Analysis
-
max time kernel
80s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
06-06-2024 06:20
Behavioral task
behavioral1
Sample
cb7d957b5df854d4ad011fd33c7f38a6ffe7656f2ae1b6a5cff4b6ee97485ec1.exe
Resource
win7-20240221-en
6 signatures
150 seconds
General
-
Target
cb7d957b5df854d4ad011fd33c7f38a6ffe7656f2ae1b6a5cff4b6ee97485ec1.exe
-
Size
155KB
-
MD5
b0a556ef9c48be307fccab0d898230fd
-
SHA1
1fad37ffdb9e3ff25522de7b6025901146035223
-
SHA256
cb7d957b5df854d4ad011fd33c7f38a6ffe7656f2ae1b6a5cff4b6ee97485ec1
-
SHA512
c6f4b823700ea66a604a42944ef77c659ca2420ef3518761e0d4377b3fa4b88dfebdbbff2bc8981ed48e820a97fd996959faf83a56c56a729cc7cbb94fd7e9b3
-
SSDEEP
3072:khOmTsF93UYfwC6GIoutpYcvrqrE66kropO6BWlPFH4oGPwJwJE1:kcm4FmowdHoSphraHcpOFltH4oGPjJE1
Malware Config
Signatures
-
Detect Blackmoon payload 44 IoCs
Processes:
resource yara_rule behavioral1/memory/2012-7-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2232-16-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2744-26-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2568-35-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2648-45-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2452-62-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2720-70-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2420-79-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2788-97-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2956-112-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/2984-116-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1856-136-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2372-134-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1496-152-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/540-154-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2032-172-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2404-187-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/3036-219-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/964-244-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1960-283-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/308-298-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1600-313-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1600-312-0x0000000000230000-0x0000000000257000-memory.dmp family_blackmoon behavioral1/memory/2136-272-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2568-332-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/928-262-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2804-395-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2952-402-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/572-453-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1856-484-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/1504-573-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1320-534-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2504-378-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2316-737-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/2316-730-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/652-818-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1596-855-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2740-903-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1000-1042-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/276-1096-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2632-1178-0x0000000000230000-0x0000000000257000-memory.dmp family_blackmoon behavioral1/memory/2632-1217-0x0000000000230000-0x0000000000257000-memory.dmp family_blackmoon behavioral1/memory/2300-1244-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/1508-1414-0x00000000003B0000-0x00000000003D7000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
Processes:
resource yara_rule behavioral1/memory/2012-0-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\9rxxllx.exe UPX behavioral1/memory/2012-7-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\thbnbh.exe UPX behavioral1/memory/2232-16-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2744-26-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\vvvjd.exe UPX behavioral1/memory/2568-27-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2568-35-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\9frxffl.exe UPX C:\jvjjd.exe UPX behavioral1/memory/2648-45-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\08488.exe UPX behavioral1/memory/2452-54-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\ddppv.exe UPX behavioral1/memory/2452-62-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\88248.exe UPX behavioral1/memory/2720-70-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\664466.exe UPX behavioral1/memory/2420-79-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\5hnnbh.exe UPX C:\660604.exe UPX behavioral1/memory/2788-97-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2956-105-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\u202280.exe UPX C:\ppjvj.exe UPX behavioral1/memory/2984-116-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1856-136-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\lfxlxlr.exe UPX C:\824662.exe UPX behavioral1/memory/2372-134-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\048444.exe UPX behavioral1/memory/1496-152-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/540-154-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\g0804.exe UPX \??\c:\djvpj.exe UPX C:\hbbnnb.exe UPX \??\c:\vpddd.exe UPX behavioral1/memory/2032-172-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2404-187-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\4042242.exe UPX \??\c:\dvdjv.exe UPX \??\c:\5vdjp.exe UPX C:\w04028.exe UPX C:\20822.exe UPX C:\fxlrxrf.exe UPX behavioral1/memory/3036-219-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\8206842.exe UPX C:\5hthtt.exe UPX behavioral1/memory/964-244-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\xrxxrrx.exe UPX \??\c:\nhbbth.exe UPX \??\c:\08464.exe UPX behavioral1/memory/1960-274-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1960-283-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/308-298-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1600-313-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\4200668.exe UPX behavioral1/memory/1504-284-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2136-272-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2568-332-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2136-264-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/928-262-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2804-395-0x0000000000400000-0x0000000000427000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
Processes:
9rxxllx.exethbnbh.exevvvjd.exe9frxffl.exejvjjd.exe08488.exeddppv.exe88248.exe664466.exe5hnnbh.exe660604.exeu202280.exeppjvj.exe048444.exelfxlxlr.exe824662.exeg0804.exedjvpj.exehbbnnb.exevpddd.exedvdjv.exe4042242.exe5vdjp.exew04028.exe20822.exefxlrxrf.exe8206842.exe5hthtt.exexrxxrrx.exenhbbth.exe08464.exe4200668.exe4640048.exe5vjpp.exe04488.exeffrxrrx.exe82008.exehbtbnn.exevvpjj.exellffxxl.exetbnntt.exe8262440.exevpdjv.exe642222.exe8288040.exedpvvv.exe1lrrrrf.exenhntbb.exe9vjpv.exeo026886.exerxlfrrr.exe64664.exerlxrxfl.exe5httbb.exefrlxxxf.exew84400.exe286842.exe60468.exefxrxlxl.exe486688.exexrlrxfl.exe4846846.exeu226868.exe220402.exepid process 2232 9rxxllx.exe 2744 thbnbh.exe 2568 vvvjd.exe 2648 9frxffl.exe 2276 jvjjd.exe 2452 08488.exe 2720 ddppv.exe 2420 88248.exe 2596 664466.exe 1868 5hnnbh.exe 2788 660604.exe 2956 u202280.exe 2984 ppjvj.exe 2372 048444.exe 1856 lfxlxlr.exe 1496 824662.exe 540 g0804.exe 2000 djvpj.exe 2032 hbbnnb.exe 2404 vpddd.exe 2284 dvdjv.exe 712 4042242.exe 1796 5vdjp.exe 3036 w04028.exe 2116 20822.exe 1340 fxlrxrf.exe 964 8206842.exe 1320 5hthtt.exe 928 xrxxrrx.exe 2136 nhbbth.exe 1960 08464.exe 1504 4200668.exe 308 4640048.exe 2012 5vjpp.exe 1600 04488.exe 3044 ffrxrrx.exe 2004 82008.exe 2628 hbtbnn.exe 2568 vvpjj.exe 2572 llffxxl.exe 2716 tbnntt.exe 2040 8262440.exe 2564 vpdjv.exe 2444 642222.exe 2940 8288040.exe 2504 dpvvv.exe 2244 1lrrrrf.exe 2812 nhntbb.exe 2804 9vjpv.exe 2952 o026886.exe 2704 rxlfrrr.exe 1724 64664.exe 1036 rlxrxfl.exe 1856 5httbb.exe 1524 frlxxxf.exe 332 w84400.exe 572 286842.exe 2016 60468.exe 2264 fxrxlxl.exe 2824 486688.exe 2852 xrlrxfl.exe 848 4846846.exe 2128 u226868.exe 2364 220402.exe -
Processes:
resource yara_rule behavioral1/memory/2012-0-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\9rxxllx.exe upx behavioral1/memory/2012-7-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\thbnbh.exe upx behavioral1/memory/2232-16-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2744-26-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\vvvjd.exe upx behavioral1/memory/2568-27-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2568-35-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\9frxffl.exe upx C:\jvjjd.exe upx behavioral1/memory/2648-45-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\08488.exe upx behavioral1/memory/2452-54-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\ddppv.exe upx behavioral1/memory/2452-62-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\88248.exe upx behavioral1/memory/2720-70-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\664466.exe upx behavioral1/memory/2420-79-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\5hnnbh.exe upx C:\660604.exe upx behavioral1/memory/2788-97-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2956-105-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\u202280.exe upx C:\ppjvj.exe upx behavioral1/memory/2984-116-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1856-136-0x0000000000400000-0x0000000000427000-memory.dmp upx \??\c:\lfxlxlr.exe upx C:\824662.exe upx behavioral1/memory/2372-134-0x0000000000400000-0x0000000000427000-memory.dmp upx \??\c:\048444.exe upx behavioral1/memory/1496-152-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/540-154-0x0000000000400000-0x0000000000427000-memory.dmp upx \??\c:\g0804.exe upx \??\c:\djvpj.exe upx C:\hbbnnb.exe upx \??\c:\vpddd.exe upx behavioral1/memory/2032-172-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2404-187-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\4042242.exe upx \??\c:\dvdjv.exe upx \??\c:\5vdjp.exe upx C:\w04028.exe upx C:\20822.exe upx C:\fxlrxrf.exe upx behavioral1/memory/3036-219-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\8206842.exe upx C:\5hthtt.exe upx behavioral1/memory/964-244-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\xrxxrrx.exe upx \??\c:\nhbbth.exe upx \??\c:\08464.exe upx behavioral1/memory/1960-274-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1960-283-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/308-298-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1600-313-0x0000000000400000-0x0000000000427000-memory.dmp upx \??\c:\4200668.exe upx behavioral1/memory/1504-284-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2136-272-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2568-332-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2136-264-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/928-262-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2804-395-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
cb7d957b5df854d4ad011fd33c7f38a6ffe7656f2ae1b6a5cff4b6ee97485ec1.exe9rxxllx.exethbnbh.exevvvjd.exe9frxffl.exejvjjd.exe08488.exeddppv.exe88248.exe664466.exe5hnnbh.exe660604.exeu202280.exeppjvj.exe048444.exelfxlxlr.exedescription pid process target process PID 2012 wrote to memory of 2232 2012 cb7d957b5df854d4ad011fd33c7f38a6ffe7656f2ae1b6a5cff4b6ee97485ec1.exe 9rxxllx.exe PID 2012 wrote to memory of 2232 2012 cb7d957b5df854d4ad011fd33c7f38a6ffe7656f2ae1b6a5cff4b6ee97485ec1.exe 9rxxllx.exe PID 2012 wrote to memory of 2232 2012 cb7d957b5df854d4ad011fd33c7f38a6ffe7656f2ae1b6a5cff4b6ee97485ec1.exe 9rxxllx.exe PID 2012 wrote to memory of 2232 2012 cb7d957b5df854d4ad011fd33c7f38a6ffe7656f2ae1b6a5cff4b6ee97485ec1.exe 9rxxllx.exe PID 2232 wrote to memory of 2744 2232 9rxxllx.exe thbnbh.exe PID 2232 wrote to memory of 2744 2232 9rxxllx.exe thbnbh.exe PID 2232 wrote to memory of 2744 2232 9rxxllx.exe thbnbh.exe PID 2232 wrote to memory of 2744 2232 9rxxllx.exe thbnbh.exe PID 2744 wrote to memory of 2568 2744 thbnbh.exe vvvjd.exe PID 2744 wrote to memory of 2568 2744 thbnbh.exe vvvjd.exe PID 2744 wrote to memory of 2568 2744 thbnbh.exe vvvjd.exe PID 2744 wrote to memory of 2568 2744 thbnbh.exe vvvjd.exe PID 2568 wrote to memory of 2648 2568 vvvjd.exe 9frxffl.exe PID 2568 wrote to memory of 2648 2568 vvvjd.exe 9frxffl.exe PID 2568 wrote to memory of 2648 2568 vvvjd.exe 9frxffl.exe PID 2568 wrote to memory of 2648 2568 vvvjd.exe 9frxffl.exe PID 2648 wrote to memory of 2276 2648 9frxffl.exe jvjjd.exe PID 2648 wrote to memory of 2276 2648 9frxffl.exe jvjjd.exe PID 2648 wrote to memory of 2276 2648 9frxffl.exe jvjjd.exe PID 2648 wrote to memory of 2276 2648 9frxffl.exe jvjjd.exe PID 2276 wrote to memory of 2452 2276 jvjjd.exe 08488.exe PID 2276 wrote to memory of 2452 2276 jvjjd.exe 08488.exe PID 2276 wrote to memory of 2452 2276 jvjjd.exe 08488.exe PID 2276 wrote to memory of 2452 2276 jvjjd.exe 08488.exe PID 2452 wrote to memory of 2720 2452 08488.exe ddppv.exe PID 2452 wrote to memory of 2720 2452 08488.exe ddppv.exe PID 2452 wrote to memory of 2720 2452 08488.exe ddppv.exe PID 2452 wrote to memory of 2720 2452 08488.exe ddppv.exe PID 2720 wrote to memory of 2420 2720 ddppv.exe 88248.exe PID 2720 wrote to memory of 2420 2720 ddppv.exe 88248.exe PID 2720 wrote to memory of 2420 2720 ddppv.exe 88248.exe PID 2720 wrote to memory of 2420 2720 ddppv.exe 88248.exe PID 2420 wrote to memory of 2596 2420 88248.exe 664466.exe PID 2420 wrote to memory of 2596 2420 88248.exe 664466.exe PID 2420 wrote to memory of 2596 2420 88248.exe 664466.exe PID 2420 wrote to memory of 2596 2420 88248.exe 664466.exe PID 2596 wrote to memory of 1868 2596 664466.exe 5hnnbh.exe PID 2596 wrote to memory of 1868 2596 664466.exe 5hnnbh.exe PID 2596 wrote to memory of 1868 2596 664466.exe 5hnnbh.exe PID 2596 wrote to memory of 1868 2596 664466.exe 5hnnbh.exe PID 1868 wrote to memory of 2788 1868 5hnnbh.exe 660604.exe PID 1868 wrote to memory of 2788 1868 5hnnbh.exe 660604.exe PID 1868 wrote to memory of 2788 1868 5hnnbh.exe 660604.exe PID 1868 wrote to memory of 2788 1868 5hnnbh.exe 660604.exe PID 2788 wrote to memory of 2956 2788 660604.exe u202280.exe PID 2788 wrote to memory of 2956 2788 660604.exe u202280.exe PID 2788 wrote to memory of 2956 2788 660604.exe u202280.exe PID 2788 wrote to memory of 2956 2788 660604.exe u202280.exe PID 2956 wrote to memory of 2984 2956 u202280.exe ppjvj.exe PID 2956 wrote to memory of 2984 2956 u202280.exe ppjvj.exe PID 2956 wrote to memory of 2984 2956 u202280.exe ppjvj.exe PID 2956 wrote to memory of 2984 2956 u202280.exe ppjvj.exe PID 2984 wrote to memory of 2372 2984 ppjvj.exe 048444.exe PID 2984 wrote to memory of 2372 2984 ppjvj.exe 048444.exe PID 2984 wrote to memory of 2372 2984 ppjvj.exe 048444.exe PID 2984 wrote to memory of 2372 2984 ppjvj.exe 048444.exe PID 2372 wrote to memory of 1856 2372 048444.exe 7ppvd.exe PID 2372 wrote to memory of 1856 2372 048444.exe 7ppvd.exe PID 2372 wrote to memory of 1856 2372 048444.exe 7ppvd.exe PID 2372 wrote to memory of 1856 2372 048444.exe 7ppvd.exe PID 1856 wrote to memory of 1496 1856 lfxlxlr.exe 824662.exe PID 1856 wrote to memory of 1496 1856 lfxlxlr.exe 824662.exe PID 1856 wrote to memory of 1496 1856 lfxlxlr.exe 824662.exe PID 1856 wrote to memory of 1496 1856 lfxlxlr.exe 824662.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\cb7d957b5df854d4ad011fd33c7f38a6ffe7656f2ae1b6a5cff4b6ee97485ec1.exe"C:\Users\Admin\AppData\Local\Temp\cb7d957b5df854d4ad011fd33c7f38a6ffe7656f2ae1b6a5cff4b6ee97485ec1.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2012 -
\??\c:\9rxxllx.exec:\9rxxllx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2232 -
\??\c:\thbnbh.exec:\thbnbh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2744 -
\??\c:\vvvjd.exec:\vvvjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2568 -
\??\c:\9frxffl.exec:\9frxffl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2648 -
\??\c:\jvjjd.exec:\jvjjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2276 -
\??\c:\08488.exec:\08488.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2452 -
\??\c:\ddppv.exec:\ddppv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2720 -
\??\c:\88248.exec:\88248.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2420 -
\??\c:\664466.exec:\664466.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2596 -
\??\c:\5hnnbh.exec:\5hnnbh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1868 -
\??\c:\660604.exec:\660604.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2788 -
\??\c:\u202280.exec:\u202280.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2956 -
\??\c:\ppjvj.exec:\ppjvj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2984 -
\??\c:\048444.exec:\048444.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2372 -
\??\c:\lfxlxlr.exec:\lfxlxlr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1856 -
\??\c:\824662.exec:\824662.exe17⤵
- Executes dropped EXE
PID:1496 -
\??\c:\g0804.exec:\g0804.exe18⤵
- Executes dropped EXE
PID:540 -
\??\c:\djvpj.exec:\djvpj.exe19⤵
- Executes dropped EXE
PID:2000 -
\??\c:\hbbnnb.exec:\hbbnnb.exe20⤵
- Executes dropped EXE
PID:2032 -
\??\c:\vpddd.exec:\vpddd.exe21⤵
- Executes dropped EXE
PID:2404 -
\??\c:\dvdjv.exec:\dvdjv.exe22⤵
- Executes dropped EXE
PID:2284 -
\??\c:\4042242.exec:\4042242.exe23⤵
- Executes dropped EXE
PID:712 -
\??\c:\5vdjp.exec:\5vdjp.exe24⤵
- Executes dropped EXE
PID:1796 -
\??\c:\w04028.exec:\w04028.exe25⤵
- Executes dropped EXE
PID:3036 -
\??\c:\20822.exec:\20822.exe26⤵
- Executes dropped EXE
PID:2116 -
\??\c:\fxlrxrf.exec:\fxlrxrf.exe27⤵
- Executes dropped EXE
PID:1340 -
\??\c:\8206842.exec:\8206842.exe28⤵
- Executes dropped EXE
PID:964 -
\??\c:\5hthtt.exec:\5hthtt.exe29⤵
- Executes dropped EXE
PID:1320 -
\??\c:\xrxxrrx.exec:\xrxxrrx.exe30⤵
- Executes dropped EXE
PID:928 -
\??\c:\nhbbth.exec:\nhbbth.exe31⤵
- Executes dropped EXE
PID:2136 -
\??\c:\08464.exec:\08464.exe32⤵
- Executes dropped EXE
PID:1960 -
\??\c:\4200668.exec:\4200668.exe33⤵
- Executes dropped EXE
PID:1504 -
\??\c:\4640048.exec:\4640048.exe34⤵
- Executes dropped EXE
PID:308 -
\??\c:\5vjpp.exec:\5vjpp.exe35⤵
- Executes dropped EXE
PID:2012 -
\??\c:\04488.exec:\04488.exe36⤵
- Executes dropped EXE
PID:1600 -
\??\c:\ffrxrrx.exec:\ffrxrrx.exe37⤵
- Executes dropped EXE
PID:3044 -
\??\c:\82008.exec:\82008.exe38⤵
- Executes dropped EXE
PID:2004 -
\??\c:\hbtbnn.exec:\hbtbnn.exe39⤵
- Executes dropped EXE
PID:2628 -
\??\c:\vvpjj.exec:\vvpjj.exe40⤵
- Executes dropped EXE
PID:2568 -
\??\c:\llffxxl.exec:\llffxxl.exe41⤵
- Executes dropped EXE
PID:2572 -
\??\c:\tbnntt.exec:\tbnntt.exe42⤵
- Executes dropped EXE
PID:2716 -
\??\c:\8262440.exec:\8262440.exe43⤵
- Executes dropped EXE
PID:2040 -
\??\c:\vpdjv.exec:\vpdjv.exe44⤵
- Executes dropped EXE
PID:2564 -
\??\c:\642222.exec:\642222.exe45⤵
- Executes dropped EXE
PID:2444 -
\??\c:\8288040.exec:\8288040.exe46⤵
- Executes dropped EXE
PID:2940 -
\??\c:\dpvvv.exec:\dpvvv.exe47⤵
- Executes dropped EXE
PID:2504 -
\??\c:\1lrrrrf.exec:\1lrrrrf.exe48⤵
- Executes dropped EXE
PID:2244 -
\??\c:\nhntbb.exec:\nhntbb.exe49⤵
- Executes dropped EXE
PID:2812 -
\??\c:\9vjpv.exec:\9vjpv.exe50⤵
- Executes dropped EXE
PID:2804 -
\??\c:\o026886.exec:\o026886.exe51⤵
- Executes dropped EXE
PID:2952 -
\??\c:\rxlfrrr.exec:\rxlfrrr.exe52⤵
- Executes dropped EXE
PID:2704 -
\??\c:\64664.exec:\64664.exe53⤵
- Executes dropped EXE
PID:1724 -
\??\c:\rlxrxfl.exec:\rlxrxfl.exe54⤵
- Executes dropped EXE
PID:1036 -
\??\c:\5httbb.exec:\5httbb.exe55⤵
- Executes dropped EXE
PID:1856 -
\??\c:\frlxxxf.exec:\frlxxxf.exe56⤵
- Executes dropped EXE
PID:1524 -
\??\c:\w84400.exec:\w84400.exe57⤵
- Executes dropped EXE
PID:332 -
\??\c:\286842.exec:\286842.exe58⤵
- Executes dropped EXE
PID:572 -
\??\c:\60468.exec:\60468.exe59⤵
- Executes dropped EXE
PID:2016 -
\??\c:\fxrxlxl.exec:\fxrxlxl.exe60⤵
- Executes dropped EXE
PID:2264 -
\??\c:\486688.exec:\486688.exe61⤵
- Executes dropped EXE
PID:2824 -
\??\c:\xrlrxfl.exec:\xrlrxfl.exe62⤵
- Executes dropped EXE
PID:2852 -
\??\c:\4846846.exec:\4846846.exe63⤵
- Executes dropped EXE
PID:848 -
\??\c:\u226868.exec:\u226868.exe64⤵
- Executes dropped EXE
PID:2128 -
\??\c:\220402.exec:\220402.exe65⤵
- Executes dropped EXE
PID:2364 -
\??\c:\1dvjv.exec:\1dvjv.exe66⤵PID:1136
-
\??\c:\pjdjp.exec:\pjdjp.exe67⤵PID:3036
-
\??\c:\1xllrrx.exec:\1xllrrx.exe68⤵PID:1296
-
\??\c:\nnnbnt.exec:\nnnbnt.exe69⤵PID:1840
-
\??\c:\8206440.exec:\8206440.exe70⤵PID:784
-
\??\c:\thtbhn.exec:\thtbhn.exe71⤵PID:1308
-
\??\c:\9ddjv.exec:\9ddjv.exe72⤵PID:1320
-
\??\c:\g0064.exec:\g0064.exe73⤵PID:924
-
\??\c:\9tbnht.exec:\9tbnht.exe74⤵PID:1160
-
\??\c:\u424062.exec:\u424062.exe75⤵PID:1004
-
\??\c:\26202.exec:\26202.exe76⤵PID:3008
-
\??\c:\u480220.exec:\u480220.exe77⤵PID:1504
-
\??\c:\q08062.exec:\q08062.exe78⤵PID:2188
-
\??\c:\6662662.exec:\6662662.exe79⤵PID:1976
-
\??\c:\00246.exec:\00246.exe80⤵PID:2332
-
\??\c:\xrxxflx.exec:\xrxxflx.exe81⤵PID:3040
-
\??\c:\80224.exec:\80224.exe82⤵PID:3044
-
\??\c:\8200288.exec:\8200288.exe83⤵PID:2636
-
\??\c:\62226.exec:\62226.exe84⤵PID:2580
-
\??\c:\5xfrxxr.exec:\5xfrxxr.exe85⤵PID:2200
-
\??\c:\662604.exec:\662604.exe86⤵PID:2560
-
\??\c:\426208.exec:\426208.exe87⤵PID:2608
-
\??\c:\8242840.exec:\8242840.exe88⤵PID:776
-
\??\c:\q02628.exec:\q02628.exe89⤵PID:2440
-
\??\c:\3xffxxl.exec:\3xffxxl.exe90⤵PID:2548
-
\??\c:\bhbhhh.exec:\bhbhhh.exe91⤵PID:2476
-
\??\c:\xrlrffr.exec:\xrlrffr.exe92⤵PID:1612
-
\??\c:\22068.exec:\22068.exe93⤵PID:1640
-
\??\c:\tnhbhh.exec:\tnhbhh.exe94⤵PID:2964
-
\??\c:\rlxrfxl.exec:\rlxrfxl.exe95⤵PID:2684
-
\??\c:\ntbnnn.exec:\ntbnnn.exe96⤵PID:1932
-
\??\c:\bntnbh.exec:\bntnbh.exe97⤵PID:2044
-
\??\c:\xlffllr.exec:\xlffllr.exe98⤵PID:676
-
\??\c:\402826.exec:\402826.exe99⤵PID:2496
-
\??\c:\m0280.exec:\m0280.exe100⤵PID:2664
-
\??\c:\lxfflrr.exec:\lxfflrr.exe101⤵PID:324
-
\??\c:\42824.exec:\42824.exe102⤵PID:1292
-
\??\c:\hbnhnh.exec:\hbnhnh.exe103⤵PID:2316
-
\??\c:\8868802.exec:\8868802.exe104⤵PID:2780
-
\??\c:\btbnnt.exec:\btbnnt.exe105⤵PID:2280
-
\??\c:\488680.exec:\488680.exe106⤵PID:2096
-
\??\c:\hbthtt.exec:\hbthtt.exe107⤵PID:1832
-
\??\c:\pjvvv.exec:\pjvvv.exe108⤵PID:1484
-
\??\c:\828840.exec:\828840.exe109⤵PID:2376
-
\??\c:\pjddj.exec:\pjddj.exe110⤵PID:452
-
\??\c:\00000.exec:\00000.exe111⤵PID:1792
-
\??\c:\rllxxxf.exec:\rllxxxf.exe112⤵PID:568
-
\??\c:\dvjjj.exec:\dvjjj.exe113⤵PID:1400
-
\??\c:\c666220.exec:\c666220.exe114⤵PID:1340
-
\??\c:\g6020.exec:\g6020.exe115⤵PID:2868
-
\??\c:\0800040.exec:\0800040.exe116⤵PID:872
-
\??\c:\o088488.exec:\o088488.exe117⤵PID:652
-
\??\c:\tnhnht.exec:\tnhnht.exe118⤵PID:380
-
\??\c:\q46848.exec:\q46848.exe119⤵PID:2292
-
\??\c:\3hbhht.exec:\3hbhht.exe120⤵PID:1068
-
\??\c:\dvjjp.exec:\dvjjp.exe121⤵PID:2124
-
\??\c:\3thhnn.exec:\3thhnn.exe122⤵PID:2904
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-