Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
06-06-2024 04:53
Behavioral task
behavioral1
Sample
b139754a7adc499d719d282740902102dcdb5fba099e0c0851dda453d114bb5b.exe
Resource
win7-20231129-en
6 signatures
150 seconds
General
-
Target
b139754a7adc499d719d282740902102dcdb5fba099e0c0851dda453d114bb5b.exe
-
Size
59KB
-
MD5
f41242eb9bb0c0bdc1436de10618329c
-
SHA1
c3d66223d5791fdceaa8ebbfb0a758b9226f4a7e
-
SHA256
b139754a7adc499d719d282740902102dcdb5fba099e0c0851dda453d114bb5b
-
SHA512
6682e46e0beb2b132727d976a3c273830d14ea58ef6f7eb316428b6cfd4f7b94a4835519415ebc3ff1bdcd1b6e074a89a52cd4a5c90847d10881592ccd86cc01
-
SSDEEP
1536:kvQBeOGtrYS3srx93UBWfwC6Ggnouy8p5yAXNG1mjtREVM7:khOmTsF93UYfwC6GIoutpY918c+
Malware Config
Signatures
-
Detect Blackmoon payload 37 IoCs
Processes:
resource yara_rule behavioral1/memory/2628-57-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2464-86-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1716-145-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2240-205-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2012-300-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2552-366-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2496-371-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1800-378-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2480-638-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1828-744-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1780-952-0x00000000003C0000-0x00000000003E7000-memory.dmp family_blackmoon behavioral1/memory/1832-846-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/1984-775-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2768-631-0x00000000003C0000-0x00000000003E7000-memory.dmp family_blackmoon behavioral1/memory/1152-586-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2112-489-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1212-431-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1204-405-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2428-404-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/2440-345-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2588-331-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2772-279-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1140-242-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/584-221-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2272-190-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1504-164-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2160-156-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2304-135-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/320-118-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2320-110-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2520-69-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2440-67-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2580-48-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2252-38-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2312-29-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1152-20-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/3052-10-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
Processes:
resource yara_rule behavioral1/memory/3052-0-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\frxfrxf.exe UPX behavioral1/memory/2628-57-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\pjvvj.exe UPX behavioral1/memory/2464-86-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\1jdjj.exe UPX C:\fxrfrxl.exe UPX behavioral1/memory/1716-145-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\1vpvd.exe UPX C:\xrlrfxf.exe UPX behavioral1/memory/2240-205-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\rlrxfrx.exe UPX \??\c:\hhtbnt.exe UPX C:\3ttthn.exe UPX behavioral1/memory/2012-300-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2776-338-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2552-366-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2496-371-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1800-378-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/3068-611-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2480-638-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1828-744-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2696-1051-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/876-1124-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2576-1199-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1684-1236-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1192-1433-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2524-1446-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2932-1414-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1140-1347-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1640-1316-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2704-1279-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2644-1192-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2052-1131-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/836-1008-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1608-977-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2320-933-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1832-839-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2276-826-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1360-819-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1984-775-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1828-737-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1080-730-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2768-629-0x00000000003C0000-0x00000000003E7000-memory.dmp UPX behavioral1/memory/1152-586-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2896-537-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2112-489-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1192-463-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2528-456-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1212-431-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1204-405-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2428-404-0x0000000000220000-0x0000000000247000-memory.dmp UPX behavioral1/memory/2440-345-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2588-331-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\jjjjj.exe UPX behavioral1/memory/2772-279-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\1jjpd.exe UPX \??\c:\9nhbhh.exe UPX behavioral1/memory/1140-242-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\3fxlrrf.exe UPX \??\c:\ppdjv.exe UPX behavioral1/memory/1984-222-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/584-221-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\7jvdj.exe UPX -
Executes dropped EXE 64 IoCs
Processes:
frxfrxf.exe9tnhhh.exe9bthnt.exe7btntb.exedjjdd.exepjvvj.exelflxfxl.exerfxxlrf.exenttbnn.exehbthtb.exepvpdp.exe1jdjj.exefxlrxxx.exefxrfrxl.exe3bbhhn.exehhbntb.exe1vpvd.exepjvjp.exexrlrfxf.exerllxxlx.exe5fxxrfr.exe5thbhb.exethbbhh.exe7jvdj.exeppdjv.exe3fxlrrf.exerlrxfrx.exe9nhbhh.exehhtbnt.exe3ttthn.exe1jjpd.exejjjjj.exerxxllxf.exefxrlxxf.exentnnhb.exethnbbt.exetbbntn.exeppjjv.exejjvvj.exefxxxlrf.exerlxrrrx.exeffxrffr.exehnhthb.exenhbnbb.exenhbnnb.exe9jjvp.exe5dddj.exexrxxflx.exehbbnnt.exe9vjdd.exe5jpjd.exe3pddd.exerfrflfl.exerffrrlr.exexrfflfl.exenbbtbb.exebnbhnt.exepdpvp.exevjjpd.exelfflrff.exelfrxfff.exenbbbnn.exebnbttn.exenthbtt.exepid process 1152 frxfrxf.exe 2312 9tnhhh.exe 2252 9bthnt.exe 2580 7btntb.exe 2628 djjdd.exe 2440 pjvvj.exe 2520 lflxfxl.exe 2692 rfxxlrf.exe 2464 nttbnn.exe 2856 hbthtb.exe 2320 pvpdp.exe 320 1jdjj.exe 1616 fxlrxxx.exe 2304 fxrfrxl.exe 1716 3bbhhn.exe 1628 hhbntb.exe 2160 1vpvd.exe 1504 pjvjp.exe 2760 xrlrfxf.exe 836 rllxxlx.exe 2272 5fxxrfr.exe 2240 5thbhb.exe 528 thbbhh.exe 584 7jvdj.exe 1984 ppdjv.exe 1544 3fxlrrf.exe 1140 rlrxfrx.exe 912 9nhbhh.exe 1744 hhtbnt.exe 2068 3ttthn.exe 2772 1jjpd.exe 1008 jjjjj.exe 1696 rxxllxf.exe 2012 fxrlxxf.exe 3052 ntnnhb.exe 2148 thnbbt.exe 2708 tbbntn.exe 2360 ppjjv.exe 2252 jjvvj.exe 2588 fxxxlrf.exe 2776 rlxrrrx.exe 2440 ffxrffr.exe 2544 hnhthb.exe 2428 nhbnbb.exe 2552 nhbnnb.exe 2496 9jjvp.exe 1800 5dddj.exe 756 xrxxflx.exe 1736 hbbnnt.exe 2208 9vjdd.exe 1204 5jpjd.exe 2568 3pddd.exe 1608 rfrflfl.exe 2376 rffrrlr.exe 1212 xrfflfl.exe 1404 nbbtbb.exe 2720 bnbhnt.exe 1080 pdpvp.exe 2528 vjjpd.exe 1192 lfflrff.exe 672 lfrxfff.exe 1320 nbbbnn.exe 1636 bnbttn.exe 2112 nthbtt.exe -
Processes:
resource yara_rule behavioral1/memory/3052-0-0x0000000000400000-0x0000000000427000-memory.dmp upx \??\c:\frxfrxf.exe upx behavioral1/memory/2628-57-0x0000000000400000-0x0000000000427000-memory.dmp upx \??\c:\pjvvj.exe upx behavioral1/memory/2464-86-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\1jdjj.exe upx C:\fxrfrxl.exe upx behavioral1/memory/1716-145-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\1vpvd.exe upx C:\xrlrfxf.exe upx behavioral1/memory/2240-205-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\rlrxfrx.exe upx \??\c:\hhtbnt.exe upx C:\3ttthn.exe upx behavioral1/memory/2012-300-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2776-338-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2552-366-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2496-371-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1800-378-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/3068-611-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2480-638-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1828-744-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2696-1051-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/876-1124-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2576-1199-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1684-1236-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1192-1433-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2524-1446-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2932-1414-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1140-1347-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1640-1316-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2704-1279-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2644-1192-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2052-1131-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/836-1008-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1608-977-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2320-933-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1832-839-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2276-826-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1360-819-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1984-775-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1828-737-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1080-730-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2768-629-0x00000000003C0000-0x00000000003E7000-memory.dmp upx behavioral1/memory/1152-586-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2896-537-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2112-489-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1192-463-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2528-456-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1212-431-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1204-405-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2428-404-0x0000000000220000-0x0000000000247000-memory.dmp upx behavioral1/memory/2440-345-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2588-331-0x0000000000400000-0x0000000000427000-memory.dmp upx \??\c:\jjjjj.exe upx behavioral1/memory/2772-279-0x0000000000400000-0x0000000000427000-memory.dmp upx \??\c:\1jjpd.exe upx \??\c:\9nhbhh.exe upx behavioral1/memory/1140-242-0x0000000000400000-0x0000000000427000-memory.dmp upx \??\c:\3fxlrrf.exe upx \??\c:\ppdjv.exe upx behavioral1/memory/1984-222-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/584-221-0x0000000000400000-0x0000000000427000-memory.dmp upx \??\c:\7jvdj.exe upx -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
b139754a7adc499d719d282740902102dcdb5fba099e0c0851dda453d114bb5b.exefrxfrxf.exe9tnhhh.exe9bthnt.exe7btntb.exedjjdd.exepjvvj.exelflxfxl.exerfxxlrf.exenttbnn.exehbthtb.exepvpdp.exe1jdjj.exefxlrxxx.exefxrfrxl.exe3bbhhn.exedescription pid process target process PID 3052 wrote to memory of 1152 3052 b139754a7adc499d719d282740902102dcdb5fba099e0c0851dda453d114bb5b.exe frxfrxf.exe PID 3052 wrote to memory of 1152 3052 b139754a7adc499d719d282740902102dcdb5fba099e0c0851dda453d114bb5b.exe frxfrxf.exe PID 3052 wrote to memory of 1152 3052 b139754a7adc499d719d282740902102dcdb5fba099e0c0851dda453d114bb5b.exe frxfrxf.exe PID 3052 wrote to memory of 1152 3052 b139754a7adc499d719d282740902102dcdb5fba099e0c0851dda453d114bb5b.exe frxfrxf.exe PID 1152 wrote to memory of 2312 1152 frxfrxf.exe 9tnhhh.exe PID 1152 wrote to memory of 2312 1152 frxfrxf.exe 9tnhhh.exe PID 1152 wrote to memory of 2312 1152 frxfrxf.exe 9tnhhh.exe PID 1152 wrote to memory of 2312 1152 frxfrxf.exe 9tnhhh.exe PID 2312 wrote to memory of 2252 2312 9tnhhh.exe 9bthnt.exe PID 2312 wrote to memory of 2252 2312 9tnhhh.exe 9bthnt.exe PID 2312 wrote to memory of 2252 2312 9tnhhh.exe 9bthnt.exe PID 2312 wrote to memory of 2252 2312 9tnhhh.exe 9bthnt.exe PID 2252 wrote to memory of 2580 2252 9bthnt.exe 5ddpv.exe PID 2252 wrote to memory of 2580 2252 9bthnt.exe 5ddpv.exe PID 2252 wrote to memory of 2580 2252 9bthnt.exe 5ddpv.exe PID 2252 wrote to memory of 2580 2252 9bthnt.exe 5ddpv.exe PID 2580 wrote to memory of 2628 2580 7btntb.exe djjdd.exe PID 2580 wrote to memory of 2628 2580 7btntb.exe djjdd.exe PID 2580 wrote to memory of 2628 2580 7btntb.exe djjdd.exe PID 2580 wrote to memory of 2628 2580 7btntb.exe djjdd.exe PID 2628 wrote to memory of 2440 2628 djjdd.exe pjvvj.exe PID 2628 wrote to memory of 2440 2628 djjdd.exe pjvvj.exe PID 2628 wrote to memory of 2440 2628 djjdd.exe pjvvj.exe PID 2628 wrote to memory of 2440 2628 djjdd.exe pjvvj.exe PID 2440 wrote to memory of 2520 2440 pjvvj.exe nbhnhh.exe PID 2440 wrote to memory of 2520 2440 pjvvj.exe nbhnhh.exe PID 2440 wrote to memory of 2520 2440 pjvvj.exe nbhnhh.exe PID 2440 wrote to memory of 2520 2440 pjvvj.exe nbhnhh.exe PID 2520 wrote to memory of 2692 2520 lflxfxl.exe dpvvd.exe PID 2520 wrote to memory of 2692 2520 lflxfxl.exe dpvvd.exe PID 2520 wrote to memory of 2692 2520 lflxfxl.exe dpvvd.exe PID 2520 wrote to memory of 2692 2520 lflxfxl.exe dpvvd.exe PID 2692 wrote to memory of 2464 2692 rfxxlrf.exe nttbnn.exe PID 2692 wrote to memory of 2464 2692 rfxxlrf.exe nttbnn.exe PID 2692 wrote to memory of 2464 2692 rfxxlrf.exe nttbnn.exe PID 2692 wrote to memory of 2464 2692 rfxxlrf.exe nttbnn.exe PID 2464 wrote to memory of 2856 2464 nttbnn.exe hbthtb.exe PID 2464 wrote to memory of 2856 2464 nttbnn.exe hbthtb.exe PID 2464 wrote to memory of 2856 2464 nttbnn.exe hbthtb.exe PID 2464 wrote to memory of 2856 2464 nttbnn.exe hbthtb.exe PID 2856 wrote to memory of 2320 2856 hbthtb.exe pvpdp.exe PID 2856 wrote to memory of 2320 2856 hbthtb.exe pvpdp.exe PID 2856 wrote to memory of 2320 2856 hbthtb.exe pvpdp.exe PID 2856 wrote to memory of 2320 2856 hbthtb.exe pvpdp.exe PID 2320 wrote to memory of 320 2320 pvpdp.exe 1jdjj.exe PID 2320 wrote to memory of 320 2320 pvpdp.exe 1jdjj.exe PID 2320 wrote to memory of 320 2320 pvpdp.exe 1jdjj.exe PID 2320 wrote to memory of 320 2320 pvpdp.exe 1jdjj.exe PID 320 wrote to memory of 1616 320 1jdjj.exe fxlrxxx.exe PID 320 wrote to memory of 1616 320 1jdjj.exe fxlrxxx.exe PID 320 wrote to memory of 1616 320 1jdjj.exe fxlrxxx.exe PID 320 wrote to memory of 1616 320 1jdjj.exe fxlrxxx.exe PID 1616 wrote to memory of 2304 1616 fxlrxxx.exe fxrfrxl.exe PID 1616 wrote to memory of 2304 1616 fxlrxxx.exe fxrfrxl.exe PID 1616 wrote to memory of 2304 1616 fxlrxxx.exe fxrfrxl.exe PID 1616 wrote to memory of 2304 1616 fxlrxxx.exe fxrfrxl.exe PID 2304 wrote to memory of 1716 2304 fxrfrxl.exe 3bbhhn.exe PID 2304 wrote to memory of 1716 2304 fxrfrxl.exe 3bbhhn.exe PID 2304 wrote to memory of 1716 2304 fxrfrxl.exe 3bbhhn.exe PID 2304 wrote to memory of 1716 2304 fxrfrxl.exe 3bbhhn.exe PID 1716 wrote to memory of 1628 1716 3bbhhn.exe hhbntb.exe PID 1716 wrote to memory of 1628 1716 3bbhhn.exe hhbntb.exe PID 1716 wrote to memory of 1628 1716 3bbhhn.exe hhbntb.exe PID 1716 wrote to memory of 1628 1716 3bbhhn.exe hhbntb.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\b139754a7adc499d719d282740902102dcdb5fba099e0c0851dda453d114bb5b.exe"C:\Users\Admin\AppData\Local\Temp\b139754a7adc499d719d282740902102dcdb5fba099e0c0851dda453d114bb5b.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3052 -
\??\c:\frxfrxf.exec:\frxfrxf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1152 -
\??\c:\9tnhhh.exec:\9tnhhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2312 -
\??\c:\9bthnt.exec:\9bthnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2252 -
\??\c:\7btntb.exec:\7btntb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2580 -
\??\c:\djjdd.exec:\djjdd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2628 -
\??\c:\pjvvj.exec:\pjvvj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2440 -
\??\c:\lflxfxl.exec:\lflxfxl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2520 -
\??\c:\rfxxlrf.exec:\rfxxlrf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2692 -
\??\c:\nttbnn.exec:\nttbnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2464 -
\??\c:\hbthtb.exec:\hbthtb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2856 -
\??\c:\pvpdp.exec:\pvpdp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2320 -
\??\c:\1jdjj.exec:\1jdjj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:320 -
\??\c:\fxlrxxx.exec:\fxlrxxx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1616 -
\??\c:\fxrfrxl.exec:\fxrfrxl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2304 -
\??\c:\3bbhhn.exec:\3bbhhn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1716 -
\??\c:\hhbntb.exec:\hhbntb.exe17⤵
- Executes dropped EXE
PID:1628 -
\??\c:\1vpvd.exec:\1vpvd.exe18⤵
- Executes dropped EXE
PID:2160 -
\??\c:\pjvjp.exec:\pjvjp.exe19⤵
- Executes dropped EXE
PID:1504 -
\??\c:\xrlrfxf.exec:\xrlrfxf.exe20⤵
- Executes dropped EXE
PID:2760 -
\??\c:\rllxxlx.exec:\rllxxlx.exe21⤵
- Executes dropped EXE
PID:836 -
\??\c:\5fxxrfr.exec:\5fxxrfr.exe22⤵
- Executes dropped EXE
PID:2272 -
\??\c:\5thbhb.exec:\5thbhb.exe23⤵
- Executes dropped EXE
PID:2240 -
\??\c:\thbbhh.exec:\thbbhh.exe24⤵
- Executes dropped EXE
PID:528 -
\??\c:\7jvdj.exec:\7jvdj.exe25⤵
- Executes dropped EXE
PID:584 -
\??\c:\ppdjv.exec:\ppdjv.exe26⤵
- Executes dropped EXE
PID:1984 -
\??\c:\3fxlrrf.exec:\3fxlrrf.exe27⤵
- Executes dropped EXE
PID:1544 -
\??\c:\rlrxfrx.exec:\rlrxfrx.exe28⤵
- Executes dropped EXE
PID:1140 -
\??\c:\9nhbhh.exec:\9nhbhh.exe29⤵
- Executes dropped EXE
PID:912 -
\??\c:\hhtbnt.exec:\hhtbnt.exe30⤵
- Executes dropped EXE
PID:1744 -
\??\c:\3ttthn.exec:\3ttthn.exe31⤵
- Executes dropped EXE
PID:2068 -
\??\c:\1jjpd.exec:\1jjpd.exe32⤵
- Executes dropped EXE
PID:2772 -
\??\c:\jjjjj.exec:\jjjjj.exe33⤵
- Executes dropped EXE
PID:1008 -
\??\c:\rxxllxf.exec:\rxxllxf.exe34⤵
- Executes dropped EXE
PID:1696 -
\??\c:\fxrlxxf.exec:\fxrlxxf.exe35⤵
- Executes dropped EXE
PID:2012 -
\??\c:\ntnnhb.exec:\ntnnhb.exe36⤵
- Executes dropped EXE
PID:3052 -
\??\c:\thnbbt.exec:\thnbbt.exe37⤵
- Executes dropped EXE
PID:2148 -
\??\c:\tbbntn.exec:\tbbntn.exe38⤵
- Executes dropped EXE
PID:2708 -
\??\c:\ppjjv.exec:\ppjjv.exe39⤵
- Executes dropped EXE
PID:2360 -
\??\c:\jjvvj.exec:\jjvvj.exe40⤵
- Executes dropped EXE
PID:2252 -
\??\c:\fxxxlrf.exec:\fxxxlrf.exe41⤵
- Executes dropped EXE
PID:2588 -
\??\c:\rlxrrrx.exec:\rlxrrrx.exe42⤵
- Executes dropped EXE
PID:2776 -
\??\c:\ffxrffr.exec:\ffxrffr.exe43⤵
- Executes dropped EXE
PID:2440 -
\??\c:\hnhthb.exec:\hnhthb.exe44⤵
- Executes dropped EXE
PID:2544 -
\??\c:\nhbnbb.exec:\nhbnbb.exe45⤵
- Executes dropped EXE
PID:2428 -
\??\c:\nhbnnb.exec:\nhbnnb.exe46⤵
- Executes dropped EXE
PID:2552 -
\??\c:\9jjvp.exec:\9jjvp.exe47⤵
- Executes dropped EXE
PID:2496 -
\??\c:\5dddj.exec:\5dddj.exe48⤵
- Executes dropped EXE
PID:1800 -
\??\c:\xrxxflx.exec:\xrxxflx.exe49⤵
- Executes dropped EXE
PID:756 -
\??\c:\hbbnnt.exec:\hbbnnt.exe50⤵
- Executes dropped EXE
PID:1736 -
\??\c:\9vjdd.exec:\9vjdd.exe51⤵
- Executes dropped EXE
PID:2208 -
\??\c:\5jpjd.exec:\5jpjd.exe52⤵
- Executes dropped EXE
PID:1204 -
\??\c:\3pddd.exec:\3pddd.exe53⤵
- Executes dropped EXE
PID:2568 -
\??\c:\rfrflfl.exec:\rfrflfl.exe54⤵
- Executes dropped EXE
PID:1608 -
\??\c:\rffrrlr.exec:\rffrrlr.exe55⤵
- Executes dropped EXE
PID:2376 -
\??\c:\xrfflfl.exec:\xrfflfl.exe56⤵
- Executes dropped EXE
PID:1212 -
\??\c:\nbbtbb.exec:\nbbtbb.exe57⤵
- Executes dropped EXE
PID:1404 -
\??\c:\bnbhnt.exec:\bnbhnt.exe58⤵
- Executes dropped EXE
PID:2720 -
\??\c:\pdpvp.exec:\pdpvp.exe59⤵
- Executes dropped EXE
PID:1080 -
\??\c:\vjjpd.exec:\vjjpd.exe60⤵
- Executes dropped EXE
PID:2528 -
\??\c:\lfflrff.exec:\lfflrff.exe61⤵
- Executes dropped EXE
PID:1192 -
\??\c:\lfrxfff.exec:\lfrxfff.exe62⤵
- Executes dropped EXE
PID:672 -
\??\c:\nbbbnn.exec:\nbbbnn.exe63⤵
- Executes dropped EXE
PID:1320 -
\??\c:\bnbttn.exec:\bnbttn.exe64⤵
- Executes dropped EXE
PID:1636 -
\??\c:\nthbtt.exec:\nthbtt.exe65⤵
- Executes dropped EXE
PID:2112 -
\??\c:\dvjvj.exec:\dvjvj.exe66⤵PID:2400
-
\??\c:\dvjdp.exec:\dvjdp.exe67⤵PID:1120
-
\??\c:\jvjjp.exec:\jvjjp.exe68⤵PID:968
-
\??\c:\lxxrrrf.exec:\lxxrrrf.exe69⤵PID:1752
-
\??\c:\3xfrxff.exec:\3xfrxff.exe70⤵PID:1104
-
\??\c:\rflrxrx.exec:\rflrxrx.exe71⤵PID:692
-
\??\c:\nbnhnt.exec:\nbnhnt.exe72⤵PID:2820
-
\??\c:\1hbttt.exec:\1hbttt.exe73⤵PID:2896
-
\??\c:\dpvpd.exec:\dpvpd.exe74⤵PID:2096
-
\??\c:\vdvjp.exec:\vdvjp.exe75⤵PID:884
-
\??\c:\5jvdv.exec:\5jvdv.exe76⤵PID:1048
-
\??\c:\5fxlxlx.exec:\5fxlxlx.exe77⤵PID:876
-
\??\c:\7ffxlfl.exec:\7ffxlfl.exe78⤵PID:2408
-
\??\c:\bbttnn.exec:\bbttnn.exe79⤵PID:3052
-
\??\c:\nhhhth.exec:\nhhhth.exe80⤵PID:1152
-
\??\c:\ddpjj.exec:\ddpjj.exe81⤵PID:2256
-
\??\c:\pjdvp.exec:\pjdvp.exe82⤵PID:2708
-
\??\c:\vpjjp.exec:\vpjjp.exe83⤵PID:2636
-
\??\c:\7lxlxrf.exec:\7lxlxrf.exe84⤵PID:2536
-
\??\c:\xrxlflr.exec:\xrxlflr.exe85⤵PID:3068
-
\??\c:\nnbhhn.exec:\nnbhhn.exe86⤵PID:2136
-
\??\c:\hbnnbh.exec:\hbnnbh.exe87⤵PID:2768
-
\??\c:\nbhnhh.exec:\nbhnhh.exe88⤵PID:2520
-
\??\c:\7jvdd.exec:\7jvdd.exe89⤵PID:2480
-
\??\c:\ddjvj.exec:\ddjvj.exe90⤵PID:2032
-
\??\c:\lrfxxrl.exec:\lrfxxrl.exe91⤵PID:2856
-
\??\c:\fxrfxfr.exec:\fxrfxfr.exe92⤵PID:2564
-
\??\c:\3bntbb.exec:\3bntbb.exe93⤵PID:2596
-
\??\c:\5hbtnn.exec:\5hbtnn.exe94⤵PID:1732
-
\??\c:\9bhntb.exec:\9bhntb.exe95⤵PID:1684
-
\??\c:\jjjvj.exec:\jjjvj.exe96⤵PID:1896
-
\??\c:\dvdpv.exec:\dvdpv.exe97⤵PID:2572
-
\??\c:\fxllxxf.exec:\fxllxxf.exe98⤵PID:2164
-
\??\c:\lxllffx.exec:\lxllffx.exe99⤵PID:2500
-
\??\c:\llflfrf.exec:\llflfrf.exe100⤵PID:1452
-
\??\c:\tnhnhb.exec:\tnhnhb.exe101⤵PID:2948
-
\??\c:\tnhnbh.exec:\tnhnbh.exe102⤵PID:1404
-
\??\c:\htbhhh.exec:\htbhhh.exe103⤵PID:2720
-
\??\c:\pjvdp.exec:\pjvdp.exe104⤵PID:1080
-
\??\c:\vppjd.exec:\vppjd.exe105⤵PID:1828
-
\??\c:\vvvdp.exec:\vvvdp.exe106⤵PID:2612
-
\??\c:\ffrxffr.exec:\ffrxffr.exe107⤵PID:772
-
\??\c:\xrllxfl.exec:\xrllxfl.exe108⤵PID:652
-
\??\c:\rrlxflx.exec:\rrlxflx.exe109⤵PID:1036
-
\??\c:\tthbnt.exec:\tthbnt.exe110⤵PID:1984
-
\??\c:\1bnhhh.exec:\1bnhhh.exe111⤵PID:1788
-
\??\c:\nhnttt.exec:\nhnttt.exe112⤵PID:1012
-
\??\c:\9dvvv.exec:\9dvvv.exe113⤵PID:1620
-
\??\c:\pjpjj.exec:\pjpjj.exe114⤵PID:1100
-
\??\c:\vpppp.exec:\vpppp.exe115⤵PID:948
-
\??\c:\fxllrrl.exec:\fxllrrl.exe116⤵PID:2104
-
\??\c:\lxfrllx.exec:\lxfrllx.exe117⤵PID:2068
-
\??\c:\fffllxl.exec:\fffllxl.exe118⤵PID:1360
-
\??\c:\1bnhhh.exec:\1bnhhh.exe119⤵PID:2276
-
\??\c:\bthnbn.exec:\bthnbn.exe120⤵PID:1812
-
\??\c:\vppjd.exec:\vppjd.exe121⤵PID:1832
-
\??\c:\9pppp.exec:\9pppp.exe122⤵PID:2012
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-