Analysis
-
max time kernel
151s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
06-06-2024 05:08
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
b6932026f2cb385adf65eee323975b2bae9b351feaa4ad8beb52d4545de9bc89.exe
Resource
win7-20240508-en
6 signatures
150 seconds
General
-
Target
b6932026f2cb385adf65eee323975b2bae9b351feaa4ad8beb52d4545de9bc89.exe
-
Size
487KB
-
MD5
1e58961e1bceedcddbfbe7820c84df90
-
SHA1
d1a9e3385e2d416d823e6132b2b23bc66a786197
-
SHA256
b6932026f2cb385adf65eee323975b2bae9b351feaa4ad8beb52d4545de9bc89
-
SHA512
6d29aa4c27c77a2f973d35240733b39f3bddcdad8384f93ceda28eab9fbb38164ebb2a82036e495172307ea0ed977f25ca4144f35c52d3a08db76ac6176c764b
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwu1b26X1wjdgyPPBv:q7Tc2NYHUrAwqzQ7PPV
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
Processes:
resource yara_rule behavioral2/memory/3152-5-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3984-11-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3764-17-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4340-23-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4576-29-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4764-36-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/220-43-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3120-41-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4028-50-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2348-59-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2108-80-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1448-86-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4904-92-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4924-98-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2608-101-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3348-107-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2568-117-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2688-123-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2392-131-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4800-137-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3840-146-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2356-143-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4552-154-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2780-162-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/996-175-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4548-173-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3728-181-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3992-194-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4764-210-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4248-214-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3172-218-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4516-228-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3180-229-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2436-236-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2724-250-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1884-257-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1744-261-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4224-272-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4680-287-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2876-294-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2672-310-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4528-323-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3876-339-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2188-343-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3132-359-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4804-360-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4436-370-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1004-380-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2108-384-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2608-403-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4092-410-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1088-426-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2604-460-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4436-506-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3980-507-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1208-529-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4412-557-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2232-558-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3428-652-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2232-668-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1544-844-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2468-1008-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3224-1075-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3460-1085-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
Processes:
resource yara_rule behavioral2/memory/3152-5-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3984-11-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3764-17-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4340-23-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4576-25-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4576-29-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4764-36-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/220-43-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3120-41-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4028-50-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2348-59-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2108-80-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1448-86-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4904-92-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4924-98-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2608-101-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3348-107-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2568-117-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2392-125-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2688-123-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2392-131-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2356-138-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4800-137-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3840-146-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2356-143-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4552-154-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2780-162-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/996-175-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4548-173-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3728-181-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3992-194-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4764-210-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4248-214-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3172-218-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4516-228-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3180-229-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2436-236-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1992-243-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2724-250-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1884-257-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1744-261-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4224-272-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4680-287-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2876-294-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2672-310-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4528-323-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3876-339-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2188-343-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3132-359-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4804-360-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4436-370-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1004-380-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2108-384-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2608-403-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4092-410-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1088-426-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2604-460-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4436-506-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3980-507-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1208-529-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4412-557-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2232-558-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3428-652-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2232-668-0x0000000000400000-0x000000000042A000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
Processes:
xr2m10q.exeo3294.exe2bx67q8.exek83357.exe77x3et5.exeg9ge8.exeggps67.exe5971155.exenn114m.exeq2c9a8.exe81o57.exefl0gk.exee0270d4.exeg379j89.exee3rre.exe33hga.exe73o60c.exect9s0go.exe62k75h0.exe7xrn23.exedqtud2.exe8pr233.exet8t8ln7.exe151k71.exev5e651v.exe35sh51.exev171c7.exe5dj9ke6.exec4acme8.exep921j.exe355k3i.exemaq7ww2.exe3rv56dp.exes75497k.exe0rfp3f.exeq7k34x.exe51jwc.exe73fqf.exenlorh4h.exe3p90hen.exe1vdho9.exebgtm6i0.exejknv3.exej7e9249.exel86wb4.exec6s1x6.exeb3985.exeil739.exe7f474qn.exefi70g.exemfp2gw7.exe4wn82x5.exes9gl3a.execdk70.exeg681375.exewfhrnp.exe6g7qke.exe77nbe.exeptn3l6m.exeh98193.exevbh6eq.exe4x2tki1.exe75v60.exetwh18.exepid process 3984 xr2m10q.exe 3764 o3294.exe 4340 2bx67q8.exe 4576 k83357.exe 4764 77x3et5.exe 3120 g9ge8.exe 220 ggps67.exe 4028 5971155.exe 2348 nn114m.exe 4640 q2c9a8.exe 740 81o57.exe 1212 fl0gk.exe 2108 e0270d4.exe 1448 g379j89.exe 4904 e3rre.exe 4924 33hga.exe 2608 73o60c.exe 3348 ct9s0go.exe 2568 62k75h0.exe 2688 7xrn23.exe 2392 dqtud2.exe 4800 8pr233.exe 2356 t8t8ln7.exe 3840 151k71.exe 4552 v5e651v.exe 2780 35sh51.exe 3628 v171c7.exe 996 5dj9ke6.exe 4548 c4acme8.exe 3728 p921j.exe 2564 355k3i.exe 3992 maq7ww2.exe 3876 3rv56dp.exe 4532 s75497k.exe 3656 0rfp3f.exe 3564 q7k34x.exe 4764 51jwc.exe 4248 73fqf.exe 3172 nlorh4h.exe 4028 3p90hen.exe 3224 1vdho9.exe 4516 bgtm6i0.exe 3180 jknv3.exe 2436 j7e9249.exe 1004 l86wb4.exe 2108 c6s1x6.exe 1992 b3985.exe 2724 il739.exe 4088 7f474qn.exe 1884 fi70g.exe 1744 mfp2gw7.exe 1408 4wn82x5.exe 4072 s9gl3a.exe 4092 cdk70.exe 4224 g681375.exe 2044 wfhrnp.exe 3780 6g7qke.exe 3580 77nbe.exe 4680 ptn3l6m.exe 1472 h98193.exe 2876 vbh6eq.exe 1100 4x2tki1.exe 3840 75v60.exe 4552 twh18.exe -
Processes:
resource yara_rule behavioral2/memory/3152-5-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3984-11-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3764-17-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4340-23-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4576-25-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4576-29-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4764-36-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/220-43-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3120-41-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4028-50-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2348-59-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2108-80-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1448-86-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4904-92-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4924-98-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2608-101-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3348-107-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2568-117-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2392-125-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2688-123-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2392-131-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2356-138-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4800-137-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3840-146-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2356-143-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4552-154-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2780-162-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/996-175-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4548-173-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3728-181-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3992-194-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4764-210-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4248-214-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3172-218-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4516-228-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3180-229-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2436-236-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1992-243-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2724-250-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1884-257-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1744-261-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4224-272-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4680-287-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2876-294-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2672-310-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4528-323-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3876-339-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2188-343-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3132-359-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4804-360-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4436-370-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1004-380-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2108-384-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2608-403-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4092-410-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1088-426-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2604-460-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4436-506-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3980-507-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1208-529-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4412-557-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2232-558-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3428-652-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2232-668-0x0000000000400000-0x000000000042A000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
b6932026f2cb385adf65eee323975b2bae9b351feaa4ad8beb52d4545de9bc89.exexr2m10q.exeo3294.exe2bx67q8.exek83357.exe77x3et5.exeg9ge8.exeggps67.exe5971155.exenn114m.exeq2c9a8.exe81o57.exefl0gk.exee0270d4.exeg379j89.exee3rre.exe33hga.exe73o60c.exect9s0go.exe62k75h0.exe7xrn23.exedqtud2.exedescription pid process target process PID 3152 wrote to memory of 3984 3152 b6932026f2cb385adf65eee323975b2bae9b351feaa4ad8beb52d4545de9bc89.exe xr2m10q.exe PID 3152 wrote to memory of 3984 3152 b6932026f2cb385adf65eee323975b2bae9b351feaa4ad8beb52d4545de9bc89.exe xr2m10q.exe PID 3152 wrote to memory of 3984 3152 b6932026f2cb385adf65eee323975b2bae9b351feaa4ad8beb52d4545de9bc89.exe xr2m10q.exe PID 3984 wrote to memory of 3764 3984 xr2m10q.exe o3294.exe PID 3984 wrote to memory of 3764 3984 xr2m10q.exe o3294.exe PID 3984 wrote to memory of 3764 3984 xr2m10q.exe o3294.exe PID 3764 wrote to memory of 4340 3764 o3294.exe 2bx67q8.exe PID 3764 wrote to memory of 4340 3764 o3294.exe 2bx67q8.exe PID 3764 wrote to memory of 4340 3764 o3294.exe 2bx67q8.exe PID 4340 wrote to memory of 4576 4340 2bx67q8.exe k83357.exe PID 4340 wrote to memory of 4576 4340 2bx67q8.exe k83357.exe PID 4340 wrote to memory of 4576 4340 2bx67q8.exe k83357.exe PID 4576 wrote to memory of 4764 4576 k83357.exe 77x3et5.exe PID 4576 wrote to memory of 4764 4576 k83357.exe 77x3et5.exe PID 4576 wrote to memory of 4764 4576 k83357.exe 77x3et5.exe PID 4764 wrote to memory of 3120 4764 77x3et5.exe g9ge8.exe PID 4764 wrote to memory of 3120 4764 77x3et5.exe g9ge8.exe PID 4764 wrote to memory of 3120 4764 77x3et5.exe g9ge8.exe PID 3120 wrote to memory of 220 3120 g9ge8.exe ggps67.exe PID 3120 wrote to memory of 220 3120 g9ge8.exe ggps67.exe PID 3120 wrote to memory of 220 3120 g9ge8.exe ggps67.exe PID 220 wrote to memory of 4028 220 ggps67.exe 5971155.exe PID 220 wrote to memory of 4028 220 ggps67.exe 5971155.exe PID 220 wrote to memory of 4028 220 ggps67.exe 5971155.exe PID 4028 wrote to memory of 2348 4028 5971155.exe nn114m.exe PID 4028 wrote to memory of 2348 4028 5971155.exe nn114m.exe PID 4028 wrote to memory of 2348 4028 5971155.exe nn114m.exe PID 2348 wrote to memory of 4640 2348 nn114m.exe q2c9a8.exe PID 2348 wrote to memory of 4640 2348 nn114m.exe q2c9a8.exe PID 2348 wrote to memory of 4640 2348 nn114m.exe q2c9a8.exe PID 4640 wrote to memory of 740 4640 q2c9a8.exe 81o57.exe PID 4640 wrote to memory of 740 4640 q2c9a8.exe 81o57.exe PID 4640 wrote to memory of 740 4640 q2c9a8.exe 81o57.exe PID 740 wrote to memory of 1212 740 81o57.exe fl0gk.exe PID 740 wrote to memory of 1212 740 81o57.exe fl0gk.exe PID 740 wrote to memory of 1212 740 81o57.exe fl0gk.exe PID 1212 wrote to memory of 2108 1212 fl0gk.exe e0270d4.exe PID 1212 wrote to memory of 2108 1212 fl0gk.exe e0270d4.exe PID 1212 wrote to memory of 2108 1212 fl0gk.exe e0270d4.exe PID 2108 wrote to memory of 1448 2108 e0270d4.exe g379j89.exe PID 2108 wrote to memory of 1448 2108 e0270d4.exe g379j89.exe PID 2108 wrote to memory of 1448 2108 e0270d4.exe g379j89.exe PID 1448 wrote to memory of 4904 1448 g379j89.exe e3rre.exe PID 1448 wrote to memory of 4904 1448 g379j89.exe e3rre.exe PID 1448 wrote to memory of 4904 1448 g379j89.exe e3rre.exe PID 4904 wrote to memory of 4924 4904 e3rre.exe 33hga.exe PID 4904 wrote to memory of 4924 4904 e3rre.exe 33hga.exe PID 4904 wrote to memory of 4924 4904 e3rre.exe 33hga.exe PID 4924 wrote to memory of 2608 4924 33hga.exe 73o60c.exe PID 4924 wrote to memory of 2608 4924 33hga.exe 73o60c.exe PID 4924 wrote to memory of 2608 4924 33hga.exe 73o60c.exe PID 2608 wrote to memory of 3348 2608 73o60c.exe ct9s0go.exe PID 2608 wrote to memory of 3348 2608 73o60c.exe ct9s0go.exe PID 2608 wrote to memory of 3348 2608 73o60c.exe ct9s0go.exe PID 3348 wrote to memory of 2568 3348 ct9s0go.exe 62k75h0.exe PID 3348 wrote to memory of 2568 3348 ct9s0go.exe 62k75h0.exe PID 3348 wrote to memory of 2568 3348 ct9s0go.exe 62k75h0.exe PID 2568 wrote to memory of 2688 2568 62k75h0.exe 7xrn23.exe PID 2568 wrote to memory of 2688 2568 62k75h0.exe 7xrn23.exe PID 2568 wrote to memory of 2688 2568 62k75h0.exe 7xrn23.exe PID 2688 wrote to memory of 2392 2688 7xrn23.exe dqtud2.exe PID 2688 wrote to memory of 2392 2688 7xrn23.exe dqtud2.exe PID 2688 wrote to memory of 2392 2688 7xrn23.exe dqtud2.exe PID 2392 wrote to memory of 4800 2392 dqtud2.exe 8pr233.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\b6932026f2cb385adf65eee323975b2bae9b351feaa4ad8beb52d4545de9bc89.exe"C:\Users\Admin\AppData\Local\Temp\b6932026f2cb385adf65eee323975b2bae9b351feaa4ad8beb52d4545de9bc89.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3152 -
\??\c:\xr2m10q.exec:\xr2m10q.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3984 -
\??\c:\o3294.exec:\o3294.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3764 -
\??\c:\2bx67q8.exec:\2bx67q8.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4340 -
\??\c:\k83357.exec:\k83357.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4576 -
\??\c:\77x3et5.exec:\77x3et5.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4764 -
\??\c:\g9ge8.exec:\g9ge8.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3120 -
\??\c:\ggps67.exec:\ggps67.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:220 -
\??\c:\5971155.exec:\5971155.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4028 -
\??\c:\nn114m.exec:\nn114m.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2348 -
\??\c:\q2c9a8.exec:\q2c9a8.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4640 -
\??\c:\81o57.exec:\81o57.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:740 -
\??\c:\fl0gk.exec:\fl0gk.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1212 -
\??\c:\e0270d4.exec:\e0270d4.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2108 -
\??\c:\g379j89.exec:\g379j89.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1448 -
\??\c:\e3rre.exec:\e3rre.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4904 -
\??\c:\33hga.exec:\33hga.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4924 -
\??\c:\73o60c.exec:\73o60c.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2608 -
\??\c:\ct9s0go.exec:\ct9s0go.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3348 -
\??\c:\62k75h0.exec:\62k75h0.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2568 -
\??\c:\7xrn23.exec:\7xrn23.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2688 -
\??\c:\dqtud2.exec:\dqtud2.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2392 -
\??\c:\8pr233.exec:\8pr233.exe23⤵
- Executes dropped EXE
PID:4800 -
\??\c:\t8t8ln7.exec:\t8t8ln7.exe24⤵
- Executes dropped EXE
PID:2356 -
\??\c:\151k71.exec:\151k71.exe25⤵
- Executes dropped EXE
PID:3840 -
\??\c:\v5e651v.exec:\v5e651v.exe26⤵
- Executes dropped EXE
PID:4552 -
\??\c:\35sh51.exec:\35sh51.exe27⤵
- Executes dropped EXE
PID:2780 -
\??\c:\v171c7.exec:\v171c7.exe28⤵
- Executes dropped EXE
PID:3628 -
\??\c:\5dj9ke6.exec:\5dj9ke6.exe29⤵
- Executes dropped EXE
PID:996 -
\??\c:\c4acme8.exec:\c4acme8.exe30⤵
- Executes dropped EXE
PID:4548 -
\??\c:\p921j.exec:\p921j.exe31⤵
- Executes dropped EXE
PID:3728 -
\??\c:\355k3i.exec:\355k3i.exe32⤵
- Executes dropped EXE
PID:2564 -
\??\c:\maq7ww2.exec:\maq7ww2.exe33⤵
- Executes dropped EXE
PID:3992 -
\??\c:\3rv56dp.exec:\3rv56dp.exe34⤵
- Executes dropped EXE
PID:3876 -
\??\c:\s75497k.exec:\s75497k.exe35⤵
- Executes dropped EXE
PID:4532 -
\??\c:\0rfp3f.exec:\0rfp3f.exe36⤵
- Executes dropped EXE
PID:3656 -
\??\c:\q7k34x.exec:\q7k34x.exe37⤵
- Executes dropped EXE
PID:3564 -
\??\c:\51jwc.exec:\51jwc.exe38⤵
- Executes dropped EXE
PID:4764 -
\??\c:\73fqf.exec:\73fqf.exe39⤵
- Executes dropped EXE
PID:4248 -
\??\c:\nlorh4h.exec:\nlorh4h.exe40⤵
- Executes dropped EXE
PID:3172 -
\??\c:\3p90hen.exec:\3p90hen.exe41⤵
- Executes dropped EXE
PID:4028 -
\??\c:\1vdho9.exec:\1vdho9.exe42⤵
- Executes dropped EXE
PID:3224 -
\??\c:\bgtm6i0.exec:\bgtm6i0.exe43⤵
- Executes dropped EXE
PID:4516 -
\??\c:\jknv3.exec:\jknv3.exe44⤵
- Executes dropped EXE
PID:3180 -
\??\c:\j7e9249.exec:\j7e9249.exe45⤵
- Executes dropped EXE
PID:2436 -
\??\c:\l86wb4.exec:\l86wb4.exe46⤵
- Executes dropped EXE
PID:1004 -
\??\c:\c6s1x6.exec:\c6s1x6.exe47⤵
- Executes dropped EXE
PID:2108 -
\??\c:\b3985.exec:\b3985.exe48⤵
- Executes dropped EXE
PID:1992 -
\??\c:\il739.exec:\il739.exe49⤵
- Executes dropped EXE
PID:2724 -
\??\c:\7f474qn.exec:\7f474qn.exe50⤵
- Executes dropped EXE
PID:4088 -
\??\c:\fi70g.exec:\fi70g.exe51⤵
- Executes dropped EXE
PID:1884 -
\??\c:\mfp2gw7.exec:\mfp2gw7.exe52⤵
- Executes dropped EXE
PID:1744 -
\??\c:\4wn82x5.exec:\4wn82x5.exe53⤵
- Executes dropped EXE
PID:1408 -
\??\c:\s9gl3a.exec:\s9gl3a.exe54⤵
- Executes dropped EXE
PID:4072 -
\??\c:\cdk70.exec:\cdk70.exe55⤵
- Executes dropped EXE
PID:4092 -
\??\c:\g681375.exec:\g681375.exe56⤵
- Executes dropped EXE
PID:4224 -
\??\c:\wfhrnp.exec:\wfhrnp.exe57⤵
- Executes dropped EXE
PID:2044 -
\??\c:\6g7qke.exec:\6g7qke.exe58⤵
- Executes dropped EXE
PID:3780 -
\??\c:\77nbe.exec:\77nbe.exe59⤵
- Executes dropped EXE
PID:3580 -
\??\c:\ptn3l6m.exec:\ptn3l6m.exe60⤵
- Executes dropped EXE
PID:4680 -
\??\c:\h98193.exec:\h98193.exe61⤵
- Executes dropped EXE
PID:1472 -
\??\c:\vbh6eq.exec:\vbh6eq.exe62⤵
- Executes dropped EXE
PID:2876 -
\??\c:\4x2tki1.exec:\4x2tki1.exe63⤵
- Executes dropped EXE
PID:1100 -
\??\c:\75v60.exec:\75v60.exe64⤵
- Executes dropped EXE
PID:3840 -
\??\c:\twh18.exec:\twh18.exe65⤵
- Executes dropped EXE
PID:4552 -
\??\c:\p8nq2d.exec:\p8nq2d.exe66⤵PID:2164
-
\??\c:\1sp29.exec:\1sp29.exe67⤵PID:2672
-
\??\c:\4hx2if4.exec:\4hx2if4.exe68⤵PID:1260
-
\??\c:\596p3.exec:\596p3.exe69⤵PID:2928
-
\??\c:\b08jmsn.exec:\b08jmsn.exe70⤵PID:4324
-
\??\c:\n653119.exec:\n653119.exe71⤵PID:4528
-
\??\c:\t7l7v.exec:\t7l7v.exe72⤵PID:112
-
\??\c:\5l3x4.exec:\5l3x4.exe73⤵PID:4824
-
\??\c:\v10v87.exec:\v10v87.exe74⤵PID:3764
-
\??\c:\v7w7c49.exec:\v7w7c49.exe75⤵PID:3604
-
\??\c:\9aoxavw.exec:\9aoxavw.exe76⤵PID:3876
-
\??\c:\6n85c9.exec:\6n85c9.exe77⤵PID:2188
-
\??\c:\3wht846.exec:\3wht846.exe78⤵PID:4576
-
\??\c:\weh48s5.exec:\weh48s5.exe79⤵PID:1232
-
\??\c:\6o6bu.exec:\6o6bu.exe80⤵PID:4764
-
\??\c:\hqx13d5.exec:\hqx13d5.exe81⤵PID:4248
-
\??\c:\4psde.exec:\4psde.exe82⤵PID:3132
-
\??\c:\r3021.exec:\r3021.exe83⤵PID:4804
-
\??\c:\vi1agd.exec:\vi1agd.exe84⤵PID:2096
-
\??\c:\d87j3.exec:\d87j3.exe85⤵PID:4436
-
\??\c:\w9q06.exec:\w9q06.exe86⤵PID:1212
-
\??\c:\ku3gjw2.exec:\ku3gjw2.exe87⤵PID:3220
-
\??\c:\p3ctfm.exec:\p3ctfm.exe88⤵PID:1004
-
\??\c:\0ous6b.exec:\0ous6b.exe89⤵PID:2108
-
\??\c:\3k6k715.exec:\3k6k715.exe90⤵PID:3896
-
\??\c:\3577lg4.exec:\3577lg4.exe91⤵PID:2724
-
\??\c:\070cla.exec:\070cla.exe92⤵PID:4536
-
\??\c:\49het9o.exec:\49het9o.exe93⤵PID:1208
-
\??\c:\ja3dnh6.exec:\ja3dnh6.exe94⤵PID:3056
-
\??\c:\715732.exec:\715732.exe95⤵PID:2608
-
\??\c:\j63609j.exec:\j63609j.exe96⤵PID:3508
-
\??\c:\ib9kc.exec:\ib9kc.exe97⤵PID:4092
-
\??\c:\5j01w6.exec:\5j01w6.exe98⤵PID:5012
-
\??\c:\ngck37.exec:\ngck37.exe99⤵PID:3904
-
\??\c:\j1os53.exec:\j1os53.exe100⤵PID:4404
-
\??\c:\91s5oo.exec:\91s5oo.exe101⤵PID:1188
-
\??\c:\mnb1t.exec:\mnb1t.exe102⤵PID:1088
-
\??\c:\w5t768w.exec:\w5t768w.exe103⤵PID:1828
-
\??\c:\734w9wi.exec:\734w9wi.exe104⤵PID:2008
-
\??\c:\434m6.exec:\434m6.exe105⤵PID:1684
-
\??\c:\0o6h6.exec:\0o6h6.exe106⤵PID:3356
-
\??\c:\gwk253.exec:\gwk253.exe107⤵PID:4312
-
\??\c:\97w50t.exec:\97w50t.exe108⤵PID:2780
-
\??\c:\r6fc0.exec:\r6fc0.exe109⤵PID:2784
-
\??\c:\005ia5.exec:\005ia5.exe110⤵PID:4292
-
\??\c:\j3149.exec:\j3149.exe111⤵PID:4328
-
\??\c:\xx4977.exec:\xx4977.exe112⤵PID:4548
-
\??\c:\e6b1o55.exec:\e6b1o55.exe113⤵PID:2604
-
\??\c:\3tefstc.exec:\3tefstc.exe114⤵PID:4480
-
\??\c:\csdw87p.exec:\csdw87p.exe115⤵PID:1272
-
\??\c:\c6e3c.exec:\c6e3c.exe116⤵PID:4044
-
\??\c:\6lcr1ag.exec:\6lcr1ag.exe117⤵PID:3768
-
\??\c:\5a750x.exec:\5a750x.exe118⤵PID:2768
-
\??\c:\s18c5.exec:\s18c5.exe119⤵PID:4532
-
\??\c:\4w9f73.exec:\4w9f73.exe120⤵PID:3656
-
\??\c:\73f5td1.exec:\73f5td1.exe121⤵PID:4956
-
\??\c:\ox1o5g.exec:\ox1o5g.exe122⤵PID:464
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-