Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
10/06/2024, 21:32
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
468237d136fd07cef83a095c3c49be6dee793738099df4787d0c3ef5c5479426.exe
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
General
-
Target
468237d136fd07cef83a095c3c49be6dee793738099df4787d0c3ef5c5479426.exe
-
Size
351KB
-
MD5
3ef2ed19772fbbd52a3b45affaa6cfc4
-
SHA1
e81aa5ce5ff9dac1fdc47bc397d27b560e7252cc
-
SHA256
468237d136fd07cef83a095c3c49be6dee793738099df4787d0c3ef5c5479426
-
SHA512
b8923cefaa5dda32dcf0c1e671771c6c547758d1c811df4d9956cc3f5ea36d9f112cd0eababc85ea1d252dc5f6e5d1823787a4917f4d442f057a1efe28850ff4
-
SSDEEP
6144:4cm7ImGddXvJuzyy/SfVFKpU/sien7NuOpo0HmtDKe0wKyKqiOfm8RCfDK4TrHHt:+7TcBuGy/Sa+/sie0OpncKe/KFBOfmz1
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/2484-5-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3012-13-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4852-26-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2516-32-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3444-20-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4616-15-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4060-42-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3656-45-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3404-51-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3064-60-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1392-66-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4732-72-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2412-77-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4468-88-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2760-101-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3116-102-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3748-113-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3128-120-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1588-129-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2508-136-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1564-141-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1732-148-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1652-164-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2328-171-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2296-181-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1156-188-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3708-193-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4912-200-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3692-210-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2592-215-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2552-229-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2484-236-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1092-246-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/5020-256-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4068-260-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2376-270-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3468-280-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4760-284-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4516-292-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3864-326-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3780-330-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/5048-336-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1036-343-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3652-350-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2956-357-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2668-361-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2080-366-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1472-379-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4512-381-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3192-402-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2972-417-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4248-418-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2984-434-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4708-442-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3444-446-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/60-462-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4468-508-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/2924-530-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/5060-630-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/3988-645-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4884-689-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4812-782-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/1188-881-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon behavioral2/memory/4920-1261-0x0000000000400000-0x000000000042D000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/2484-5-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/4616-7-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/3012-13-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/4852-26-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/2516-32-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/3444-20-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/4616-15-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/4060-42-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/3656-45-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/3404-51-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/3064-60-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/1392-66-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/4732-72-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/2412-77-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/3564-80-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/4468-88-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/2760-101-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/3116-102-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/3748-113-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/3128-120-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/1588-129-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/2508-136-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/1564-141-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/1732-148-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/1200-154-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/1652-164-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/2328-171-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/2296-181-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/1156-188-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/3708-193-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/4912-200-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/3692-210-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/2592-215-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/4620-218-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/2552-229-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/2484-236-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/1092-246-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/5020-256-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/4068-260-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/2376-270-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/3468-280-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/4760-284-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/4516-288-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/4516-292-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/3160-299-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/4484-303-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/3864-326-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/3780-330-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/5048-336-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/1036-343-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/3652-350-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/2956-357-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/2668-361-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/2080-366-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/1472-375-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/1472-379-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/4512-381-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/948-384-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/2368-397-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/3192-402-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/2972-417-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/4248-418-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/2984-434-0x0000000000400000-0x000000000042D000-memory.dmp UPX behavioral2/memory/3080-435-0x0000000000400000-0x000000000042D000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 4616 9thbtb.exe 3012 vvdjp.exe 3444 1llfrrl.exe 4852 lrxxrxf.exe 2516 nbhhtt.exe 4060 dvdvv.exe 3656 xrrllff.exe 3404 htbhbb.exe 3064 9fxfxll.exe 1392 5vdvv.exe 4732 tnhbbt.exe 2412 dpdvp.exe 3564 bnttnt.exe 4468 fxllrlr.exe 4700 btbtnn.exe 2760 pvvvp.exe 3116 1rfxxff.exe 2020 jpjdp.exe 3748 rlrrrxr.exe 3128 9bnhhb.exe 1588 pppjj.exe 2508 htnbnt.exe 1564 fxlxxxf.exe 1732 ntnnnt.exe 880 pjjdp.exe 1200 9bbbtt.exe 1652 lrrlfxr.exe 2328 nthttn.exe 1452 pjdvd.exe 2296 tntnnh.exe 1156 pjjdd.exe 2132 tbnbhb.exe 3708 llfxxxr.exe 4912 xlfxrlf.exe 1252 7bnhbb.exe 4784 dvdvv.exe 3692 rxflxll.exe 3284 rfffxxx.exe 2592 bnthhn.exe 4620 3vpjd.exe 3740 xrrllrr.exe 2836 tbhbhb.exe 1828 pjjdv.exe 2484 xlrllff.exe 4708 tttnhh.exe 1208 vjvpv.exe 1092 rlllllf.exe 508 fxfffxx.exe 3048 tnnhbb.exe 5020 jddvv.exe 4068 3rlrlff.exe 1132 nhnhbb.exe 2344 9djdd.exe 2376 frrllll.exe 868 hnnhhb.exe 4404 tnnhbb.exe 3468 jjdvv.exe 4760 tbtbbt.exe 1236 pjvpp.exe 4516 rfxfffx.exe 2164 tbhttn.exe 4884 pjpjj.exe 3160 rllflfr.exe 4484 5xxxrxf.exe -
resource yara_rule behavioral2/memory/2484-5-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4616-7-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3012-13-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4852-26-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2516-32-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3444-20-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4616-15-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4060-42-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3656-45-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3404-51-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3064-60-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1392-66-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4732-72-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2412-77-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3564-80-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4468-88-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2760-101-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3116-102-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3748-113-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3128-120-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1588-129-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2508-136-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1564-141-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1732-148-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1200-154-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1652-164-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2328-171-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2296-181-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1156-188-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3708-193-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4912-200-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3692-210-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2592-215-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4620-218-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2552-229-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2484-236-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1092-246-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/5020-256-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4068-260-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2376-270-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3468-280-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4760-284-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4516-288-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4516-292-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3160-299-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4484-303-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3864-326-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3780-330-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/5048-336-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1036-343-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3652-350-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2956-357-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2668-361-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2080-366-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/1472-379-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4512-381-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/948-384-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2368-397-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3192-402-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2972-417-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4248-418-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/2984-434-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/3080-435-0x0000000000400000-0x000000000042D000-memory.dmp upx behavioral2/memory/4708-442-0x0000000000400000-0x000000000042D000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2484 wrote to memory of 4616 2484 468237d136fd07cef83a095c3c49be6dee793738099df4787d0c3ef5c5479426.exe 81 PID 2484 wrote to memory of 4616 2484 468237d136fd07cef83a095c3c49be6dee793738099df4787d0c3ef5c5479426.exe 81 PID 2484 wrote to memory of 4616 2484 468237d136fd07cef83a095c3c49be6dee793738099df4787d0c3ef5c5479426.exe 81 PID 4616 wrote to memory of 3012 4616 9thbtb.exe 82 PID 4616 wrote to memory of 3012 4616 9thbtb.exe 82 PID 4616 wrote to memory of 3012 4616 9thbtb.exe 82 PID 3012 wrote to memory of 3444 3012 vvdjp.exe 83 PID 3012 wrote to memory of 3444 3012 vvdjp.exe 83 PID 3012 wrote to memory of 3444 3012 vvdjp.exe 83 PID 3444 wrote to memory of 4852 3444 1llfrrl.exe 84 PID 3444 wrote to memory of 4852 3444 1llfrrl.exe 84 PID 3444 wrote to memory of 4852 3444 1llfrrl.exe 84 PID 4852 wrote to memory of 2516 4852 lrxxrxf.exe 85 PID 4852 wrote to memory of 2516 4852 lrxxrxf.exe 85 PID 4852 wrote to memory of 2516 4852 lrxxrxf.exe 85 PID 2516 wrote to memory of 4060 2516 nbhhtt.exe 86 PID 2516 wrote to memory of 4060 2516 nbhhtt.exe 86 PID 2516 wrote to memory of 4060 2516 nbhhtt.exe 86 PID 4060 wrote to memory of 3656 4060 dvdvv.exe 87 PID 4060 wrote to memory of 3656 4060 dvdvv.exe 87 PID 4060 wrote to memory of 3656 4060 dvdvv.exe 87 PID 3656 wrote to memory of 3404 3656 xrrllff.exe 89 PID 3656 wrote to memory of 3404 3656 xrrllff.exe 89 PID 3656 wrote to memory of 3404 3656 xrrllff.exe 89 PID 3404 wrote to memory of 3064 3404 htbhbb.exe 91 PID 3404 wrote to memory of 3064 3404 htbhbb.exe 91 PID 3404 wrote to memory of 3064 3404 htbhbb.exe 91 PID 3064 wrote to memory of 1392 3064 9fxfxll.exe 92 PID 3064 wrote to memory of 1392 3064 9fxfxll.exe 92 PID 3064 wrote to memory of 1392 3064 9fxfxll.exe 92 PID 1392 wrote to memory of 4732 1392 5vdvv.exe 94 PID 1392 wrote to memory of 4732 1392 5vdvv.exe 94 PID 1392 wrote to memory of 4732 1392 5vdvv.exe 94 PID 4732 wrote to memory of 2412 4732 tnhbbt.exe 95 PID 4732 wrote to memory of 2412 4732 tnhbbt.exe 95 PID 4732 wrote to memory of 2412 4732 tnhbbt.exe 95 PID 2412 wrote to memory of 3564 2412 dpdvp.exe 96 PID 2412 wrote to memory of 3564 2412 dpdvp.exe 96 PID 2412 wrote to memory of 3564 2412 dpdvp.exe 96 PID 3564 wrote to memory of 4468 3564 bnttnt.exe 97 PID 3564 wrote to memory of 4468 3564 bnttnt.exe 97 PID 3564 wrote to memory of 4468 3564 bnttnt.exe 97 PID 4468 wrote to memory of 4700 4468 fxllrlr.exe 98 PID 4468 wrote to memory of 4700 4468 fxllrlr.exe 98 PID 4468 wrote to memory of 4700 4468 fxllrlr.exe 98 PID 4700 wrote to memory of 2760 4700 btbtnn.exe 99 PID 4700 wrote to memory of 2760 4700 btbtnn.exe 99 PID 4700 wrote to memory of 2760 4700 btbtnn.exe 99 PID 2760 wrote to memory of 3116 2760 pvvvp.exe 100 PID 2760 wrote to memory of 3116 2760 pvvvp.exe 100 PID 2760 wrote to memory of 3116 2760 pvvvp.exe 100 PID 3116 wrote to memory of 2020 3116 1rfxxff.exe 101 PID 3116 wrote to memory of 2020 3116 1rfxxff.exe 101 PID 3116 wrote to memory of 2020 3116 1rfxxff.exe 101 PID 2020 wrote to memory of 3748 2020 jpjdp.exe 102 PID 2020 wrote to memory of 3748 2020 jpjdp.exe 102 PID 2020 wrote to memory of 3748 2020 jpjdp.exe 102 PID 3748 wrote to memory of 3128 3748 rlrrrxr.exe 103 PID 3748 wrote to memory of 3128 3748 rlrrrxr.exe 103 PID 3748 wrote to memory of 3128 3748 rlrrrxr.exe 103 PID 3128 wrote to memory of 1588 3128 9bnhhb.exe 104 PID 3128 wrote to memory of 1588 3128 9bnhhb.exe 104 PID 3128 wrote to memory of 1588 3128 9bnhhb.exe 104 PID 1588 wrote to memory of 2508 1588 pppjj.exe 105
Processes
-
C:\Users\Admin\AppData\Local\Temp\468237d136fd07cef83a095c3c49be6dee793738099df4787d0c3ef5c5479426.exe"C:\Users\Admin\AppData\Local\Temp\468237d136fd07cef83a095c3c49be6dee793738099df4787d0c3ef5c5479426.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2484 -
\??\c:\9thbtb.exec:\9thbtb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4616 -
\??\c:\vvdjp.exec:\vvdjp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3012 -
\??\c:\1llfrrl.exec:\1llfrrl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3444 -
\??\c:\lrxxrxf.exec:\lrxxrxf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4852 -
\??\c:\nbhhtt.exec:\nbhhtt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2516 -
\??\c:\dvdvv.exec:\dvdvv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4060 -
\??\c:\xrrllff.exec:\xrrllff.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3656 -
\??\c:\htbhbb.exec:\htbhbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3404 -
\??\c:\9fxfxll.exec:\9fxfxll.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3064 -
\??\c:\5vdvv.exec:\5vdvv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1392 -
\??\c:\tnhbbt.exec:\tnhbbt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4732 -
\??\c:\dpdvp.exec:\dpdvp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2412 -
\??\c:\bnttnt.exec:\bnttnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3564 -
\??\c:\fxllrlr.exec:\fxllrlr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4468 -
\??\c:\btbtnn.exec:\btbtnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4700 -
\??\c:\pvvvp.exec:\pvvvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2760 -
\??\c:\1rfxxff.exec:\1rfxxff.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3116 -
\??\c:\jpjdp.exec:\jpjdp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2020 -
\??\c:\rlrrrxr.exec:\rlrrrxr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3748 -
\??\c:\9bnhhb.exec:\9bnhhb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3128 -
\??\c:\pppjj.exec:\pppjj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1588 -
\??\c:\htnbnt.exec:\htnbnt.exe23⤵
- Executes dropped EXE
PID:2508 -
\??\c:\fxlxxxf.exec:\fxlxxxf.exe24⤵
- Executes dropped EXE
PID:1564 -
\??\c:\ntnnnt.exec:\ntnnnt.exe25⤵
- Executes dropped EXE
PID:1732 -
\??\c:\pjjdp.exec:\pjjdp.exe26⤵
- Executes dropped EXE
PID:880 -
\??\c:\9bbbtt.exec:\9bbbtt.exe27⤵
- Executes dropped EXE
PID:1200 -
\??\c:\lrrlfxr.exec:\lrrlfxr.exe28⤵
- Executes dropped EXE
PID:1652 -
\??\c:\nthttn.exec:\nthttn.exe29⤵
- Executes dropped EXE
PID:2328 -
\??\c:\pjdvd.exec:\pjdvd.exe30⤵
- Executes dropped EXE
PID:1452 -
\??\c:\tntnnh.exec:\tntnnh.exe31⤵
- Executes dropped EXE
PID:2296 -
\??\c:\pjjdd.exec:\pjjdd.exe32⤵
- Executes dropped EXE
PID:1156 -
\??\c:\tbnbhb.exec:\tbnbhb.exe33⤵
- Executes dropped EXE
PID:2132 -
\??\c:\llfxxxr.exec:\llfxxxr.exe34⤵
- Executes dropped EXE
PID:3708 -
\??\c:\xlfxrlf.exec:\xlfxrlf.exe35⤵
- Executes dropped EXE
PID:4912 -
\??\c:\7bnhbb.exec:\7bnhbb.exe36⤵
- Executes dropped EXE
PID:1252 -
\??\c:\dvdvv.exec:\dvdvv.exe37⤵
- Executes dropped EXE
PID:4784 -
\??\c:\rxflxll.exec:\rxflxll.exe38⤵
- Executes dropped EXE
PID:3692 -
\??\c:\rfffxxx.exec:\rfffxxx.exe39⤵
- Executes dropped EXE
PID:3284 -
\??\c:\bnthhn.exec:\bnthhn.exe40⤵
- Executes dropped EXE
PID:2592 -
\??\c:\3vpjd.exec:\3vpjd.exe41⤵
- Executes dropped EXE
PID:4620 -
\??\c:\xrrllrr.exec:\xrrllrr.exe42⤵
- Executes dropped EXE
PID:3740 -
\??\c:\tbhbhb.exec:\tbhbhb.exe43⤵
- Executes dropped EXE
PID:2836 -
\??\c:\pjjdv.exec:\pjjdv.exe44⤵
- Executes dropped EXE
PID:1828 -
\??\c:\rfffxxr.exec:\rfffxxr.exe45⤵PID:2552
-
\??\c:\xlrllff.exec:\xlrllff.exe46⤵
- Executes dropped EXE
PID:2484 -
\??\c:\tttnhh.exec:\tttnhh.exe47⤵
- Executes dropped EXE
PID:4708 -
\??\c:\vjvpv.exec:\vjvpv.exe48⤵
- Executes dropped EXE
PID:1208 -
\??\c:\rlllllf.exec:\rlllllf.exe49⤵
- Executes dropped EXE
PID:1092 -
\??\c:\fxfffxx.exec:\fxfffxx.exe50⤵
- Executes dropped EXE
PID:508 -
\??\c:\tnnhbb.exec:\tnnhbb.exe51⤵
- Executes dropped EXE
PID:3048 -
\??\c:\jddvv.exec:\jddvv.exe52⤵
- Executes dropped EXE
PID:5020 -
\??\c:\3rlrlff.exec:\3rlrlff.exe53⤵
- Executes dropped EXE
PID:4068 -
\??\c:\nhnhbb.exec:\nhnhbb.exe54⤵
- Executes dropped EXE
PID:1132 -
\??\c:\9djdd.exec:\9djdd.exe55⤵
- Executes dropped EXE
PID:2344 -
\??\c:\frrllll.exec:\frrllll.exe56⤵
- Executes dropped EXE
PID:2376 -
\??\c:\hnnhhb.exec:\hnnhhb.exe57⤵
- Executes dropped EXE
PID:868 -
\??\c:\tnnhbb.exec:\tnnhbb.exe58⤵
- Executes dropped EXE
PID:4404 -
\??\c:\jjdvv.exec:\jjdvv.exe59⤵
- Executes dropped EXE
PID:3468 -
\??\c:\tbtbbt.exec:\tbtbbt.exe60⤵
- Executes dropped EXE
PID:4760 -
\??\c:\pjvpp.exec:\pjvpp.exe61⤵
- Executes dropped EXE
PID:1236 -
\??\c:\rfxfffx.exec:\rfxfffx.exe62⤵
- Executes dropped EXE
PID:4516 -
\??\c:\tbhttn.exec:\tbhttn.exe63⤵
- Executes dropped EXE
PID:2164 -
\??\c:\pjpjj.exec:\pjpjj.exe64⤵
- Executes dropped EXE
PID:4884 -
\??\c:\rllflfr.exec:\rllflfr.exe65⤵
- Executes dropped EXE
PID:3160 -
\??\c:\5xxxrxf.exec:\5xxxrxf.exe66⤵
- Executes dropped EXE
PID:4484 -
\??\c:\tbthbb.exec:\tbthbb.exe67⤵PID:4468
-
\??\c:\jdddd.exec:\jdddd.exe68⤵PID:4356
-
\??\c:\rlfxrlf.exec:\rlfxrlf.exe69⤵PID:4428
-
\??\c:\nhnhhb.exec:\nhnhhb.exe70⤵PID:4872
-
\??\c:\btbttt.exec:\btbttt.exe71⤵PID:3100
-
\??\c:\5ppjd.exec:\5ppjd.exe72⤵PID:3936
-
\??\c:\flrfrlx.exec:\flrfrlx.exe73⤵PID:3864
-
\??\c:\9xrlffx.exec:\9xrlffx.exe74⤵PID:3780
-
\??\c:\1hbnhh.exec:\1hbnhh.exe75⤵PID:1080
-
\??\c:\1dpdv.exec:\1dpdv.exe76⤵PID:5048
-
\??\c:\ffffxrr.exec:\ffffxrr.exe77⤵PID:636
-
\??\c:\nhbhbn.exec:\nhbhbn.exe78⤵PID:1036
-
\??\c:\thhnnn.exec:\thhnnn.exe79⤵PID:3652
-
\??\c:\rffxllf.exec:\rffxllf.exe80⤵PID:5008
-
\??\c:\1bnhbb.exec:\1bnhbb.exe81⤵PID:2956
-
\??\c:\ddpvj.exec:\ddpvj.exe82⤵PID:2668
-
\??\c:\1xrfrrf.exec:\1xrfrrf.exe83⤵PID:696
-
\??\c:\nnntbh.exec:\nnntbh.exe84⤵PID:2080
-
\??\c:\9bthbb.exec:\9bthbb.exe85⤵PID:4352
-
\??\c:\vppdv.exec:\vppdv.exe86⤵PID:2328
-
\??\c:\jddpd.exec:\jddpd.exe87⤵PID:1472
-
\??\c:\llfrrlx.exec:\llfrrlx.exe88⤵PID:4512
-
\??\c:\5nbthh.exec:\5nbthh.exe89⤵PID:948
-
\??\c:\5dvpd.exec:\5dvpd.exe90⤵PID:4580
-
\??\c:\vvvpd.exec:\vvvpd.exe91⤵PID:4984
-
\??\c:\lfxlffx.exec:\lfxlffx.exe92⤵PID:1728
-
\??\c:\hbhhbh.exec:\hbhhbh.exe93⤵PID:2368
-
\??\c:\vvvvp.exec:\vvvvp.exe94⤵PID:3192
-
\??\c:\lffxfll.exec:\lffxfll.exe95⤵PID:3104
-
\??\c:\xllfxrl.exec:\xllfxrl.exe96⤵PID:1996
-
\??\c:\5btnhb.exec:\5btnhb.exe97⤵PID:1600
-
\??\c:\vjpjj.exec:\vjpjj.exe98⤵PID:2972
-
\??\c:\jpvpd.exec:\jpvpd.exe99⤵PID:4248
-
\??\c:\ffxfrll.exec:\ffxfrll.exe100⤵PID:5000
-
\??\c:\bnnhtn.exec:\bnnhtn.exe101⤵PID:4456
-
\??\c:\vvjvp.exec:\vvjvp.exe102⤵PID:4320
-
\??\c:\ddjdj.exec:\ddjdj.exe103⤵PID:2984
-
\??\c:\lxxrfxr.exec:\lxxrfxr.exe104⤵PID:3080
-
\??\c:\ntbtnh.exec:\ntbtnh.exe105⤵PID:4708
-
\??\c:\dvdjd.exec:\dvdjd.exe106⤵PID:3444
-
\??\c:\lxxrlfx.exec:\lxxrlfx.exe107⤵PID:4644
-
\??\c:\9nnnhh.exec:\9nnnhh.exe108⤵PID:3196
-
\??\c:\jddvp.exec:\jddvp.exe109⤵PID:4316
-
\??\c:\rrrrrll.exec:\rrrrrll.exe110⤵PID:5020
-
\??\c:\3bnhtn.exec:\3bnhtn.exe111⤵PID:60
-
\??\c:\jdddd.exec:\jdddd.exe112⤵PID:220
-
\??\c:\xflrlrl.exec:\xflrlrl.exe113⤵PID:4716
-
\??\c:\xfxxrxr.exec:\xfxxrxr.exe114⤵PID:4936
-
\??\c:\9nnhbb.exec:\9nnhbb.exe115⤵PID:2684
-
\??\c:\jvvpd.exec:\jvvpd.exe116⤵PID:4280
-
\??\c:\9lfxlfr.exec:\9lfxlfr.exe117⤵PID:3064
-
\??\c:\hntnbb.exec:\hntnbb.exe118⤵PID:3880
-
\??\c:\bnnbtb.exec:\bnnbtb.exe119⤵PID:3832
-
\??\c:\5dvvp.exec:\5dvvp.exe120⤵PID:2180
-
\??\c:\lxrxrrr.exec:\lxrxrrr.exe121⤵PID:4516
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-