Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
06-06-2024 06:49
Static task
static1
2 signatures
Behavioral task
behavioral1
Sample
d5fbe2d81bc8180a37a82f9a1ea87bc68b248009ec499c6bedf67a34ba82dd37.exe
Resource
win7-20240508-en
5 signatures
150 seconds
General
-
Target
d5fbe2d81bc8180a37a82f9a1ea87bc68b248009ec499c6bedf67a34ba82dd37.exe
-
Size
190KB
-
MD5
5dcea04ec05f619f7925ed1f6d32d275
-
SHA1
c680eb7d639c6c491542a6e1a81179b9a405f690
-
SHA256
d5fbe2d81bc8180a37a82f9a1ea87bc68b248009ec499c6bedf67a34ba82dd37
-
SHA512
79c95e8512838b725c5c40db98d8e3221c590eb310a27f50ab0410834b1cc2a62e020fc020f3f02f0edd99e70eb9de4e6769d227ca599f871bd31545c64d9470
-
SSDEEP
3072:YhOmTsF93UYfwC6GIoutLmxHxae5yLpcgDE4JBuItR8pTsgnKbQFe3+d:Ycm4FmowdHoSLEaTBftapTsyFeOd
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
Processes:
resource yara_rule behavioral2/memory/2744-4-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/4596-7-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/996-17-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/1216-23-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/1044-30-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/5016-36-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/4556-45-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/3944-50-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/5048-56-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/5060-62-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/1020-68-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/2380-77-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/1504-76-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/2084-87-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/3736-99-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/3528-105-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/2032-122-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/1528-115-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/3828-127-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/4732-139-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/2736-158-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/2952-173-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/1388-171-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/4412-179-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/220-188-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/2520-186-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/1872-195-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/1760-200-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/4716-209-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/2428-216-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/2288-219-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/1820-223-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/4296-232-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/4688-250-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/3544-252-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/4892-258-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/2640-263-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/2904-271-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/2512-281-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/3020-296-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/4324-303-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/2932-323-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/1548-330-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/1148-337-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/4920-343-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/5100-342-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/5096-354-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/4900-367-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/4336-372-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/2088-393-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/4728-400-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/4200-453-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/3432-465-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/3332-470-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/4528-483-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/3680-557-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/2952-563-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/212-579-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/4820-653-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/2032-709-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/760-735-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/1972-785-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/4240-809-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/2212-855-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
Processes:
resource yara_rule behavioral2/memory/2744-0-0x0000000000400000-0x0000000000430000-memory.dmp UPX C:\fxxrllf.exe UPX behavioral2/memory/2744-4-0x0000000000400000-0x0000000000430000-memory.dmp UPX behavioral2/memory/4596-7-0x0000000000400000-0x0000000000430000-memory.dmp UPX \??\c:\hbhbhb.exe UPX behavioral2/memory/996-11-0x0000000000400000-0x0000000000430000-memory.dmp UPX C:\rllfxxx.exe UPX behavioral2/memory/996-17-0x0000000000400000-0x0000000000430000-memory.dmp UPX behavioral2/memory/1216-23-0x0000000000400000-0x0000000000430000-memory.dmp UPX C:\7hhbbb.exe UPX C:\vppjj.exe UPX behavioral2/memory/1044-30-0x0000000000400000-0x0000000000430000-memory.dmp UPX C:\rrrfxxr.exe UPX behavioral2/memory/5016-36-0x0000000000400000-0x0000000000430000-memory.dmp UPX C:\hbhbbt.exe UPX C:\7vddp.exe UPX behavioral2/memory/4556-45-0x0000000000400000-0x0000000000430000-memory.dmp UPX C:\5llllff.exe UPX behavioral2/memory/3944-50-0x0000000000400000-0x0000000000430000-memory.dmp UPX behavioral2/memory/5048-56-0x0000000000400000-0x0000000000430000-memory.dmp UPX C:\3ntbth.exe UPX C:\jvddd.exe UPX behavioral2/memory/5060-62-0x0000000000400000-0x0000000000430000-memory.dmp UPX C:\fllxlrr.exe UPX behavioral2/memory/1020-68-0x0000000000400000-0x0000000000430000-memory.dmp UPX \??\c:\hntnhn.exe UPX behavioral2/memory/2380-77-0x0000000000400000-0x0000000000430000-memory.dmp UPX C:\5hhhbt.exe UPX behavioral2/memory/1504-76-0x0000000000400000-0x0000000000430000-memory.dmp UPX C:\3lrlllr.exe UPX behavioral2/memory/2084-87-0x0000000000400000-0x0000000000430000-memory.dmp UPX C:\5fffxxx.exe UPX C:\tthbtn.exe UPX behavioral2/memory/3736-99-0x0000000000400000-0x0000000000430000-memory.dmp UPX \??\c:\7tbtnh.exe UPX behavioral2/memory/3528-105-0x0000000000400000-0x0000000000430000-memory.dmp UPX \??\c:\pvvpp.exe UPX C:\ffxxllf.exe UPX \??\c:\3rxxllr.exe UPX behavioral2/memory/2032-122-0x0000000000400000-0x0000000000430000-memory.dmp UPX behavioral2/memory/1528-115-0x0000000000400000-0x0000000000430000-memory.dmp UPX C:\ttbnhn.exe UPX behavioral2/memory/3828-127-0x0000000000400000-0x0000000000430000-memory.dmp UPX C:\xllfxxr.exe UPX C:\lfflffl.exe UPX behavioral2/memory/4732-139-0x0000000000400000-0x0000000000430000-memory.dmp UPX C:\bhtnhh.exe UPX C:\7xfxxxr.exe UPX C:\bnntnn.exe UPX behavioral2/memory/2736-154-0x0000000000400000-0x0000000000430000-memory.dmp UPX behavioral2/memory/2736-158-0x0000000000400000-0x0000000000430000-memory.dmp UPX C:\vjpjd.exe UPX C:\1xxxrrr.exe UPX C:\hbbbtn.exe UPX behavioral2/memory/2952-173-0x0000000000400000-0x0000000000430000-memory.dmp UPX behavioral2/memory/1388-171-0x0000000000400000-0x0000000000430000-memory.dmp UPX behavioral2/memory/4412-179-0x0000000000400000-0x0000000000430000-memory.dmp UPX \??\c:\bnnnhh.exe UPX C:\pddvj.exe UPX behavioral2/memory/220-188-0x0000000000400000-0x0000000000430000-memory.dmp UPX behavioral2/memory/2520-186-0x0000000000400000-0x0000000000430000-memory.dmp UPX behavioral2/memory/1872-195-0x0000000000400000-0x0000000000430000-memory.dmp UPX behavioral2/memory/1760-200-0x0000000000400000-0x0000000000430000-memory.dmp UPX behavioral2/memory/4716-209-0x0000000000400000-0x0000000000430000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
Processes:
fxxrllf.exehbhbhb.exerllfxxx.exe7hhbbb.exevppjj.exerrrfxxr.exehbhbbt.exe7vddp.exe5llllff.exe3ntbth.exejvddd.exefllxlrr.exehntnhn.exe5hhhbt.exe3lrlllr.exe5fffxxx.exetthbtn.exe7tbtnh.exepvvpp.exeffxxllf.exe3rxxllr.exettbnhn.exexllfxxr.exelfflffl.exebhtnhh.exe7xfxxxr.exebnntnn.exevjpjd.exe1xxxrrr.exehbbbtn.exebnnnhh.exepddvj.exerrfxllr.exe1xfxrxr.exettnhbb.exexrflflf.exebhnnhh.exejpjpp.exe3lrlllr.exenbhbtt.exebnhtbh.exebbtbnh.exevddvp.exevpvpv.exenntbnn.exethbbnn.exevvvpj.exe3rlrlrl.exerxlfxxr.exetnbhbb.exehhhhtb.exepjjjd.exexxfllff.exexfffxff.exenhnhbb.exedjvpd.exepdppd.exexffxrlx.exehhnnbb.exebbnthn.exe5vdjv.exerxlrrfl.exebnbbhh.exe5vjdj.exepid process 4596 fxxrllf.exe 996 hbhbhb.exe 1216 rllfxxx.exe 1044 7hhbbb.exe 5016 vppjj.exe 3592 rrrfxxr.exe 4556 hbhbbt.exe 3944 7vddp.exe 5048 5llllff.exe 5060 3ntbth.exe 1020 jvddd.exe 1504 fllxlrr.exe 2380 hntnhn.exe 2084 5hhhbt.exe 1512 3lrlllr.exe 3852 5fffxxx.exe 3736 tthbtn.exe 3528 7tbtnh.exe 4168 pvvpp.exe 1528 ffxxllf.exe 2032 3rxxllr.exe 3828 ttbnhn.exe 1956 xllfxxr.exe 4732 lfflffl.exe 3788 bhtnhh.exe 4712 7xfxxxr.exe 2736 bnntnn.exe 3552 vjpjd.exe 1388 1xxxrrr.exe 2952 hbbbtn.exe 4412 bnnnhh.exe 2520 pddvj.exe 220 rrfxllr.exe 1872 1xfxrxr.exe 716 ttnhbb.exe 1760 xrflflf.exe 968 bhnnhh.exe 4716 jpjpp.exe 5036 3lrlllr.exe 2428 nbhbtt.exe 2288 bnhtbh.exe 1820 bbtbnh.exe 4128 vddvp.exe 1480 vpvpv.exe 4296 nntbnn.exe 2328 thbbnn.exe 3220 vvvpj.exe 2172 3rlrlrl.exe 4760 rxlfxxr.exe 4688 tnbhbb.exe 3544 hhhhtb.exe 4892 pjjjd.exe 3448 xxfllff.exe 2640 xfffxff.exe 2276 nhnhbb.exe 2904 djvpd.exe 744 pdppd.exe 4672 xffxrlx.exe 2512 hhnnbb.exe 1468 bbnthn.exe 3224 5vdjv.exe 3944 rxlrrfl.exe 3020 bnbbhh.exe 5028 5vjdj.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
d5fbe2d81bc8180a37a82f9a1ea87bc68b248009ec499c6bedf67a34ba82dd37.exefxxrllf.exehbhbhb.exerllfxxx.exe7hhbbb.exevppjj.exerrrfxxr.exehbhbbt.exe7vddp.exe5llllff.exe3ntbth.exejvddd.exefllxlrr.exehntnhn.exe5hhhbt.exe3lrlllr.exe5fffxxx.exetthbtn.exe7tbtnh.exepvvpp.exeffxxllf.exe3rxxllr.exedescription pid process target process PID 2744 wrote to memory of 4596 2744 d5fbe2d81bc8180a37a82f9a1ea87bc68b248009ec499c6bedf67a34ba82dd37.exe fxxrllf.exe PID 2744 wrote to memory of 4596 2744 d5fbe2d81bc8180a37a82f9a1ea87bc68b248009ec499c6bedf67a34ba82dd37.exe fxxrllf.exe PID 2744 wrote to memory of 4596 2744 d5fbe2d81bc8180a37a82f9a1ea87bc68b248009ec499c6bedf67a34ba82dd37.exe fxxrllf.exe PID 4596 wrote to memory of 996 4596 fxxrllf.exe hbhbhb.exe PID 4596 wrote to memory of 996 4596 fxxrllf.exe hbhbhb.exe PID 4596 wrote to memory of 996 4596 fxxrllf.exe hbhbhb.exe PID 996 wrote to memory of 1216 996 hbhbhb.exe rllfxxx.exe PID 996 wrote to memory of 1216 996 hbhbhb.exe rllfxxx.exe PID 996 wrote to memory of 1216 996 hbhbhb.exe rllfxxx.exe PID 1216 wrote to memory of 1044 1216 rllfxxx.exe 7hhbbb.exe PID 1216 wrote to memory of 1044 1216 rllfxxx.exe 7hhbbb.exe PID 1216 wrote to memory of 1044 1216 rllfxxx.exe 7hhbbb.exe PID 1044 wrote to memory of 5016 1044 7hhbbb.exe vppjj.exe PID 1044 wrote to memory of 5016 1044 7hhbbb.exe vppjj.exe PID 1044 wrote to memory of 5016 1044 7hhbbb.exe vppjj.exe PID 5016 wrote to memory of 3592 5016 vppjj.exe rrrfxxr.exe PID 5016 wrote to memory of 3592 5016 vppjj.exe rrrfxxr.exe PID 5016 wrote to memory of 3592 5016 vppjj.exe rrrfxxr.exe PID 3592 wrote to memory of 4556 3592 rrrfxxr.exe hbhbbt.exe PID 3592 wrote to memory of 4556 3592 rrrfxxr.exe hbhbbt.exe PID 3592 wrote to memory of 4556 3592 rrrfxxr.exe hbhbbt.exe PID 4556 wrote to memory of 3944 4556 hbhbbt.exe 7vddp.exe PID 4556 wrote to memory of 3944 4556 hbhbbt.exe 7vddp.exe PID 4556 wrote to memory of 3944 4556 hbhbbt.exe 7vddp.exe PID 3944 wrote to memory of 5048 3944 7vddp.exe 5llllff.exe PID 3944 wrote to memory of 5048 3944 7vddp.exe 5llllff.exe PID 3944 wrote to memory of 5048 3944 7vddp.exe 5llllff.exe PID 5048 wrote to memory of 5060 5048 5llllff.exe 3ntbth.exe PID 5048 wrote to memory of 5060 5048 5llllff.exe 3ntbth.exe PID 5048 wrote to memory of 5060 5048 5llllff.exe 3ntbth.exe PID 5060 wrote to memory of 1020 5060 3ntbth.exe jvddd.exe PID 5060 wrote to memory of 1020 5060 3ntbth.exe jvddd.exe PID 5060 wrote to memory of 1020 5060 3ntbth.exe jvddd.exe PID 1020 wrote to memory of 1504 1020 jvddd.exe fllxlrr.exe PID 1020 wrote to memory of 1504 1020 jvddd.exe fllxlrr.exe PID 1020 wrote to memory of 1504 1020 jvddd.exe fllxlrr.exe PID 1504 wrote to memory of 2380 1504 fllxlrr.exe hntnhn.exe PID 1504 wrote to memory of 2380 1504 fllxlrr.exe hntnhn.exe PID 1504 wrote to memory of 2380 1504 fllxlrr.exe hntnhn.exe PID 2380 wrote to memory of 2084 2380 hntnhn.exe 5hhhbt.exe PID 2380 wrote to memory of 2084 2380 hntnhn.exe 5hhhbt.exe PID 2380 wrote to memory of 2084 2380 hntnhn.exe 5hhhbt.exe PID 2084 wrote to memory of 1512 2084 5hhhbt.exe 3lrlllr.exe PID 2084 wrote to memory of 1512 2084 5hhhbt.exe 3lrlllr.exe PID 2084 wrote to memory of 1512 2084 5hhhbt.exe 3lrlllr.exe PID 1512 wrote to memory of 3852 1512 3lrlllr.exe 5fffxxx.exe PID 1512 wrote to memory of 3852 1512 3lrlllr.exe 5fffxxx.exe PID 1512 wrote to memory of 3852 1512 3lrlllr.exe 5fffxxx.exe PID 3852 wrote to memory of 3736 3852 5fffxxx.exe tthbtn.exe PID 3852 wrote to memory of 3736 3852 5fffxxx.exe tthbtn.exe PID 3852 wrote to memory of 3736 3852 5fffxxx.exe tthbtn.exe PID 3736 wrote to memory of 3528 3736 tthbtn.exe 7tbtnh.exe PID 3736 wrote to memory of 3528 3736 tthbtn.exe 7tbtnh.exe PID 3736 wrote to memory of 3528 3736 tthbtn.exe 7tbtnh.exe PID 3528 wrote to memory of 4168 3528 7tbtnh.exe pvvpp.exe PID 3528 wrote to memory of 4168 3528 7tbtnh.exe pvvpp.exe PID 3528 wrote to memory of 4168 3528 7tbtnh.exe pvvpp.exe PID 4168 wrote to memory of 1528 4168 pvvpp.exe ffxxllf.exe PID 4168 wrote to memory of 1528 4168 pvvpp.exe ffxxllf.exe PID 4168 wrote to memory of 1528 4168 pvvpp.exe ffxxllf.exe PID 1528 wrote to memory of 2032 1528 ffxxllf.exe 3rxxllr.exe PID 1528 wrote to memory of 2032 1528 ffxxllf.exe 3rxxllr.exe PID 1528 wrote to memory of 2032 1528 ffxxllf.exe 3rxxllr.exe PID 2032 wrote to memory of 3828 2032 3rxxllr.exe ttbnhn.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\d5fbe2d81bc8180a37a82f9a1ea87bc68b248009ec499c6bedf67a34ba82dd37.exe"C:\Users\Admin\AppData\Local\Temp\d5fbe2d81bc8180a37a82f9a1ea87bc68b248009ec499c6bedf67a34ba82dd37.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2744 -
\??\c:\fxxrllf.exec:\fxxrllf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4596 -
\??\c:\hbhbhb.exec:\hbhbhb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:996 -
\??\c:\rllfxxx.exec:\rllfxxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1216 -
\??\c:\7hhbbb.exec:\7hhbbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1044 -
\??\c:\vppjj.exec:\vppjj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5016 -
\??\c:\rrrfxxr.exec:\rrrfxxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3592 -
\??\c:\hbhbbt.exec:\hbhbbt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4556 -
\??\c:\7vddp.exec:\7vddp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3944 -
\??\c:\5llllff.exec:\5llllff.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5048 -
\??\c:\3ntbth.exec:\3ntbth.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5060 -
\??\c:\jvddd.exec:\jvddd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1020 -
\??\c:\fllxlrr.exec:\fllxlrr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1504 -
\??\c:\hntnhn.exec:\hntnhn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2380 -
\??\c:\5hhhbt.exec:\5hhhbt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2084 -
\??\c:\3lrlllr.exec:\3lrlllr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1512 -
\??\c:\5fffxxx.exec:\5fffxxx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3852 -
\??\c:\tthbtn.exec:\tthbtn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3736 -
\??\c:\7tbtnh.exec:\7tbtnh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3528 -
\??\c:\pvvpp.exec:\pvvpp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4168 -
\??\c:\ffxxllf.exec:\ffxxllf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1528 -
\??\c:\3rxxllr.exec:\3rxxllr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2032 -
\??\c:\ttbnhn.exec:\ttbnhn.exe23⤵
- Executes dropped EXE
PID:3828 -
\??\c:\xllfxxr.exec:\xllfxxr.exe24⤵
- Executes dropped EXE
PID:1956 -
\??\c:\lfflffl.exec:\lfflffl.exe25⤵
- Executes dropped EXE
PID:4732 -
\??\c:\bhtnhh.exec:\bhtnhh.exe26⤵
- Executes dropped EXE
PID:3788 -
\??\c:\7xfxxxr.exec:\7xfxxxr.exe27⤵
- Executes dropped EXE
PID:4712 -
\??\c:\bnntnn.exec:\bnntnn.exe28⤵
- Executes dropped EXE
PID:2736 -
\??\c:\vjpjd.exec:\vjpjd.exe29⤵
- Executes dropped EXE
PID:3552 -
\??\c:\1xxxrrr.exec:\1xxxrrr.exe30⤵
- Executes dropped EXE
PID:1388 -
\??\c:\hbbbtn.exec:\hbbbtn.exe31⤵
- Executes dropped EXE
PID:2952 -
\??\c:\bnnnhh.exec:\bnnnhh.exe32⤵
- Executes dropped EXE
PID:4412 -
\??\c:\pddvj.exec:\pddvj.exe33⤵
- Executes dropped EXE
PID:2520 -
\??\c:\rrfxllr.exec:\rrfxllr.exe34⤵
- Executes dropped EXE
PID:220 -
\??\c:\1xfxrxr.exec:\1xfxrxr.exe35⤵
- Executes dropped EXE
PID:1872 -
\??\c:\ttnhbb.exec:\ttnhbb.exe36⤵
- Executes dropped EXE
PID:716 -
\??\c:\xrflflf.exec:\xrflflf.exe37⤵
- Executes dropped EXE
PID:1760 -
\??\c:\bhnnhh.exec:\bhnnhh.exe38⤵
- Executes dropped EXE
PID:968 -
\??\c:\jpjpp.exec:\jpjpp.exe39⤵
- Executes dropped EXE
PID:4716 -
\??\c:\3lrlllr.exec:\3lrlllr.exe40⤵
- Executes dropped EXE
PID:5036 -
\??\c:\nbhbtt.exec:\nbhbtt.exe41⤵
- Executes dropped EXE
PID:2428 -
\??\c:\bnhtbh.exec:\bnhtbh.exe42⤵
- Executes dropped EXE
PID:2288 -
\??\c:\bbtbnh.exec:\bbtbnh.exe43⤵
- Executes dropped EXE
PID:1820 -
\??\c:\vddvp.exec:\vddvp.exe44⤵
- Executes dropped EXE
PID:4128 -
\??\c:\vpvpv.exec:\vpvpv.exe45⤵
- Executes dropped EXE
PID:1480 -
\??\c:\nntbnn.exec:\nntbnn.exe46⤵
- Executes dropped EXE
PID:4296 -
\??\c:\thbbnn.exec:\thbbnn.exe47⤵
- Executes dropped EXE
PID:2328 -
\??\c:\vvvpj.exec:\vvvpj.exe48⤵
- Executes dropped EXE
PID:3220 -
\??\c:\3rlrlrl.exec:\3rlrlrl.exe49⤵
- Executes dropped EXE
PID:2172 -
\??\c:\rxlfxxr.exec:\rxlfxxr.exe50⤵
- Executes dropped EXE
PID:4760 -
\??\c:\tnbhbb.exec:\tnbhbb.exe51⤵
- Executes dropped EXE
PID:4688 -
\??\c:\hhhhtb.exec:\hhhhtb.exe52⤵
- Executes dropped EXE
PID:3544 -
\??\c:\pjjjd.exec:\pjjjd.exe53⤵
- Executes dropped EXE
PID:4892 -
\??\c:\xxfllff.exec:\xxfllff.exe54⤵
- Executes dropped EXE
PID:3448 -
\??\c:\xfffxff.exec:\xfffxff.exe55⤵
- Executes dropped EXE
PID:2640 -
\??\c:\nhnhbb.exec:\nhnhbb.exe56⤵
- Executes dropped EXE
PID:2276 -
\??\c:\djvpd.exec:\djvpd.exe57⤵
- Executes dropped EXE
PID:2904 -
\??\c:\pdppd.exec:\pdppd.exe58⤵
- Executes dropped EXE
PID:744 -
\??\c:\xffxrlx.exec:\xffxrlx.exe59⤵
- Executes dropped EXE
PID:4672 -
\??\c:\hhnnbb.exec:\hhnnbb.exe60⤵
- Executes dropped EXE
PID:2512 -
\??\c:\bbnthn.exec:\bbnthn.exe61⤵
- Executes dropped EXE
PID:1468 -
\??\c:\5vdjv.exec:\5vdjv.exe62⤵
- Executes dropped EXE
PID:3224 -
\??\c:\rxlrrfl.exec:\rxlrrfl.exe63⤵
- Executes dropped EXE
PID:3944 -
\??\c:\bnbbhh.exec:\bnbbhh.exe64⤵
- Executes dropped EXE
PID:3020 -
\??\c:\5vjdj.exec:\5vjdj.exe65⤵
- Executes dropped EXE
PID:5028 -
\??\c:\vvvpv.exec:\vvvpv.exe66⤵PID:4324
-
\??\c:\fxxrlff.exec:\fxxrlff.exe67⤵PID:664
-
\??\c:\thttnn.exec:\thttnn.exe68⤵PID:1892
-
\??\c:\1bhhbb.exec:\1bhhbb.exe69⤵PID:4180
-
\??\c:\pjpvp.exec:\pjpvp.exe70⤵PID:2084
-
\??\c:\rlrlffx.exec:\rlrlffx.exe71⤵PID:2924
-
\??\c:\ffrrxxf.exec:\ffrrxxf.exe72⤵PID:2932
-
\??\c:\htttnn.exec:\htttnn.exe73⤵PID:3404
-
\??\c:\pjppj.exec:\pjppj.exe74⤵PID:1548
-
\??\c:\5lxrxxl.exec:\5lxrxxl.exe75⤵PID:3528
-
\??\c:\lxxxfff.exec:\lxxxfff.exe76⤵PID:1148
-
\??\c:\btttnn.exec:\btttnn.exe77⤵PID:5100
-
\??\c:\pppjv.exec:\pppjv.exe78⤵PID:4920
-
\??\c:\rxlfxxx.exec:\rxlfxxx.exe79⤵PID:1608
-
\??\c:\xrrrxxx.exec:\xrrrxxx.exe80⤵PID:5096
-
\??\c:\bttnnn.exec:\bttnnn.exe81⤵PID:2220
-
\??\c:\3jdvv.exec:\3jdvv.exe82⤵PID:812
-
\??\c:\fxxxllx.exec:\fxxxllx.exe83⤵PID:1008
-
\??\c:\frlrrll.exec:\frlrrll.exe84⤵PID:4900
-
\??\c:\tthbhh.exec:\tthbhh.exe85⤵PID:3340
-
\??\c:\jvvdv.exec:\jvvdv.exe86⤵PID:4336
-
\??\c:\vjppp.exec:\vjppp.exe87⤵PID:3680
-
\??\c:\ffflrlx.exec:\ffflrlx.exe88⤵PID:3552
-
\??\c:\9nttnt.exec:\9nttnt.exe89⤵PID:1388
-
\??\c:\5hhnht.exec:\5hhnht.exe90⤵PID:4536
-
\??\c:\pjppp.exec:\pjppp.exe91⤵PID:4704
-
\??\c:\rlfxrrl.exec:\rlfxrrl.exe92⤵PID:2088
-
\??\c:\ffxrlrr.exec:\ffxrlrr.exe93⤵PID:5084
-
\??\c:\5ntttn.exec:\5ntttn.exe94⤵PID:4728
-
\??\c:\3jpvp.exec:\3jpvp.exe95⤵PID:1828
-
\??\c:\pppjj.exec:\pppjj.exe96⤵PID:396
-
\??\c:\xfrrllf.exec:\xfrrllf.exe97⤵PID:1344
-
\??\c:\lfffrlf.exec:\lfffrlf.exe98⤵PID:3452
-
\??\c:\ttbbbh.exec:\ttbbbh.exe99⤵PID:2392
-
\??\c:\pvjvp.exec:\pvjvp.exe100⤵PID:2800
-
\??\c:\9vjjp.exec:\9vjjp.exe101⤵PID:5036
-
\??\c:\lflflll.exec:\lflflll.exe102⤵PID:2660
-
\??\c:\lxxrxfl.exec:\lxxrxfl.exe103⤵PID:1848
-
\??\c:\bbbtnh.exec:\bbbtnh.exe104⤵PID:1972
-
\??\c:\3rffllr.exec:\3rffllr.exe105⤵PID:3116
-
\??\c:\llllfff.exec:\llllfff.exe106⤵PID:1084
-
\??\c:\hntnhh.exec:\hntnhh.exe107⤵PID:2172
-
\??\c:\hthhbb.exec:\hthhbb.exe108⤵PID:2816
-
\??\c:\pdjpp.exec:\pdjpp.exe109⤵PID:3832
-
\??\c:\rlfxxrr.exec:\rlfxxrr.exe110⤵PID:4504
-
\??\c:\rfxrllf.exec:\rfxrllf.exe111⤵PID:3584
-
\??\c:\bhbbnn.exec:\bhbbnn.exe112⤵PID:4200
-
\??\c:\7dppp.exec:\7dppp.exe113⤵PID:3040
-
\??\c:\xlrfxrf.exec:\xlrfxrf.exe114⤵PID:3592
-
\??\c:\rxfffll.exec:\rxfffll.exe115⤵PID:3432
-
\??\c:\nhhhbb.exec:\nhhhbb.exe116⤵PID:4396
-
\??\c:\jvpjd.exec:\jvpjd.exe117⤵PID:3332
-
\??\c:\9dvpj.exec:\9dvpj.exe118⤵PID:4312
-
\??\c:\rlfxrll.exec:\rlfxrll.exe119⤵PID:3644
-
\??\c:\3nttnn.exec:\3nttnn.exe120⤵PID:4280
-
\??\c:\hbbtht.exec:\hbbtht.exe121⤵PID:4528
-
\??\c:\ppvpd.exec:\ppvpd.exe122⤵PID:1020
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-