2704-441-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2516-448-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/300-460-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1988-512-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1048-543-0x00000000001B0000-0x00000000001D7000-memory.dmp family_blackmoon behavioral1/memory/1604-601-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1480-791-0x00000000001B0000-0x00000000001D7000-memory.dmp family_blackmoon behavioral1/memory/1980-1045-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1676-1457-0x00000000001B0000-0x00000000001D7000-memory.dmp family_blackmoon behavioral1/memory/2296-1076-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2968-959-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/2572-365-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/680-280-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/828-217-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2632-192-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2424-182-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/300-155-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2748-146-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1928-137-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
Processes:
resource yara_rule behavioral1/memory/1784-0-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/3000-10-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\dpdpd.exe UPX \??\c:\5hhnth.exe UPX behavioral1/memory/1784-7-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2076-29-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\hhhntb.exe UPX C:\rrxrrfr.exe UPX behavioral1/memory/2132-26-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2692-45-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\rfrxllx.exe UPX behavioral1/memory/3004-46-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\tnbbbb.exe UPX behavioral1/memory/3004-55-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2480-64-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2584-74-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\flflxfx.exe UPX \??\c:\rxxxxll.exe UPX behavioral1/memory/2440-82-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\rrrxrfl.exe UPX \??\c:\3rrlrlr.exe UPX \??\c:\flxxflx.exe UPX behavioral1/memory/2228-100-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2784-112-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\rrrfrrf.exe UPX behavioral1/memory/2000-120-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\bbbnnt.exe UPX behavioral1/memory/2000-129-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\lfxrxlf.exe UPX \??\c:\5pjjj.exe UPX \??\c:\hhtnnb.exe UPX \??\c:\nbhhhb.exe UPX C:\xfffxfl.exe UPX C:\bbhnnb.exe UPX \??\c:\5pvdd.exe UPX \??\c:\thbhbb.exe UPX \??\c:\7dvjv.exe UPX behavioral1/memory/2412-220-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\vdjvj.exe UPX C:\llxlrxx.exe UPX behavioral1/memory/2272-244-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\bhbnhh.exe UPX \??\c:\lllrlxl.exe UPX behavioral1/memory/1868-263-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\nbtbhn.exe UPX \??\c:\xxflrxl.exe UPX behavioral1/memory/2012-284-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\nbbtnt.exe UPX behavioral1/memory/1784-314-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2688-358-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2580-366-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2104-397-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2776-404-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2704-441-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2516-448-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1332-461-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/300-460-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1028-486-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1988-505-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1988-512-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1820-544-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1604-601-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1784-608-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2644-627-0x0000000000400000-0x0000000000427000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
Processes:
5hhnth.exedpdpd.exehhhntb.exerrxrrfr.exerfrxllx.exetnbbbb.exerxxxxll.exeflflxfx.exerrrxrfl.exe3rrlrlr.exeflxxflx.exebbbnbn.exerrrfrrf.exebbbnnt.exelfxrxlf.exe5pjjj.exehhtnnb.exenbhhhb.exexfffxfl.exebbhnnb.exe5pvdd.exethbhbb.exe7dvjv.exebhttbh.exevdjvj.exellxlrxx.exerrlrfll.exebhbnhh.exelllrlxl.exenbtbhn.exexxflrxl.exenbbtnt.exebbhbtb.exejpppv.exebhnnbt.exedjvpd.exe9bhhhh.exejjdpd.exe9frfllr.exelfrxllx.exehnttbn.exerfxxllf.exe5htnnb.exejpjdd.exe1hnttb.exevdjvp.exepjvdj.exebhtnhn.exexfxrrxr.exehbthtb.exexrfxxlf.exe3fxlrrr.exetntntt.exerrfflll.exe9fxlffr.exe5bbhnt.exe1nbhbh.exejvppv.exefxxlllx.exennnbtt.exe3tnnnh.exevdvjp.exebtthnn.exevvpvj.exepid process 3000 5hhnth.exe 2132 dpdpd.exe 2076 hhhntb.exe 2692 rrxrrfr.exe 3004 rfrxllx.exe 2480 tnbbbb.exe 2584 rxxxxll.exe 2440 flflxfx.exe 2616 rrrxrfl.exe 2228 3rrlrlr.exe 2768 flxxflx.exe 2784 bbbnbn.exe 2000 rrrfrrf.exe 1928 bbbnnt.exe 2748 lfxrxlf.exe 300 5pjjj.exe 1332 hhtnnb.exe 2280 nbhhhb.exe 2424 xfffxfl.exe 2632 bbhnnb.exe 696 5pvdd.exe 1096 thbhbb.exe 828 7dvjv.exe 2412 bhttbh.exe 1132 vdjvj.exe 2272 llxlrxx.exe 1820 rrlrfll.exe 1868 bhbnhh.exe 1644 lllrlxl.exe 680 nbtbhn.exe 2012 xxflrxl.exe 1740 nbbtnt.exe 884 bbhbtb.exe 1668 jpppv.exe 1784 bhnnbt.exe 2636 djvpd.exe 3048 9bhhhh.exe 2588 jjdpd.exe 2660 9frfllr.exe 2852 lfrxllx.exe 2688 hnttbn.exe 2572 rfxxllf.exe 2580 5htnnb.exe 2560 jpjdd.exe 2612 1hnttb.exe 2568 vdjvp.exe 2512 pjvdj.exe 2104 bhtnhn.exe 2776 xfxrrxr.exe 2768 hbthtb.exe 2812 xrfxxlf.exe 2764 3fxlrrr.exe 2000 tntntt.exe 2704 rrfflll.exe 2516 9fxlffr.exe 1400 5bbhnt.exe 300 1nbhbh.exe 1332 jvppv.exe 2280 fxxlllx.exe 2856 nnnbtt.exe 1532 3tnnnh.exe 1028 vdvjp.exe 668 btthnn.exe 2544 vvpvj.exe -
Processes:
resource yara_rule behavioral1/memory/1784-0-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/3000-10-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\dpdpd.exe upx \??\c:\5hhnth.exe upx behavioral1/memory/1784-7-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2076-29-0x0000000000400000-0x0000000000427000-memory.dmp upx \??\c:\hhhntb.exe upx C:\rrxrrfr.exe upx behavioral1/memory/2132-26-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2692-45-0x0000000000400000-0x0000000000427000-memory.dmp upx \??\c:\rfrxllx.exe upx behavioral1/memory/3004-46-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\tnbbbb.exe upx behavioral1/memory/3004-55-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2480-64-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2584-74-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\flflxfx.exe upx \??\c:\rxxxxll.exe upx behavioral1/memory/2440-82-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\rrrxrfl.exe upx \??\c:\3rrlrlr.exe upx \??\c:\flxxflx.exe upx behavioral1/memory/2228-100-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2784-112-0x0000000000400000-0x0000000000427000-memory.dmp upx \??\c:\rrrfrrf.exe upx behavioral1/memory/2000-120-0x0000000000400000-0x0000000000427000-memory.dmp upx \??\c:\bbbnnt.exe upx behavioral1/memory/2000-129-0x0000000000400000-0x0000000000427000-memory.dmp upx \??\c:\lfxrxlf.exe upx \??\c:\5pjjj.exe upx \??\c:\hhtnnb.exe upx \??\c:\nbhhhb.exe upx C:\xfffxfl.exe upx C:\bbhnnb.exe upx \??\c:\5pvdd.exe upx \??\c:\thbhbb.exe upx \??\c:\7dvjv.exe upx behavioral1/memory/2412-220-0x0000000000400000-0x0000000000427000-memory.dmp upx \??\c:\vdjvj.exe upx C:\llxlrxx.exe upx behavioral1/memory/2272-244-0x0000000000400000-0x0000000000427000-memory.dmp upx \??\c:\bhbnhh.exe upx \??\c:\lllrlxl.exe upx behavioral1/memory/1868-263-0x0000000000400000-0x0000000000427000-memory.dmp upx \??\c:\nbtbhn.exe upx \??\c:\xxflrxl.exe upx behavioral1/memory/2012-284-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\nbbtnt.exe upx behavioral1/memory/1784-314-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2688-358-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2580-366-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2104-397-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2776-404-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2704-441-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2516-448-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1332-461-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/300-460-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1028-486-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1988-505-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1988-512-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1820-544-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1604-601-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1784-608-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2644-627-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
adce6595b67d485addd7318b3930d59e4e446e383a1b839bde7f9b08b585c2a7.exe5hhnth.exedpdpd.exehhhntb.exerrxrrfr.exerfrxllx.exetnbbbb.exerxxxxll.exeflflxfx.exerrrxrfl.exe3rrlrlr.exeflxxflx.exebbbnbn.exerrrfrrf.exebbbnnt.exelfxrxlf.exedescription pid process target process PID 1784 wrote to memory of 3000 1784 adce6595b67d485addd7318b3930d59e4e446e383a1b839bde7f9b08b585c2a7.exe jvpdp.exe PID 1784 wrote to memory of 3000 1784 adce6595b67d485addd7318b3930d59e4e446e383a1b839bde7f9b08b585c2a7.exe jvpdp.exe PID 1784 wrote to memory of 3000 1784 adce6595b67d485addd7318b3930d59e4e446e383a1b839bde7f9b08b585c2a7.exe jvpdp.exe PID 1784 wrote to memory of 3000 1784 adce6595b67d485addd7318b3930d59e4e446e383a1b839bde7f9b08b585c2a7.exe jvpdp.exe PID 3000 wrote to memory of 2132 3000 5hhnth.exe thnnth.exe PID 3000 wrote to memory of 2132 3000 5hhnth.exe thnnth.exe PID 3000 wrote to memory of 2132 3000 5hhnth.exe thnnth.exe PID 3000 wrote to memory of 2132 3000 5hhnth.exe thnnth.exe PID 2132 wrote to memory of 2076 2132 dpdpd.exe dvdjd.exe PID 2132 wrote to memory of 2076 2132 dpdpd.exe dvdjd.exe PID 2132 wrote to memory of 2076 2132 dpdpd.exe dvdjd.exe PID 2132 wrote to memory of 2076 2132 dpdpd.exe dvdjd.exe PID 2076 wrote to memory of 2692 2076 hhhntb.exe rrxrrfr.exe PID 2076 wrote to memory of 2692 2076 hhhntb.exe rrxrrfr.exe PID 2076 wrote to memory of 2692 2076 hhhntb.exe rrxrrfr.exe PID 2076 wrote to memory of 2692 2076 hhhntb.exe rrxrrfr.exe PID 2692 wrote to memory of 3004 2692 rrxrrfr.exe tbbnnn.exe PID 2692 wrote to memory of 3004 2692 rrxrrfr.exe tbbnnn.exe PID 2692 wrote to memory of 3004 2692 rrxrrfr.exe tbbnnn.exe PID 2692 wrote to memory of 3004 2692 rrxrrfr.exe tbbnnn.exe PID 3004 wrote to memory of 2480 3004 rfrxllx.exe 7nhnbh.exe PID 3004 wrote to memory of 2480 3004 rfrxllx.exe 7nhnbh.exe PID 3004 wrote to memory of 2480 3004 rfrxllx.exe 7nhnbh.exe PID 3004 wrote to memory of 2480 3004 rfrxllx.exe 7nhnbh.exe PID 2480 wrote to memory of 2584 2480 tnbbbb.exe vpddp.exe PID 2480 wrote to memory of 2584 2480 tnbbbb.exe vpddp.exe PID 2480 wrote to memory of 2584 2480 tnbbbb.exe vpddp.exe PID 2480 wrote to memory of 2584 2480 tnbbbb.exe vpddp.exe PID 2584 wrote to memory of 2440 2584 rxxxxll.exe jppvv.exe PID 2584 wrote to memory of 2440 2584 rxxxxll.exe jppvv.exe PID 2584 wrote to memory of 2440 2584 rxxxxll.exe jppvv.exe PID 2584 wrote to memory of 2440 2584 rxxxxll.exe jppvv.exe PID 2440 wrote to memory of 2616 2440 flflxfx.exe xxrflrr.exe PID 2440 wrote to memory of 2616 2440 flflxfx.exe xxrflrr.exe PID 2440 wrote to memory of 2616 2440 flflxfx.exe xxrflrr.exe PID 2440 wrote to memory of 2616 2440 flflxfx.exe xxrflrr.exe PID 2616 wrote to memory of 2228 2616 rrrxrfl.exe 5rrfxlf.exe PID 2616 wrote to memory of 2228 2616 rrrxrfl.exe 5rrfxlf.exe PID 2616 wrote to memory of 2228 2616 rrrxrfl.exe 5rrfxlf.exe PID 2616 wrote to memory of 2228 2616 rrrxrfl.exe 5rrfxlf.exe PID 2228 wrote to memory of 2768 2228 3rrlrlr.exe flxxflx.exe PID 2228 wrote to memory of 2768 2228 3rrlrlr.exe flxxflx.exe PID 2228 wrote to memory of 2768 2228 3rrlrlr.exe flxxflx.exe PID 2228 wrote to memory of 2768 2228 3rrlrlr.exe flxxflx.exe PID 2768 wrote to memory of 2784 2768 flxxflx.exe bbbnbn.exe PID 2768 wrote to memory of 2784 2768 flxxflx.exe bbbnbn.exe PID 2768 wrote to memory of 2784 2768 flxxflx.exe bbbnbn.exe PID 2768 wrote to memory of 2784 2768 flxxflx.exe bbbnbn.exe PID 2784 wrote to memory of 2000 2784 bbbnbn.exe rrrfrrf.exe PID 2784 wrote to memory of 2000 2784 bbbnbn.exe rrrfrrf.exe PID 2784 wrote to memory of 2000 2784 bbbnbn.exe rrrfrrf.exe PID 2784 wrote to memory of 2000 2784 bbbnbn.exe rrrfrrf.exe PID 2000 wrote to memory of 1928 2000 rrrfrrf.exe nhtntt.exe PID 2000 wrote to memory of 1928 2000 rrrfrrf.exe nhtntt.exe PID 2000 wrote to memory of 1928 2000 rrrfrrf.exe nhtntt.exe PID 2000 wrote to memory of 1928 2000 rrrfrrf.exe nhtntt.exe PID 1928 wrote to memory of 2748 1928 bbbnnt.exe lrllfll.exe PID 1928 wrote to memory of 2748 1928 bbbnnt.exe lrllfll.exe PID 1928 wrote to memory of 2748 1928 bbbnnt.exe lrllfll.exe PID 1928 wrote to memory of 2748 1928 bbbnnt.exe lrllfll.exe PID 2748 wrote to memory of 300 2748 lfxrxlf.exe 5pjjj.exe PID 2748 wrote to memory of 300 2748 lfxrxlf.exe 5pjjj.exe PID 2748 wrote to memory of 300 2748 lfxrxlf.exe 5pjjj.exe PID 2748 wrote to memory of 300 2748 lfxrxlf.exe 5pjjj.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\adce6595b67d485addd7318b3930d59e4e446e383a1b839bde7f9b08b585c2a7.exe"C:\Users\Admin\AppData\Local\Temp\adce6595b67d485addd7318b3930d59e4e446e383a1b839bde7f9b08b585c2a7.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1784 -
\??\c:\5hhnth.exec:\5hhnth.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3000 -
\??\c:\dpdpd.exec:\dpdpd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2132 -
\??\c:\hhhntb.exec:\hhhntb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2076 -
\??\c:\rrxrrfr.exec:\rrxrrfr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2692 -
\??\c:\rfrxllx.exec:\rfrxllx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3004 -
\??\c:\tnbbbb.exec:\tnbbbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2480 -
\??\c:\rxxxxll.exec:\rxxxxll.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2584 -
\??\c:\flflxfx.exec:\flflxfx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2440 -
\??\c:\rrrxrfl.exec:\rrrxrfl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2616 -
\??\c:\3rrlrlr.exec:\3rrlrlr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2228 -
\??\c:\flxxflx.exec:\flxxflx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2768 -
\??\c:\bbbnbn.exec:\bbbnbn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2784 -
\??\c:\rrrfrrf.exec:\rrrfrrf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2000 -
\??\c:\bbbnnt.exec:\bbbnnt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1928 -
\??\c:\lfxrxlf.exec:\lfxrxlf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2748 -
\??\c:\5pjjj.exec:\5pjjj.exe17⤵
- Executes dropped EXE
PID:300 -
\??\c:\hhtnnb.exec:\hhtnnb.exe18⤵
- Executes dropped EXE
PID:1332 -
\??\c:\nbhhhb.exec:\nbhhhb.exe19⤵
- Executes dropped EXE
PID:2280 -
\??\c:\xfffxfl.exec:\xfffxfl.exe20⤵
- Executes dropped EXE
PID:2424 -
\??\c:\bbhnnb.exec:\bbhnnb.exe21⤵
- Executes dropped EXE
PID:2632 -
\??\c:\5pvdd.exec:\5pvdd.exe22⤵
- Executes dropped EXE
PID:696 -
\??\c:\thbhbb.exec:\thbhbb.exe23⤵
- Executes dropped EXE
PID:1096 -
\??\c:\7dvjv.exec:\7dvjv.exe24⤵
- Executes dropped EXE
PID:828 -
\??\c:\bhttbh.exec:\bhttbh.exe25⤵
- Executes dropped EXE
PID:2412 -
\??\c:\vdjvj.exec:\vdjvj.exe26⤵
- Executes dropped EXE
PID:1132 -
\??\c:\llxlrxx.exec:\llxlrxx.exe27⤵
- Executes dropped EXE
PID:2272 -
\??\c:\rrlrfll.exec:\rrlrfll.exe28⤵
- Executes dropped EXE
PID:1820 -
\??\c:\bhbnhh.exec:\bhbnhh.exe29⤵
- Executes dropped EXE
PID:1868 -
\??\c:\lllrlxl.exec:\lllrlxl.exe30⤵
- Executes dropped EXE
PID:1644 -
\??\c:\nbtbhn.exec:\nbtbhn.exe31⤵
- Executes dropped EXE
PID:680 -
\??\c:\xxflrxl.exec:\xxflrxl.exe32⤵
- Executes dropped EXE
PID:2012 -
\??\c:\nbbtnt.exec:\nbbtnt.exe33⤵
- Executes dropped EXE
PID:1740 -
\??\c:\bbhbtb.exec:\bbhbtb.exe34⤵
- Executes dropped EXE
PID:884 -
\??\c:\jpppv.exec:\jpppv.exe35⤵
- Executes dropped EXE
PID:1668 -
\??\c:\bhnnbt.exec:\bhnnbt.exe36⤵
- Executes dropped EXE
PID:1784 -
\??\c:\djvpd.exec:\djvpd.exe37⤵
- Executes dropped EXE
PID:2636 -
\??\c:\9bhhhh.exec:\9bhhhh.exe38⤵
- Executes dropped EXE
PID:3048 -
\??\c:\jjdpd.exec:\jjdpd.exe39⤵
- Executes dropped EXE
PID:2588 -
\??\c:\9frfllr.exec:\9frfllr.exe40⤵
- Executes dropped EXE
PID:2660 -
\??\c:\lfrxllx.exec:\lfrxllx.exe41⤵
- Executes dropped EXE
PID:2852 -
\??\c:\hnttbn.exec:\hnttbn.exe42⤵
- Executes dropped EXE
PID:2688 -
\??\c:\rfxxllf.exec:\rfxxllf.exe43⤵
- Executes dropped EXE
PID:2572 -
\??\c:\5htnnb.exec:\5htnnb.exe44⤵
- Executes dropped EXE
PID:2580 -
\??\c:\jpjdd.exec:\jpjdd.exe45⤵
- Executes dropped EXE
PID:2560 -
\??\c:\1hnttb.exec:\1hnttb.exe46⤵
- Executes dropped EXE
PID:2612 -
\??\c:\vdjvp.exec:\vdjvp.exe47⤵
- Executes dropped EXE
PID:2568 -
\??\c:\pjvdj.exec:\pjvdj.exe48⤵
- Executes dropped EXE
PID:2512 -
\??\c:\bhtnhn.exec:\bhtnhn.exe49⤵
- Executes dropped EXE
PID:2104 -
\??\c:\xfxrrxr.exec:\xfxrrxr.exe50⤵
- Executes dropped EXE
PID:2776 -
\??\c:\hbthtb.exec:\hbthtb.exe51⤵
- Executes dropped EXE
PID:2768 -
\??\c:\xrfxxlf.exec:\xrfxxlf.exe52⤵
- Executes dropped EXE
PID:2812 -
\??\c:\3fxlrrr.exec:\3fxlrrr.exe53⤵
- Executes dropped EXE
PID:2764 -
\??\c:\tntntt.exec:\tntntt.exe54⤵
- Executes dropped EXE
PID:2000 -
\??\c:\rrfflll.exec:\rrfflll.exe55⤵
- Executes dropped EXE
PID:2704 -
\??\c:\9fxlffr.exec:\9fxlffr.exe56⤵
- Executes dropped EXE
PID:2516 -
\??\c:\5bbhnt.exec:\5bbhnt.exe57⤵
- Executes dropped EXE
PID:1400 -
\??\c:\1nbhbh.exec:\1nbhbh.exe58⤵
- Executes dropped EXE
PID:300 -
\??\c:\jvppv.exec:\jvppv.exe59⤵
- Executes dropped EXE
PID:1332 -
\??\c:\fxxlllx.exec:\fxxlllx.exe60⤵
- Executes dropped EXE
PID:2280 -
\??\c:\nnnbtt.exec:\nnnbtt.exe61⤵
- Executes dropped EXE
PID:2856 -
\??\c:\3tnnnh.exec:\3tnnnh.exe62⤵
- Executes dropped EXE
PID:1532 -
\??\c:\vdvjp.exec:\vdvjp.exe63⤵
- Executes dropped EXE
PID:1028 -
\??\c:\btthnn.exec:\btthnn.exe64⤵
- Executes dropped EXE
PID:668 -
\??\c:\vvpvj.exec:\vvpvj.exe65⤵
- Executes dropped EXE
PID:2544 -
\??\c:\flxllxr.exec:\flxllxr.exe66⤵PID:1988
-
\??\c:\jvjvd.exec:\jvjvd.exe67⤵PID:948
-
\??\c:\9pjvp.exec:\9pjvp.exe68⤵PID:1160
-
\??\c:\rrlxrfl.exec:\rrlxrfl.exe69⤵PID:1112
-
\??\c:\pvdpv.exec:\pvdpv.exe70⤵PID:1808
-
\??\c:\rlxflrx.exec:\rlxflrx.exe71⤵PID:1048
-
\??\c:\rxrfxll.exec:\rxrfxll.exe72⤵PID:1820
-
\??\c:\bbntth.exec:\bbntth.exe73⤵PID:1868
-
\??\c:\lflxflr.exec:\lflxflr.exe74⤵PID:3040
-
\??\c:\1tnthn.exec:\1tnthn.exe75⤵PID:2248
-
\??\c:\rrlxflx.exec:\rrlxflx.exe76⤵PID:292
-
\??\c:\vppjj.exec:\vppjj.exe77⤵PID:1156
-
\??\c:\xlrlrlr.exec:\xlrlrlr.exe78⤵PID:2160
-
\??\c:\rfllfxr.exec:\rfllfxr.exe79⤵PID:2204
-
\??\c:\hbtthb.exec:\hbtthb.exe80⤵PID:2180
-
\??\c:\vvpvv.exec:\vvpvv.exe81⤵PID:1604
-
\??\c:\lfrrrrf.exec:\lfrrrrf.exe82⤵PID:1784
-
\??\c:\5btnth.exec:\5btnth.exe83⤵PID:1608
-
\??\c:\pjdjd.exec:\pjdjd.exe84⤵PID:2724
-
\??\c:\xflfxrx.exec:\xflfxrx.exe85⤵PID:2644
-
\??\c:\hbnhhb.exec:\hbnhhb.exe86⤵PID:2604
-
\??\c:\9ththn.exec:\9ththn.exe87⤵PID:2220
-
\??\c:\djjjd.exec:\djjjd.exe88⤵PID:2716
-
\??\c:\ffrfrfl.exec:\ffrfrfl.exe89⤵PID:2640
-
\??\c:\hhnbnt.exec:\hhnbnt.exe90⤵PID:2264
-
\??\c:\xxlxfxr.exec:\xxlxfxr.exe91⤵PID:2548
-
\??\c:\hhhnhn.exec:\hhhnhn.exe92⤵PID:2800
-
\??\c:\jppvv.exec:\jppvv.exe93⤵PID:2440
-
\??\c:\ppjjv.exec:\ppjjv.exe94⤵PID:1788
-
\??\c:\rxrrxll.exec:\rxrrxll.exe95⤵PID:2944
-
\??\c:\nnbnbh.exec:\nnbnbh.exe96⤵PID:3028
-
\??\c:\5nbhbt.exec:\5nbhbt.exe97⤵PID:2900
-
\??\c:\ddpvd.exec:\ddpvd.exe98⤵PID:2768
-
\??\c:\fxlflfr.exec:\fxlflfr.exe99⤵PID:2812
-
\??\c:\xffrlfx.exec:\xffrlfx.exe100⤵PID:1996
-
\??\c:\thtbth.exec:\thtbth.exe101⤵PID:2772
-
\??\c:\ddjpd.exec:\ddjpd.exe102⤵PID:1696
-
\??\c:\9xfxxxx.exec:\9xfxxxx.exe103⤵PID:2100
-
\??\c:\hhnntb.exec:\hhnntb.exe104⤵PID:2084
-
\??\c:\htnnbt.exec:\htnnbt.exe105⤵PID:2080
-
\??\c:\djdjd.exec:\djdjd.exe106⤵PID:1448
-
\??\c:\frxrfxl.exec:\frxrfxl.exe107⤵PID:2072
-
\??\c:\ntntnt.exec:\ntntnt.exe108⤵PID:2632
-
\??\c:\3hbtnn.exec:\3hbtnn.exe109⤵PID:1484
-
\??\c:\3jjvp.exec:\3jjvp.exe110⤵PID:1480
-
\??\c:\vdjvp.exec:\vdjvp.exe111⤵PID:696
-
\??\c:\1rxxfxr.exec:\1rxxfxr.exe112⤵PID:828
-
\??\c:\nttntn.exec:\nttntn.exe113⤵PID:2288
-
\??\c:\tbbtnb.exec:\tbbtnb.exe114⤵PID:2216
-
\??\c:\djpvj.exec:\djpvj.exe115⤵PID:1160
-
\??\c:\lrrrflr.exec:\lrrrflr.exe116⤵PID:3044
-
\??\c:\lllxxff.exec:\lllxxff.exe117⤵PID:1808
-
\??\c:\tttbhn.exec:\tttbhn.exe118⤵PID:1048
-
\??\c:\jjdjd.exec:\jjdjd.exe119⤵PID:412
-
\??\c:\ddddv.exec:\ddddv.exe120⤵PID:904
-
\??\c:\rrrfrxr.exec:\rrrfrxr.exe121⤵PID:1120
-
\??\c:\lrlflxr.exec:\lrlflxr.exe122⤵PID:1792
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-