Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
06-06-2024 06:57
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
da2a3e7324e9d00ca820156ee993d66902dc3eaf6bd4f360a9932bbd79fb8498.exe
Resource
win7-20240508-en
6 signatures
150 seconds
General
-
Target
da2a3e7324e9d00ca820156ee993d66902dc3eaf6bd4f360a9932bbd79fb8498.exe
-
Size
197KB
-
MD5
3e2ff7ca9e69ce948160282952c0d2b6
-
SHA1
6a7518955fc1994f6af805e4ac686ecfb2a9c801
-
SHA256
da2a3e7324e9d00ca820156ee993d66902dc3eaf6bd4f360a9932bbd79fb8498
-
SHA512
aae9a97f057743e312866957c0f3ff2c76f11f3489a1324962b64c6501fbf01f7266d3b287597c8c0ccf93268121ff43145c3c0939d19bf4aca9f1673fbab911
-
SSDEEP
1536:1vQBeOGtrYSSsrc93UBIfdC67m6AJiqpfg3Cn/uiYs6RO:1hOm2sI93UufdC67ciifmCnmiYJc
Malware Config
Signatures
-
Detect Blackmoon payload 47 IoCs
Processes:
resource yara_rule behavioral1/memory/1644-10-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2628-32-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2868-41-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2496-50-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2476-98-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1280-169-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/856-166-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1160-188-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2212-179-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2300-198-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/2300-203-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1608-135-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2424-132-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1812-123-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2832-108-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2476-101-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/2132-89-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2544-72-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2652-68-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2524-59-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1724-19-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2964-28-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2884-220-0x00000000003C0000-0x00000000003EA000-memory.dmp family_blackmoon behavioral1/memory/2884-222-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/296-273-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2108-289-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2056-298-0x0000000077440000-0x000000007755F000-memory.dmp family_blackmoon behavioral1/memory/2056-299-0x0000000077560000-0x000000007765A000-memory.dmp family_blackmoon behavioral1/memory/2184-306-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/1872-314-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2672-340-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/2760-348-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2760-354-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/2788-380-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1944-420-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1940-492-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/548-537-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/3004-550-0x00000000001B0000-0x00000000001DA000-memory.dmp family_blackmoon behavioral1/memory/2036-590-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2376-609-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2732-629-0x00000000001B0000-0x00000000001DA000-memory.dmp family_blackmoon behavioral1/memory/2732-661-0x00000000001B0000-0x00000000001DA000-memory.dmp family_blackmoon behavioral1/memory/2300-780-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/1596-843-0x00000000003C0000-0x00000000003EA000-memory.dmp family_blackmoon behavioral1/memory/2000-861-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/2616-885-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2780-983-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 56 IoCs
Processes:
resource yara_rule behavioral1/memory/1644-0-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1644-10-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1724-11-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2628-32-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2868-41-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2496-50-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2476-98-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1280-169-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/856-166-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1160-188-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2212-179-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2300-203-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1608-135-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2424-132-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1812-123-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2832-108-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2132-89-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2544-72-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2652-68-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2524-59-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1724-19-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2964-28-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2884-222-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1776-231-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/296-273-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2108-281-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2108-289-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1872-314-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1972-321-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2760-348-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2788-380-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2820-386-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1944-420-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1588-426-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1620-451-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2260-478-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1940-485-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1940-492-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2884-506-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/548-537-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/872-570-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2036-590-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2376-609-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1072-692-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/532-711-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2616-877-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2616-885-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2728-937-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1600-944-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1080-964-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1628-984-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/268-1010-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/316-1019-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2216-1048-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1896-1073-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1532-1171-0x0000000000400000-0x000000000042A000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
Processes:
ddvjv.exedjvpp.exefxlxlrf.exe9btbhn.exebbtbtb.exeddpvd.exeddvjv.exerlxxffx.exelflxfxf.exebhhntb.exevpjpd.exe9vdpd.exexxfrfrf.exenhnbnt.exeddvjj.exellflrxr.exennbhnn.exettnnbb.exedvddd.exe5xlrrrl.exe7nttbb.exevdpjv.exeffxrfrf.exejdjjd.exettbbhb.exelfrxffr.exevdppj.exerxrlfxf.exe1frxlfx.exe3hhthn.exe1lxlrrf.exehbhbhn.exevpppp.exerrlrffl.exennhthh.exennbbhh.exedvdpd.exe3xxlrfl.exefxlflll.exennntht.exejjvdv.exepppdv.exerrlrxlf.exehbhnbh.exe5hhnth.exevjpvv.exefxfxlxl.exe1bbnht.exepdvvd.exejddpj.exe3rflrxl.exelfxxllx.exenbntnn.exedpvdd.exellfxrfx.exe7fxfrlx.exehhbbhn.exebthhtt.exevvjpd.exe5lffxrf.exefrffrxx.exehbnthh.exedjpdj.exexllflfr.exepid process 1724 ddvjv.exe 2964 djvpp.exe 2628 fxlxlrf.exe 2868 9btbhn.exe 2496 bbtbtb.exe 2524 ddpvd.exe 2652 ddvjv.exe 2544 rlxxffx.exe 2564 lflxfxf.exe 2132 bhhntb.exe 2476 vpjpd.exe 2832 9vdpd.exe 1812 xxfrfrf.exe 2424 nhnbnt.exe 1608 ddvjj.exe 1944 llflrxr.exe 660 nnbhnn.exe 856 ttnnbb.exe 1280 dvddd.exe 2212 5xlrrrl.exe 1160 7nttbb.exe 2300 vdpjv.exe 2088 ffxrfrf.exe 2884 jdjjd.exe 2440 ttbbhb.exe 1776 lfrxffr.exe 1580 vdppj.exe 2072 rxrlfxf.exe 736 1frxlfx.exe 1596 3hhthn.exe 296 1lxlrrf.exe 2108 hbhbhn.exe 1592 vpppp.exe 2056 rrlrffl.exe 1872 nnhthh.exe 2636 nnbbhh.exe 1972 dvdpd.exe 2868 3xxlrfl.exe 2672 fxlflll.exe 2524 nnntht.exe 2760 jjvdv.exe 2708 pppdv.exe 2932 rrlrxlf.exe 2104 hbhnbh.exe 1648 5hhnth.exe 2788 vjpvv.exe 2820 fxfxlxl.exe 2228 1bbnht.exe 2720 pdvvd.exe 2384 jddpj.exe 1628 3rflrxl.exe 1944 lfxxllx.exe 1588 nbntnn.exe 2380 dpvdd.exe 856 llfxrfx.exe 740 7fxfrlx.exe 1620 hhbbhn.exe 2148 bthhtt.exe 1204 vvjpd.exe 2208 5lffxrf.exe 2260 frffrxx.exe 1940 hbnthh.exe 2452 djpdj.exe 2284 xllflfr.exe -
Processes:
resource yara_rule behavioral1/memory/1644-0-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1644-10-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1724-11-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2628-32-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2868-41-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2496-50-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2476-98-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1280-169-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/856-166-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1160-188-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2212-179-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2300-203-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1608-135-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2424-132-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1812-123-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2832-108-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2132-89-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2544-72-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2652-68-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2524-59-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1724-19-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2964-28-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2884-222-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1776-231-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/296-273-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2108-281-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2108-289-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1872-314-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1972-321-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2760-348-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2788-380-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2820-386-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1944-420-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1588-426-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1620-451-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2260-478-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1940-485-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1940-492-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2884-506-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/548-537-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/872-570-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2036-590-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2376-609-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/3016-615-0x0000000000220000-0x000000000024A000-memory.dmp upx behavioral1/memory/1072-692-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/532-711-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2300-778-0x0000000000220000-0x000000000024A000-memory.dmp upx behavioral1/memory/2616-877-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2616-885-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2728-937-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1600-944-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1080-964-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1628-984-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/268-1010-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/316-1019-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2216-1048-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1896-1073-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1532-1171-0x0000000000400000-0x000000000042A000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
da2a3e7324e9d00ca820156ee993d66902dc3eaf6bd4f360a9932bbd79fb8498.exeddvjv.exedjvpp.exefxlxlrf.exe9btbhn.exebbtbtb.exeddpvd.exeddvjv.exerlxxffx.exelflxfxf.exebhhntb.exevpjpd.exe9vdpd.exexxfrfrf.exenhnbnt.exeddvjj.exedescription pid process target process PID 1644 wrote to memory of 1724 1644 da2a3e7324e9d00ca820156ee993d66902dc3eaf6bd4f360a9932bbd79fb8498.exe ddvjv.exe PID 1644 wrote to memory of 1724 1644 da2a3e7324e9d00ca820156ee993d66902dc3eaf6bd4f360a9932bbd79fb8498.exe ddvjv.exe PID 1644 wrote to memory of 1724 1644 da2a3e7324e9d00ca820156ee993d66902dc3eaf6bd4f360a9932bbd79fb8498.exe ddvjv.exe PID 1644 wrote to memory of 1724 1644 da2a3e7324e9d00ca820156ee993d66902dc3eaf6bd4f360a9932bbd79fb8498.exe ddvjv.exe PID 1724 wrote to memory of 2964 1724 ddvjv.exe djvpp.exe PID 1724 wrote to memory of 2964 1724 ddvjv.exe djvpp.exe PID 1724 wrote to memory of 2964 1724 ddvjv.exe djvpp.exe PID 1724 wrote to memory of 2964 1724 ddvjv.exe djvpp.exe PID 2964 wrote to memory of 2628 2964 djvpp.exe fxlxlrf.exe PID 2964 wrote to memory of 2628 2964 djvpp.exe fxlxlrf.exe PID 2964 wrote to memory of 2628 2964 djvpp.exe fxlxlrf.exe PID 2964 wrote to memory of 2628 2964 djvpp.exe fxlxlrf.exe PID 2628 wrote to memory of 2868 2628 fxlxlrf.exe 9btbhn.exe PID 2628 wrote to memory of 2868 2628 fxlxlrf.exe 9btbhn.exe PID 2628 wrote to memory of 2868 2628 fxlxlrf.exe 9btbhn.exe PID 2628 wrote to memory of 2868 2628 fxlxlrf.exe 9btbhn.exe PID 2868 wrote to memory of 2496 2868 9btbhn.exe bbtbtb.exe PID 2868 wrote to memory of 2496 2868 9btbhn.exe bbtbtb.exe PID 2868 wrote to memory of 2496 2868 9btbhn.exe bbtbtb.exe PID 2868 wrote to memory of 2496 2868 9btbhn.exe bbtbtb.exe PID 2496 wrote to memory of 2524 2496 bbtbtb.exe ddpvd.exe PID 2496 wrote to memory of 2524 2496 bbtbtb.exe ddpvd.exe PID 2496 wrote to memory of 2524 2496 bbtbtb.exe ddpvd.exe PID 2496 wrote to memory of 2524 2496 bbtbtb.exe ddpvd.exe PID 2524 wrote to memory of 2652 2524 ddpvd.exe ddvjv.exe PID 2524 wrote to memory of 2652 2524 ddpvd.exe ddvjv.exe PID 2524 wrote to memory of 2652 2524 ddpvd.exe ddvjv.exe PID 2524 wrote to memory of 2652 2524 ddpvd.exe ddvjv.exe PID 2652 wrote to memory of 2544 2652 ddvjv.exe rlxxffx.exe PID 2652 wrote to memory of 2544 2652 ddvjv.exe rlxxffx.exe PID 2652 wrote to memory of 2544 2652 ddvjv.exe rlxxffx.exe PID 2652 wrote to memory of 2544 2652 ddvjv.exe rlxxffx.exe PID 2544 wrote to memory of 2564 2544 rlxxffx.exe lflxfxf.exe PID 2544 wrote to memory of 2564 2544 rlxxffx.exe lflxfxf.exe PID 2544 wrote to memory of 2564 2544 rlxxffx.exe lflxfxf.exe PID 2544 wrote to memory of 2564 2544 rlxxffx.exe lflxfxf.exe PID 2564 wrote to memory of 2132 2564 lflxfxf.exe bhhntb.exe PID 2564 wrote to memory of 2132 2564 lflxfxf.exe bhhntb.exe PID 2564 wrote to memory of 2132 2564 lflxfxf.exe bhhntb.exe PID 2564 wrote to memory of 2132 2564 lflxfxf.exe bhhntb.exe PID 2132 wrote to memory of 2476 2132 bhhntb.exe vpjpd.exe PID 2132 wrote to memory of 2476 2132 bhhntb.exe vpjpd.exe PID 2132 wrote to memory of 2476 2132 bhhntb.exe vpjpd.exe PID 2132 wrote to memory of 2476 2132 bhhntb.exe vpjpd.exe PID 2476 wrote to memory of 2832 2476 vpjpd.exe 9vdpd.exe PID 2476 wrote to memory of 2832 2476 vpjpd.exe 9vdpd.exe PID 2476 wrote to memory of 2832 2476 vpjpd.exe 9vdpd.exe PID 2476 wrote to memory of 2832 2476 vpjpd.exe 9vdpd.exe PID 2832 wrote to memory of 1812 2832 9vdpd.exe xxfrfrf.exe PID 2832 wrote to memory of 1812 2832 9vdpd.exe xxfrfrf.exe PID 2832 wrote to memory of 1812 2832 9vdpd.exe xxfrfrf.exe PID 2832 wrote to memory of 1812 2832 9vdpd.exe xxfrfrf.exe PID 1812 wrote to memory of 2424 1812 xxfrfrf.exe nhnbnt.exe PID 1812 wrote to memory of 2424 1812 xxfrfrf.exe nhnbnt.exe PID 1812 wrote to memory of 2424 1812 xxfrfrf.exe nhnbnt.exe PID 1812 wrote to memory of 2424 1812 xxfrfrf.exe nhnbnt.exe PID 2424 wrote to memory of 1608 2424 nhnbnt.exe ddvjj.exe PID 2424 wrote to memory of 1608 2424 nhnbnt.exe ddvjj.exe PID 2424 wrote to memory of 1608 2424 nhnbnt.exe ddvjj.exe PID 2424 wrote to memory of 1608 2424 nhnbnt.exe ddvjj.exe PID 1608 wrote to memory of 1944 1608 ddvjj.exe llflrxr.exe PID 1608 wrote to memory of 1944 1608 ddvjj.exe llflrxr.exe PID 1608 wrote to memory of 1944 1608 ddvjj.exe llflrxr.exe PID 1608 wrote to memory of 1944 1608 ddvjj.exe llflrxr.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\da2a3e7324e9d00ca820156ee993d66902dc3eaf6bd4f360a9932bbd79fb8498.exe"C:\Users\Admin\AppData\Local\Temp\da2a3e7324e9d00ca820156ee993d66902dc3eaf6bd4f360a9932bbd79fb8498.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1644 -
\??\c:\ddvjv.exec:\ddvjv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1724 -
\??\c:\djvpp.exec:\djvpp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2964 -
\??\c:\fxlxlrf.exec:\fxlxlrf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2628 -
\??\c:\9btbhn.exec:\9btbhn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2868 -
\??\c:\bbtbtb.exec:\bbtbtb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2496 -
\??\c:\ddpvd.exec:\ddpvd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2524 -
\??\c:\ddvjv.exec:\ddvjv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2652 -
\??\c:\rlxxffx.exec:\rlxxffx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2544 -
\??\c:\lflxfxf.exec:\lflxfxf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2564 -
\??\c:\bhhntb.exec:\bhhntb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2132 -
\??\c:\vpjpd.exec:\vpjpd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2476 -
\??\c:\9vdpd.exec:\9vdpd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2832 -
\??\c:\xxfrfrf.exec:\xxfrfrf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1812 -
\??\c:\nhnbnt.exec:\nhnbnt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2424 -
\??\c:\ddvjj.exec:\ddvjj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1608 -
\??\c:\llflrxr.exec:\llflrxr.exe17⤵
- Executes dropped EXE
PID:1944 -
\??\c:\nnbhnn.exec:\nnbhnn.exe18⤵
- Executes dropped EXE
PID:660 -
\??\c:\ttnnbb.exec:\ttnnbb.exe19⤵
- Executes dropped EXE
PID:856 -
\??\c:\dvddd.exec:\dvddd.exe20⤵
- Executes dropped EXE
PID:1280 -
\??\c:\5xlrrrl.exec:\5xlrrrl.exe21⤵
- Executes dropped EXE
PID:2212 -
\??\c:\7nttbb.exec:\7nttbb.exe22⤵
- Executes dropped EXE
PID:1160 -
\??\c:\vdpjv.exec:\vdpjv.exe23⤵
- Executes dropped EXE
PID:2300 -
\??\c:\ffxrfrf.exec:\ffxrfrf.exe24⤵
- Executes dropped EXE
PID:2088 -
\??\c:\jdjjd.exec:\jdjjd.exe25⤵
- Executes dropped EXE
PID:2884 -
\??\c:\ttbbhb.exec:\ttbbhb.exe26⤵
- Executes dropped EXE
PID:2440 -
\??\c:\lfrxffr.exec:\lfrxffr.exe27⤵
- Executes dropped EXE
PID:1776 -
\??\c:\vdppj.exec:\vdppj.exe28⤵
- Executes dropped EXE
PID:1580 -
\??\c:\rxrlfxf.exec:\rxrlfxf.exe29⤵
- Executes dropped EXE
PID:2072 -
\??\c:\1frxlfx.exec:\1frxlfx.exe30⤵
- Executes dropped EXE
PID:736 -
\??\c:\3hhthn.exec:\3hhthn.exe31⤵
- Executes dropped EXE
PID:1596 -
\??\c:\1lxlrrf.exec:\1lxlrrf.exe32⤵
- Executes dropped EXE
PID:296 -
\??\c:\hbhbhn.exec:\hbhbhn.exe33⤵
- Executes dropped EXE
PID:2108 -
\??\c:\vpppp.exec:\vpppp.exe34⤵
- Executes dropped EXE
PID:1592 -
\??\c:\rrlrffl.exec:\rrlrffl.exe35⤵
- Executes dropped EXE
PID:2056 -
\??\c:\nnhntb.exec:\nnhntb.exe36⤵PID:2184
-
\??\c:\nnhthh.exec:\nnhthh.exe37⤵
- Executes dropped EXE
PID:1872 -
\??\c:\nnbbhh.exec:\nnbbhh.exe38⤵
- Executes dropped EXE
PID:2636 -
\??\c:\dvdpd.exec:\dvdpd.exe39⤵
- Executes dropped EXE
PID:1972 -
\??\c:\3xxlrfl.exec:\3xxlrfl.exe40⤵
- Executes dropped EXE
PID:2868 -
\??\c:\fxlflll.exec:\fxlflll.exe41⤵
- Executes dropped EXE
PID:2672 -
\??\c:\nnntht.exec:\nnntht.exe42⤵
- Executes dropped EXE
PID:2524 -
\??\c:\jjvdv.exec:\jjvdv.exe43⤵
- Executes dropped EXE
PID:2760 -
\??\c:\pppdv.exec:\pppdv.exe44⤵
- Executes dropped EXE
PID:2708 -
\??\c:\rrlrxlf.exec:\rrlrxlf.exe45⤵
- Executes dropped EXE
PID:2932 -
\??\c:\hbhnbh.exec:\hbhnbh.exe46⤵
- Executes dropped EXE
PID:2104 -
\??\c:\5hhnth.exec:\5hhnth.exe47⤵
- Executes dropped EXE
PID:1648 -
\??\c:\vjpvv.exec:\vjpvv.exe48⤵
- Executes dropped EXE
PID:2788 -
\??\c:\fxfxlxl.exec:\fxfxlxl.exe49⤵
- Executes dropped EXE
PID:2820 -
\??\c:\1bbnht.exec:\1bbnht.exe50⤵
- Executes dropped EXE
PID:2228 -
\??\c:\pdvvd.exec:\pdvvd.exe51⤵
- Executes dropped EXE
PID:2720 -
\??\c:\jddpj.exec:\jddpj.exe52⤵
- Executes dropped EXE
PID:2384 -
\??\c:\3rflrxl.exec:\3rflrxl.exe53⤵
- Executes dropped EXE
PID:1628 -
\??\c:\lfxxllx.exec:\lfxxllx.exe54⤵
- Executes dropped EXE
PID:1944 -
\??\c:\nbntnn.exec:\nbntnn.exe55⤵
- Executes dropped EXE
PID:1588 -
\??\c:\dpvdd.exec:\dpvdd.exe56⤵
- Executes dropped EXE
PID:2380 -
\??\c:\llfxrfx.exec:\llfxrfx.exe57⤵
- Executes dropped EXE
PID:856 -
\??\c:\7fxfrlx.exec:\7fxfrlx.exe58⤵
- Executes dropped EXE
PID:740 -
\??\c:\hhbbhn.exec:\hhbbhn.exe59⤵
- Executes dropped EXE
PID:1620 -
\??\c:\bthhtt.exec:\bthhtt.exe60⤵
- Executes dropped EXE
PID:2148 -
\??\c:\vvjpd.exec:\vvjpd.exe61⤵
- Executes dropped EXE
PID:1204 -
\??\c:\5lffxrf.exec:\5lffxrf.exe62⤵
- Executes dropped EXE
PID:2208 -
\??\c:\frffrxx.exec:\frffrxx.exe63⤵
- Executes dropped EXE
PID:2260 -
\??\c:\hbnthh.exec:\hbnthh.exe64⤵
- Executes dropped EXE
PID:1940 -
\??\c:\djpdj.exec:\djpdj.exe65⤵
- Executes dropped EXE
PID:2452 -
\??\c:\xllflfr.exec:\xllflfr.exe66⤵
- Executes dropped EXE
PID:2284 -
\??\c:\hhthbt.exec:\hhthbt.exe67⤵PID:2884
-
\??\c:\nnbnth.exec:\nnbnth.exe68⤵PID:820
-
\??\c:\ppdvj.exec:\ppdvj.exe69⤵PID:1968
-
\??\c:\rlflxxl.exec:\rlflxxl.exe70⤵PID:1776
-
\??\c:\lllrrfr.exec:\lllrrfr.exe71⤵PID:548
-
\??\c:\9nhnbh.exec:\9nhnbh.exe72⤵PID:888
-
\??\c:\pjpdv.exec:\pjpdv.exe73⤵PID:3004
-
\??\c:\ppppj.exec:\ppppj.exe74⤵PID:1068
-
\??\c:\1rlffxr.exec:\1rlffxr.exe75⤵PID:284
-
\??\c:\hbhnth.exec:\hbhnth.exe76⤵PID:1184
-
\??\c:\htbttt.exec:\htbttt.exe77⤵PID:872
-
\??\c:\7jdjj.exec:\7jdjj.exe78⤵PID:2192
-
\??\c:\frfxrfr.exec:\frfxrfr.exe79⤵PID:2036
-
\??\c:\bthtnt.exec:\bthtnt.exe80⤵PID:2772
-
\??\c:\7thhbn.exec:\7thhbn.exe81⤵PID:2692
-
\??\c:\ddvdp.exec:\ddvdp.exe82⤵PID:2376
-
\??\c:\lfrrlfl.exec:\lfrrlfl.exe83⤵PID:3016
-
\??\c:\nntthh.exec:\nntthh.exe84⤵PID:1152
-
\??\c:\nhbhnn.exec:\nhbhnn.exe85⤵PID:2732
-
\??\c:\jvvdd.exec:\jvvdd.exe86⤵PID:2544
-
\??\c:\jpjvp.exec:\jpjvp.exe87⤵PID:2608
-
\??\c:\fxfflfr.exec:\fxfflfr.exe88⤵PID:2504
-
\??\c:\hnhhnt.exec:\hnhhnt.exe89⤵PID:2936
-
\??\c:\3dppd.exec:\3dppd.exe90⤵PID:2412
-
\??\c:\7lffrxf.exec:\7lffrxf.exe91⤵PID:2780
-
\??\c:\ffrxlrx.exec:\ffrxlrx.exe92⤵PID:2600
-
\??\c:\7hhntb.exec:\7hhntb.exe93⤵PID:1812
-
\??\c:\djddj.exec:\djddj.exe94⤵PID:2556
-
\??\c:\jpjjp.exec:\jpjjp.exe95⤵PID:2520
-
\??\c:\flfrlxr.exec:\flfrlxr.exe96⤵PID:1072
-
\??\c:\tbhhhn.exec:\tbhhhn.exe97⤵PID:1852
-
\??\c:\7pvjp.exec:\7pvjp.exe98⤵PID:1076
-
\??\c:\9ffrflr.exec:\9ffrflr.exe99⤵PID:532
-
\??\c:\3lrrxff.exec:\3lrrxff.exe100⤵PID:1372
-
\??\c:\ttntth.exec:\ttntth.exe101⤵PID:1320
-
\??\c:\pjvvd.exec:\pjvvd.exe102⤵PID:580
-
\??\c:\dvppv.exec:\dvppv.exe103⤵PID:492
-
\??\c:\7fxxxxf.exec:\7fxxxxf.exe104⤵PID:2276
-
\??\c:\rlflxrf.exec:\rlflxrf.exe105⤵PID:2148
-
\??\c:\nhhthh.exec:\nhhthh.exe106⤵PID:2032
-
\??\c:\dvdpd.exec:\dvdpd.exe107⤵PID:2244
-
\??\c:\pjdjp.exec:\pjdjp.exe108⤵PID:2268
-
\??\c:\5xllrfl.exec:\5xllrfl.exe109⤵PID:2300
-
\??\c:\1bnthn.exec:\1bnthn.exe110⤵PID:2088
-
\??\c:\hbnbtt.exec:\hbnbtt.exe111⤵PID:1796
-
\??\c:\9jdpd.exec:\9jdpd.exe112⤵PID:1436
-
\??\c:\pdjdv.exec:\pdjdv.exe113⤵PID:348
-
\??\c:\ffrrxxf.exec:\ffrrxxf.exe114⤵PID:1500
-
\??\c:\ttnhtt.exec:\ttnhtt.exe115⤵PID:2840
-
\??\c:\3ppdv.exec:\3ppdv.exe116⤵PID:340
-
\??\c:\5vvjv.exec:\5vvjv.exe117⤵PID:892
-
\??\c:\xxxrxfx.exec:\xxxrxfx.exe118⤵PID:864
-
\??\c:\9tthnb.exec:\9tthnb.exe119⤵PID:1596
-
\??\c:\bthnbh.exec:\bthnbh.exe120⤵PID:2996
-
\??\c:\vpvjp.exec:\vpvjp.exe121⤵PID:2568
-
\??\c:\ffrlrxf.exec:\ffrlrxf.exe122⤵PID:2000
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-