Analysis
-
max time kernel
140s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
06-06-2024 06:34
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d0631aec0a75d656d2b1696dea698d5fd01b8064158d8165989d28c512f5b91d.exe
Resource
win7-20240221-en
6 signatures
150 seconds
General
-
Target
d0631aec0a75d656d2b1696dea698d5fd01b8064158d8165989d28c512f5b91d.exe
-
Size
185KB
-
MD5
7bf9fa9659ab50ef5a2acba1511959bb
-
SHA1
22b02519dbd3d8b143db673d041d39075b057e65
-
SHA256
d0631aec0a75d656d2b1696dea698d5fd01b8064158d8165989d28c512f5b91d
-
SHA512
3482f8d66dfc0c0f4a3cd0451152a5b891cb36bda7f36a73db08c0c6afc106b2a35414438d6dde6f35b2ff36172dc62bb75ffc95097afda455724f4d2f8bf681
-
SSDEEP
1536:PvQBeOGtrYSSsrc93UBIfdC67m6AJiqgT4+EMdbSL:PhOm2sI93UufdC67ciJTWMdbc
Malware Config
Signatures
-
Detect Blackmoon payload 41 IoCs
Processes:
resource yara_rule behavioral1/memory/1648-11-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1508-7-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2940-28-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2592-30-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2512-47-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2576-58-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2556-67-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2464-78-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1348-112-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2748-177-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1976-191-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1212-244-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2244-273-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/900-298-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1624-323-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2900-350-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1724-503-0x00000000002C0000-0x00000000002E9000-memory.dmp family_blackmoon behavioral1/memory/2396-1233-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/2396-1182-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/1880-582-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1432-569-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2244-557-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2120-549-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1248-536-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1616-518-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/112-426-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2588-343-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2584-330-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2236-289-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/272-261-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/1048-219-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1920-200-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2028-174-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2064-156-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2320-139-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1672-97-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1972-94-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1104-1305-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/1932-1320-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1896-1407-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1980-1394-0x00000000002B0000-0x00000000002D9000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
Processes:
resource yara_rule behavioral1/memory/1648-11-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1508-7-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2940-19-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2940-28-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2592-30-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2512-47-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2772-48-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2576-58-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2556-67-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2464-78-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1348-112-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2064-147-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2748-177-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1976-191-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1048-210-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1212-244-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2244-273-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/900-298-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1624-323-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2900-350-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1564-382-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1868-595-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2104-786-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/3016-863-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2508-906-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1512-981-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1228-1037-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2584-1189-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1460-1108-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2304-1077-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/700-1051-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2280-1024-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2672-974-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/3048-961-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1864-826-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2920-819-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2000-800-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1544-793-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2152-755-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2732-736-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2528-602-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1880-582-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1432-569-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2244-557-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2120-549-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1248-536-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1616-518-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1516-433-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/112-426-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2404-363-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2588-343-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2584-330-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2236-289-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2236-281-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1048-219-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/680-201-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1920-200-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2028-174-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2028-165-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2064-156-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2320-139-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1672-97-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1972-94-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1972-85-0x0000000000400000-0x0000000000429000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
Processes:
rlrxllx.exejvjvd.exexrrxrxf.exe7frfffl.exennhtnh.exevpvdv.exeffffxfr.exehbnntb.exetnbbnt.exejvdjp.exelfrflxf.exefxxfllr.exenhtbbh.exevpvjp.exevpdjd.exexrxlxxf.exerflllfx.exe5hnntb.exe1tnhhn.exe5dppp.exelfxfllr.exerrflfrx.exehhbhbh.exevvvjp.exerrxxfrr.exexflxlfx.exetnhntt.exevppjd.exexxllrxf.exehhbnbb.exe1vjpv.exedjdpd.exelfrfrxr.exenhtthn.exehhthnt.exe3jdvp.exe9pdjj.exerffxrrl.exenhtnnn.exehbbhhh.exepjjpd.exepdvdp.exexxxrrxr.exefrllxxx.exebthnth.exe1tnthh.exejdddp.exellrrrxx.exelllrxxl.exehbttnn.exe5nhtnn.exepjpvd.exedvpdv.exevpjdp.exefxllxfx.exefxllrxl.exe3nnthh.exe3bnntt.exe3dvpp.exeppjvj.exefxrrxfr.exefxrrllx.exennthnn.exe7htbtb.exepid process 1648 rlrxllx.exe 2940 jvjvd.exe 2592 xrrxrxf.exe 2512 7frfffl.exe 2772 nnhtnh.exe 2576 vpvdv.exe 2556 ffffxfr.exe 2464 hbnntb.exe 1972 tnbbnt.exe 1672 jvdjp.exe 1348 lfrflxf.exe 2672 fxxfllr.exe 1476 nhtbbh.exe 772 vpvjp.exe 2320 vpdjd.exe 2064 xrxlxxf.exe 2704 rflllfx.exe 2028 5hnntb.exe 2748 1tnhhn.exe 1976 5dppp.exe 1920 lfxfllr.exe 680 rrflfrx.exe 1048 hhbhbh.exe 1780 vvvjp.exe 644 rrxxfrr.exe 1212 xflxlfx.exe 1488 tnhntt.exe 272 vppjd.exe 2976 xxllrxf.exe 2244 hhbnbb.exe 2236 1vjpv.exe 900 djdpd.exe 1664 lfrfrxr.exe 1536 nhtthn.exe 2228 hhthnt.exe 2524 3jdvp.exe 1624 9pdjj.exe 2584 rffxrrl.exe 2588 nhtnnn.exe 2660 hbbhhh.exe 2900 pjjpd.exe 2560 pdvdp.exe 2404 xxxrrxr.exe 1732 frllxxx.exe 2464 bthnth.exe 1564 1tnthh.exe 2432 jdddp.exe 2456 llrrrxx.exe 2684 lllrxxl.exe 2672 hbttnn.exe 996 5nhtnn.exe 2308 pjpvd.exe 112 dvpdv.exe 1516 vpjdp.exe 108 fxllxfx.exe 2676 fxllrxl.exe 2692 3nnthh.exe 2280 3bnntt.exe 2188 3dvpp.exe 2964 ppjvj.exe 484 fxrrxfr.exe 572 fxrrllx.exe 2736 nnthnn.exe 1724 7htbtb.exe -
Processes:
resource yara_rule behavioral1/memory/1648-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1508-7-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2940-19-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2940-28-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2592-30-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2512-47-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2772-48-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2576-58-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2556-67-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2464-78-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1348-112-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2064-147-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2748-177-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1976-191-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1048-210-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1212-244-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2244-273-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/900-298-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1624-323-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2900-350-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1564-382-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1868-595-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2104-786-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3016-863-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2508-906-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1512-981-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1228-1037-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2584-1189-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1460-1108-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2304-1077-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/700-1051-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2280-1024-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2672-974-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3048-961-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1864-826-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2920-819-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2000-800-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1544-793-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2152-755-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2732-736-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2528-602-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1880-582-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1432-569-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2244-557-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2120-549-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1248-536-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1616-518-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1516-433-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/112-426-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2404-363-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2588-343-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2584-330-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2236-289-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2236-281-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1048-219-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/680-201-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1920-200-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2028-174-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2028-165-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2064-156-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2320-139-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1672-97-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1972-94-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1972-85-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
d0631aec0a75d656d2b1696dea698d5fd01b8064158d8165989d28c512f5b91d.exerlrxllx.exejvjvd.exexrrxrxf.exe7frfffl.exennhtnh.exevpvdv.exeffffxfr.exehbnntb.exetnbbnt.exejvdjp.exelfrflxf.exefxxfllr.exenhtbbh.exevpvjp.exevpdjd.exedescription pid process target process PID 1508 wrote to memory of 1648 1508 d0631aec0a75d656d2b1696dea698d5fd01b8064158d8165989d28c512f5b91d.exe rlrxllx.exe PID 1508 wrote to memory of 1648 1508 d0631aec0a75d656d2b1696dea698d5fd01b8064158d8165989d28c512f5b91d.exe rlrxllx.exe PID 1508 wrote to memory of 1648 1508 d0631aec0a75d656d2b1696dea698d5fd01b8064158d8165989d28c512f5b91d.exe rlrxllx.exe PID 1508 wrote to memory of 1648 1508 d0631aec0a75d656d2b1696dea698d5fd01b8064158d8165989d28c512f5b91d.exe rlrxllx.exe PID 1648 wrote to memory of 2940 1648 rlrxllx.exe jvjvd.exe PID 1648 wrote to memory of 2940 1648 rlrxllx.exe jvjvd.exe PID 1648 wrote to memory of 2940 1648 rlrxllx.exe jvjvd.exe PID 1648 wrote to memory of 2940 1648 rlrxllx.exe jvjvd.exe PID 2940 wrote to memory of 2592 2940 jvjvd.exe xrrxrxf.exe PID 2940 wrote to memory of 2592 2940 jvjvd.exe xrrxrxf.exe PID 2940 wrote to memory of 2592 2940 jvjvd.exe xrrxrxf.exe PID 2940 wrote to memory of 2592 2940 jvjvd.exe xrrxrxf.exe PID 2592 wrote to memory of 2512 2592 xrrxrxf.exe 7frfffl.exe PID 2592 wrote to memory of 2512 2592 xrrxrxf.exe 7frfffl.exe PID 2592 wrote to memory of 2512 2592 xrrxrxf.exe 7frfffl.exe PID 2592 wrote to memory of 2512 2592 xrrxrxf.exe 7frfffl.exe PID 2512 wrote to memory of 2772 2512 7frfffl.exe nnhtnh.exe PID 2512 wrote to memory of 2772 2512 7frfffl.exe nnhtnh.exe PID 2512 wrote to memory of 2772 2512 7frfffl.exe nnhtnh.exe PID 2512 wrote to memory of 2772 2512 7frfffl.exe nnhtnh.exe PID 2772 wrote to memory of 2576 2772 nnhtnh.exe vpvdv.exe PID 2772 wrote to memory of 2576 2772 nnhtnh.exe vpvdv.exe PID 2772 wrote to memory of 2576 2772 nnhtnh.exe vpvdv.exe PID 2772 wrote to memory of 2576 2772 nnhtnh.exe vpvdv.exe PID 2576 wrote to memory of 2556 2576 vpvdv.exe ffffxfr.exe PID 2576 wrote to memory of 2556 2576 vpvdv.exe ffffxfr.exe PID 2576 wrote to memory of 2556 2576 vpvdv.exe ffffxfr.exe PID 2576 wrote to memory of 2556 2576 vpvdv.exe ffffxfr.exe PID 2556 wrote to memory of 2464 2556 ffffxfr.exe xllfffr.exe PID 2556 wrote to memory of 2464 2556 ffffxfr.exe xllfffr.exe PID 2556 wrote to memory of 2464 2556 ffffxfr.exe xllfffr.exe PID 2556 wrote to memory of 2464 2556 ffffxfr.exe xllfffr.exe PID 2464 wrote to memory of 1972 2464 hbnntb.exe tnbbnt.exe PID 2464 wrote to memory of 1972 2464 hbnntb.exe tnbbnt.exe PID 2464 wrote to memory of 1972 2464 hbnntb.exe tnbbnt.exe PID 2464 wrote to memory of 1972 2464 hbnntb.exe tnbbnt.exe PID 1972 wrote to memory of 1672 1972 tnbbnt.exe jvdjp.exe PID 1972 wrote to memory of 1672 1972 tnbbnt.exe jvdjp.exe PID 1972 wrote to memory of 1672 1972 tnbbnt.exe jvdjp.exe PID 1972 wrote to memory of 1672 1972 tnbbnt.exe jvdjp.exe PID 1672 wrote to memory of 1348 1672 jvdjp.exe lfrflxf.exe PID 1672 wrote to memory of 1348 1672 jvdjp.exe lfrflxf.exe PID 1672 wrote to memory of 1348 1672 jvdjp.exe lfrflxf.exe PID 1672 wrote to memory of 1348 1672 jvdjp.exe lfrflxf.exe PID 1348 wrote to memory of 2672 1348 lfrflxf.exe fxxfllr.exe PID 1348 wrote to memory of 2672 1348 lfrflxf.exe fxxfllr.exe PID 1348 wrote to memory of 2672 1348 lfrflxf.exe fxxfllr.exe PID 1348 wrote to memory of 2672 1348 lfrflxf.exe fxxfllr.exe PID 2672 wrote to memory of 1476 2672 fxxfllr.exe nhtbbh.exe PID 2672 wrote to memory of 1476 2672 fxxfllr.exe nhtbbh.exe PID 2672 wrote to memory of 1476 2672 fxxfllr.exe nhtbbh.exe PID 2672 wrote to memory of 1476 2672 fxxfllr.exe nhtbbh.exe PID 1476 wrote to memory of 772 1476 nhtbbh.exe nnbntn.exe PID 1476 wrote to memory of 772 1476 nhtbbh.exe nnbntn.exe PID 1476 wrote to memory of 772 1476 nhtbbh.exe nnbntn.exe PID 1476 wrote to memory of 772 1476 nhtbbh.exe nnbntn.exe PID 772 wrote to memory of 2320 772 vpvjp.exe vpdjd.exe PID 772 wrote to memory of 2320 772 vpvjp.exe vpdjd.exe PID 772 wrote to memory of 2320 772 vpvjp.exe vpdjd.exe PID 772 wrote to memory of 2320 772 vpvjp.exe vpdjd.exe PID 2320 wrote to memory of 2064 2320 vpdjd.exe xrxlxxf.exe PID 2320 wrote to memory of 2064 2320 vpdjd.exe xrxlxxf.exe PID 2320 wrote to memory of 2064 2320 vpdjd.exe xrxlxxf.exe PID 2320 wrote to memory of 2064 2320 vpdjd.exe xrxlxxf.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\d0631aec0a75d656d2b1696dea698d5fd01b8064158d8165989d28c512f5b91d.exe"C:\Users\Admin\AppData\Local\Temp\d0631aec0a75d656d2b1696dea698d5fd01b8064158d8165989d28c512f5b91d.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1508 -
\??\c:\rlrxllx.exec:\rlrxllx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1648 -
\??\c:\jvjvd.exec:\jvjvd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2940 -
\??\c:\xrrxrxf.exec:\xrrxrxf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2592 -
\??\c:\7frfffl.exec:\7frfffl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2512 -
\??\c:\nnhtnh.exec:\nnhtnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2772 -
\??\c:\vpvdv.exec:\vpvdv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2576 -
\??\c:\ffffxfr.exec:\ffffxfr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2556 -
\??\c:\hbnntb.exec:\hbnntb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2464 -
\??\c:\tnbbnt.exec:\tnbbnt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1972 -
\??\c:\jvdjp.exec:\jvdjp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1672 -
\??\c:\lfrflxf.exec:\lfrflxf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1348 -
\??\c:\fxxfllr.exec:\fxxfllr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2672 -
\??\c:\nhtbbh.exec:\nhtbbh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1476 -
\??\c:\vpvjp.exec:\vpvjp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:772 -
\??\c:\vpdjd.exec:\vpdjd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2320 -
\??\c:\xrxlxxf.exec:\xrxlxxf.exe17⤵
- Executes dropped EXE
PID:2064 -
\??\c:\rflllfx.exec:\rflllfx.exe18⤵
- Executes dropped EXE
PID:2704 -
\??\c:\5hnntb.exec:\5hnntb.exe19⤵
- Executes dropped EXE
PID:2028 -
\??\c:\1tnhhn.exec:\1tnhhn.exe20⤵
- Executes dropped EXE
PID:2748 -
\??\c:\5dppp.exec:\5dppp.exe21⤵
- Executes dropped EXE
PID:1976 -
\??\c:\lfxfllr.exec:\lfxfllr.exe22⤵
- Executes dropped EXE
PID:1920 -
\??\c:\rrflfrx.exec:\rrflfrx.exe23⤵
- Executes dropped EXE
PID:680 -
\??\c:\hhbhbh.exec:\hhbhbh.exe24⤵
- Executes dropped EXE
PID:1048 -
\??\c:\vvvjp.exec:\vvvjp.exe25⤵
- Executes dropped EXE
PID:1780 -
\??\c:\rrxxfrr.exec:\rrxxfrr.exe26⤵
- Executes dropped EXE
PID:644 -
\??\c:\xflxlfx.exec:\xflxlfx.exe27⤵
- Executes dropped EXE
PID:1212 -
\??\c:\tnhntt.exec:\tnhntt.exe28⤵
- Executes dropped EXE
PID:1488 -
\??\c:\vppjd.exec:\vppjd.exe29⤵
- Executes dropped EXE
PID:272 -
\??\c:\xxllrxf.exec:\xxllrxf.exe30⤵
- Executes dropped EXE
PID:2976 -
\??\c:\hhbnbb.exec:\hhbnbb.exe31⤵
- Executes dropped EXE
PID:2244 -
\??\c:\1vjpv.exec:\1vjpv.exe32⤵
- Executes dropped EXE
PID:2236 -
\??\c:\djdpd.exec:\djdpd.exe33⤵
- Executes dropped EXE
PID:900 -
\??\c:\lfrfrxr.exec:\lfrfrxr.exe34⤵
- Executes dropped EXE
PID:1664 -
\??\c:\nhtthn.exec:\nhtthn.exe35⤵
- Executes dropped EXE
PID:1536 -
\??\c:\hhthnt.exec:\hhthnt.exe36⤵
- Executes dropped EXE
PID:2228 -
\??\c:\3jdvp.exec:\3jdvp.exe37⤵
- Executes dropped EXE
PID:2524 -
\??\c:\9pdjj.exec:\9pdjj.exe38⤵
- Executes dropped EXE
PID:1624 -
\??\c:\rffxrrl.exec:\rffxrrl.exe39⤵
- Executes dropped EXE
PID:2584 -
\??\c:\nhtnnn.exec:\nhtnnn.exe40⤵
- Executes dropped EXE
PID:2588 -
\??\c:\hbbhhh.exec:\hbbhhh.exe41⤵
- Executes dropped EXE
PID:2660 -
\??\c:\pjjpd.exec:\pjjpd.exe42⤵
- Executes dropped EXE
PID:2900 -
\??\c:\pdvdp.exec:\pdvdp.exe43⤵
- Executes dropped EXE
PID:2560 -
\??\c:\xxxrrxr.exec:\xxxrrxr.exe44⤵
- Executes dropped EXE
PID:2404 -
\??\c:\frllxxx.exec:\frllxxx.exe45⤵
- Executes dropped EXE
PID:1732 -
\??\c:\bthnth.exec:\bthnth.exe46⤵
- Executes dropped EXE
PID:2464 -
\??\c:\1tnthh.exec:\1tnthh.exe47⤵
- Executes dropped EXE
PID:1564 -
\??\c:\jdddp.exec:\jdddp.exe48⤵
- Executes dropped EXE
PID:2432 -
\??\c:\llrrrxx.exec:\llrrrxx.exe49⤵
- Executes dropped EXE
PID:2456 -
\??\c:\lllrxxl.exec:\lllrxxl.exe50⤵
- Executes dropped EXE
PID:2684 -
\??\c:\hbttnn.exec:\hbttnn.exe51⤵
- Executes dropped EXE
PID:2672 -
\??\c:\5nhtnn.exec:\5nhtnn.exe52⤵
- Executes dropped EXE
PID:996 -
\??\c:\pjpvd.exec:\pjpvd.exe53⤵
- Executes dropped EXE
PID:2308 -
\??\c:\dvpdv.exec:\dvpdv.exe54⤵
- Executes dropped EXE
PID:112 -
\??\c:\vpjdp.exec:\vpjdp.exe55⤵
- Executes dropped EXE
PID:1516 -
\??\c:\fxllxfx.exec:\fxllxfx.exe56⤵
- Executes dropped EXE
PID:108 -
\??\c:\fxllrxl.exec:\fxllrxl.exe57⤵
- Executes dropped EXE
PID:2676 -
\??\c:\3nnthh.exec:\3nnthh.exe58⤵
- Executes dropped EXE
PID:2692 -
\??\c:\3bnntt.exec:\3bnntt.exe59⤵
- Executes dropped EXE
PID:2280 -
\??\c:\3dvpp.exec:\3dvpp.exe60⤵
- Executes dropped EXE
PID:2188 -
\??\c:\ppjvj.exec:\ppjvj.exe61⤵
- Executes dropped EXE
PID:2964 -
\??\c:\fxrrxfr.exec:\fxrrxfr.exe62⤵
- Executes dropped EXE
PID:484 -
\??\c:\fxrrllx.exec:\fxrrllx.exe63⤵
- Executes dropped EXE
PID:572 -
\??\c:\nnthnn.exec:\nnthnn.exe64⤵
- Executes dropped EXE
PID:2736 -
\??\c:\7htbtb.exec:\7htbtb.exe65⤵
- Executes dropped EXE
PID:1724 -
\??\c:\3ppvj.exec:\3ppvj.exe66⤵PID:3032
-
\??\c:\jdvjv.exec:\jdvjv.exe67⤵PID:1652
-
\??\c:\xxrrflr.exec:\xxrrflr.exe68⤵PID:1616
-
\??\c:\fffflrf.exec:\fffflrf.exe69⤵PID:2844
-
\??\c:\tnbhtt.exec:\tnbhtt.exe70⤵PID:3036
-
\??\c:\tnhnnt.exec:\tnhnnt.exe71⤵PID:1248
-
\??\c:\hbnhtb.exec:\hbnhtb.exe72⤵PID:2120
-
\??\c:\pvvvv.exec:\pvvvv.exe73⤵PID:592
-
\??\c:\jddjv.exec:\jddjv.exe74⤵PID:2244
-
\??\c:\3lrlxlx.exec:\3lrlxlx.exe75⤵PID:1432
-
\??\c:\rlxfrrx.exec:\rlxfrrx.exe76⤵PID:900
-
\??\c:\bbntbh.exec:\bbntbh.exe77⤵PID:2204
-
\??\c:\7nbhth.exec:\7nbhth.exe78⤵PID:1880
-
\??\c:\dvppd.exec:\dvppd.exe79⤵PID:2924
-
\??\c:\jdppd.exec:\jdppd.exe80⤵PID:1868
-
\??\c:\vdvvj.exec:\vdvvj.exe81⤵PID:2528
-
\??\c:\rrlxlfr.exec:\rrlxlfr.exe82⤵PID:1624
-
\??\c:\5fxlxfr.exec:\5fxlxfr.exe83⤵PID:2584
-
\??\c:\3bnnhn.exec:\3bnnhn.exe84⤵PID:2348
-
\??\c:\ntnthh.exec:\ntnthh.exe85⤵PID:2644
-
\??\c:\pjvjd.exec:\pjvjd.exe86⤵PID:2416
-
\??\c:\jjvdp.exec:\jjvdp.exe87⤵PID:2392
-
\??\c:\fxrxrxx.exec:\fxrxrxx.exe88⤵PID:2460
-
\??\c:\7rlrxfx.exec:\7rlrxfx.exe89⤵PID:2344
-
\??\c:\nhnnbb.exec:\nhnnbb.exe90⤵PID:2408
-
\??\c:\tntttb.exec:\tntttb.exe91⤵PID:1424
-
\??\c:\pddpv.exec:\pddpv.exe92⤵PID:2856
-
\??\c:\pjdjp.exec:\pjdjp.exe93⤵PID:2276
-
\??\c:\fxllxxl.exec:\fxllxxl.exe94⤵PID:1348
-
\??\c:\rlfrrfl.exec:\rlfrrfl.exe95⤵PID:320
-
\??\c:\hbnhtb.exec:\hbnhtb.exe96⤵PID:1456
-
\??\c:\tntbnn.exec:\tntbnn.exe97⤵PID:772
-
\??\c:\nthbtb.exec:\nthbtb.exe98⤵PID:376
-
\??\c:\7djvp.exec:\7djvp.exe99⤵PID:1628
-
\??\c:\rxxxfxl.exec:\rxxxfxl.exe100⤵PID:2032
-
\??\c:\llxllrf.exec:\llxllrf.exe101⤵PID:2436
-
\??\c:\3bnbbn.exec:\3bnbbn.exe102⤵PID:2744
-
\??\c:\jdvdj.exec:\jdvdj.exe103⤵PID:2732
-
\??\c:\jvjjp.exec:\jvjjp.exe104⤵PID:1836
-
\??\c:\frxlfrr.exec:\frxlfrr.exe105⤵PID:1728
-
\??\c:\1fxlxfl.exec:\1fxlxfl.exe106⤵PID:2152
-
\??\c:\bthtbn.exec:\bthtbn.exe107⤵PID:700
-
\??\c:\hhtbnt.exec:\hhtbnt.exe108⤵PID:680
-
\??\c:\5ppdp.exec:\5ppdp.exe109⤵PID:1404
-
\??\c:\pjddp.exec:\pjddp.exe110⤵PID:1696
-
\??\c:\dvjvd.exec:\dvjvd.exe111⤵PID:2104
-
\??\c:\rrrxffl.exec:\rrrxffl.exe112⤵PID:1544
-
\??\c:\nhbhtt.exec:\nhbhtt.exe113⤵PID:2000
-
\??\c:\tnhhtn.exec:\tnhhtn.exe114⤵PID:292
-
\??\c:\jdvdp.exec:\jdvdp.exe115⤵PID:2724
-
\??\c:\dvjdv.exec:\dvjdv.exe116⤵PID:2920
-
\??\c:\ffxxrrx.exec:\ffxxrrx.exe117⤵PID:1864
-
\??\c:\rlxxflx.exec:\rlxxflx.exe118⤵PID:2248
-
\??\c:\fxfxlll.exec:\fxfxlll.exe119⤵PID:1888
-
\??\c:\hbhnnn.exec:\hbhnnn.exe120⤵PID:1480
-
\??\c:\ttntbn.exec:\ttntbn.exe121⤵PID:2764
-
\??\c:\jjppv.exec:\jjppv.exe122⤵PID:1736
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-