Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
06-06-2024 05:02
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
9a0250adb2ba927f8f839f2be837501a_JaffaCakes118.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
9a0250adb2ba927f8f839f2be837501a_JaffaCakes118.exe
-
Size
193KB
-
MD5
9a0250adb2ba927f8f839f2be837501a
-
SHA1
27393415e043ad689916e08cecddaf233d533d61
-
SHA256
10343942e861772e1d1925aed7189f45da3fb52c4933399213ff896ead2844e6
-
SHA512
efc4ef8a357526c4a73f357617e8781dcfc02b3d95d9cc8600aa4c1a6df2f6c786583f333e79f92539c0008d28be4a0a16795b10712a8452c095275165f51066
-
SSDEEP
1536:PvQBeOGtrYSSsrc93UBIfdC67m6AJiqyByFEyDRZ8CsLJ:PhOm2sI93UufdC67cihByiylmCsl
Malware Config
Signatures
-
Detect Blackmoon payload 63 IoCs
Processes:
resource yara_rule behavioral2/memory/5076-7-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4464-10-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5008-15-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2320-22-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3484-33-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2464-36-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3840-46-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4788-52-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1764-58-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3480-66-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/888-76-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2192-82-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1304-89-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3404-91-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2892-100-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2564-108-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4164-112-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1508-129-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2264-140-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4792-157-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3248-162-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2724-175-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4372-188-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1248-206-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4448-211-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1188-220-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3168-222-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5052-228-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2764-235-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3944-239-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3276-243-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2900-259-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2564-280-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1140-283-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4884-287-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1332-292-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/748-309-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2788-319-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2776-326-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1508-330-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4076-332-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3792-336-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1176-344-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3064-345-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3896-355-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2064-360-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3992-375-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4160-379-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2320-398-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4612-408-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2328-461-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2960-471-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2916-494-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2284-543-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1356-564-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2564-580-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4892-596-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/984-643-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4268-744-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1880-845-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3064-864-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1504-901-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1860-1590-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
Processes:
k96v9.exe1mf90.exenkf2j.exet1eca.exe1a5t7d.exe41b8x6.exe15415tt.exeoueo330.exeka3ux.exe09ugdm.exe9993c1.exer7cuanu.exe5hru7i.exercf3e4d.execn242k0.exes4m01i.exe7afigv1.exe69q7stu.exewb3t6hl.exe9nqb4ra.exeks545h0.exe06359.exe625hq3.exeu83kn.exe97jkc.exe0ehr5tr.exe3017193.exe37h36t.exe8s1bc.exev1725.exeo9627x1.exe4p3d2m8.exe21bd1vk.exefrpqk.exexg88l.exe129e3r1.exe2otlsb2.exetk0h52.exe7wf10.exel44h5.exeh4w10.exe3uug0.exep02j6w.exe6t89o.exex98s54.exet0rno7t.exe9tt44wl.exe4098b.exe7k8nqk.exevhfap.exe7oaw7v9.exenw5k2.exe152dex8.exe8r92377.exea30ww.exe859d39.exe12804d2.exegd98n.exekjr0qh8.exevsbsim.exe8fc5a5u.exe4q2g0.exe3ur17p.exe0p1xf.exepid process 4464 k96v9.exe 5008 1mf90.exe 2320 nkf2j.exe 4920 t1eca.exe 3484 1a5t7d.exe 2464 41b8x6.exe 3840 15415tt.exe 4788 oueo330.exe 1764 ka3ux.exe 1600 09ugdm.exe 3480 9993c1.exe 888 r7cuanu.exe 2192 5hru7i.exe 1304 rcf3e4d.exe 3404 cn242k0.exe 2892 s4m01i.exe 2564 7afigv1.exe 4164 69q7stu.exe 3976 wb3t6hl.exe 2452 9nqb4ra.exe 1508 ks545h0.exe 3432 06359.exe 2264 625hq3.exe 1124 u83kn.exe 2960 97jkc.exe 4792 0ehr5tr.exe 3248 3017193.exe 5032 37h36t.exe 4024 8s1bc.exe 2724 v1725.exe 2908 o9627x1.exe 4372 4p3d2m8.exe 3300 21bd1vk.exe 2308 frpqk.exe 2332 xg88l.exe 2116 129e3r1.exe 1248 2otlsb2.exe 4396 tk0h52.exe 4448 7wf10.exe 5024 l44h5.exe 1188 h4w10.exe 3168 3uug0.exe 5052 p02j6w.exe 4864 6t89o.exe 2764 x98s54.exe 3944 t0rno7t.exe 3276 9tt44wl.exe 2012 4098b.exe 4612 7k8nqk.exe 3500 vhfap.exe 888 7oaw7v9.exe 2900 nw5k2.exe 4244 152dex8.exe 2680 8r92377.exe 1304 a30ww.exe 4540 859d39.exe 2044 12804d2.exe 2996 gd98n.exe 2564 kjr0qh8.exe 1140 vsbsim.exe 4884 8fc5a5u.exe 1332 4q2g0.exe 380 3ur17p.exe 1508 0p1xf.exe -
Processes:
resource yara_rule behavioral2/memory/5076-7-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4464-10-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5008-15-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2320-22-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3484-33-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2464-36-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3840-40-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3840-46-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4788-52-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1764-58-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1600-60-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3480-66-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/888-76-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2192-82-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1304-89-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3404-91-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2892-100-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2564-108-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4164-112-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3432-130-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1508-129-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2264-140-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4792-157-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3248-162-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2724-175-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4372-188-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2308-192-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1248-206-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4448-211-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1188-220-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3168-222-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5052-228-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2764-235-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3944-239-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3276-243-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2900-259-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2564-280-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1140-283-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4884-287-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1332-288-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1332-292-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/748-309-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2788-319-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2776-326-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4076-327-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1508-330-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4076-332-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3792-336-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4388-337-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1176-344-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3896-355-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2064-360-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3992-375-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4160-379-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2320-398-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4612-408-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4632-442-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2328-461-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2960-471-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2916-494-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4476-506-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2284-543-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1984-544-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1356-564-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
9a0250adb2ba927f8f839f2be837501a_JaffaCakes118.exek96v9.exe1mf90.exenkf2j.exet1eca.exe1a5t7d.exe41b8x6.exe15415tt.exeoueo330.exeka3ux.exe09ugdm.exe9993c1.exer7cuanu.exe5hru7i.exercf3e4d.execn242k0.exes4m01i.exe7afigv1.exe69q7stu.exewb3t6hl.exe9nqb4ra.exeks545h0.exedescription pid process target process PID 5076 wrote to memory of 4464 5076 9a0250adb2ba927f8f839f2be837501a_JaffaCakes118.exe k96v9.exe PID 5076 wrote to memory of 4464 5076 9a0250adb2ba927f8f839f2be837501a_JaffaCakes118.exe k96v9.exe PID 5076 wrote to memory of 4464 5076 9a0250adb2ba927f8f839f2be837501a_JaffaCakes118.exe k96v9.exe PID 4464 wrote to memory of 5008 4464 k96v9.exe 1mf90.exe PID 4464 wrote to memory of 5008 4464 k96v9.exe 1mf90.exe PID 4464 wrote to memory of 5008 4464 k96v9.exe 1mf90.exe PID 5008 wrote to memory of 2320 5008 1mf90.exe nkf2j.exe PID 5008 wrote to memory of 2320 5008 1mf90.exe nkf2j.exe PID 5008 wrote to memory of 2320 5008 1mf90.exe nkf2j.exe PID 2320 wrote to memory of 4920 2320 nkf2j.exe t1eca.exe PID 2320 wrote to memory of 4920 2320 nkf2j.exe t1eca.exe PID 2320 wrote to memory of 4920 2320 nkf2j.exe t1eca.exe PID 4920 wrote to memory of 3484 4920 t1eca.exe 1a5t7d.exe PID 4920 wrote to memory of 3484 4920 t1eca.exe 1a5t7d.exe PID 4920 wrote to memory of 3484 4920 t1eca.exe 1a5t7d.exe PID 3484 wrote to memory of 2464 3484 1a5t7d.exe 41b8x6.exe PID 3484 wrote to memory of 2464 3484 1a5t7d.exe 41b8x6.exe PID 3484 wrote to memory of 2464 3484 1a5t7d.exe 41b8x6.exe PID 2464 wrote to memory of 3840 2464 41b8x6.exe 15415tt.exe PID 2464 wrote to memory of 3840 2464 41b8x6.exe 15415tt.exe PID 2464 wrote to memory of 3840 2464 41b8x6.exe 15415tt.exe PID 3840 wrote to memory of 4788 3840 15415tt.exe oueo330.exe PID 3840 wrote to memory of 4788 3840 15415tt.exe oueo330.exe PID 3840 wrote to memory of 4788 3840 15415tt.exe oueo330.exe PID 4788 wrote to memory of 1764 4788 oueo330.exe ka3ux.exe PID 4788 wrote to memory of 1764 4788 oueo330.exe ka3ux.exe PID 4788 wrote to memory of 1764 4788 oueo330.exe ka3ux.exe PID 1764 wrote to memory of 1600 1764 ka3ux.exe 09ugdm.exe PID 1764 wrote to memory of 1600 1764 ka3ux.exe 09ugdm.exe PID 1764 wrote to memory of 1600 1764 ka3ux.exe 09ugdm.exe PID 1600 wrote to memory of 3480 1600 09ugdm.exe 9993c1.exe PID 1600 wrote to memory of 3480 1600 09ugdm.exe 9993c1.exe PID 1600 wrote to memory of 3480 1600 09ugdm.exe 9993c1.exe PID 3480 wrote to memory of 888 3480 9993c1.exe r7cuanu.exe PID 3480 wrote to memory of 888 3480 9993c1.exe r7cuanu.exe PID 3480 wrote to memory of 888 3480 9993c1.exe r7cuanu.exe PID 888 wrote to memory of 2192 888 r7cuanu.exe 5hru7i.exe PID 888 wrote to memory of 2192 888 r7cuanu.exe 5hru7i.exe PID 888 wrote to memory of 2192 888 r7cuanu.exe 5hru7i.exe PID 2192 wrote to memory of 1304 2192 5hru7i.exe rcf3e4d.exe PID 2192 wrote to memory of 1304 2192 5hru7i.exe rcf3e4d.exe PID 2192 wrote to memory of 1304 2192 5hru7i.exe rcf3e4d.exe PID 1304 wrote to memory of 3404 1304 rcf3e4d.exe cn242k0.exe PID 1304 wrote to memory of 3404 1304 rcf3e4d.exe cn242k0.exe PID 1304 wrote to memory of 3404 1304 rcf3e4d.exe cn242k0.exe PID 3404 wrote to memory of 2892 3404 cn242k0.exe s4m01i.exe PID 3404 wrote to memory of 2892 3404 cn242k0.exe s4m01i.exe PID 3404 wrote to memory of 2892 3404 cn242k0.exe s4m01i.exe PID 2892 wrote to memory of 2564 2892 s4m01i.exe 7afigv1.exe PID 2892 wrote to memory of 2564 2892 s4m01i.exe 7afigv1.exe PID 2892 wrote to memory of 2564 2892 s4m01i.exe 7afigv1.exe PID 2564 wrote to memory of 4164 2564 7afigv1.exe 69q7stu.exe PID 2564 wrote to memory of 4164 2564 7afigv1.exe 69q7stu.exe PID 2564 wrote to memory of 4164 2564 7afigv1.exe 69q7stu.exe PID 4164 wrote to memory of 3976 4164 69q7stu.exe wb3t6hl.exe PID 4164 wrote to memory of 3976 4164 69q7stu.exe wb3t6hl.exe PID 4164 wrote to memory of 3976 4164 69q7stu.exe wb3t6hl.exe PID 3976 wrote to memory of 2452 3976 wb3t6hl.exe 9nqb4ra.exe PID 3976 wrote to memory of 2452 3976 wb3t6hl.exe 9nqb4ra.exe PID 3976 wrote to memory of 2452 3976 wb3t6hl.exe 9nqb4ra.exe PID 2452 wrote to memory of 1508 2452 9nqb4ra.exe ks545h0.exe PID 2452 wrote to memory of 1508 2452 9nqb4ra.exe ks545h0.exe PID 2452 wrote to memory of 1508 2452 9nqb4ra.exe ks545h0.exe PID 1508 wrote to memory of 3432 1508 ks545h0.exe 06359.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\9a0250adb2ba927f8f839f2be837501a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\9a0250adb2ba927f8f839f2be837501a_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:5076 -
\??\c:\k96v9.exec:\k96v9.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4464 -
\??\c:\1mf90.exec:\1mf90.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5008 -
\??\c:\nkf2j.exec:\nkf2j.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2320 -
\??\c:\t1eca.exec:\t1eca.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4920 -
\??\c:\1a5t7d.exec:\1a5t7d.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3484 -
\??\c:\41b8x6.exec:\41b8x6.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2464 -
\??\c:\15415tt.exec:\15415tt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3840 -
\??\c:\oueo330.exec:\oueo330.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4788 -
\??\c:\ka3ux.exec:\ka3ux.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1764 -
\??\c:\09ugdm.exec:\09ugdm.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1600 -
\??\c:\9993c1.exec:\9993c1.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3480 -
\??\c:\r7cuanu.exec:\r7cuanu.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:888 -
\??\c:\5hru7i.exec:\5hru7i.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2192 -
\??\c:\rcf3e4d.exec:\rcf3e4d.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1304 -
\??\c:\cn242k0.exec:\cn242k0.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3404 -
\??\c:\s4m01i.exec:\s4m01i.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2892 -
\??\c:\7afigv1.exec:\7afigv1.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2564 -
\??\c:\69q7stu.exec:\69q7stu.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4164 -
\??\c:\wb3t6hl.exec:\wb3t6hl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3976 -
\??\c:\9nqb4ra.exec:\9nqb4ra.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2452 -
\??\c:\ks545h0.exec:\ks545h0.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1508 -
\??\c:\06359.exec:\06359.exe23⤵
- Executes dropped EXE
PID:3432 -
\??\c:\625hq3.exec:\625hq3.exe24⤵
- Executes dropped EXE
PID:2264 -
\??\c:\u83kn.exec:\u83kn.exe25⤵
- Executes dropped EXE
PID:1124 -
\??\c:\97jkc.exec:\97jkc.exe26⤵
- Executes dropped EXE
PID:2960 -
\??\c:\0ehr5tr.exec:\0ehr5tr.exe27⤵
- Executes dropped EXE
PID:4792 -
\??\c:\3017193.exec:\3017193.exe28⤵
- Executes dropped EXE
PID:3248 -
\??\c:\37h36t.exec:\37h36t.exe29⤵
- Executes dropped EXE
PID:5032 -
\??\c:\8s1bc.exec:\8s1bc.exe30⤵
- Executes dropped EXE
PID:4024 -
\??\c:\v1725.exec:\v1725.exe31⤵
- Executes dropped EXE
PID:2724 -
\??\c:\o9627x1.exec:\o9627x1.exe32⤵
- Executes dropped EXE
PID:2908 -
\??\c:\4p3d2m8.exec:\4p3d2m8.exe33⤵
- Executes dropped EXE
PID:4372 -
\??\c:\21bd1vk.exec:\21bd1vk.exe34⤵
- Executes dropped EXE
PID:3300 -
\??\c:\frpqk.exec:\frpqk.exe35⤵
- Executes dropped EXE
PID:2308 -
\??\c:\xg88l.exec:\xg88l.exe36⤵
- Executes dropped EXE
PID:2332 -
\??\c:\129e3r1.exec:\129e3r1.exe37⤵
- Executes dropped EXE
PID:2116 -
\??\c:\2otlsb2.exec:\2otlsb2.exe38⤵
- Executes dropped EXE
PID:1248 -
\??\c:\tk0h52.exec:\tk0h52.exe39⤵
- Executes dropped EXE
PID:4396 -
\??\c:\7wf10.exec:\7wf10.exe40⤵
- Executes dropped EXE
PID:4448 -
\??\c:\l44h5.exec:\l44h5.exe41⤵
- Executes dropped EXE
PID:5024 -
\??\c:\h4w10.exec:\h4w10.exe42⤵
- Executes dropped EXE
PID:1188 -
\??\c:\3uug0.exec:\3uug0.exe43⤵
- Executes dropped EXE
PID:3168 -
\??\c:\p02j6w.exec:\p02j6w.exe44⤵
- Executes dropped EXE
PID:5052 -
\??\c:\6t89o.exec:\6t89o.exe45⤵
- Executes dropped EXE
PID:4864 -
\??\c:\x98s54.exec:\x98s54.exe46⤵
- Executes dropped EXE
PID:2764 -
\??\c:\t0rno7t.exec:\t0rno7t.exe47⤵
- Executes dropped EXE
PID:3944 -
\??\c:\9tt44wl.exec:\9tt44wl.exe48⤵
- Executes dropped EXE
PID:3276 -
\??\c:\4098b.exec:\4098b.exe49⤵
- Executes dropped EXE
PID:2012 -
\??\c:\7k8nqk.exec:\7k8nqk.exe50⤵
- Executes dropped EXE
PID:4612 -
\??\c:\vhfap.exec:\vhfap.exe51⤵
- Executes dropped EXE
PID:3500 -
\??\c:\7oaw7v9.exec:\7oaw7v9.exe52⤵
- Executes dropped EXE
PID:888 -
\??\c:\nw5k2.exec:\nw5k2.exe53⤵
- Executes dropped EXE
PID:2900 -
\??\c:\152dex8.exec:\152dex8.exe54⤵
- Executes dropped EXE
PID:4244 -
\??\c:\8r92377.exec:\8r92377.exe55⤵
- Executes dropped EXE
PID:2680 -
\??\c:\a30ww.exec:\a30ww.exe56⤵
- Executes dropped EXE
PID:1304 -
\??\c:\859d39.exec:\859d39.exe57⤵
- Executes dropped EXE
PID:4540 -
\??\c:\12804d2.exec:\12804d2.exe58⤵
- Executes dropped EXE
PID:2044 -
\??\c:\gd98n.exec:\gd98n.exe59⤵
- Executes dropped EXE
PID:2996 -
\??\c:\kjr0qh8.exec:\kjr0qh8.exe60⤵
- Executes dropped EXE
PID:2564 -
\??\c:\vsbsim.exec:\vsbsim.exe61⤵
- Executes dropped EXE
PID:1140 -
\??\c:\8fc5a5u.exec:\8fc5a5u.exe62⤵
- Executes dropped EXE
PID:4884 -
\??\c:\4q2g0.exec:\4q2g0.exe63⤵
- Executes dropped EXE
PID:1332 -
\??\c:\3ur17p.exec:\3ur17p.exe64⤵
- Executes dropped EXE
PID:380 -
\??\c:\0p1xf.exec:\0p1xf.exe65⤵
- Executes dropped EXE
PID:1508 -
\??\c:\021t1.exec:\021t1.exe66⤵PID:2204
-
\??\c:\rcu47n3.exec:\rcu47n3.exe67⤵PID:412
-
\??\c:\w718g5q.exec:\w718g5q.exe68⤵PID:748
-
\??\c:\55l5xa.exec:\55l5xa.exe69⤵PID:3436
-
\??\c:\x2mug33.exec:\x2mug33.exe70⤵PID:1224
-
\??\c:\9uv5v.exec:\9uv5v.exe71⤵PID:2788
-
\??\c:\kb5j58.exec:\kb5j58.exe72⤵PID:1768
-
\??\c:\8q0odm.exec:\8q0odm.exe73⤵PID:2776
-
\??\c:\9s979u.exec:\9s979u.exe74⤵PID:4076
-
\??\c:\4r5x93d.exec:\4r5x93d.exe75⤵PID:3792
-
\??\c:\8rc939.exec:\8rc939.exe76⤵PID:4388
-
\??\c:\737xnv.exec:\737xnv.exe77⤵PID:1176
-
\??\c:\021n95.exec:\021n95.exe78⤵PID:3064
-
\??\c:\1r196x.exec:\1r196x.exe79⤵PID:3696
-
\??\c:\f40788i.exec:\f40788i.exe80⤵PID:3896
-
\??\c:\92jqf.exec:\92jqf.exe81⤵PID:636
-
\??\c:\06qq1.exec:\06qq1.exe82⤵PID:2064
-
\??\c:\8196ob9.exec:\8196ob9.exe83⤵PID:4656
-
\??\c:\q124f.exec:\q124f.exe84⤵PID:2320
-
\??\c:\ijsuw77.exec:\ijsuw77.exe85⤵PID:4028
-
\??\c:\qu872.exec:\qu872.exe86⤵PID:3992
-
\??\c:\8q3q4.exec:\8q3q4.exe87⤵PID:4160
-
\??\c:\g84rjn.exec:\g84rjn.exe88⤵PID:4840
-
\??\c:\i4336.exec:\i4336.exe89⤵PID:3884
-
\??\c:\2w23gix.exec:\2w23gix.exe90⤵PID:3004
-
\??\c:\75kb11a.exec:\75kb11a.exe91⤵PID:2980
-
\??\c:\o3f9aj.exec:\o3f9aj.exe92⤵PID:1020
-
\??\c:\l791i7v.exec:\l791i7v.exe93⤵PID:4880
-
\??\c:\11cpn.exec:\11cpn.exe94⤵PID:1600
-
\??\c:\22fv7.exec:\22fv7.exe95⤵PID:1588
-
\??\c:\9a366t.exec:\9a366t.exe96⤵PID:4612
-
\??\c:\54f1d.exec:\54f1d.exe97⤵PID:3500
-
\??\c:\h4hge.exec:\h4hge.exe98⤵PID:2828
-
\??\c:\32udthh.exec:\32udthh.exe99⤵PID:4136
-
\??\c:\15hhf5.exec:\15hhf5.exe100⤵PID:1520
-
\??\c:\roi1oj.exec:\roi1oj.exe101⤵PID:3880
-
\??\c:\1rh846.exec:\1rh846.exe102⤵PID:3404
-
\??\c:\09w0j7.exec:\09w0j7.exe103⤵PID:2988
-
\??\c:\ehj5l.exec:\ehj5l.exe104⤵PID:3472
-
\??\c:\oo57n7.exec:\oo57n7.exe105⤵PID:3448
-
\??\c:\pjr4d43.exec:\pjr4d43.exe106⤵PID:5060
-
\??\c:\p1k2c.exec:\p1k2c.exe107⤵PID:3468
-
\??\c:\2xkol.exec:\2xkol.exe108⤵PID:4632
-
\??\c:\uut61.exec:\uut61.exe109⤵PID:2568
-
\??\c:\2fobf5j.exec:\2fobf5j.exe110⤵PID:1136
-
\??\c:\txpxpl.exec:\txpxpl.exe111⤵PID:2948
-
\??\c:\7k7m3.exec:\7k7m3.exe112⤵PID:4784
-
\??\c:\nh94qs.exec:\nh94qs.exe113⤵PID:2328
-
\??\c:\e8lv1.exec:\e8lv1.exe114⤵PID:3868
-
\??\c:\bv4gh.exec:\bv4gh.exe115⤵PID:1716
-
\??\c:\u6wc3p.exec:\u6wc3p.exe116⤵PID:2960
-
\??\c:\0do626.exec:\0do626.exe117⤵PID:1320
-
\??\c:\aq3ju.exec:\aq3ju.exe118⤵PID:1880
-
\??\c:\172u4.exec:\172u4.exe119⤵PID:5032
-
\??\c:\1072c.exec:\1072c.exe120⤵PID:3548
-
\??\c:\l7e1877.exec:\l7e1877.exe121⤵PID:3616
-
\??\c:\b94p2.exec:\b94p2.exe122⤵PID:4376
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-