Analysis
-
max time kernel
150s -
max time network
99s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
11/06/2024, 01:50
Behavioral task
behavioral1
Sample
add6ef9544ebb41ee3c1870feafbd13ae21d945ec3f9072af4740e6d5b6a0ec5.exe
Resource
win7-20240215-en
windows7-x64
6 signatures
150 seconds
General
-
Target
add6ef9544ebb41ee3c1870feafbd13ae21d945ec3f9072af4740e6d5b6a0ec5.exe
-
Size
400KB
-
MD5
04c9f3eb7f24a015753067e66a27dd61
-
SHA1
2c802fb9ec8e4a4a730a5de9c610fc7ccc10740d
-
SHA256
add6ef9544ebb41ee3c1870feafbd13ae21d945ec3f9072af4740e6d5b6a0ec5
-
SHA512
c65e6c7c3a5a4b1d17b2bbd23553ef391e341637d17b3d6c3c87a92e83709307a56e4be9a32859f23d19cc931e8f8e2f3ff6b23e739e6ce68beeeb63d6bf3ce4
-
SSDEEP
6144:Lcm4FmowdHoSHt251UriZFwfsDX2CfNnkymTwaJ3o89H3E:R4wFHoSHYHUrAwfMHNnpls4890
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/2636-5-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2100-10-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5092-18-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/64-17-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1988-23-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1496-31-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4728-36-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3100-41-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4896-46-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2220-62-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1936-53-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1596-69-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4004-67-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1944-75-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1416-81-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2604-87-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3996-97-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2724-102-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3948-108-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/720-113-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5116-121-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4676-137-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5088-145-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2900-150-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4440-157-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2688-161-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/736-166-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4532-169-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4692-170-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2324-175-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/460-180-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4732-182-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4500-186-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2200-189-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/456-192-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/116-197-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2168-202-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/8-205-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4356-221-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2720-228-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4696-229-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3740-234-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4820-249-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3572-260-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2652-267-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3544-273-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3544-277-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5116-295-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2292-298-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2352-313-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4684-325-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1456-336-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2400-349-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1612-360-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3992-377-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1688-385-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4284-410-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1920-423-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4160-426-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4536-433-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2324-481-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5100-515-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1820-520-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1840-531-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/2636-0-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023298-4.dat UPX behavioral2/memory/2100-6-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2636-5-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0008000000023422-9.dat UPX behavioral2/memory/2100-10-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023427-12.dat UPX behavioral2/memory/5092-18-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/64-17-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023428-20.dat UPX behavioral2/memory/1988-23-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023429-25.dat UPX behavioral2/files/0x000700000002342a-29.dat UPX behavioral2/memory/1496-31-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4728-32-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002342b-35.dat UPX behavioral2/memory/4728-36-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002342c-39.dat UPX behavioral2/memory/3100-41-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002342d-45.dat UPX behavioral2/memory/4896-46-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002342e-49.dat UPX behavioral2/memory/2220-57-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002342f-56.dat UPX behavioral2/memory/2220-62-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023430-61.dat UPX behavioral2/memory/1936-53-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023432-65.dat UPX behavioral2/memory/1596-69-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4004-67-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023433-72.dat UPX behavioral2/files/0x0007000000023434-76.dat UPX behavioral2/memory/1944-75-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023435-80.dat UPX behavioral2/memory/1416-81-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2604-87-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023436-86.dat UPX behavioral2/files/0x0008000000023423-91.dat UPX behavioral2/files/0x0007000000023437-94.dat UPX behavioral2/files/0x0007000000023438-99.dat UPX behavioral2/memory/3996-97-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2724-102-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023439-104.dat UPX behavioral2/files/0x000700000002343a-109.dat UPX behavioral2/memory/3948-108-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002343b-114.dat UPX behavioral2/memory/720-113-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002343c-118.dat UPX behavioral2/memory/5116-121-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002343d-123.dat UPX behavioral2/files/0x000700000002343e-127.dat UPX behavioral2/files/0x000700000002343f-131.dat UPX behavioral2/files/0x0007000000023440-135.dat UPX behavioral2/memory/4676-137-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023441-140.dat UPX behavioral2/memory/5088-145-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023442-144.dat UPX behavioral2/files/0x0007000000023443-149.dat UPX behavioral2/memory/2900-150-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023444-154.dat UPX behavioral2/memory/4440-157-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2688-161-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/736-166-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4532-169-0x0000000000400000-0x0000000000427000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 2100 hnhbnt.exe 5092 ntnhbb.exe 64 nhtttt.exe 1988 vvpdv.exe 1496 fxlxxxf.exe 4728 hhbnhb.exe 3100 lxfxrrx.exe 4896 ntthbn.exe 2360 djdvj.exe 1936 rfxlfxx.exe 2220 hbhnbn.exe 4004 pdjdv.exe 1596 bbntht.exe 1944 pjjdd.exe 1416 bbnbth.exe 2604 pvpjv.exe 4160 tttnbh.exe 3176 dpvjd.exe 3996 lllfxxl.exe 2724 bntntt.exe 3948 jdjdv.exe 720 jdjdp.exe 2712 btbthh.exe 5116 ntbnbt.exe 688 pddvp.exe 1928 xffflrf.exe 4676 5rrlxxf.exe 2576 llrrflf.exe 5088 fxrlllf.exe 2900 5tnnhh.exe 2112 vjpjd.exe 4440 ntbbbh.exe 1428 5jjdp.exe 2688 xrfxxxx.exe 736 nttnhh.exe 4532 ppvpp.exe 4692 3lrrrfx.exe 2324 nbnnhh.exe 2776 btnnhh.exe 460 pjddd.exe 4732 lllfxxx.exe 4500 dpvpp.exe 2200 rfxrllf.exe 2948 hnnbnn.exe 456 jjvvv.exe 4088 ddjjj.exe 116 7xxrxrf.exe 2168 hhhbtn.exe 1824 pjdvd.exe 8 xlxrrrr.exe 4844 hbhbtn.exe 4812 jdvjv.exe 1580 1dpvv.exe 2084 nhhbbb.exe 1820 dpvpd.exe 4356 rrffffr.exe 3424 tnbbtt.exe 540 1vvpv.exe 2720 7lxxxxr.exe 4696 tnttnn.exe 1492 nhnbbt.exe 3740 ddppj.exe 4892 9rrxffl.exe 2280 btnbtt.exe -
resource yara_rule behavioral2/memory/2636-0-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023298-4.dat upx behavioral2/memory/2100-6-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2636-5-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0008000000023422-9.dat upx behavioral2/memory/2100-10-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023427-12.dat upx behavioral2/memory/5092-18-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/64-17-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023428-20.dat upx behavioral2/memory/1988-23-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023429-25.dat upx behavioral2/files/0x000700000002342a-29.dat upx behavioral2/memory/1496-31-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4728-32-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002342b-35.dat upx behavioral2/memory/4728-36-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002342c-39.dat upx behavioral2/memory/3100-41-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002342d-45.dat upx behavioral2/memory/4896-46-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002342e-49.dat upx behavioral2/memory/2220-57-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002342f-56.dat upx behavioral2/memory/2220-62-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023430-61.dat upx behavioral2/memory/1936-53-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023432-65.dat upx behavioral2/memory/1596-69-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4004-67-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023433-72.dat upx behavioral2/files/0x0007000000023434-76.dat upx behavioral2/memory/1944-75-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023435-80.dat upx behavioral2/memory/1416-81-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2604-87-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023436-86.dat upx behavioral2/files/0x0008000000023423-91.dat upx behavioral2/files/0x0007000000023437-94.dat upx behavioral2/files/0x0007000000023438-99.dat upx behavioral2/memory/3996-97-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2724-102-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023439-104.dat upx behavioral2/files/0x000700000002343a-109.dat upx behavioral2/memory/3948-108-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002343b-114.dat upx behavioral2/memory/720-113-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002343c-118.dat upx behavioral2/memory/5116-121-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002343d-123.dat upx behavioral2/files/0x000700000002343e-127.dat upx behavioral2/files/0x000700000002343f-131.dat upx behavioral2/files/0x0007000000023440-135.dat upx behavioral2/memory/4676-137-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023441-140.dat upx behavioral2/memory/5088-145-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023442-144.dat upx behavioral2/files/0x0007000000023443-149.dat upx behavioral2/memory/2900-150-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023444-154.dat upx behavioral2/memory/4440-157-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2688-161-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/736-166-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4532-169-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2636 wrote to memory of 2100 2636 add6ef9544ebb41ee3c1870feafbd13ae21d945ec3f9072af4740e6d5b6a0ec5.exe 81 PID 2636 wrote to memory of 2100 2636 add6ef9544ebb41ee3c1870feafbd13ae21d945ec3f9072af4740e6d5b6a0ec5.exe 81 PID 2636 wrote to memory of 2100 2636 add6ef9544ebb41ee3c1870feafbd13ae21d945ec3f9072af4740e6d5b6a0ec5.exe 81 PID 2100 wrote to memory of 5092 2100 hnhbnt.exe 82 PID 2100 wrote to memory of 5092 2100 hnhbnt.exe 82 PID 2100 wrote to memory of 5092 2100 hnhbnt.exe 82 PID 5092 wrote to memory of 64 5092 ntnhbb.exe 83 PID 5092 wrote to memory of 64 5092 ntnhbb.exe 83 PID 5092 wrote to memory of 64 5092 ntnhbb.exe 83 PID 64 wrote to memory of 1988 64 nhtttt.exe 84 PID 64 wrote to memory of 1988 64 nhtttt.exe 84 PID 64 wrote to memory of 1988 64 nhtttt.exe 84 PID 1988 wrote to memory of 1496 1988 vvpdv.exe 85 PID 1988 wrote to memory of 1496 1988 vvpdv.exe 85 PID 1988 wrote to memory of 1496 1988 vvpdv.exe 85 PID 1496 wrote to memory of 4728 1496 fxlxxxf.exe 86 PID 1496 wrote to memory of 4728 1496 fxlxxxf.exe 86 PID 1496 wrote to memory of 4728 1496 fxlxxxf.exe 86 PID 4728 wrote to memory of 3100 4728 hhbnhb.exe 87 PID 4728 wrote to memory of 3100 4728 hhbnhb.exe 87 PID 4728 wrote to memory of 3100 4728 hhbnhb.exe 87 PID 3100 wrote to memory of 4896 3100 lxfxrrx.exe 88 PID 3100 wrote to memory of 4896 3100 lxfxrrx.exe 88 PID 3100 wrote to memory of 4896 3100 lxfxrrx.exe 88 PID 4896 wrote to memory of 2360 4896 ntthbn.exe 89 PID 4896 wrote to memory of 2360 4896 ntthbn.exe 89 PID 4896 wrote to memory of 2360 4896 ntthbn.exe 89 PID 2360 wrote to memory of 1936 2360 djdvj.exe 90 PID 2360 wrote to memory of 1936 2360 djdvj.exe 90 PID 2360 wrote to memory of 1936 2360 djdvj.exe 90 PID 1936 wrote to memory of 2220 1936 rfxlfxx.exe 91 PID 1936 wrote to memory of 2220 1936 rfxlfxx.exe 91 PID 1936 wrote to memory of 2220 1936 rfxlfxx.exe 91 PID 2220 wrote to memory of 4004 2220 hbhnbn.exe 92 PID 2220 wrote to memory of 4004 2220 hbhnbn.exe 92 PID 2220 wrote to memory of 4004 2220 hbhnbn.exe 92 PID 4004 wrote to memory of 1596 4004 pdjdv.exe 93 PID 4004 wrote to memory of 1596 4004 pdjdv.exe 93 PID 4004 wrote to memory of 1596 4004 pdjdv.exe 93 PID 1596 wrote to memory of 1944 1596 bbntht.exe 94 PID 1596 wrote to memory of 1944 1596 bbntht.exe 94 PID 1596 wrote to memory of 1944 1596 bbntht.exe 94 PID 1944 wrote to memory of 1416 1944 pjjdd.exe 95 PID 1944 wrote to memory of 1416 1944 pjjdd.exe 95 PID 1944 wrote to memory of 1416 1944 pjjdd.exe 95 PID 1416 wrote to memory of 2604 1416 bbnbth.exe 96 PID 1416 wrote to memory of 2604 1416 bbnbth.exe 96 PID 1416 wrote to memory of 2604 1416 bbnbth.exe 96 PID 2604 wrote to memory of 4160 2604 pvpjv.exe 97 PID 2604 wrote to memory of 4160 2604 pvpjv.exe 97 PID 2604 wrote to memory of 4160 2604 pvpjv.exe 97 PID 4160 wrote to memory of 3176 4160 tttnbh.exe 98 PID 4160 wrote to memory of 3176 4160 tttnbh.exe 98 PID 4160 wrote to memory of 3176 4160 tttnbh.exe 98 PID 3176 wrote to memory of 3996 3176 dpvjd.exe 99 PID 3176 wrote to memory of 3996 3176 dpvjd.exe 99 PID 3176 wrote to memory of 3996 3176 dpvjd.exe 99 PID 3996 wrote to memory of 2724 3996 lllfxxl.exe 100 PID 3996 wrote to memory of 2724 3996 lllfxxl.exe 100 PID 3996 wrote to memory of 2724 3996 lllfxxl.exe 100 PID 2724 wrote to memory of 3948 2724 bntntt.exe 101 PID 2724 wrote to memory of 3948 2724 bntntt.exe 101 PID 2724 wrote to memory of 3948 2724 bntntt.exe 101 PID 3948 wrote to memory of 720 3948 jdjdv.exe 102
Processes
-
C:\Users\Admin\AppData\Local\Temp\add6ef9544ebb41ee3c1870feafbd13ae21d945ec3f9072af4740e6d5b6a0ec5.exe"C:\Users\Admin\AppData\Local\Temp\add6ef9544ebb41ee3c1870feafbd13ae21d945ec3f9072af4740e6d5b6a0ec5.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2636 -
\??\c:\hnhbnt.exec:\hnhbnt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2100 -
\??\c:\ntnhbb.exec:\ntnhbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5092 -
\??\c:\nhtttt.exec:\nhtttt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:64 -
\??\c:\vvpdv.exec:\vvpdv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1988 -
\??\c:\fxlxxxf.exec:\fxlxxxf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1496 -
\??\c:\hhbnhb.exec:\hhbnhb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4728 -
\??\c:\lxfxrrx.exec:\lxfxrrx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3100 -
\??\c:\ntthbn.exec:\ntthbn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4896 -
\??\c:\djdvj.exec:\djdvj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2360 -
\??\c:\rfxlfxx.exec:\rfxlfxx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1936 -
\??\c:\hbhnbn.exec:\hbhnbn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2220 -
\??\c:\pdjdv.exec:\pdjdv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4004 -
\??\c:\bbntht.exec:\bbntht.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1596 -
\??\c:\pjjdd.exec:\pjjdd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1944 -
\??\c:\bbnbth.exec:\bbnbth.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1416 -
\??\c:\pvpjv.exec:\pvpjv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2604 -
\??\c:\tttnbh.exec:\tttnbh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4160 -
\??\c:\dpvjd.exec:\dpvjd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3176 -
\??\c:\lllfxxl.exec:\lllfxxl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3996 -
\??\c:\bntntt.exec:\bntntt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2724 -
\??\c:\jdjdv.exec:\jdjdv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3948 -
\??\c:\jdjdp.exec:\jdjdp.exe23⤵
- Executes dropped EXE
PID:720 -
\??\c:\btbthh.exec:\btbthh.exe24⤵
- Executes dropped EXE
PID:2712 -
\??\c:\ntbnbt.exec:\ntbnbt.exe25⤵
- Executes dropped EXE
PID:5116 -
\??\c:\pddvp.exec:\pddvp.exe26⤵
- Executes dropped EXE
PID:688 -
\??\c:\xffflrf.exec:\xffflrf.exe27⤵
- Executes dropped EXE
PID:1928 -
\??\c:\5rrlxxf.exec:\5rrlxxf.exe28⤵
- Executes dropped EXE
PID:4676 -
\??\c:\llrrflf.exec:\llrrflf.exe29⤵
- Executes dropped EXE
PID:2576 -
\??\c:\fxrlllf.exec:\fxrlllf.exe30⤵
- Executes dropped EXE
PID:5088 -
\??\c:\5tnnhh.exec:\5tnnhh.exe31⤵
- Executes dropped EXE
PID:2900 -
\??\c:\vjpjd.exec:\vjpjd.exe32⤵
- Executes dropped EXE
PID:2112 -
\??\c:\ntbbbh.exec:\ntbbbh.exe33⤵
- Executes dropped EXE
PID:4440 -
\??\c:\5jjdp.exec:\5jjdp.exe34⤵
- Executes dropped EXE
PID:1428 -
\??\c:\xrfxxxx.exec:\xrfxxxx.exe35⤵
- Executes dropped EXE
PID:2688 -
\??\c:\nttnhh.exec:\nttnhh.exe36⤵
- Executes dropped EXE
PID:736 -
\??\c:\ppvpp.exec:\ppvpp.exe37⤵
- Executes dropped EXE
PID:4532 -
\??\c:\3lrrrfx.exec:\3lrrrfx.exe38⤵
- Executes dropped EXE
PID:4692 -
\??\c:\nbnnhh.exec:\nbnnhh.exe39⤵
- Executes dropped EXE
PID:2324 -
\??\c:\btnnhh.exec:\btnnhh.exe40⤵
- Executes dropped EXE
PID:2776 -
\??\c:\pjddd.exec:\pjddd.exe41⤵
- Executes dropped EXE
PID:460 -
\??\c:\lllfxxx.exec:\lllfxxx.exe42⤵
- Executes dropped EXE
PID:4732 -
\??\c:\dpvpp.exec:\dpvpp.exe43⤵
- Executes dropped EXE
PID:4500 -
\??\c:\rfxrllf.exec:\rfxrllf.exe44⤵
- Executes dropped EXE
PID:2200 -
\??\c:\hnnbnn.exec:\hnnbnn.exe45⤵
- Executes dropped EXE
PID:2948 -
\??\c:\jjvvv.exec:\jjvvv.exe46⤵
- Executes dropped EXE
PID:456 -
\??\c:\ddjjj.exec:\ddjjj.exe47⤵
- Executes dropped EXE
PID:4088 -
\??\c:\7xxrxrf.exec:\7xxrxrf.exe48⤵
- Executes dropped EXE
PID:116 -
\??\c:\hhhbtn.exec:\hhhbtn.exe49⤵
- Executes dropped EXE
PID:2168 -
\??\c:\pjdvd.exec:\pjdvd.exe50⤵
- Executes dropped EXE
PID:1824 -
\??\c:\xlxrrrr.exec:\xlxrrrr.exe51⤵
- Executes dropped EXE
PID:8 -
\??\c:\hbhbtn.exec:\hbhbtn.exe52⤵
- Executes dropped EXE
PID:4844 -
\??\c:\jdvjv.exec:\jdvjv.exe53⤵
- Executes dropped EXE
PID:4812 -
\??\c:\1dpvv.exec:\1dpvv.exe54⤵
- Executes dropped EXE
PID:1580 -
\??\c:\nhhbbb.exec:\nhhbbb.exe55⤵
- Executes dropped EXE
PID:2084 -
\??\c:\dpvpd.exec:\dpvpd.exe56⤵
- Executes dropped EXE
PID:1820 -
\??\c:\rrffffr.exec:\rrffffr.exe57⤵
- Executes dropped EXE
PID:4356 -
\??\c:\tnbbtt.exec:\tnbbtt.exe58⤵
- Executes dropped EXE
PID:3424 -
\??\c:\1vvpv.exec:\1vvpv.exe59⤵
- Executes dropped EXE
PID:540 -
\??\c:\7lxxxxr.exec:\7lxxxxr.exe60⤵
- Executes dropped EXE
PID:2720 -
\??\c:\tnttnn.exec:\tnttnn.exe61⤵
- Executes dropped EXE
PID:4696 -
\??\c:\nhnbbt.exec:\nhnbbt.exe62⤵
- Executes dropped EXE
PID:1492 -
\??\c:\ddppj.exec:\ddppj.exe63⤵
- Executes dropped EXE
PID:3740 -
\??\c:\9rrxffl.exec:\9rrxffl.exe64⤵
- Executes dropped EXE
PID:4892 -
\??\c:\btnbtt.exec:\btnbtt.exe65⤵
- Executes dropped EXE
PID:2280 -
\??\c:\1nbthn.exec:\1nbthn.exe66⤵PID:1496
-
\??\c:\ddpdp.exec:\ddpdp.exe67⤵PID:1372
-
\??\c:\llxrxfl.exec:\llxrxfl.exe68⤵PID:4988
-
\??\c:\3xfxxxx.exec:\3xfxxxx.exe69⤵PID:4488
-
\??\c:\hbtnbt.exec:\hbtnbt.exe70⤵PID:4820
-
\??\c:\1jjdp.exec:\1jjdp.exe71⤵PID:2480
-
\??\c:\rlrrlll.exec:\rlrrlll.exe72⤵PID:2716
-
\??\c:\lflllff.exec:\lflllff.exe73⤵PID:3596
-
\??\c:\tnbhnt.exec:\tnbhnt.exe74⤵PID:3572
-
\??\c:\jdpjd.exec:\jdpjd.exe75⤵PID:5080
-
\??\c:\jpppj.exec:\jpppj.exe76⤵PID:224
-
\??\c:\xllfxfx.exec:\xllfxfx.exe77⤵PID:2652
-
\??\c:\9tnbht.exec:\9tnbht.exe78⤵PID:1832
-
\??\c:\7jdpd.exec:\7jdpd.exe79⤵PID:3648
-
\??\c:\jdjdv.exec:\jdjdv.exe80⤵PID:3544
-
\??\c:\xrrlxxr.exec:\xrrlxxr.exe81⤵PID:2476
-
\??\c:\lxxlffr.exec:\lxxlffr.exe82⤵PID:1504
-
\??\c:\hhnnhh.exec:\hhnnhh.exe83⤵PID:3852
-
\??\c:\dpjdv.exec:\dpjdv.exe84⤵PID:1784
-
\??\c:\flrlfxx.exec:\flrlfxx.exe85⤵PID:1220
-
\??\c:\bbhtbt.exec:\bbhtbt.exe86⤵PID:2172
-
\??\c:\frfrfxr.exec:\frfrfxr.exe87⤵PID:2712
-
\??\c:\7xxrllf.exec:\7xxrllf.exe88⤵PID:4540
-
\??\c:\bhnnht.exec:\bhnnht.exe89⤵PID:5116
-
\??\c:\vppjd.exec:\vppjd.exe90⤵PID:2292
-
\??\c:\flxrllr.exec:\flxrllr.exe91⤵PID:3512
-
\??\c:\1hbthb.exec:\1hbthb.exe92⤵PID:2868
-
\??\c:\btbbbt.exec:\btbbbt.exe93⤵PID:1940
-
\??\c:\jpvjv.exec:\jpvjv.exe94⤵PID:2576
-
\??\c:\pdjdv.exec:\pdjdv.exe95⤵PID:4116
-
\??\c:\xffxllx.exec:\xffxllx.exe96⤵PID:2284
-
\??\c:\lllxrlx.exec:\lllxrlx.exe97⤵PID:2352
-
\??\c:\nhnhbb.exec:\nhnhbb.exe98⤵PID:1124
-
\??\c:\5jdvj.exec:\5jdvj.exe99⤵PID:3372
-
\??\c:\lflxrlf.exec:\lflxrlf.exe100⤵PID:4388
-
\??\c:\tnnhht.exec:\tnnhht.exe101⤵PID:4380
-
\??\c:\3jjvd.exec:\3jjvd.exe102⤵PID:4684
-
\??\c:\3ddvj.exec:\3ddvj.exe103⤵PID:4776
-
\??\c:\frrlfrr.exec:\frrlfrr.exe104⤵PID:4720
-
\??\c:\3hbtnh.exec:\3hbtnh.exe105⤵PID:3588
-
\??\c:\btnhnn.exec:\btnhnn.exe106⤵PID:2324
-
\??\c:\ddddj.exec:\ddddj.exe107⤵PID:1456
-
\??\c:\fllfrrr.exec:\fllfrrr.exe108⤵PID:1656
-
\??\c:\nbbtnh.exec:\nbbtnh.exe109⤵PID:4732
-
\??\c:\1ppjd.exec:\1ppjd.exe110⤵PID:4500
-
\??\c:\dvvpv.exec:\dvvpv.exe111⤵PID:3396
-
\??\c:\rxxrllf.exec:\rxxrllf.exe112⤵PID:3636
-
\??\c:\bhbthh.exec:\bhbthh.exe113⤵PID:2400
-
\??\c:\5ppjv.exec:\5ppjv.exe114⤵PID:3504
-
\??\c:\9llfrlf.exec:\9llfrlf.exe115⤵PID:3220
-
\??\c:\bbnnhn.exec:\bbnnhn.exe116⤵PID:2992
-
\??\c:\9vvpp.exec:\9vvpp.exe117⤵PID:4548
-
\??\c:\9vdvj.exec:\9vdvj.exe118⤵PID:1612
-
\??\c:\fxlffxf.exec:\fxlffxf.exe119⤵PID:8
-
\??\c:\thhbtb.exec:\thhbtb.exe120⤵PID:4736
-
\??\c:\7nhbnn.exec:\7nhbnn.exe121⤵PID:1468
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-