Analysis
-
max time kernel
150s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
06-06-2024 06:57
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
da2a3e7324e9d00ca820156ee993d66902dc3eaf6bd4f360a9932bbd79fb8498.exe
Resource
win7-20240508-en
6 signatures
150 seconds
General
-
Target
da2a3e7324e9d00ca820156ee993d66902dc3eaf6bd4f360a9932bbd79fb8498.exe
-
Size
197KB
-
MD5
3e2ff7ca9e69ce948160282952c0d2b6
-
SHA1
6a7518955fc1994f6af805e4ac686ecfb2a9c801
-
SHA256
da2a3e7324e9d00ca820156ee993d66902dc3eaf6bd4f360a9932bbd79fb8498
-
SHA512
aae9a97f057743e312866957c0f3ff2c76f11f3489a1324962b64c6501fbf01f7266d3b287597c8c0ccf93268121ff43145c3c0939d19bf4aca9f1673fbab911
-
SSDEEP
1536:1vQBeOGtrYSSsrc93UBIfdC67m6AJiqpfg3Cn/uiYs6RO:1hOm2sI93UufdC67ciifmCnmiYJc
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
Processes:
resource yara_rule behavioral2/memory/1964-7-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2892-8-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3140-21-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4820-19-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4948-31-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1292-36-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3716-42-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3524-48-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2260-55-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3808-58-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2144-66-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4184-73-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3328-88-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4220-107-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2676-101-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4516-113-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4644-122-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2300-125-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1564-131-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2788-137-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3552-147-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2984-153-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4536-164-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1072-176-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4760-182-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2568-191-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3024-192-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3420-197-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1488-209-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1492-213-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1808-220-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2464-228-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1300-235-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3740-242-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2496-246-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3200-254-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/864-273-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3988-277-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1824-281-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2184-285-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3560-290-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4900-292-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4516-301-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2904-317-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1912-321-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2428-348-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1300-400-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2932-407-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4648-414-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4876-416-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/5068-425-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3460-438-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3552-466-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4272-490-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/860-499-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/920-521-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4676-549-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4948-662-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/812-669-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2564-679-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2128-701-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2244-757-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1784-780-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1984-835-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
Processes:
resource yara_rule behavioral2/memory/1964-7-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4820-12-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2892-8-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3140-21-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4820-19-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4948-31-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1292-36-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3716-42-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3524-48-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2260-55-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3808-58-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2144-66-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4184-73-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3328-88-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4220-107-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2676-101-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4516-113-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4644-122-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2300-125-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1564-131-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2788-137-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3552-147-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2984-153-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4536-164-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1072-176-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4760-182-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2568-187-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2568-191-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3024-192-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3420-197-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1488-209-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1492-213-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1808-220-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3676-221-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2464-228-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1300-235-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3740-242-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2496-246-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3200-254-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/864-269-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/864-273-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3988-277-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1824-281-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2184-285-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3560-286-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3560-290-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4900-292-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4516-301-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2904-317-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1912-321-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2428-348-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/956-372-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1300-400-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2932-407-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4648-414-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4876-416-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/5068-425-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3460-438-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3552-466-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1396-470-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4272-490-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/860-499-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/920-521-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4676-549-0x0000000000400000-0x000000000042A000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
Processes:
bbbttn.exedpjvj.exedvjdv.exeffrrrrx.exebntnnn.exe1rrlflf.exebtbhtt.exelrrrlfl.exetnnbbb.exepjjpp.exefrxrlfx.exejjpjd.exedpjvp.exebnbtbh.exefxxxxrl.exetbhbbh.exejvvvv.exe5xlflrf.exeffxxxff.exe9ttnhb.exellrrrxr.exethnhbb.exedvjdd.exe1lllxxr.exejvvvp.exelfrrrrr.exevvjdd.exenthnhn.exevpjdd.exexxxrrff.exehthhbb.exejvjdd.exepdvvp.exexfrrrxx.exefxfffff.exennnbnt.exeddpjd.exe3rrrlrx.exebhhhbn.exe3thbth.exejvpjj.exenhbtbb.exenhnbtt.exejpdvd.exeffxllrx.exebtnnnn.exe1pdvd.exe1pvvj.exe3lrrfff.exebhntbh.exepdjjj.exerfxlrrl.exennbtbh.exe7djdv.exejvppv.exerlrrlff.exehhthhh.exepjjdd.exejpjjj.exefrfxxrl.exebnhbhn.exejdjjd.exexrrxxlr.exerlrrrrl.exepid process 2892 bbbttn.exe 4820 dpjvj.exe 3140 dvjdv.exe 4948 ffrrrrx.exe 1292 bntnnn.exe 3716 1rrlflf.exe 3524 btbhtt.exe 2260 lrrrlfl.exe 3808 tnnbbb.exe 2144 pjjpp.exe 4184 frxrlfx.exe 1768 jjpjd.exe 2052 dpjvp.exe 3328 bnbtbh.exe 3944 fxxxxrl.exe 3672 tbhbbh.exe 2676 jvvvv.exe 4220 5xlflrf.exe 4516 ffxxxff.exe 4644 9ttnhb.exe 2300 llrrrxr.exe 1564 thnhbb.exe 2788 dvjdd.exe 740 1lllxxr.exe 3552 jvvvp.exe 2984 lfrrrrr.exe 3648 vvjdd.exe 4536 nthnhn.exe 4076 vpjdd.exe 1072 xxxrrff.exe 4760 hthhbb.exe 2568 jvjdd.exe 3024 pdvvp.exe 3420 xfrrrxx.exe 224 fxfffff.exe 4112 nnnbnt.exe 1488 ddpjd.exe 1492 3rrrlrx.exe 2680 bhhhbn.exe 1808 3thbth.exe 3676 jvpjj.exe 2464 nhbtbb.exe 712 nhnbtt.exe 1300 jpdvd.exe 1228 ffxllrx.exe 3740 btnnnn.exe 4676 1pdvd.exe 2496 1pvvj.exe 3020 3lrrfff.exe 3200 bhntbh.exe 4608 pdjjj.exe 2136 rfxlrrl.exe 3192 nnbtbh.exe 3516 7djdv.exe 864 jvppv.exe 3988 rlrrlff.exe 1824 hhthhh.exe 2184 pjjdd.exe 3560 jpjjj.exe 4900 frfxxrl.exe 5032 bnhbhn.exe 4516 jdjjd.exe 4328 xrrxxlr.exe 1772 rlrrrrl.exe -
Processes:
resource yara_rule behavioral2/memory/1964-7-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4820-12-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2892-8-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3140-21-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4820-19-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4948-31-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1292-36-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3716-42-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3524-48-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2260-55-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3808-58-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2144-66-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4184-73-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3328-88-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4220-107-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2676-101-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4516-113-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4644-122-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2300-125-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1564-131-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2788-137-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3552-147-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2984-153-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4536-164-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1072-176-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4760-182-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2568-187-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2568-191-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3024-192-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3420-197-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1488-209-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1492-213-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1808-220-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3676-221-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2464-228-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1300-235-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3740-242-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2496-246-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3200-254-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/864-269-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/864-273-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3988-277-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1824-281-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2184-285-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3560-286-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3560-290-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4900-292-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4516-301-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2904-317-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1912-321-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2428-348-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/956-372-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1300-400-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2932-407-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4648-414-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4876-416-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/5068-425-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3460-438-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3552-466-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1396-470-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4272-490-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/860-499-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/920-521-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4676-549-0x0000000000400000-0x000000000042A000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
da2a3e7324e9d00ca820156ee993d66902dc3eaf6bd4f360a9932bbd79fb8498.exebbbttn.exedpjvj.exedvjdv.exeffrrrrx.exebntnnn.exe1rrlflf.exebtbhtt.exelrrrlfl.exetnnbbb.exepjjpp.exefrxrlfx.exejjpjd.exedpjvp.exebnbtbh.exefxxxxrl.exetbhbbh.exejvvvv.exe5xlflrf.exeffxxxff.exe9ttnhb.exellrrrxr.exedescription pid process target process PID 1964 wrote to memory of 2892 1964 da2a3e7324e9d00ca820156ee993d66902dc3eaf6bd4f360a9932bbd79fb8498.exe bbbttn.exe PID 1964 wrote to memory of 2892 1964 da2a3e7324e9d00ca820156ee993d66902dc3eaf6bd4f360a9932bbd79fb8498.exe bbbttn.exe PID 1964 wrote to memory of 2892 1964 da2a3e7324e9d00ca820156ee993d66902dc3eaf6bd4f360a9932bbd79fb8498.exe bbbttn.exe PID 2892 wrote to memory of 4820 2892 bbbttn.exe dpjvj.exe PID 2892 wrote to memory of 4820 2892 bbbttn.exe dpjvj.exe PID 2892 wrote to memory of 4820 2892 bbbttn.exe dpjvj.exe PID 4820 wrote to memory of 3140 4820 dpjvj.exe dvjdv.exe PID 4820 wrote to memory of 3140 4820 dpjvj.exe dvjdv.exe PID 4820 wrote to memory of 3140 4820 dpjvj.exe dvjdv.exe PID 3140 wrote to memory of 4948 3140 dvjdv.exe ffrrrrx.exe PID 3140 wrote to memory of 4948 3140 dvjdv.exe ffrrrrx.exe PID 3140 wrote to memory of 4948 3140 dvjdv.exe ffrrrrx.exe PID 4948 wrote to memory of 1292 4948 ffrrrrx.exe bntnnn.exe PID 4948 wrote to memory of 1292 4948 ffrrrrx.exe bntnnn.exe PID 4948 wrote to memory of 1292 4948 ffrrrrx.exe bntnnn.exe PID 1292 wrote to memory of 3716 1292 bntnnn.exe 1rrlflf.exe PID 1292 wrote to memory of 3716 1292 bntnnn.exe 1rrlflf.exe PID 1292 wrote to memory of 3716 1292 bntnnn.exe 1rrlflf.exe PID 3716 wrote to memory of 3524 3716 1rrlflf.exe btbhtt.exe PID 3716 wrote to memory of 3524 3716 1rrlflf.exe btbhtt.exe PID 3716 wrote to memory of 3524 3716 1rrlflf.exe btbhtt.exe PID 3524 wrote to memory of 2260 3524 btbhtt.exe lrrrlfl.exe PID 3524 wrote to memory of 2260 3524 btbhtt.exe lrrrlfl.exe PID 3524 wrote to memory of 2260 3524 btbhtt.exe lrrrlfl.exe PID 2260 wrote to memory of 3808 2260 lrrrlfl.exe tnnbbb.exe PID 2260 wrote to memory of 3808 2260 lrrrlfl.exe tnnbbb.exe PID 2260 wrote to memory of 3808 2260 lrrrlfl.exe tnnbbb.exe PID 3808 wrote to memory of 2144 3808 tnnbbb.exe pjjpp.exe PID 3808 wrote to memory of 2144 3808 tnnbbb.exe pjjpp.exe PID 3808 wrote to memory of 2144 3808 tnnbbb.exe pjjpp.exe PID 2144 wrote to memory of 4184 2144 pjjpp.exe frxrlfx.exe PID 2144 wrote to memory of 4184 2144 pjjpp.exe frxrlfx.exe PID 2144 wrote to memory of 4184 2144 pjjpp.exe frxrlfx.exe PID 4184 wrote to memory of 1768 4184 frxrlfx.exe jjpjd.exe PID 4184 wrote to memory of 1768 4184 frxrlfx.exe jjpjd.exe PID 4184 wrote to memory of 1768 4184 frxrlfx.exe jjpjd.exe PID 1768 wrote to memory of 2052 1768 jjpjd.exe dpjvp.exe PID 1768 wrote to memory of 2052 1768 jjpjd.exe dpjvp.exe PID 1768 wrote to memory of 2052 1768 jjpjd.exe dpjvp.exe PID 2052 wrote to memory of 3328 2052 dpjvp.exe bnbtbh.exe PID 2052 wrote to memory of 3328 2052 dpjvp.exe bnbtbh.exe PID 2052 wrote to memory of 3328 2052 dpjvp.exe bnbtbh.exe PID 3328 wrote to memory of 3944 3328 bnbtbh.exe fxxxxrl.exe PID 3328 wrote to memory of 3944 3328 bnbtbh.exe fxxxxrl.exe PID 3328 wrote to memory of 3944 3328 bnbtbh.exe fxxxxrl.exe PID 3944 wrote to memory of 3672 3944 fxxxxrl.exe tbhbbh.exe PID 3944 wrote to memory of 3672 3944 fxxxxrl.exe tbhbbh.exe PID 3944 wrote to memory of 3672 3944 fxxxxrl.exe tbhbbh.exe PID 3672 wrote to memory of 2676 3672 tbhbbh.exe jvvvv.exe PID 3672 wrote to memory of 2676 3672 tbhbbh.exe jvvvv.exe PID 3672 wrote to memory of 2676 3672 tbhbbh.exe jvvvv.exe PID 2676 wrote to memory of 4220 2676 jvvvv.exe 5xlflrf.exe PID 2676 wrote to memory of 4220 2676 jvvvv.exe 5xlflrf.exe PID 2676 wrote to memory of 4220 2676 jvvvv.exe 5xlflrf.exe PID 4220 wrote to memory of 4516 4220 5xlflrf.exe ffxxxff.exe PID 4220 wrote to memory of 4516 4220 5xlflrf.exe ffxxxff.exe PID 4220 wrote to memory of 4516 4220 5xlflrf.exe ffxxxff.exe PID 4516 wrote to memory of 4644 4516 ffxxxff.exe 9ttnhb.exe PID 4516 wrote to memory of 4644 4516 ffxxxff.exe 9ttnhb.exe PID 4516 wrote to memory of 4644 4516 ffxxxff.exe 9ttnhb.exe PID 4644 wrote to memory of 2300 4644 9ttnhb.exe llrrrxr.exe PID 4644 wrote to memory of 2300 4644 9ttnhb.exe llrrrxr.exe PID 4644 wrote to memory of 2300 4644 9ttnhb.exe llrrrxr.exe PID 2300 wrote to memory of 1564 2300 llrrrxr.exe thnhbb.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\da2a3e7324e9d00ca820156ee993d66902dc3eaf6bd4f360a9932bbd79fb8498.exe"C:\Users\Admin\AppData\Local\Temp\da2a3e7324e9d00ca820156ee993d66902dc3eaf6bd4f360a9932bbd79fb8498.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1964 -
\??\c:\bbbttn.exec:\bbbttn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2892 -
\??\c:\dpjvj.exec:\dpjvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4820 -
\??\c:\dvjdv.exec:\dvjdv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3140 -
\??\c:\ffrrrrx.exec:\ffrrrrx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4948 -
\??\c:\bntnnn.exec:\bntnnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1292 -
\??\c:\1rrlflf.exec:\1rrlflf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3716 -
\??\c:\btbhtt.exec:\btbhtt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3524 -
\??\c:\lrrrlfl.exec:\lrrrlfl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2260 -
\??\c:\tnnbbb.exec:\tnnbbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3808 -
\??\c:\pjjpp.exec:\pjjpp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2144 -
\??\c:\frxrlfx.exec:\frxrlfx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4184 -
\??\c:\jjpjd.exec:\jjpjd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1768 -
\??\c:\dpjvp.exec:\dpjvp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2052 -
\??\c:\bnbtbh.exec:\bnbtbh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3328 -
\??\c:\fxxxxrl.exec:\fxxxxrl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3944 -
\??\c:\tbhbbh.exec:\tbhbbh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3672 -
\??\c:\jvvvv.exec:\jvvvv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2676 -
\??\c:\5xlflrf.exec:\5xlflrf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4220 -
\??\c:\ffxxxff.exec:\ffxxxff.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4516 -
\??\c:\9ttnhb.exec:\9ttnhb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4644 -
\??\c:\llrrrxr.exec:\llrrrxr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2300 -
\??\c:\thnhbb.exec:\thnhbb.exe23⤵
- Executes dropped EXE
PID:1564 -
\??\c:\dvjdd.exec:\dvjdd.exe24⤵
- Executes dropped EXE
PID:2788 -
\??\c:\1lllxxr.exec:\1lllxxr.exe25⤵
- Executes dropped EXE
PID:740 -
\??\c:\jvvvp.exec:\jvvvp.exe26⤵
- Executes dropped EXE
PID:3552 -
\??\c:\lfrrrrr.exec:\lfrrrrr.exe27⤵
- Executes dropped EXE
PID:2984 -
\??\c:\vvjdd.exec:\vvjdd.exe28⤵
- Executes dropped EXE
PID:3648 -
\??\c:\nthnhn.exec:\nthnhn.exe29⤵
- Executes dropped EXE
PID:4536 -
\??\c:\vpjdd.exec:\vpjdd.exe30⤵
- Executes dropped EXE
PID:4076 -
\??\c:\xxxrrff.exec:\xxxrrff.exe31⤵
- Executes dropped EXE
PID:1072 -
\??\c:\hthhbb.exec:\hthhbb.exe32⤵
- Executes dropped EXE
PID:4760 -
\??\c:\jvjdd.exec:\jvjdd.exe33⤵
- Executes dropped EXE
PID:2568 -
\??\c:\pdvvp.exec:\pdvvp.exe34⤵
- Executes dropped EXE
PID:3024 -
\??\c:\xfrrrxx.exec:\xfrrrxx.exe35⤵
- Executes dropped EXE
PID:3420 -
\??\c:\fxfffff.exec:\fxfffff.exe36⤵
- Executes dropped EXE
PID:224 -
\??\c:\nnnbnt.exec:\nnnbnt.exe37⤵
- Executes dropped EXE
PID:4112 -
\??\c:\ddpjd.exec:\ddpjd.exe38⤵
- Executes dropped EXE
PID:1488 -
\??\c:\3rrrlrx.exec:\3rrrlrx.exe39⤵
- Executes dropped EXE
PID:1492 -
\??\c:\bhhhbn.exec:\bhhhbn.exe40⤵
- Executes dropped EXE
PID:2680 -
\??\c:\3thbth.exec:\3thbth.exe41⤵
- Executes dropped EXE
PID:1808 -
\??\c:\jvpjj.exec:\jvpjj.exe42⤵
- Executes dropped EXE
PID:3676 -
\??\c:\nhbtbb.exec:\nhbtbb.exe43⤵
- Executes dropped EXE
PID:2464 -
\??\c:\nhnbtt.exec:\nhnbtt.exe44⤵
- Executes dropped EXE
PID:712 -
\??\c:\jpdvd.exec:\jpdvd.exe45⤵
- Executes dropped EXE
PID:1300 -
\??\c:\ffxllrx.exec:\ffxllrx.exe46⤵
- Executes dropped EXE
PID:1228 -
\??\c:\btnnnn.exec:\btnnnn.exe47⤵
- Executes dropped EXE
PID:3740 -
\??\c:\1pdvd.exec:\1pdvd.exe48⤵
- Executes dropped EXE
PID:4676 -
\??\c:\1pvvj.exec:\1pvvj.exe49⤵
- Executes dropped EXE
PID:2496 -
\??\c:\3lrrfff.exec:\3lrrfff.exe50⤵
- Executes dropped EXE
PID:3020 -
\??\c:\bhntbh.exec:\bhntbh.exe51⤵
- Executes dropped EXE
PID:3200 -
\??\c:\pdjjj.exec:\pdjjj.exe52⤵
- Executes dropped EXE
PID:4608 -
\??\c:\rfxlrrl.exec:\rfxlrrl.exe53⤵
- Executes dropped EXE
PID:2136 -
\??\c:\nnbtbh.exec:\nnbtbh.exe54⤵
- Executes dropped EXE
PID:3192 -
\??\c:\7djdv.exec:\7djdv.exe55⤵
- Executes dropped EXE
PID:3516 -
\??\c:\jvppv.exec:\jvppv.exe56⤵
- Executes dropped EXE
PID:864 -
\??\c:\rlrrlff.exec:\rlrrlff.exe57⤵
- Executes dropped EXE
PID:3988 -
\??\c:\hhthhh.exec:\hhthhh.exe58⤵
- Executes dropped EXE
PID:1824 -
\??\c:\pjjdd.exec:\pjjdd.exe59⤵
- Executes dropped EXE
PID:2184 -
\??\c:\jpjjj.exec:\jpjjj.exe60⤵
- Executes dropped EXE
PID:3560 -
\??\c:\frfxxrl.exec:\frfxxrl.exe61⤵
- Executes dropped EXE
PID:4900 -
\??\c:\bnhbhn.exec:\bnhbhn.exe62⤵
- Executes dropped EXE
PID:5032 -
\??\c:\jdjjd.exec:\jdjjd.exe63⤵
- Executes dropped EXE
PID:4516 -
\??\c:\xrrxxlr.exec:\xrrxxlr.exe64⤵
- Executes dropped EXE
PID:4328 -
\??\c:\rlrrrrl.exec:\rlrrrrl.exe65⤵
- Executes dropped EXE
PID:1772 -
\??\c:\bhnhht.exec:\bhnhht.exe66⤵PID:2300
-
\??\c:\fxfflxx.exec:\fxfflxx.exe67⤵PID:3232
-
\??\c:\3hhhhn.exec:\3hhhhn.exe68⤵PID:2904
-
\??\c:\nbbbbn.exec:\nbbbbn.exe69⤵PID:1912
-
\??\c:\pjppp.exec:\pjppp.exe70⤵PID:1720
-
\??\c:\btnhhh.exec:\btnhhh.exe71⤵PID:1124
-
\??\c:\vdjjj.exec:\vdjjj.exe72⤵PID:1776
-
\??\c:\rrxflll.exec:\rrxflll.exe73⤵PID:4528
-
\??\c:\hhbbbb.exec:\hhbbbb.exe74⤵PID:2320
-
\??\c:\hhbthb.exec:\hhbthb.exe75⤵PID:516
-
\??\c:\jpppd.exec:\jpppd.exe76⤵PID:820
-
\??\c:\jpdpd.exec:\jpdpd.exe77⤵PID:3144
-
\??\c:\rxrfrfl.exec:\rxrfrfl.exe78⤵PID:2428
-
\??\c:\9bhhbb.exec:\9bhhbb.exe79⤵PID:3684
-
\??\c:\bbnnbb.exec:\bbnnbb.exe80⤵PID:876
-
\??\c:\jpddp.exec:\jpddp.exe81⤵PID:1696
-
\??\c:\djddv.exec:\djddv.exe82⤵PID:4012
-
\??\c:\lxxrrff.exec:\lxxrrff.exe83⤵PID:4356
-
\??\c:\hhbtbt.exec:\hhbtbt.exe84⤵PID:224
-
\??\c:\nbhbtt.exec:\nbhbtt.exe85⤵PID:4436
-
\??\c:\vddvv.exec:\vddvv.exe86⤵PID:956
-
\??\c:\xrlxrrx.exec:\xrlxrrx.exe87⤵PID:2548
-
\??\c:\fxrfxxl.exec:\fxrfxxl.exe88⤵PID:4340
-
\??\c:\5hhhbn.exec:\5hhhbn.exe89⤵PID:4880
-
\??\c:\1jjjv.exec:\1jjjv.exe90⤵PID:768
-
\??\c:\dvdvp.exec:\dvdvp.exe91⤵PID:3676
-
\??\c:\llllfff.exec:\llllfff.exe92⤵PID:512
-
\??\c:\tnbttt.exec:\tnbttt.exe93⤵PID:696
-
\??\c:\hnnnhh.exec:\hnnnhh.exe94⤵PID:1300
-
\??\c:\vvvvp.exec:\vvvvp.exe95⤵PID:4956
-
\??\c:\7flfxxl.exec:\7flfxxl.exe96⤵PID:2932
-
\??\c:\rlrlrrr.exec:\rlrlrrr.exe97⤵PID:3236
-
\??\c:\tbbnhn.exec:\tbbnhn.exe98⤵PID:4648
-
\??\c:\pjpjp.exec:\pjpjp.exe99⤵PID:4876
-
\??\c:\pjddp.exec:\pjddp.exe100⤵PID:2620
-
\??\c:\rlrlrrx.exec:\rlrlrrx.exe101⤵PID:5004
-
\??\c:\nhtnnn.exec:\nhtnnn.exe102⤵PID:5068
-
\??\c:\hbbttb.exec:\hbbttb.exe103⤵PID:2052
-
\??\c:\jvvvj.exec:\jvvvj.exe104⤵PID:5076
-
\??\c:\djddv.exec:\djddv.exe105⤵PID:2196
-
\??\c:\5rxlffx.exec:\5rxlffx.exe106⤵PID:3460
-
\??\c:\rrrxllr.exec:\rrrxllr.exe107⤵PID:3560
-
\??\c:\3nthtn.exec:\3nthtn.exe108⤵PID:3920
-
\??\c:\vvjjv.exec:\vvjjv.exe109⤵PID:5032
-
\??\c:\ddjjd.exec:\ddjjd.exe110⤵PID:3360
-
\??\c:\lffxrrr.exec:\lffxrrr.exe111⤵PID:388
-
\??\c:\lflllll.exec:\lflllll.exe112⤵PID:3232
-
\??\c:\tntnnt.exec:\tntnnt.exe113⤵PID:2904
-
\??\c:\bthbbt.exec:\bthbbt.exe114⤵PID:4020
-
\??\c:\jjppj.exec:\jjppj.exe115⤵PID:3552
-
\??\c:\9vvpj.exec:\9vvpj.exe116⤵PID:1396
-
\??\c:\rlrlllr.exec:\rlrlllr.exe117⤵PID:2124
-
\??\c:\ffxrffr.exec:\ffxrffr.exe118⤵PID:4764
-
\??\c:\5ttnhn.exec:\5ttnhn.exe119⤵PID:4076
-
\??\c:\ffrxxfl.exec:\ffrxxfl.exe120⤵PID:3520
-
\??\c:\tbnhbb.exec:\tbnhbb.exe121⤵PID:3636
-
\??\c:\hhhbnn.exec:\hhhbnn.exe122⤵PID:4272
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-