Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
06-06-2024 05:08
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
b6932026f2cb385adf65eee323975b2bae9b351feaa4ad8beb52d4545de9bc89.exe
Resource
win7-20240508-en
6 signatures
150 seconds
General
-
Target
b6932026f2cb385adf65eee323975b2bae9b351feaa4ad8beb52d4545de9bc89.exe
-
Size
487KB
-
MD5
1e58961e1bceedcddbfbe7820c84df90
-
SHA1
d1a9e3385e2d416d823e6132b2b23bc66a786197
-
SHA256
b6932026f2cb385adf65eee323975b2bae9b351feaa4ad8beb52d4545de9bc89
-
SHA512
6d29aa4c27c77a2f973d35240733b39f3bddcdad8384f93ceda28eab9fbb38164ebb2a82036e495172307ea0ed977f25ca4144f35c52d3a08db76ac6176c764b
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwu1b26X1wjdgyPPBv:q7Tc2NYHUrAwqzQ7PPV
Malware Config
Signatures
-
Detect Blackmoon payload 39 IoCs
Processes:
resource yara_rule behavioral1/memory/1684-0-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2136-20-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1448-16-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2600-28-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2744-43-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2712-55-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2764-71-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2680-80-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2524-83-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/3012-92-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1964-107-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/2700-110-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1124-121-0x00000000003C0000-0x00000000003EA000-memory.dmp family_blackmoon behavioral1/memory/2756-134-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2040-143-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1160-146-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/760-161-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1100-164-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1680-179-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2884-196-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2272-199-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2280-240-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/2000-251-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2864-299-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1336-312-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2340-338-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2660-364-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2520-390-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2384-404-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1032-405-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2768-425-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2236-444-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/788-457-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/484-737-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1364-844-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1316-911-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2264-936-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2264-943-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2916-1065-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
Processes:
resource yara_rule behavioral1/memory/1684-0-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1448-8-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2136-20-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1448-16-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2600-28-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2744-43-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2712-55-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2680-72-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2764-71-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2680-80-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2524-83-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/3012-92-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2700-110-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2756-134-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2040-143-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1160-146-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/760-161-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1100-164-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1680-179-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2884-196-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2272-199-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2280-233-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2000-251-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2024-286-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1728-300-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2864-299-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1336-312-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1448-325-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2340-338-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2732-351-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2660-364-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2528-371-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2520-390-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2384-404-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1032-405-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2768-418-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2768-425-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2236-444-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/788-457-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/708-508-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2412-575-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1656-630-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2788-637-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2644-668-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2764-675-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1200-712-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/484-737-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2376-812-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1128-825-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1364-844-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/948-845-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1316-911-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2264-936-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2264-943-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2720-944-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2916-1065-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2968-1078-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/408-1115-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2880-1252-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2760-1301-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1820-1308-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2824-1315-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2236-1322-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1616-1329-0x0000000000400000-0x000000000042A000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
Processes:
xxrflxl.exehbtbhn.exevjvvj.exe1rfllrl.exerxxffrr.exerlffrxl.exettttht.exeffxfrrx.exetbbttn.exe3dvdj.exenhbntb.exeffllfrr.exehbnbhh.exevvpvd.exenbhbbt.exexxrrffr.exehbnnnn.exeffxfllx.exehbnnbh.exexxlllxl.exedvpvd.exellfxflx.exetnnnbb.exehhtthh.exeppjvd.exetbbbtt.exedpjpd.exehhhtbn.exejdppv.exettnhtb.exejpjjv.exebbnnnn.exevpjvd.exelrfxxlx.exe9hbnbh.exedvjpd.exelfxflrx.exehbbnhn.exepjvjp.exevpdjp.exelflflrx.exehhhnbh.exejvdvv.exexrlrrxr.exehbttht.exejdppd.exe7jpdj.exexrflxfx.exebthntt.exe3btttb.exepdvdp.exe5rfflll.exe3ttntb.exe3vdvv.exe5vvdp.exerllrfrx.exethnbbn.exe3pjjj.exefxlxllx.exehhbbnn.exebnhnnh.exe9pjdv.exeflllxff.exebntthb.exepid process 1448 xxrflxl.exe 2136 hbtbhn.exe 2600 vjvvj.exe 2744 1rfllrl.exe 2736 rxxffrr.exe 2712 rlffrxl.exe 2764 ttttht.exe 2680 ffxfrrx.exe 2524 tbbttn.exe 3012 3dvdj.exe 1964 nhbntb.exe 2700 ffllfrr.exe 1124 hbnbhh.exe 2756 vvpvd.exe 2040 nbhbbt.exe 1160 xxrrffr.exe 760 hbnnnn.exe 1100 ffxfllx.exe 1680 hbnnbh.exe 2992 xxlllxl.exe 2884 dvpvd.exe 2272 llfxflx.exe 2376 tnnnbb.exe 2432 hhtthh.exe 996 ppjvd.exe 2280 tbbbtt.exe 2000 dpjpd.exe 292 hhhtbn.exe 1048 jdppv.exe 1800 ttnhtb.exe 2408 jpjjv.exe 2024 bbnnnn.exe 2864 vpjvd.exe 1728 lrfxxlx.exe 1336 9hbnbh.exe 1684 dvjpd.exe 1564 lfxflrx.exe 1448 hbbnhn.exe 2340 pjvjp.exe 2696 vpdjp.exe 2796 lflflrx.exe 2732 hhhnbh.exe 2728 jvdvv.exe 2660 xrlrrxr.exe 2528 hbttht.exe 2552 jdppd.exe 2508 7jpdj.exe 2520 xrflxfx.exe 2384 bthntt.exe 1032 3btttb.exe 2776 pdvdp.exe 2768 5rfflll.exe 2824 3ttntb.exe 2020 3vdvv.exe 2236 5vvdp.exe 2212 rllrfrx.exe 1156 thnbbn.exe 788 3pjjj.exe 1980 fxlxllx.exe 1724 hhbbnn.exe 1652 bnhnnh.exe 1680 9pjdv.exe 2544 flllxff.exe 2100 bntthb.exe -
Processes:
resource yara_rule behavioral1/memory/1684-0-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1448-8-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2136-20-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1448-16-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2600-28-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2744-43-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2712-55-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2680-72-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2764-71-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2680-80-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2524-83-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/3012-92-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2700-110-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2756-134-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2040-143-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1160-146-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/760-161-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1100-164-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1680-179-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2884-196-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2272-199-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2280-233-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2000-251-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2024-286-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1728-300-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2864-299-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1336-312-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1448-325-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2340-338-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2732-351-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2660-364-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2528-371-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2520-390-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2384-404-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1032-405-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2768-418-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2768-425-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2236-444-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/788-457-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/708-508-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1656-630-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2788-637-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2644-668-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2764-675-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1200-712-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/484-737-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2376-812-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1128-825-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1364-844-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/948-845-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1316-911-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2264-936-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2264-943-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2720-944-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2916-1065-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2968-1078-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/408-1115-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2880-1252-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2760-1301-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1820-1308-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2824-1315-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2236-1322-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1616-1329-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1156-1343-0x0000000000400000-0x000000000042A000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
b6932026f2cb385adf65eee323975b2bae9b351feaa4ad8beb52d4545de9bc89.exexxrflxl.exehbtbhn.exevjvvj.exe1rfllrl.exerxxffrr.exerlffrxl.exettttht.exeffxfrrx.exetbbttn.exe3dvdj.exenhbntb.exeffllfrr.exehbnbhh.exevvpvd.exenbhbbt.exedescription pid process target process PID 1684 wrote to memory of 1448 1684 b6932026f2cb385adf65eee323975b2bae9b351feaa4ad8beb52d4545de9bc89.exe xxrflxl.exe PID 1684 wrote to memory of 1448 1684 b6932026f2cb385adf65eee323975b2bae9b351feaa4ad8beb52d4545de9bc89.exe xxrflxl.exe PID 1684 wrote to memory of 1448 1684 b6932026f2cb385adf65eee323975b2bae9b351feaa4ad8beb52d4545de9bc89.exe xxrflxl.exe PID 1684 wrote to memory of 1448 1684 b6932026f2cb385adf65eee323975b2bae9b351feaa4ad8beb52d4545de9bc89.exe xxrflxl.exe PID 1448 wrote to memory of 2136 1448 xxrflxl.exe hbtbhn.exe PID 1448 wrote to memory of 2136 1448 xxrflxl.exe hbtbhn.exe PID 1448 wrote to memory of 2136 1448 xxrflxl.exe hbtbhn.exe PID 1448 wrote to memory of 2136 1448 xxrflxl.exe hbtbhn.exe PID 2136 wrote to memory of 2600 2136 hbtbhn.exe vjvvj.exe PID 2136 wrote to memory of 2600 2136 hbtbhn.exe vjvvj.exe PID 2136 wrote to memory of 2600 2136 hbtbhn.exe vjvvj.exe PID 2136 wrote to memory of 2600 2136 hbtbhn.exe vjvvj.exe PID 2600 wrote to memory of 2744 2600 vjvvj.exe 1rfllrl.exe PID 2600 wrote to memory of 2744 2600 vjvvj.exe 1rfllrl.exe PID 2600 wrote to memory of 2744 2600 vjvvj.exe 1rfllrl.exe PID 2600 wrote to memory of 2744 2600 vjvvj.exe 1rfllrl.exe PID 2744 wrote to memory of 2736 2744 1rfllrl.exe rxxffrr.exe PID 2744 wrote to memory of 2736 2744 1rfllrl.exe rxxffrr.exe PID 2744 wrote to memory of 2736 2744 1rfllrl.exe rxxffrr.exe PID 2744 wrote to memory of 2736 2744 1rfllrl.exe rxxffrr.exe PID 2736 wrote to memory of 2712 2736 rxxffrr.exe rlffrxl.exe PID 2736 wrote to memory of 2712 2736 rxxffrr.exe rlffrxl.exe PID 2736 wrote to memory of 2712 2736 rxxffrr.exe rlffrxl.exe PID 2736 wrote to memory of 2712 2736 rxxffrr.exe rlffrxl.exe PID 2712 wrote to memory of 2764 2712 rlffrxl.exe ttttht.exe PID 2712 wrote to memory of 2764 2712 rlffrxl.exe ttttht.exe PID 2712 wrote to memory of 2764 2712 rlffrxl.exe ttttht.exe PID 2712 wrote to memory of 2764 2712 rlffrxl.exe ttttht.exe PID 2764 wrote to memory of 2680 2764 ttttht.exe ffxfrrx.exe PID 2764 wrote to memory of 2680 2764 ttttht.exe ffxfrrx.exe PID 2764 wrote to memory of 2680 2764 ttttht.exe ffxfrrx.exe PID 2764 wrote to memory of 2680 2764 ttttht.exe ffxfrrx.exe PID 2680 wrote to memory of 2524 2680 ffxfrrx.exe tbbttn.exe PID 2680 wrote to memory of 2524 2680 ffxfrrx.exe tbbttn.exe PID 2680 wrote to memory of 2524 2680 ffxfrrx.exe tbbttn.exe PID 2680 wrote to memory of 2524 2680 ffxfrrx.exe tbbttn.exe PID 2524 wrote to memory of 3012 2524 tbbttn.exe 3dvdj.exe PID 2524 wrote to memory of 3012 2524 tbbttn.exe 3dvdj.exe PID 2524 wrote to memory of 3012 2524 tbbttn.exe 3dvdj.exe PID 2524 wrote to memory of 3012 2524 tbbttn.exe 3dvdj.exe PID 3012 wrote to memory of 1964 3012 3dvdj.exe nhbntb.exe PID 3012 wrote to memory of 1964 3012 3dvdj.exe nhbntb.exe PID 3012 wrote to memory of 1964 3012 3dvdj.exe nhbntb.exe PID 3012 wrote to memory of 1964 3012 3dvdj.exe nhbntb.exe PID 1964 wrote to memory of 2700 1964 nhbntb.exe ffllfrr.exe PID 1964 wrote to memory of 2700 1964 nhbntb.exe ffllfrr.exe PID 1964 wrote to memory of 2700 1964 nhbntb.exe ffllfrr.exe PID 1964 wrote to memory of 2700 1964 nhbntb.exe ffllfrr.exe PID 2700 wrote to memory of 1124 2700 ffllfrr.exe hbnbhh.exe PID 2700 wrote to memory of 1124 2700 ffllfrr.exe hbnbhh.exe PID 2700 wrote to memory of 1124 2700 ffllfrr.exe hbnbhh.exe PID 2700 wrote to memory of 1124 2700 ffllfrr.exe hbnbhh.exe PID 1124 wrote to memory of 2756 1124 hbnbhh.exe vvpvd.exe PID 1124 wrote to memory of 2756 1124 hbnbhh.exe vvpvd.exe PID 1124 wrote to memory of 2756 1124 hbnbhh.exe vvpvd.exe PID 1124 wrote to memory of 2756 1124 hbnbhh.exe vvpvd.exe PID 2756 wrote to memory of 2040 2756 vvpvd.exe nbhbbt.exe PID 2756 wrote to memory of 2040 2756 vvpvd.exe nbhbbt.exe PID 2756 wrote to memory of 2040 2756 vvpvd.exe nbhbbt.exe PID 2756 wrote to memory of 2040 2756 vvpvd.exe nbhbbt.exe PID 2040 wrote to memory of 1160 2040 nbhbbt.exe xxrrffr.exe PID 2040 wrote to memory of 1160 2040 nbhbbt.exe xxrrffr.exe PID 2040 wrote to memory of 1160 2040 nbhbbt.exe xxrrffr.exe PID 2040 wrote to memory of 1160 2040 nbhbbt.exe xxrrffr.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\b6932026f2cb385adf65eee323975b2bae9b351feaa4ad8beb52d4545de9bc89.exe"C:\Users\Admin\AppData\Local\Temp\b6932026f2cb385adf65eee323975b2bae9b351feaa4ad8beb52d4545de9bc89.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1684 -
\??\c:\xxrflxl.exec:\xxrflxl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1448 -
\??\c:\hbtbhn.exec:\hbtbhn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2136 -
\??\c:\vjvvj.exec:\vjvvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2600 -
\??\c:\1rfllrl.exec:\1rfllrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2744 -
\??\c:\rxxffrr.exec:\rxxffrr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2736 -
\??\c:\rlffrxl.exec:\rlffrxl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2712 -
\??\c:\ttttht.exec:\ttttht.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2764 -
\??\c:\ffxfrrx.exec:\ffxfrrx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2680 -
\??\c:\tbbttn.exec:\tbbttn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2524 -
\??\c:\3dvdj.exec:\3dvdj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3012 -
\??\c:\nhbntb.exec:\nhbntb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1964 -
\??\c:\ffllfrr.exec:\ffllfrr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2700 -
\??\c:\hbnbhh.exec:\hbnbhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1124 -
\??\c:\vvpvd.exec:\vvpvd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2756 -
\??\c:\nbhbbt.exec:\nbhbbt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2040 -
\??\c:\xxrrffr.exec:\xxrrffr.exe17⤵
- Executes dropped EXE
PID:1160 -
\??\c:\hbnnnn.exec:\hbnnnn.exe18⤵
- Executes dropped EXE
PID:760 -
\??\c:\ffxfllx.exec:\ffxfllx.exe19⤵
- Executes dropped EXE
PID:1100 -
\??\c:\hbnnbh.exec:\hbnnbh.exe20⤵
- Executes dropped EXE
PID:1680 -
\??\c:\xxlllxl.exec:\xxlllxl.exe21⤵
- Executes dropped EXE
PID:2992 -
\??\c:\dvpvd.exec:\dvpvd.exe22⤵
- Executes dropped EXE
PID:2884 -
\??\c:\llfxflx.exec:\llfxflx.exe23⤵
- Executes dropped EXE
PID:2272 -
\??\c:\tnnnbb.exec:\tnnnbb.exe24⤵
- Executes dropped EXE
PID:2376 -
\??\c:\hhtthh.exec:\hhtthh.exe25⤵
- Executes dropped EXE
PID:2432 -
\??\c:\ppjvd.exec:\ppjvd.exe26⤵
- Executes dropped EXE
PID:996 -
\??\c:\tbbbtt.exec:\tbbbtt.exe27⤵
- Executes dropped EXE
PID:2280 -
\??\c:\dpjpd.exec:\dpjpd.exe28⤵
- Executes dropped EXE
PID:2000 -
\??\c:\hhhtbn.exec:\hhhtbn.exe29⤵
- Executes dropped EXE
PID:292 -
\??\c:\jdppv.exec:\jdppv.exe30⤵
- Executes dropped EXE
PID:1048 -
\??\c:\ttnhtb.exec:\ttnhtb.exe31⤵
- Executes dropped EXE
PID:1800 -
\??\c:\jpjjv.exec:\jpjjv.exe32⤵
- Executes dropped EXE
PID:2408 -
\??\c:\bbnnnn.exec:\bbnnnn.exe33⤵
- Executes dropped EXE
PID:2024 -
\??\c:\vpjvd.exec:\vpjvd.exe34⤵
- Executes dropped EXE
PID:2864 -
\??\c:\lrfxxlx.exec:\lrfxxlx.exe35⤵
- Executes dropped EXE
PID:1728 -
\??\c:\9hbnbh.exec:\9hbnbh.exe36⤵
- Executes dropped EXE
PID:1336 -
\??\c:\dvjpd.exec:\dvjpd.exe37⤵
- Executes dropped EXE
PID:1684 -
\??\c:\lfxflrx.exec:\lfxflrx.exe38⤵
- Executes dropped EXE
PID:1564 -
\??\c:\hbbnhn.exec:\hbbnhn.exe39⤵
- Executes dropped EXE
PID:1448 -
\??\c:\pjvjp.exec:\pjvjp.exe40⤵
- Executes dropped EXE
PID:2340 -
\??\c:\vpdjp.exec:\vpdjp.exe41⤵
- Executes dropped EXE
PID:2696 -
\??\c:\lflflrx.exec:\lflflrx.exe42⤵
- Executes dropped EXE
PID:2796 -
\??\c:\hhhnbh.exec:\hhhnbh.exe43⤵
- Executes dropped EXE
PID:2732 -
\??\c:\jvdvv.exec:\jvdvv.exe44⤵
- Executes dropped EXE
PID:2728 -
\??\c:\xrlrrxr.exec:\xrlrrxr.exe45⤵
- Executes dropped EXE
PID:2660 -
\??\c:\hbttht.exec:\hbttht.exe46⤵
- Executes dropped EXE
PID:2528 -
\??\c:\jdppd.exec:\jdppd.exe47⤵
- Executes dropped EXE
PID:2552 -
\??\c:\7jpdj.exec:\7jpdj.exe48⤵
- Executes dropped EXE
PID:2508 -
\??\c:\xrflxfx.exec:\xrflxfx.exe49⤵
- Executes dropped EXE
PID:2520 -
\??\c:\bthntt.exec:\bthntt.exe50⤵
- Executes dropped EXE
PID:2384 -
\??\c:\3btttb.exec:\3btttb.exe51⤵
- Executes dropped EXE
PID:1032 -
\??\c:\pdvdp.exec:\pdvdp.exe52⤵
- Executes dropped EXE
PID:2776 -
\??\c:\5rfflll.exec:\5rfflll.exe53⤵
- Executes dropped EXE
PID:2768 -
\??\c:\3ttntb.exec:\3ttntb.exe54⤵
- Executes dropped EXE
PID:2824 -
\??\c:\3vdvv.exec:\3vdvv.exe55⤵
- Executes dropped EXE
PID:2020 -
\??\c:\5vvdp.exec:\5vvdp.exe56⤵
- Executes dropped EXE
PID:2236 -
\??\c:\rllrfrx.exec:\rllrfrx.exe57⤵
- Executes dropped EXE
PID:2212 -
\??\c:\thnbbn.exec:\thnbbn.exe58⤵
- Executes dropped EXE
PID:1156 -
\??\c:\3pjjj.exec:\3pjjj.exe59⤵
- Executes dropped EXE
PID:788 -
\??\c:\fxlxllx.exec:\fxlxllx.exe60⤵
- Executes dropped EXE
PID:1980 -
\??\c:\hhbbnn.exec:\hhbbnn.exe61⤵
- Executes dropped EXE
PID:1724 -
\??\c:\bnhnnh.exec:\bnhnnh.exe62⤵
- Executes dropped EXE
PID:1652 -
\??\c:\9pjdv.exec:\9pjdv.exe63⤵
- Executes dropped EXE
PID:1680 -
\??\c:\flllxff.exec:\flllxff.exe64⤵
- Executes dropped EXE
PID:2544 -
\??\c:\bntthb.exec:\bntthb.exe65⤵
- Executes dropped EXE
PID:2100 -
\??\c:\5thhtt.exec:\5thhtt.exe66⤵PID:2192
-
\??\c:\1pddj.exec:\1pddj.exe67⤵PID:708
-
\??\c:\fxllrxl.exec:\fxllrxl.exe68⤵PID:2376
-
\??\c:\ttnbnt.exec:\ttnbnt.exe69⤵PID:2396
-
\??\c:\nhhtnt.exec:\nhhtnt.exe70⤵PID:1128
-
\??\c:\dvpvj.exec:\dvpvj.exe71⤵PID:2316
-
\??\c:\lfxxflx.exec:\lfxxflx.exe72⤵PID:1364
-
\??\c:\fxlxlfr.exec:\fxlxlfr.exe73⤵PID:2848
-
\??\c:\bbtntb.exec:\bbtntb.exe74⤵PID:1396
-
\??\c:\jdvjp.exec:\jdvjp.exe75⤵PID:2172
-
\??\c:\3vdjd.exec:\3vdjd.exe76⤵PID:900
-
\??\c:\lfxfllf.exec:\lfxfllf.exe77⤵PID:1800
-
\??\c:\hhttnn.exec:\hhttnn.exe78⤵PID:2412
-
\??\c:\vvvvd.exec:\vvvvd.exe79⤵PID:2016
-
\??\c:\jvppd.exec:\jvppd.exe80⤵PID:2368
-
\??\c:\flffxll.exec:\flffxll.exe81⤵PID:2864
-
\??\c:\9tntbh.exec:\9tntbh.exe82⤵PID:2944
-
\??\c:\3nbbbh.exec:\3nbbbh.exe83⤵PID:1244
-
\??\c:\5djjp.exec:\5djjp.exe84⤵PID:3056
-
\??\c:\lrflrrf.exec:\lrflrrf.exe85⤵PID:2320
-
\??\c:\btbhht.exec:\btbhht.exe86⤵PID:1196
-
\??\c:\bbnhnt.exec:\bbnhnt.exe87⤵PID:1656
-
\??\c:\vpjpd.exec:\vpjpd.exe88⤵PID:2788
-
\??\c:\9rfrlfx.exec:\9rfrlfx.exe89⤵PID:2948
-
\??\c:\bhbttn.exec:\bhbttn.exe90⤵PID:2744
-
\??\c:\5btthn.exec:\5btthn.exe91⤵PID:2668
-
\??\c:\7pdpv.exec:\7pdpv.exe92⤵PID:2880
-
\??\c:\lfrxlrf.exec:\lfrxlrf.exe93⤵PID:2644
-
\??\c:\lfrflrl.exec:\lfrflrl.exe94⤵PID:2764
-
\??\c:\bbtntb.exec:\bbtntb.exe95⤵PID:2628
-
\??\c:\jdvdj.exec:\jdvdj.exe96⤵PID:2440
-
\??\c:\vpjpv.exec:\vpjpv.exe97⤵PID:2556
-
\??\c:\ffrrlrx.exec:\ffrrlrx.exe98⤵PID:2568
-
\??\c:\3hbbnb.exec:\3hbbnb.exe99⤵PID:2044
-
\??\c:\dvppv.exec:\dvppv.exe100⤵PID:1200
-
\??\c:\jjddj.exec:\jjddj.exe101⤵PID:1956
-
\??\c:\1rflllr.exec:\1rflllr.exe102⤵PID:2824
-
\??\c:\tnbhnn.exec:\tnbhnn.exe103⤵PID:2036
-
\??\c:\jpddj.exec:\jpddj.exe104⤵PID:484
-
\??\c:\lxxxxxf.exec:\lxxxxxf.exe105⤵PID:872
-
\??\c:\nnnthb.exec:\nnnthb.exe106⤵PID:1156
-
\??\c:\jddvd.exec:\jddvd.exe107⤵PID:788
-
\??\c:\7xfllrf.exec:\7xfllrf.exe108⤵PID:1980
-
\??\c:\ffxfrfr.exec:\ffxfrfr.exe109⤵PID:1724
-
\??\c:\7hthnn.exec:\7hthnn.exe110⤵PID:1652
-
\??\c:\pvvpj.exec:\pvvpj.exe111⤵PID:1680
-
\??\c:\llfrflf.exec:\llfrflf.exe112⤵PID:2296
-
\??\c:\bbtthh.exec:\bbtthh.exe113⤵PID:2484
-
\??\c:\hbtthh.exec:\hbtthh.exe114⤵PID:2192
-
\??\c:\1jjpj.exec:\1jjpj.exe115⤵PID:1848
-
\??\c:\3xrxffx.exec:\3xrxffx.exe116⤵PID:2376
-
\??\c:\nnhtnt.exec:\nnhtnt.exe117⤵PID:2396
-
\??\c:\jvpvd.exec:\jvpvd.exe118⤵PID:1128
-
\??\c:\5fxfrrr.exec:\5fxfrrr.exe119⤵PID:1544
-
\??\c:\llflrxl.exec:\llflrxl.exe120⤵PID:1364
-
\??\c:\hhbbnt.exec:\hhbbnt.exe121⤵PID:948
-
\??\c:\jjdpj.exec:\jjdpj.exe122⤵PID:1772
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-