Analysis
-
max time kernel
125s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
06-06-2024 06:34
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d0631aec0a75d656d2b1696dea698d5fd01b8064158d8165989d28c512f5b91d.exe
Resource
win7-20240221-en
6 signatures
150 seconds
General
-
Target
d0631aec0a75d656d2b1696dea698d5fd01b8064158d8165989d28c512f5b91d.exe
-
Size
185KB
-
MD5
7bf9fa9659ab50ef5a2acba1511959bb
-
SHA1
22b02519dbd3d8b143db673d041d39075b057e65
-
SHA256
d0631aec0a75d656d2b1696dea698d5fd01b8064158d8165989d28c512f5b91d
-
SHA512
3482f8d66dfc0c0f4a3cd0451152a5b891cb36bda7f36a73db08c0c6afc106b2a35414438d6dde6f35b2ff36172dc62bb75ffc95097afda455724f4d2f8bf681
-
SSDEEP
1536:PvQBeOGtrYSSsrc93UBIfdC67m6AJiqgT4+EMdbSL:PhOm2sI93UufdC67ciJTWMdbc
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
Processes:
resource yara_rule behavioral2/memory/1552-8-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3884-14-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4156-30-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3336-29-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2492-26-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2420-6-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4416-38-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/712-57-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4920-60-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3456-76-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3292-70-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2392-83-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1384-89-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/544-96-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4668-113-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3064-110-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3696-119-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1048-140-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3548-155-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/860-162-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1716-166-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4628-171-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2876-180-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4496-191-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/668-203-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2784-207-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3824-214-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2828-218-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1020-225-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4328-229-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/952-233-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2104-240-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4388-250-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4368-254-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2372-268-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4468-280-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4640-284-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3148-288-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3644-323-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3264-327-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2868-334-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3608-341-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3376-400-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/116-411-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/952-429-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4440-434-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1612-438-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5060-472-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1604-484-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2392-491-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3524-507-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/468-520-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4260-551-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3160-589-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4964-634-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2164-647-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3756-652-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2936-754-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1744-789-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4680-810-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2968-919-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3188-959-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4788-1053-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/736-1408-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
Processes:
resource yara_rule behavioral2/memory/2420-0-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1552-8-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3884-14-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4156-30-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3336-29-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2492-26-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2420-6-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4416-38-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/712-57-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4920-60-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3456-76-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3292-70-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2392-83-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1384-84-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1384-89-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/544-96-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4668-113-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3064-110-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3696-119-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1048-140-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3548-155-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/860-157-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/860-162-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1716-166-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4628-171-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2876-180-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4496-191-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/668-203-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2784-207-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3824-214-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2828-218-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1020-225-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4328-229-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/952-233-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2104-240-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4388-250-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4368-254-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2372-268-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4468-280-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4640-284-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3148-288-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3644-323-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3264-327-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2868-334-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3608-341-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3376-400-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/116-411-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/952-425-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/952-429-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4440-434-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1612-438-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/5060-472-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1604-484-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2392-491-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3524-507-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/468-520-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4260-551-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3160-589-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4964-634-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2164-647-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3756-652-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2936-754-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4992-761-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4304-774-0x0000000000400000-0x0000000000429000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
Processes:
xlxxxrx.exe9rrlfxr.exe9tthbb.exenhtbtt.exedvpjd.exejddvd.exe9ppjv.exebtnthn.exenbnhhh.exe7xffxfx.exehhbhbn.exebbnntt.exejdppd.exefxlfffr.exedvjdd.exe1dpjj.exelflfxrr.exetttnht.exeddjdp.exerrxrxff.exexrflfxr.exehbtnbb.exevjjdv.exexrffrxx.exe3tnhtt.exe1hhbtt.exefxxrfxf.exe1dvpj.exeppdvp.exerlrlxxx.exeddjjd.exevjjjj.exetbbbth.exetnbnnn.exedjppj.exe1rrlffx.exethtnht.exevjddd.exenntthh.exelxrlfff.exe5bthbb.exejvpjv.exerfrrflf.exeddjdp.exexrxfxrx.exettttnt.exexlllrrr.exe1tttnh.exepvjvd.exeddvvj.exelrlffxx.exetntbtt.exepdjdp.exepvjjj.exeffffxxx.exehbhbtt.exevpjpp.exethnhbb.exe1bnhnn.exedvjdd.exelrfxrrl.exerllfrxr.exentbtnh.exedjjjj.exepid process 1552 xlxxxrx.exe 3884 9rrlfxr.exe 2492 9tthbb.exe 3336 nhtbtt.exe 4156 dvpjd.exe 4416 jddvd.exe 4680 9ppjv.exe 4256 btnthn.exe 712 nbnhhh.exe 4920 7xffxfx.exe 3292 hhbhbn.exe 3456 bbnntt.exe 2392 jdppd.exe 1384 fxlfffr.exe 544 dvjdd.exe 1668 1dpjj.exe 3040 lflfxrr.exe 3064 tttnht.exe 4668 ddjdp.exe 3696 rrxrxff.exe 2116 xrflfxr.exe 1196 hbtnbb.exe 3812 vjjdv.exe 1048 xrffrxx.exe 4048 3tnhtt.exe 3548 1hhbtt.exe 860 fxxrfxf.exe 1716 1dvpj.exe 4628 ppdvp.exe 2876 rlrlxxx.exe 2592 ddjjd.exe 1632 vjjjj.exe 4496 tbbbth.exe 3920 tnbnnn.exe 1872 djppj.exe 668 1rrlffx.exe 2784 thtnht.exe 1280 vjddd.exe 3824 nntthh.exe 2828 lxrlfff.exe 3876 5bthbb.exe 1020 jvpjv.exe 4328 rfrrflf.exe 952 ddjdp.exe 4012 xrxfxrx.exe 2104 ttttnt.exe 4484 xlllrrr.exe 3024 1tttnh.exe 4388 pvjvd.exe 4368 ddvvj.exe 2420 lrlffxx.exe 2932 tntbtt.exe 5028 pdjdp.exe 3528 pvjjj.exe 2372 ffffxxx.exe 1580 hbhbtt.exe 4036 vpjpp.exe 4468 thnhbb.exe 4640 1bnhnn.exe 3148 dvjdd.exe 956 lrfxrrl.exe 1856 rllfrxr.exe 2400 ntbtnh.exe 4232 djjjj.exe -
Processes:
resource yara_rule behavioral2/memory/2420-0-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1552-8-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3884-14-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4156-30-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3336-29-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2492-26-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2420-6-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4416-38-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/712-57-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4920-60-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3456-76-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3292-70-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2392-83-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1384-84-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1384-89-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/544-96-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4668-113-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3064-110-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3696-119-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1048-140-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3548-155-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/860-157-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/860-162-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1716-166-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4628-171-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2876-180-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4496-191-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/668-203-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2784-207-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3824-214-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2828-218-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1020-225-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4328-229-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/952-233-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2104-240-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4388-250-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4368-254-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2372-268-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4468-280-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4640-284-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3148-288-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3644-323-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3264-327-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2868-334-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3608-341-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3376-400-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/116-411-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/952-425-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/952-429-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4440-434-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1612-438-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5060-472-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1604-484-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2392-491-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3524-507-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/468-520-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4260-551-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3160-589-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4964-634-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2164-647-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3756-652-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2936-754-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4304-774-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1744-784-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
d0631aec0a75d656d2b1696dea698d5fd01b8064158d8165989d28c512f5b91d.exexlxxxrx.exe9rrlfxr.exe9tthbb.exenhtbtt.exedvpjd.exejddvd.exe9ppjv.exebtnthn.exenbnhhh.exe7xffxfx.exehhbhbn.exebbnntt.exejdppd.exefxlfffr.exedvjdd.exe1dpjj.exelflfxrr.exetttnht.exeddjdp.exerrxrxff.exexrflfxr.exedescription pid process target process PID 2420 wrote to memory of 1552 2420 d0631aec0a75d656d2b1696dea698d5fd01b8064158d8165989d28c512f5b91d.exe xlxxxrx.exe PID 2420 wrote to memory of 1552 2420 d0631aec0a75d656d2b1696dea698d5fd01b8064158d8165989d28c512f5b91d.exe xlxxxrx.exe PID 2420 wrote to memory of 1552 2420 d0631aec0a75d656d2b1696dea698d5fd01b8064158d8165989d28c512f5b91d.exe xlxxxrx.exe PID 1552 wrote to memory of 3884 1552 xlxxxrx.exe 9rrlfxr.exe PID 1552 wrote to memory of 3884 1552 xlxxxrx.exe 9rrlfxr.exe PID 1552 wrote to memory of 3884 1552 xlxxxrx.exe 9rrlfxr.exe PID 3884 wrote to memory of 2492 3884 9rrlfxr.exe 9tthbb.exe PID 3884 wrote to memory of 2492 3884 9rrlfxr.exe 9tthbb.exe PID 3884 wrote to memory of 2492 3884 9rrlfxr.exe 9tthbb.exe PID 2492 wrote to memory of 3336 2492 9tthbb.exe nhtbtt.exe PID 2492 wrote to memory of 3336 2492 9tthbb.exe nhtbtt.exe PID 2492 wrote to memory of 3336 2492 9tthbb.exe nhtbtt.exe PID 3336 wrote to memory of 4156 3336 nhtbtt.exe dvpjd.exe PID 3336 wrote to memory of 4156 3336 nhtbtt.exe dvpjd.exe PID 3336 wrote to memory of 4156 3336 nhtbtt.exe dvpjd.exe PID 4156 wrote to memory of 4416 4156 dvpjd.exe jddvd.exe PID 4156 wrote to memory of 4416 4156 dvpjd.exe jddvd.exe PID 4156 wrote to memory of 4416 4156 dvpjd.exe jddvd.exe PID 4416 wrote to memory of 4680 4416 jddvd.exe 9ppjv.exe PID 4416 wrote to memory of 4680 4416 jddvd.exe 9ppjv.exe PID 4416 wrote to memory of 4680 4416 jddvd.exe 9ppjv.exe PID 4680 wrote to memory of 4256 4680 9ppjv.exe btnthn.exe PID 4680 wrote to memory of 4256 4680 9ppjv.exe btnthn.exe PID 4680 wrote to memory of 4256 4680 9ppjv.exe btnthn.exe PID 4256 wrote to memory of 712 4256 btnthn.exe nbnhhh.exe PID 4256 wrote to memory of 712 4256 btnthn.exe nbnhhh.exe PID 4256 wrote to memory of 712 4256 btnthn.exe nbnhhh.exe PID 712 wrote to memory of 4920 712 nbnhhh.exe 7xffxfx.exe PID 712 wrote to memory of 4920 712 nbnhhh.exe 7xffxfx.exe PID 712 wrote to memory of 4920 712 nbnhhh.exe 7xffxfx.exe PID 4920 wrote to memory of 3292 4920 7xffxfx.exe hhbhbn.exe PID 4920 wrote to memory of 3292 4920 7xffxfx.exe hhbhbn.exe PID 4920 wrote to memory of 3292 4920 7xffxfx.exe hhbhbn.exe PID 3292 wrote to memory of 3456 3292 hhbhbn.exe bbnntt.exe PID 3292 wrote to memory of 3456 3292 hhbhbn.exe bbnntt.exe PID 3292 wrote to memory of 3456 3292 hhbhbn.exe bbnntt.exe PID 3456 wrote to memory of 2392 3456 bbnntt.exe jdppd.exe PID 3456 wrote to memory of 2392 3456 bbnntt.exe jdppd.exe PID 3456 wrote to memory of 2392 3456 bbnntt.exe jdppd.exe PID 2392 wrote to memory of 1384 2392 jdppd.exe fxlfffr.exe PID 2392 wrote to memory of 1384 2392 jdppd.exe fxlfffr.exe PID 2392 wrote to memory of 1384 2392 jdppd.exe fxlfffr.exe PID 1384 wrote to memory of 544 1384 fxlfffr.exe dvjdd.exe PID 1384 wrote to memory of 544 1384 fxlfffr.exe dvjdd.exe PID 1384 wrote to memory of 544 1384 fxlfffr.exe dvjdd.exe PID 544 wrote to memory of 1668 544 dvjdd.exe 1dpjj.exe PID 544 wrote to memory of 1668 544 dvjdd.exe 1dpjj.exe PID 544 wrote to memory of 1668 544 dvjdd.exe 1dpjj.exe PID 1668 wrote to memory of 3040 1668 1dpjj.exe lflfxrr.exe PID 1668 wrote to memory of 3040 1668 1dpjj.exe lflfxrr.exe PID 1668 wrote to memory of 3040 1668 1dpjj.exe lflfxrr.exe PID 3040 wrote to memory of 3064 3040 lflfxrr.exe tttnht.exe PID 3040 wrote to memory of 3064 3040 lflfxrr.exe tttnht.exe PID 3040 wrote to memory of 3064 3040 lflfxrr.exe tttnht.exe PID 3064 wrote to memory of 4668 3064 tttnht.exe ddjdp.exe PID 3064 wrote to memory of 4668 3064 tttnht.exe ddjdp.exe PID 3064 wrote to memory of 4668 3064 tttnht.exe ddjdp.exe PID 4668 wrote to memory of 3696 4668 ddjdp.exe rrxrxff.exe PID 4668 wrote to memory of 3696 4668 ddjdp.exe rrxrxff.exe PID 4668 wrote to memory of 3696 4668 ddjdp.exe rrxrxff.exe PID 3696 wrote to memory of 2116 3696 rrxrxff.exe xrflfxr.exe PID 3696 wrote to memory of 2116 3696 rrxrxff.exe xrflfxr.exe PID 3696 wrote to memory of 2116 3696 rrxrxff.exe xrflfxr.exe PID 2116 wrote to memory of 1196 2116 xrflfxr.exe hbtnbb.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\d0631aec0a75d656d2b1696dea698d5fd01b8064158d8165989d28c512f5b91d.exe"C:\Users\Admin\AppData\Local\Temp\d0631aec0a75d656d2b1696dea698d5fd01b8064158d8165989d28c512f5b91d.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2420 -
\??\c:\xlxxxrx.exec:\xlxxxrx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1552 -
\??\c:\9rrlfxr.exec:\9rrlfxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3884 -
\??\c:\9tthbb.exec:\9tthbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2492 -
\??\c:\nhtbtt.exec:\nhtbtt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3336 -
\??\c:\dvpjd.exec:\dvpjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4156 -
\??\c:\jddvd.exec:\jddvd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4416 -
\??\c:\9ppjv.exec:\9ppjv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4680 -
\??\c:\btnthn.exec:\btnthn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4256 -
\??\c:\nbnhhh.exec:\nbnhhh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:712 -
\??\c:\7xffxfx.exec:\7xffxfx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4920 -
\??\c:\hhbhbn.exec:\hhbhbn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3292 -
\??\c:\bbnntt.exec:\bbnntt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3456 -
\??\c:\jdppd.exec:\jdppd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2392 -
\??\c:\fxlfffr.exec:\fxlfffr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1384 -
\??\c:\dvjdd.exec:\dvjdd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:544 -
\??\c:\1dpjj.exec:\1dpjj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1668 -
\??\c:\lflfxrr.exec:\lflfxrr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3040 -
\??\c:\tttnht.exec:\tttnht.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3064 -
\??\c:\ddjdp.exec:\ddjdp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4668 -
\??\c:\rrxrxff.exec:\rrxrxff.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3696 -
\??\c:\xrflfxr.exec:\xrflfxr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2116 -
\??\c:\hbtnbb.exec:\hbtnbb.exe23⤵
- Executes dropped EXE
PID:1196 -
\??\c:\vjjdv.exec:\vjjdv.exe24⤵
- Executes dropped EXE
PID:3812 -
\??\c:\xrffrxx.exec:\xrffrxx.exe25⤵
- Executes dropped EXE
PID:1048 -
\??\c:\3tnhtt.exec:\3tnhtt.exe26⤵
- Executes dropped EXE
PID:4048 -
\??\c:\1hhbtt.exec:\1hhbtt.exe27⤵
- Executes dropped EXE
PID:3548 -
\??\c:\fxxrfxf.exec:\fxxrfxf.exe28⤵
- Executes dropped EXE
PID:860 -
\??\c:\1dvpj.exec:\1dvpj.exe29⤵
- Executes dropped EXE
PID:1716 -
\??\c:\ppdvp.exec:\ppdvp.exe30⤵
- Executes dropped EXE
PID:4628 -
\??\c:\rlrlxxx.exec:\rlrlxxx.exe31⤵
- Executes dropped EXE
PID:2876 -
\??\c:\ddjjd.exec:\ddjjd.exe32⤵
- Executes dropped EXE
PID:2592 -
\??\c:\vjjjj.exec:\vjjjj.exe33⤵
- Executes dropped EXE
PID:1632 -
\??\c:\tbbbth.exec:\tbbbth.exe34⤵
- Executes dropped EXE
PID:4496 -
\??\c:\tnbnnn.exec:\tnbnnn.exe35⤵
- Executes dropped EXE
PID:3920 -
\??\c:\djppj.exec:\djppj.exe36⤵
- Executes dropped EXE
PID:1872 -
\??\c:\1rrlffx.exec:\1rrlffx.exe37⤵
- Executes dropped EXE
PID:668 -
\??\c:\thtnht.exec:\thtnht.exe38⤵
- Executes dropped EXE
PID:2784 -
\??\c:\vjddd.exec:\vjddd.exe39⤵
- Executes dropped EXE
PID:1280 -
\??\c:\nntthh.exec:\nntthh.exe40⤵
- Executes dropped EXE
PID:3824 -
\??\c:\lxrlfff.exec:\lxrlfff.exe41⤵
- Executes dropped EXE
PID:2828 -
\??\c:\5bthbb.exec:\5bthbb.exe42⤵
- Executes dropped EXE
PID:3876 -
\??\c:\jvpjv.exec:\jvpjv.exe43⤵
- Executes dropped EXE
PID:1020 -
\??\c:\rfrrflf.exec:\rfrrflf.exe44⤵
- Executes dropped EXE
PID:4328 -
\??\c:\ddjdp.exec:\ddjdp.exe45⤵
- Executes dropped EXE
PID:952 -
\??\c:\xrxfxrx.exec:\xrxfxrx.exe46⤵
- Executes dropped EXE
PID:4012 -
\??\c:\ttttnt.exec:\ttttnt.exe47⤵
- Executes dropped EXE
PID:2104 -
\??\c:\xlllrrr.exec:\xlllrrr.exe48⤵
- Executes dropped EXE
PID:4484 -
\??\c:\1tttnh.exec:\1tttnh.exe49⤵
- Executes dropped EXE
PID:3024 -
\??\c:\pvjvd.exec:\pvjvd.exe50⤵
- Executes dropped EXE
PID:4388 -
\??\c:\ddvvj.exec:\ddvvj.exe51⤵
- Executes dropped EXE
PID:4368 -
\??\c:\lrlffxx.exec:\lrlffxx.exe52⤵
- Executes dropped EXE
PID:2420 -
\??\c:\tntbtt.exec:\tntbtt.exe53⤵
- Executes dropped EXE
PID:2932 -
\??\c:\pdjdp.exec:\pdjdp.exe54⤵
- Executes dropped EXE
PID:5028 -
\??\c:\pvjjj.exec:\pvjjj.exe55⤵
- Executes dropped EXE
PID:3528 -
\??\c:\ffffxxx.exec:\ffffxxx.exe56⤵
- Executes dropped EXE
PID:2372 -
\??\c:\hbhbtt.exec:\hbhbtt.exe57⤵
- Executes dropped EXE
PID:1580 -
\??\c:\vpjpp.exec:\vpjpp.exe58⤵
- Executes dropped EXE
PID:4036 -
\??\c:\thnhbb.exec:\thnhbb.exe59⤵
- Executes dropped EXE
PID:4468 -
\??\c:\1bnhnn.exec:\1bnhnn.exe60⤵
- Executes dropped EXE
PID:4640 -
\??\c:\dvjdd.exec:\dvjdd.exe61⤵
- Executes dropped EXE
PID:3148 -
\??\c:\lrfxrrl.exec:\lrfxrrl.exe62⤵
- Executes dropped EXE
PID:956 -
\??\c:\rllfrxr.exec:\rllfrxr.exe63⤵
- Executes dropped EXE
PID:1856 -
\??\c:\ntbtnh.exec:\ntbtnh.exe64⤵
- Executes dropped EXE
PID:2400 -
\??\c:\djjjj.exec:\djjjj.exe65⤵
- Executes dropped EXE
PID:4232 -
\??\c:\jjppv.exec:\jjppv.exe66⤵PID:1204
-
\??\c:\lxxlfxr.exec:\lxxlfxr.exe67⤵PID:1628
-
\??\c:\tthbbb.exec:\tthbbb.exe68⤵PID:3580
-
\??\c:\vdvjp.exec:\vdvjp.exe69⤵PID:704
-
\??\c:\rlfxrlx.exec:\rlfxrlx.exe70⤵PID:3584
-
\??\c:\lrxxrrl.exec:\lrxxrrl.exe71⤵PID:2424
-
\??\c:\tttnbb.exec:\tttnbb.exe72⤵PID:3644
-
\??\c:\7jvpp.exec:\7jvpp.exe73⤵PID:3264
-
\??\c:\dvvpd.exec:\dvvpd.exe74⤵PID:4108
-
\??\c:\rlrrflx.exec:\rlrrflx.exe75⤵PID:2868
-
\??\c:\5ntnhb.exec:\5ntnhb.exe76⤵PID:4348
-
\??\c:\nnntbt.exec:\nnntbt.exe77⤵PID:3608
-
\??\c:\vjddv.exec:\vjddv.exe78⤵PID:3696
-
\??\c:\lffxrrl.exec:\lffxrrl.exe79⤵PID:2284
-
\??\c:\xlxrrrr.exec:\xlxrrrr.exe80⤵PID:4816
-
\??\c:\bnnnhh.exec:\bnnnhh.exe81⤵PID:4064
-
\??\c:\dddvj.exec:\dddvj.exe82⤵PID:3812
-
\??\c:\dvvvj.exec:\dvvvj.exe83⤵PID:4516
-
\??\c:\7rxrfff.exec:\7rxrfff.exe84⤵PID:1772
-
\??\c:\9lrrlff.exec:\9lrrlff.exe85⤵PID:4048
-
\??\c:\1nnhbb.exec:\1nnhbb.exe86⤵PID:396
-
\??\c:\vpvdd.exec:\vpvdd.exe87⤵PID:1080
-
\??\c:\jdpjv.exec:\jdpjv.exe88⤵PID:3532
-
\??\c:\3ffrlll.exec:\3ffrlll.exe89⤵PID:3208
-
\??\c:\9rllffx.exec:\9rllffx.exe90⤵PID:3168
-
\??\c:\nhnttt.exec:\nhnttt.exe91⤵PID:2796
-
\??\c:\vpppj.exec:\vpppj.exe92⤵PID:4544
-
\??\c:\jdjdp.exec:\jdjdp.exe93⤵PID:2028
-
\??\c:\rlrlllx.exec:\rlrlllx.exe94⤵PID:3328
-
\??\c:\1thhhh.exec:\1thhhh.exe95⤵PID:3944
-
\??\c:\thhbtt.exec:\thhbtt.exe96⤵PID:4880
-
\??\c:\1jdpp.exec:\1jdpp.exe97⤵PID:3376
-
\??\c:\3lrxrrf.exec:\3lrxrrf.exe98⤵PID:5008
-
\??\c:\rfxrxfx.exec:\rfxrxfx.exe99⤵PID:3284
-
\??\c:\9tbnhn.exec:\9tbnhn.exe100⤵PID:116
-
\??\c:\btntbb.exec:\btntbb.exe101⤵PID:4116
-
\??\c:\ddjdd.exec:\ddjdd.exe102⤵PID:3232
-
\??\c:\9xlfrrr.exec:\9xlfrrr.exe103⤵PID:4304
-
\??\c:\nthbtt.exec:\nthbtt.exe104⤵PID:4328
-
\??\c:\nhnnhh.exec:\nhnnhh.exe105⤵PID:952
-
\??\c:\jdppp.exec:\jdppp.exe106⤵PID:4440
-
\??\c:\3ffxxxx.exec:\3ffxxxx.exe107⤵PID:4000
-
\??\c:\rrllfff.exec:\rrllfff.exe108⤵PID:1612
-
\??\c:\lflfffx.exec:\lflfffx.exe109⤵PID:2420
-
\??\c:\1hnhhb.exec:\1hnhhb.exe110⤵PID:1364
-
\??\c:\nhnhnn.exec:\nhnhnn.exe111⤵PID:2020
-
\??\c:\ppvpv.exec:\ppvpv.exe112⤵PID:2240
-
\??\c:\ddpjj.exec:\ddpjj.exe113⤵PID:3352
-
\??\c:\nhtntb.exec:\nhtntb.exe114⤵PID:3508
-
\??\c:\7jjjd.exec:\7jjjd.exe115⤵PID:1184
-
\??\c:\rllffff.exec:\rllffff.exe116⤵PID:4856
-
\??\c:\hhhttt.exec:\hhhttt.exe117⤵PID:2164
-
\??\c:\vppjv.exec:\vppjv.exe118⤵PID:728
-
\??\c:\xfxlxrf.exec:\xfxlxrf.exe119⤵PID:5060
-
\??\c:\lrllllf.exec:\lrllllf.exe120⤵PID:2640
-
\??\c:\thbtnn.exec:\thbtnn.exe121⤵PID:4920
-
\??\c:\1pjpj.exec:\1pjpj.exe122⤵PID:1604
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-