Analysis
-
max time kernel
9s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
06-06-2024 05:54
Behavioral task
behavioral1
Sample
c5f7b6d81ec8c9ccc71927c24f0f42fbe0e0246f85908eb52e18888d7b6094a5.exe
Resource
win7-20240508-en
6 signatures
150 seconds
General
-
Target
c5f7b6d81ec8c9ccc71927c24f0f42fbe0e0246f85908eb52e18888d7b6094a5.exe
-
Size
91KB
-
MD5
eb5dc8c09e2b06d3af59a140424afba5
-
SHA1
eac6e72b9654e69919fa4f1925a91aad0812d8a0
-
SHA256
c5f7b6d81ec8c9ccc71927c24f0f42fbe0e0246f85908eb52e18888d7b6094a5
-
SHA512
57b57003cb992f4650cf1612c40d6c627e51fe15acdc2745fea9e817e38caa24a7d613e5eeaf0e4dba9c9480cde2b8001ce26a37fba2c1c72155c7488e7f71a8
-
SSDEEP
1536:xvQBeOGtrYS3srx93UBWfwC6Ggnouy82F13w801ouAsG9ZoPEudJGdXRKXR5Z/2m:xhOmTsF93UYfwC6GIout03Fv9KdJoQ3J
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
Processes:
resource yara_rule behavioral2/memory/4296-6-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4536-41-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2132-69-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4252-107-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4548-213-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4292-220-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4728-284-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5112-302-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5004-330-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3684-334-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2576-338-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2020-384-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3708-465-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3032-509-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1680-530-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4860-655-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4192-713-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3448-767-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3684-1028-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4060-1005-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5052-832-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3804-681-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2920-638-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1484-588-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1212-513-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1028-484-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1108-469-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4220-455-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4220-450-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2332-427-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2568-420-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1416-410-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4536-391-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2056-321-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2028-313-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4716-309-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4172-291-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3220-278-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1296-271-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2584-253-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4132-245-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1244-239-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/880-232-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3356-230-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/700-206-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4344-204-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3168-199-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3580-192-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4740-178-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4732-176-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3804-166-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4700-163-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3160-157-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3736-143-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2028-142-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2712-125-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4804-127-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3428-118-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2704-100-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3376-94-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4468-90-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4324-81-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2840-75-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3276-63-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 58 IoCs
Processes:
resource yara_rule behavioral2/memory/4296-0-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\lxrxxrf.exe UPX \??\c:\3nnntt.exe UPX \??\c:\vvjdv.exe UPX \??\c:\nnbbtt.exe UPX \??\c:\fxlflff.exe UPX \??\c:\jdpjj.exe UPX \??\c:\lflflrr.exe UPX C:\lllxxlx.exe UPX C:\hhhtnb.exe UPX C:\xlrfrll.exe UPX \??\c:\nnbthn.exe UPX \??\c:\htthbb.exe UPX C:\xrfxrll.exe UPX \??\c:\jjjjd.exe UPX \??\c:\xfrxlfx.exe UPX behavioral2/memory/3684-334-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2020-384-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3032-509-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3448-767-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3204-822-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4548-706-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3804-681-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2920-638-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1484-588-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3676-431-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4536-391-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2028-313-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4716-309-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4172-291-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3220-278-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3220-274-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1296-271-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4852-246-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4132-245-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4548-209-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3168-199-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\htnbbb.exe UPX \??\c:\hbhntb.exe UPX C:\vpvjv.exe UPX \??\c:\tnbhhb.exe UPX \??\c:\jpdvj.exe UPX behavioral2/memory/2712-125-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4804-127-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\dddjj.exe UPX behavioral2/memory/3428-118-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\htbnht.exe UPX \??\c:\nnntbh.exe UPX \??\c:\xxrlrrf.exe UPX \??\c:\flllfrr.exe UPX \??\c:\jvvvv.exe UPX \??\c:\bbbhhh.exe UPX \??\c:\nbnttn.exe UPX behavioral2/memory/3276-63-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\tnnbhh.exe UPX \??\c:\jdpdp.exe UPX \??\c:\rxlxfrf.exe UPX \??\c:\tnhthh.exe UPX -
Executes dropped EXE 64 IoCs
Processes:
tnhthh.exelxrxxrf.exe3nnntt.exevvjdv.exerxlxfrf.exennbbtt.exejdpdp.exefxlflff.exetnnbhh.exejdpjj.exelflflrr.exenbnttn.exelllxxlx.exebbbhhh.exejvvvv.exeflllfrr.exehhhtnb.exexxrlrrf.exennntbh.exehtbnht.exedddjj.exejpdvj.exexlrfrll.exetnbhhb.exevpvjv.exennbthn.exehtthbb.exexrfxrll.exehbhntb.exehtnbbb.exejjjjd.exexfrxlfx.exebtbhtb.exevpjdd.exexrfrxff.exe5bnnnb.exevvpvd.exepppdp.exelfllxxr.exexfxfxll.exenthtnn.exevjpdj.exefxlflll.exehtbbtt.exennhttt.exedpppp.exeffxfxxx.exerflxflx.exebbtnht.exevdvjd.exellxrrrx.exefrlrlfl.exebnbtbh.exedjpdj.exevjvpp.exelxxrrlx.exehtbbbb.exebbhtbn.exejdppp.exelxrrffx.exebttntb.exejpvpp.exelxfrllr.exerlflxxf.exepid process 1272 tnhthh.exe 2228 lxrxxrf.exe 1468 3nnntt.exe 3268 vvjdv.exe 4192 rxlxfrf.exe 4536 nnbbtt.exe 2004 jdpdp.exe 4044 fxlflff.exe 1824 tnnbhh.exe 3276 jdpjj.exe 2132 lflflrr.exe 2840 nbnttn.exe 4324 lllxxlx.exe 4468 bbbhhh.exe 3376 jvvvv.exe 2704 flllfrr.exe 4252 hhhtnb.exe 2792 xxrlrrf.exe 3428 nnntbh.exe 2712 htbnht.exe 4804 dddjj.exe 4652 jpdvj.exe 2028 xlrfrll.exe 3736 tnbhhb.exe 3096 vpvjv.exe 3160 nnbthn.exe 3804 htthbb.exe 4700 xrfxrll.exe 4732 hbhntb.exe 4740 htnbbb.exe 4884 jjjjd.exe 3580 xfrxlfx.exe 892 btbhtb.exe 3168 vpjdd.exe 4344 xrfrxff.exe 700 5bnnnb.exe 4548 vvpvd.exe 4864 pppdp.exe 4292 lfllxxr.exe 2616 xfxfxll.exe 5104 nthtnn.exe 3356 vjpdj.exe 880 fxlflll.exe 3572 htbbtt.exe 1244 nnhttt.exe 4132 dpppp.exe 4852 ffxfxxx.exe 2584 rflxflx.exe 2272 bbtnht.exe 1824 vdvjd.exe 3656 llxrrrx.exe 2160 frlrlfl.exe 2912 bnbtbh.exe 1296 djpdj.exe 4176 vjvpp.exe 3220 lxxrrlx.exe 2128 htbbbb.exe 4728 bbhtbn.exe 2656 jdppp.exe 4172 lxrrffx.exe 404 bttntb.exe 4404 jpvpp.exe 5112 lxfrllr.exe 4804 rlflxxf.exe -
Processes:
resource yara_rule behavioral2/memory/4296-0-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4296-6-0x0000000000400000-0x0000000000427000-memory.dmp upx \??\c:\lxrxxrf.exe upx \??\c:\3nnntt.exe upx \??\c:\vvjdv.exe upx behavioral2/memory/4192-30-0x0000000000400000-0x0000000000427000-memory.dmp upx \??\c:\nnbbtt.exe upx behavioral2/memory/4536-41-0x0000000000400000-0x0000000000427000-memory.dmp upx \??\c:\fxlflff.exe upx \??\c:\jdpjj.exe upx \??\c:\lflflrr.exe upx behavioral2/memory/2132-69-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\lllxxlx.exe upx C:\hhhtnb.exe upx behavioral2/memory/4252-107-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\xlrfrll.exe upx \??\c:\nnbthn.exe upx \??\c:\htthbb.exe upx C:\xrfxrll.exe upx \??\c:\jjjjd.exe upx \??\c:\xfrxlfx.exe upx behavioral2/memory/4344-200-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4548-213-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4292-220-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4728-284-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/5112-302-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/5004-330-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3684-334-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2576-338-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2020-384-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3708-465-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3032-509-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1680-530-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4860-655-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4192-713-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3448-767-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3204-822-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2816-836-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1572-1029-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3684-1028-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1640-1021-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4060-1005-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4644-950-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2008-910-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2256-906-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3012-884-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4716-880-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3412-846-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/5052-832-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/856-803-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1592-778-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2132-771-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4656-757-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2076-723-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4548-706-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4088-690-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3804-681-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4860-651-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2920-638-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2200-607-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1484-588-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1592-514-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1212-513-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1028-484-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
c5f7b6d81ec8c9ccc71927c24f0f42fbe0e0246f85908eb52e18888d7b6094a5.exetnhthh.exelxrxxrf.exe3nnntt.exevvjdv.exerxlxfrf.exennbbtt.exejdpdp.exefxlflff.exetnnbhh.exejdpjj.exelflflrr.exenbnttn.exelllxxlx.exebbbhhh.exejvvvv.exeflllfrr.exehhhtnb.exexxrlrrf.exennntbh.exehtbnht.exedddjj.exedescription pid process target process PID 4296 wrote to memory of 1272 4296 c5f7b6d81ec8c9ccc71927c24f0f42fbe0e0246f85908eb52e18888d7b6094a5.exe tnhthh.exe PID 4296 wrote to memory of 1272 4296 c5f7b6d81ec8c9ccc71927c24f0f42fbe0e0246f85908eb52e18888d7b6094a5.exe tnhthh.exe PID 4296 wrote to memory of 1272 4296 c5f7b6d81ec8c9ccc71927c24f0f42fbe0e0246f85908eb52e18888d7b6094a5.exe tnhthh.exe PID 1272 wrote to memory of 2228 1272 tnhthh.exe lxrxxrf.exe PID 1272 wrote to memory of 2228 1272 tnhthh.exe lxrxxrf.exe PID 1272 wrote to memory of 2228 1272 tnhthh.exe lxrxxrf.exe PID 2228 wrote to memory of 1468 2228 lxrxxrf.exe 3nnntt.exe PID 2228 wrote to memory of 1468 2228 lxrxxrf.exe 3nnntt.exe PID 2228 wrote to memory of 1468 2228 lxrxxrf.exe 3nnntt.exe PID 1468 wrote to memory of 3268 1468 3nnntt.exe vvjdv.exe PID 1468 wrote to memory of 3268 1468 3nnntt.exe vvjdv.exe PID 1468 wrote to memory of 3268 1468 3nnntt.exe vvjdv.exe PID 3268 wrote to memory of 4192 3268 vvjdv.exe rxlxfrf.exe PID 3268 wrote to memory of 4192 3268 vvjdv.exe rxlxfrf.exe PID 3268 wrote to memory of 4192 3268 vvjdv.exe rxlxfrf.exe PID 4192 wrote to memory of 4536 4192 rxlxfrf.exe nnbbtt.exe PID 4192 wrote to memory of 4536 4192 rxlxfrf.exe nnbbtt.exe PID 4192 wrote to memory of 4536 4192 rxlxfrf.exe nnbbtt.exe PID 4536 wrote to memory of 2004 4536 nnbbtt.exe jdpdp.exe PID 4536 wrote to memory of 2004 4536 nnbbtt.exe jdpdp.exe PID 4536 wrote to memory of 2004 4536 nnbbtt.exe jdpdp.exe PID 2004 wrote to memory of 4044 2004 jdpdp.exe fxlflff.exe PID 2004 wrote to memory of 4044 2004 jdpdp.exe fxlflff.exe PID 2004 wrote to memory of 4044 2004 jdpdp.exe fxlflff.exe PID 4044 wrote to memory of 1824 4044 fxlflff.exe tnnbhh.exe PID 4044 wrote to memory of 1824 4044 fxlflff.exe tnnbhh.exe PID 4044 wrote to memory of 1824 4044 fxlflff.exe tnnbhh.exe PID 1824 wrote to memory of 3276 1824 tnnbhh.exe jdpjj.exe PID 1824 wrote to memory of 3276 1824 tnnbhh.exe jdpjj.exe PID 1824 wrote to memory of 3276 1824 tnnbhh.exe jdpjj.exe PID 3276 wrote to memory of 2132 3276 jdpjj.exe lflflrr.exe PID 3276 wrote to memory of 2132 3276 jdpjj.exe lflflrr.exe PID 3276 wrote to memory of 2132 3276 jdpjj.exe lflflrr.exe PID 2132 wrote to memory of 2840 2132 lflflrr.exe nbnttn.exe PID 2132 wrote to memory of 2840 2132 lflflrr.exe nbnttn.exe PID 2132 wrote to memory of 2840 2132 lflflrr.exe nbnttn.exe PID 2840 wrote to memory of 4324 2840 nbnttn.exe lllxxlx.exe PID 2840 wrote to memory of 4324 2840 nbnttn.exe lllxxlx.exe PID 2840 wrote to memory of 4324 2840 nbnttn.exe lllxxlx.exe PID 4324 wrote to memory of 4468 4324 lllxxlx.exe bbbhhh.exe PID 4324 wrote to memory of 4468 4324 lllxxlx.exe bbbhhh.exe PID 4324 wrote to memory of 4468 4324 lllxxlx.exe bbbhhh.exe PID 4468 wrote to memory of 3376 4468 bbbhhh.exe jvvvv.exe PID 4468 wrote to memory of 3376 4468 bbbhhh.exe jvvvv.exe PID 4468 wrote to memory of 3376 4468 bbbhhh.exe jvvvv.exe PID 3376 wrote to memory of 2704 3376 jvvvv.exe flllfrr.exe PID 3376 wrote to memory of 2704 3376 jvvvv.exe flllfrr.exe PID 3376 wrote to memory of 2704 3376 jvvvv.exe flllfrr.exe PID 2704 wrote to memory of 4252 2704 flllfrr.exe hhhtnb.exe PID 2704 wrote to memory of 4252 2704 flllfrr.exe hhhtnb.exe PID 2704 wrote to memory of 4252 2704 flllfrr.exe hhhtnb.exe PID 4252 wrote to memory of 2792 4252 hhhtnb.exe xxrlrrf.exe PID 4252 wrote to memory of 2792 4252 hhhtnb.exe xxrlrrf.exe PID 4252 wrote to memory of 2792 4252 hhhtnb.exe xxrlrrf.exe PID 2792 wrote to memory of 3428 2792 xxrlrrf.exe nnntbh.exe PID 2792 wrote to memory of 3428 2792 xxrlrrf.exe nnntbh.exe PID 2792 wrote to memory of 3428 2792 xxrlrrf.exe nnntbh.exe PID 3428 wrote to memory of 2712 3428 nnntbh.exe flllfxx.exe PID 3428 wrote to memory of 2712 3428 nnntbh.exe flllfxx.exe PID 3428 wrote to memory of 2712 3428 nnntbh.exe flllfxx.exe PID 2712 wrote to memory of 4804 2712 htbnht.exe rlflxxf.exe PID 2712 wrote to memory of 4804 2712 htbnht.exe rlflxxf.exe PID 2712 wrote to memory of 4804 2712 htbnht.exe rlflxxf.exe PID 4804 wrote to memory of 4652 4804 dddjj.exe jpdvj.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\c5f7b6d81ec8c9ccc71927c24f0f42fbe0e0246f85908eb52e18888d7b6094a5.exe"C:\Users\Admin\AppData\Local\Temp\c5f7b6d81ec8c9ccc71927c24f0f42fbe0e0246f85908eb52e18888d7b6094a5.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4296 -
\??\c:\tnhthh.exec:\tnhthh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1272 -
\??\c:\lxrxxrf.exec:\lxrxxrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2228 -
\??\c:\3nnntt.exec:\3nnntt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1468 -
\??\c:\vvjdv.exec:\vvjdv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3268 -
\??\c:\rxlxfrf.exec:\rxlxfrf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4192 -
\??\c:\nnbbtt.exec:\nnbbtt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4536 -
\??\c:\jdpdp.exec:\jdpdp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2004 -
\??\c:\fxlflff.exec:\fxlflff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4044 -
\??\c:\tnnbhh.exec:\tnnbhh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1824 -
\??\c:\jdpjj.exec:\jdpjj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3276 -
\??\c:\lflflrr.exec:\lflflrr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2132 -
\??\c:\nbnttn.exec:\nbnttn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2840 -
\??\c:\lllxxlx.exec:\lllxxlx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4324 -
\??\c:\bbbhhh.exec:\bbbhhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4468 -
\??\c:\jvvvv.exec:\jvvvv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3376 -
\??\c:\flllfrr.exec:\flllfrr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2704 -
\??\c:\hhhtnb.exec:\hhhtnb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4252 -
\??\c:\xxrlrrf.exec:\xxrlrrf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2792 -
\??\c:\nnntbh.exec:\nnntbh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3428 -
\??\c:\htbnht.exec:\htbnht.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2712 -
\??\c:\dddjj.exec:\dddjj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4804 -
\??\c:\jpdvj.exec:\jpdvj.exe23⤵
- Executes dropped EXE
PID:4652 -
\??\c:\xlrfrll.exec:\xlrfrll.exe24⤵
- Executes dropped EXE
PID:2028 -
\??\c:\tnbhhb.exec:\tnbhhb.exe25⤵
- Executes dropped EXE
PID:3736 -
\??\c:\vpvjv.exec:\vpvjv.exe26⤵
- Executes dropped EXE
PID:3096 -
\??\c:\nnbthn.exec:\nnbthn.exe27⤵
- Executes dropped EXE
PID:3160 -
\??\c:\htthbb.exec:\htthbb.exe28⤵
- Executes dropped EXE
PID:3804 -
\??\c:\xrfxrll.exec:\xrfxrll.exe29⤵
- Executes dropped EXE
PID:4700 -
\??\c:\hbhntb.exec:\hbhntb.exe30⤵
- Executes dropped EXE
PID:4732 -
\??\c:\htnbbb.exec:\htnbbb.exe31⤵
- Executes dropped EXE
PID:4740 -
\??\c:\jjjjd.exec:\jjjjd.exe32⤵
- Executes dropped EXE
PID:4884 -
\??\c:\xfrxlfx.exec:\xfrxlfx.exe33⤵
- Executes dropped EXE
PID:3580 -
\??\c:\btbhtb.exec:\btbhtb.exe34⤵
- Executes dropped EXE
PID:892 -
\??\c:\vpjdd.exec:\vpjdd.exe35⤵
- Executes dropped EXE
PID:3168 -
\??\c:\xrfrxff.exec:\xrfrxff.exe36⤵
- Executes dropped EXE
PID:4344 -
\??\c:\5bnnnb.exec:\5bnnnb.exe37⤵
- Executes dropped EXE
PID:700 -
\??\c:\vvpvd.exec:\vvpvd.exe38⤵
- Executes dropped EXE
PID:4548 -
\??\c:\pppdp.exec:\pppdp.exe39⤵
- Executes dropped EXE
PID:4864 -
\??\c:\lfllxxr.exec:\lfllxxr.exe40⤵
- Executes dropped EXE
PID:4292 -
\??\c:\xfxfxll.exec:\xfxfxll.exe41⤵
- Executes dropped EXE
PID:2616 -
\??\c:\nthtnn.exec:\nthtnn.exe42⤵
- Executes dropped EXE
PID:5104 -
\??\c:\vjpdj.exec:\vjpdj.exe43⤵
- Executes dropped EXE
PID:3356 -
\??\c:\fxlflll.exec:\fxlflll.exe44⤵
- Executes dropped EXE
PID:880 -
\??\c:\htbbtt.exec:\htbbtt.exe45⤵
- Executes dropped EXE
PID:3572 -
\??\c:\nnhttt.exec:\nnhttt.exe46⤵
- Executes dropped EXE
PID:1244 -
\??\c:\dpppp.exec:\dpppp.exe47⤵
- Executes dropped EXE
PID:4132 -
\??\c:\ffxfxxx.exec:\ffxfxxx.exe48⤵
- Executes dropped EXE
PID:4852 -
\??\c:\rflxflx.exec:\rflxflx.exe49⤵
- Executes dropped EXE
PID:2584 -
\??\c:\bbtnht.exec:\bbtnht.exe50⤵
- Executes dropped EXE
PID:2272 -
\??\c:\vdvjd.exec:\vdvjd.exe51⤵
- Executes dropped EXE
PID:1824 -
\??\c:\llxrrrx.exec:\llxrrrx.exe52⤵
- Executes dropped EXE
PID:3656 -
\??\c:\frlrlfl.exec:\frlrlfl.exe53⤵
- Executes dropped EXE
PID:2160 -
\??\c:\bnbtbh.exec:\bnbtbh.exe54⤵
- Executes dropped EXE
PID:2912 -
\??\c:\djpdj.exec:\djpdj.exe55⤵
- Executes dropped EXE
PID:1296 -
\??\c:\vjvpp.exec:\vjvpp.exe56⤵
- Executes dropped EXE
PID:4176 -
\??\c:\lxxrrlx.exec:\lxxrrlx.exe57⤵
- Executes dropped EXE
PID:3220 -
\??\c:\htbbbb.exec:\htbbbb.exe58⤵
- Executes dropped EXE
PID:2128 -
\??\c:\bbhtbn.exec:\bbhtbn.exe59⤵
- Executes dropped EXE
PID:4728 -
\??\c:\jdppp.exec:\jdppp.exe60⤵
- Executes dropped EXE
PID:2656 -
\??\c:\lxrrffx.exec:\lxrrffx.exe61⤵
- Executes dropped EXE
PID:4172 -
\??\c:\bttntb.exec:\bttntb.exe62⤵
- Executes dropped EXE
PID:404 -
\??\c:\jpvpp.exec:\jpvpp.exe63⤵
- Executes dropped EXE
PID:4404 -
\??\c:\lxfrllr.exec:\lxfrllr.exe64⤵
- Executes dropped EXE
PID:5112 -
\??\c:\rlflxxf.exec:\rlflxxf.exe65⤵
- Executes dropped EXE
PID:4804 -
\??\c:\nnhnbh.exec:\nnhnbh.exe66⤵PID:4716
-
\??\c:\ppdjv.exec:\ppdjv.exe67⤵PID:2028
-
\??\c:\dppdd.exec:\dppdd.exe68⤵PID:3736
-
\??\c:\xflxlxr.exec:\xflxlxr.exe69⤵PID:2956
-
\??\c:\thttbh.exec:\thttbh.exe70⤵PID:2056
-
\??\c:\tbbthh.exec:\tbbthh.exe71⤵PID:744
-
\??\c:\vdjjj.exec:\vdjjj.exe72⤵PID:5004
-
\??\c:\xlxrrlr.exec:\xlxrrlr.exe73⤵PID:3684
-
\??\c:\thnnnh.exec:\thnnnh.exe74⤵PID:2576
-
\??\c:\3ntnhh.exec:\3ntnhh.exe75⤵PID:644
-
\??\c:\dvjdv.exec:\dvjdv.exe76⤵PID:2008
-
\??\c:\3xfxrxx.exec:\3xfxrxx.exe77⤵PID:4456
-
\??\c:\bhnnhn.exec:\bhnnhn.exe78⤵PID:2976
-
\??\c:\hnnnnh.exec:\hnnnnh.exe79⤵PID:4556
-
\??\c:\pvvvp.exec:\pvvvp.exe80⤵PID:3772
-
\??\c:\lrrflrl.exec:\lrrflrl.exe81⤵PID:1320
-
\??\c:\1rxxlrr.exec:\1rxxlrr.exe82⤵PID:4140
-
\??\c:\btbbbh.exec:\btbbbh.exe83⤵PID:700
-
\??\c:\9jpjj.exec:\9jpjj.exe84⤵PID:4548
-
\??\c:\ppdvv.exec:\ppdvv.exe85⤵PID:4308
-
\??\c:\xflfrrr.exec:\xflfrrr.exe86⤵PID:1836
-
\??\c:\hntttb.exec:\hntttb.exe87⤵PID:1716
-
\??\c:\thnnnt.exec:\thnnnt.exe88⤵PID:3356
-
\??\c:\dppdv.exec:\dppdv.exe89⤵PID:2020
-
\??\c:\rxllrrf.exec:\rxllrrf.exe90⤵PID:2536
-
\??\c:\tnhbnn.exec:\tnhbnn.exe91⤵PID:4536
-
\??\c:\bhhhbb.exec:\bhhhbb.exe92⤵PID:3408
-
\??\c:\dvdvv.exec:\dvdvv.exe93⤵PID:4872
-
\??\c:\ffxfrfl.exec:\ffxfrfl.exe94⤵PID:2584
-
\??\c:\bhhhtn.exec:\bhhhtn.exe95⤵PID:2272
-
\??\c:\9bnhnn.exec:\9bnhnn.exe96⤵PID:1824
-
\??\c:\7dvvv.exec:\7dvvv.exe97⤵PID:1416
-
\??\c:\3lffxff.exec:\3lffxff.exe98⤵PID:2160
-
\??\c:\bthhbn.exec:\bthhbn.exe99⤵PID:3212
-
\??\c:\nhnttt.exec:\nhnttt.exe100⤵PID:2568
-
\??\c:\dvpjd.exec:\dvpjd.exe101⤵PID:2036
-
\??\c:\pjvvv.exec:\pjvvv.exe102⤵PID:1584
-
\??\c:\xrrlfxr.exec:\xrrlfxr.exe103⤵PID:2332
-
\??\c:\ntntbn.exec:\ntntbn.exe104⤵PID:3676
-
\??\c:\vppdp.exec:\vppdp.exe105⤵PID:4172
-
\??\c:\jpvvv.exec:\jpvvv.exe106⤵PID:4072
-
\??\c:\flllfxx.exec:\flllfxx.exe107⤵PID:2712
-
\??\c:\nthhnn.exec:\nthhnn.exe108⤵PID:3884
-
\??\c:\btnthb.exec:\btnthb.exe109⤵PID:2604
-
\??\c:\pjdvp.exec:\pjdvp.exe110⤵PID:4220
-
\??\c:\rfxxxff.exec:\rfxxxff.exe111⤵PID:1196
-
\??\c:\rrlrllf.exec:\rrlrllf.exe112⤵PID:4892
-
\??\c:\nbttbb.exec:\nbttbb.exe113⤵PID:632
-
\??\c:\vdvjd.exec:\vdvjd.exe114⤵PID:3708
-
\??\c:\pvvpd.exec:\pvvpd.exe115⤵PID:1108
-
\??\c:\frrrlrl.exec:\frrrlrl.exe116⤵PID:380
-
\??\c:\bhnbtt.exec:\bhnbtt.exe117⤵PID:3580
-
\??\c:\htntbb.exec:\htntbb.exe118⤵PID:1344
-
\??\c:\dpvpp.exec:\dpvpp.exe119⤵PID:1028
-
\??\c:\vvjdd.exec:\vvjdd.exe120⤵PID:1972
-
\??\c:\1lxrlff.exec:\1lxrlff.exe121⤵PID:3116
-
\??\c:\hbnbbn.exec:\hbnbbn.exe122⤵PID:4548
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-