Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12-06-2024 01:09
Behavioral task
behavioral1
Sample
95e38d547513568277c8c00f1203433062c81238572d4c2a5b6b59f614254e83.exe
Resource
win7-20231129-en
windows7-x64
6 signatures
150 seconds
General
-
Target
95e38d547513568277c8c00f1203433062c81238572d4c2a5b6b59f614254e83.exe
-
Size
59KB
-
MD5
0defae42a8f832681dd30359192a4cf7
-
SHA1
4fe6f5baf91ee4267bc2577323fcfa3f3202c8a7
-
SHA256
95e38d547513568277c8c00f1203433062c81238572d4c2a5b6b59f614254e83
-
SHA512
3a357be71c232915caf2eca2d80a78e62ab19d4eca6215844fcc18b986769d979be9effb45b9e91d041be5c5584e277c4436aab0f33924c51a95d39029d19c98
-
SSDEEP
1536:zvQBeOGtrYS3srx93UBWfwC6Ggnouy8iT4+IJPhbM9:zhOmTsF93UYfwC6GIoutiTm5hI9
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/2780-7-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1592-4-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4372-17-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2616-16-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3800-22-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4932-29-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4192-37-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3240-40-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3320-43-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2132-48-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1308-57-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4436-59-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/628-75-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3536-79-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2236-83-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3208-93-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1604-90-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1560-102-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5044-107-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3152-116-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5116-120-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3744-131-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2600-146-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2100-150-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4664-154-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4496-160-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3780-164-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1436-168-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3820-173-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4180-182-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2684-189-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4380-200-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2744-203-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4616-206-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2316-213-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3280-222-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3800-228-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4900-231-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1488-233-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2688-235-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3084-240-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2692-243-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3088-246-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3308-249-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4296-252-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1788-257-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3196-291-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5012-295-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3744-307-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4160-345-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/920-349-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1916-352-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2036-361-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4488-367-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1632-379-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4116-404-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4680-407-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1524-436-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4092-489-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/220-543-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2692-546-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/860-552-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3104-572-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4480-664-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/1592-0-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00060000000233d6-3.dat UPX behavioral2/memory/2780-7-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1592-4-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0008000000023590-9.dat UPX behavioral2/files/0x0008000000023593-11.dat UPX behavioral2/memory/4372-17-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2616-16-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023594-20.dat UPX behavioral2/memory/3800-22-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023595-24.dat UPX behavioral2/memory/4932-26-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4932-29-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023596-30.dat UPX behavioral2/files/0x0007000000023597-34.dat UPX behavioral2/memory/4192-37-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023598-39.dat UPX behavioral2/memory/3240-40-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3320-43-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023599-45.dat UPX behavioral2/memory/2132-48-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002359a-51.dat UPX behavioral2/memory/1308-52-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002359b-55.dat UPX behavioral2/memory/1308-57-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4436-59-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002359c-61.dat UPX behavioral2/files/0x000700000002359d-65.dat UPX behavioral2/memory/4660-67-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002359e-70.dat UPX behavioral2/files/0x000700000002359f-74.dat UPX behavioral2/memory/628-75-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3536-79-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2236-83-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000235a0-81.dat UPX behavioral2/files/0x00070000000235a1-85.dat UPX behavioral2/files/0x00070000000235a2-89.dat UPX behavioral2/memory/3208-93-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1604-90-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000235a3-95.dat UPX behavioral2/memory/1560-97-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000235a4-100.dat UPX behavioral2/memory/1560-102-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000235a5-105.dat UPX behavioral2/memory/5044-107-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000235a6-110.dat UPX behavioral2/files/0x00070000000235a7-114.dat UPX behavioral2/memory/3152-116-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000235a8-119.dat UPX behavioral2/memory/5116-120-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000235a9-124.dat UPX behavioral2/files/0x00070000000235aa-128.dat UPX behavioral2/memory/3744-131-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000235ab-133.dat UPX behavioral2/files/0x00070000000235ac-137.dat UPX behavioral2/files/0x00070000000235ad-141.dat UPX behavioral2/memory/2600-146-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000235ae-145.dat UPX behavioral2/files/0x00070000000235af-151.dat UPX behavioral2/memory/2100-150-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4664-154-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000235b0-156.dat UPX behavioral2/memory/4496-160-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3780-164-0x0000000000400000-0x0000000000427000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 2780 flrrxxx.exe 2616 nnhthh.exe 4372 jpvpp.exe 3800 pvdpj.exe 4932 lxlxrxl.exe 4192 ntnhtn.exe 3240 3hbnhb.exe 3320 jvvjv.exe 2132 xlrfxxr.exe 1308 frxllff.exe 4436 tnnhbb.exe 4680 hbhbtn.exe 4660 pjpjv.exe 628 lfrlxll.exe 3536 tttnbh.exe 2236 thtbnh.exe 1604 jdpdj.exe 3208 rrllxxx.exe 1560 9xlfrlf.exe 3200 nntnnh.exe 5044 1htnbt.exe 3152 pjdjj.exe 5116 lrfxlfx.exe 3332 3tbnbt.exe 5020 pdpjd.exe 3744 dpjdp.exe 3840 vdvpd.exe 2428 xflxlfr.exe 2600 hnnhht.exe 2100 3ttnbh.exe 4664 rffxlfr.exe 4496 djvvd.exe 4888 fxfflrr.exe 3780 xrxffrf.exe 1436 hthbth.exe 5076 nnhbnb.exe 3820 9jddp.exe 4044 lrrfllx.exe 1736 rlfxrrx.exe 2228 9bbthh.exe 4180 nbnhbt.exe 4188 vjpjp.exe 920 5vpjv.exe 2684 flxrlfr.exe 1032 lrllfrf.exe 2180 tbbtnn.exe 4604 dpjjv.exe 4380 1vdvj.exe 2744 rrlfrlx.exe 4616 ffrrrxl.exe 4420 tbbtbt.exe 4484 7ppdp.exe 2316 5vpjp.exe 1280 fxxxlrx.exe 676 lfxrlfx.exe 3588 hnbnnb.exe 3280 vjjdv.exe 4328 vppdp.exe 3800 dpvjv.exe 4900 flfrxfr.exe 1488 nhttnn.exe 2688 thtbtb.exe 3084 9vdvj.exe 2692 dpjvj.exe -
resource yara_rule behavioral2/memory/1592-0-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00060000000233d6-3.dat upx behavioral2/memory/2780-7-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1592-4-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0008000000023590-9.dat upx behavioral2/files/0x0008000000023593-11.dat upx behavioral2/memory/4372-17-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2616-16-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023594-20.dat upx behavioral2/memory/3800-22-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023595-24.dat upx behavioral2/memory/4932-26-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4932-29-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023596-30.dat upx behavioral2/files/0x0007000000023597-34.dat upx behavioral2/memory/4192-37-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023598-39.dat upx behavioral2/memory/3240-40-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3320-43-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023599-45.dat upx behavioral2/memory/2132-48-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002359a-51.dat upx behavioral2/memory/1308-52-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002359b-55.dat upx behavioral2/memory/1308-57-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4436-59-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002359c-61.dat upx behavioral2/files/0x000700000002359d-65.dat upx behavioral2/memory/4660-67-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002359e-70.dat upx behavioral2/files/0x000700000002359f-74.dat upx behavioral2/memory/628-75-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3536-79-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2236-83-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000235a0-81.dat upx behavioral2/files/0x00070000000235a1-85.dat upx behavioral2/files/0x00070000000235a2-89.dat upx behavioral2/memory/3208-93-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1604-90-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000235a3-95.dat upx behavioral2/memory/1560-97-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000235a4-100.dat upx behavioral2/memory/1560-102-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000235a5-105.dat upx behavioral2/memory/5044-107-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000235a6-110.dat upx behavioral2/files/0x00070000000235a7-114.dat upx behavioral2/memory/3152-116-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000235a8-119.dat upx behavioral2/memory/5116-120-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000235a9-124.dat upx behavioral2/files/0x00070000000235aa-128.dat upx behavioral2/memory/3744-131-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000235ab-133.dat upx behavioral2/files/0x00070000000235ac-137.dat upx behavioral2/files/0x00070000000235ad-141.dat upx behavioral2/memory/2600-146-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000235ae-145.dat upx behavioral2/files/0x00070000000235af-151.dat upx behavioral2/memory/2100-150-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4664-154-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000235b0-156.dat upx behavioral2/memory/4496-160-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3780-164-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1592 wrote to memory of 2780 1592 95e38d547513568277c8c00f1203433062c81238572d4c2a5b6b59f614254e83.exe 80 PID 1592 wrote to memory of 2780 1592 95e38d547513568277c8c00f1203433062c81238572d4c2a5b6b59f614254e83.exe 80 PID 1592 wrote to memory of 2780 1592 95e38d547513568277c8c00f1203433062c81238572d4c2a5b6b59f614254e83.exe 80 PID 2780 wrote to memory of 2616 2780 flrrxxx.exe 81 PID 2780 wrote to memory of 2616 2780 flrrxxx.exe 81 PID 2780 wrote to memory of 2616 2780 flrrxxx.exe 81 PID 2616 wrote to memory of 4372 2616 nnhthh.exe 82 PID 2616 wrote to memory of 4372 2616 nnhthh.exe 82 PID 2616 wrote to memory of 4372 2616 nnhthh.exe 82 PID 4372 wrote to memory of 3800 4372 jpvpp.exe 83 PID 4372 wrote to memory of 3800 4372 jpvpp.exe 83 PID 4372 wrote to memory of 3800 4372 jpvpp.exe 83 PID 3800 wrote to memory of 4932 3800 pvdpj.exe 84 PID 3800 wrote to memory of 4932 3800 pvdpj.exe 84 PID 3800 wrote to memory of 4932 3800 pvdpj.exe 84 PID 4932 wrote to memory of 4192 4932 lxlxrxl.exe 86 PID 4932 wrote to memory of 4192 4932 lxlxrxl.exe 86 PID 4932 wrote to memory of 4192 4932 lxlxrxl.exe 86 PID 4192 wrote to memory of 3240 4192 ntnhtn.exe 87 PID 4192 wrote to memory of 3240 4192 ntnhtn.exe 87 PID 4192 wrote to memory of 3240 4192 ntnhtn.exe 87 PID 3240 wrote to memory of 3320 3240 3hbnhb.exe 88 PID 3240 wrote to memory of 3320 3240 3hbnhb.exe 88 PID 3240 wrote to memory of 3320 3240 3hbnhb.exe 88 PID 3320 wrote to memory of 2132 3320 jvvjv.exe 89 PID 3320 wrote to memory of 2132 3320 jvvjv.exe 89 PID 3320 wrote to memory of 2132 3320 jvvjv.exe 89 PID 2132 wrote to memory of 1308 2132 xlrfxxr.exe 91 PID 2132 wrote to memory of 1308 2132 xlrfxxr.exe 91 PID 2132 wrote to memory of 1308 2132 xlrfxxr.exe 91 PID 1308 wrote to memory of 4436 1308 frxllff.exe 92 PID 1308 wrote to memory of 4436 1308 frxllff.exe 92 PID 1308 wrote to memory of 4436 1308 frxllff.exe 92 PID 4436 wrote to memory of 4680 4436 tnnhbb.exe 93 PID 4436 wrote to memory of 4680 4436 tnnhbb.exe 93 PID 4436 wrote to memory of 4680 4436 tnnhbb.exe 93 PID 4680 wrote to memory of 4660 4680 hbhbtn.exe 94 PID 4680 wrote to memory of 4660 4680 hbhbtn.exe 94 PID 4680 wrote to memory of 4660 4680 hbhbtn.exe 94 PID 4660 wrote to memory of 628 4660 pjpjv.exe 95 PID 4660 wrote to memory of 628 4660 pjpjv.exe 95 PID 4660 wrote to memory of 628 4660 pjpjv.exe 95 PID 628 wrote to memory of 3536 628 lfrlxll.exe 96 PID 628 wrote to memory of 3536 628 lfrlxll.exe 96 PID 628 wrote to memory of 3536 628 lfrlxll.exe 96 PID 3536 wrote to memory of 2236 3536 tttnbh.exe 98 PID 3536 wrote to memory of 2236 3536 tttnbh.exe 98 PID 3536 wrote to memory of 2236 3536 tttnbh.exe 98 PID 2236 wrote to memory of 1604 2236 thtbnh.exe 99 PID 2236 wrote to memory of 1604 2236 thtbnh.exe 99 PID 2236 wrote to memory of 1604 2236 thtbnh.exe 99 PID 1604 wrote to memory of 3208 1604 jdpdj.exe 100 PID 1604 wrote to memory of 3208 1604 jdpdj.exe 100 PID 1604 wrote to memory of 3208 1604 jdpdj.exe 100 PID 3208 wrote to memory of 1560 3208 rrllxxx.exe 101 PID 3208 wrote to memory of 1560 3208 rrllxxx.exe 101 PID 3208 wrote to memory of 1560 3208 rrllxxx.exe 101 PID 1560 wrote to memory of 3200 1560 9xlfrlf.exe 102 PID 1560 wrote to memory of 3200 1560 9xlfrlf.exe 102 PID 1560 wrote to memory of 3200 1560 9xlfrlf.exe 102 PID 3200 wrote to memory of 5044 3200 nntnnh.exe 103 PID 3200 wrote to memory of 5044 3200 nntnnh.exe 103 PID 3200 wrote to memory of 5044 3200 nntnnh.exe 103 PID 5044 wrote to memory of 3152 5044 1htnbt.exe 104
Processes
-
C:\Users\Admin\AppData\Local\Temp\95e38d547513568277c8c00f1203433062c81238572d4c2a5b6b59f614254e83.exe"C:\Users\Admin\AppData\Local\Temp\95e38d547513568277c8c00f1203433062c81238572d4c2a5b6b59f614254e83.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1592 -
\??\c:\flrrxxx.exec:\flrrxxx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2780 -
\??\c:\nnhthh.exec:\nnhthh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2616 -
\??\c:\jpvpp.exec:\jpvpp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4372 -
\??\c:\pvdpj.exec:\pvdpj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3800 -
\??\c:\lxlxrxl.exec:\lxlxrxl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4932 -
\??\c:\ntnhtn.exec:\ntnhtn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4192 -
\??\c:\3hbnhb.exec:\3hbnhb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3240 -
\??\c:\jvvjv.exec:\jvvjv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3320 -
\??\c:\xlrfxxr.exec:\xlrfxxr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2132 -
\??\c:\frxllff.exec:\frxllff.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1308 -
\??\c:\tnnhbb.exec:\tnnhbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4436 -
\??\c:\hbhbtn.exec:\hbhbtn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4680 -
\??\c:\pjpjv.exec:\pjpjv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4660 -
\??\c:\lfrlxll.exec:\lfrlxll.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:628 -
\??\c:\tttnbh.exec:\tttnbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3536 -
\??\c:\thtbnh.exec:\thtbnh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2236 -
\??\c:\jdpdj.exec:\jdpdj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1604 -
\??\c:\rrllxxx.exec:\rrllxxx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3208 -
\??\c:\9xlfrlf.exec:\9xlfrlf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1560 -
\??\c:\nntnnh.exec:\nntnnh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3200 -
\??\c:\1htnbt.exec:\1htnbt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5044 -
\??\c:\pjdjj.exec:\pjdjj.exe23⤵
- Executes dropped EXE
PID:3152 -
\??\c:\lrfxlfx.exec:\lrfxlfx.exe24⤵
- Executes dropped EXE
PID:5116 -
\??\c:\3tbnbt.exec:\3tbnbt.exe25⤵
- Executes dropped EXE
PID:3332 -
\??\c:\pdpjd.exec:\pdpjd.exe26⤵
- Executes dropped EXE
PID:5020 -
\??\c:\dpjdp.exec:\dpjdp.exe27⤵
- Executes dropped EXE
PID:3744 -
\??\c:\vdvpd.exec:\vdvpd.exe28⤵
- Executes dropped EXE
PID:3840 -
\??\c:\xflxlfr.exec:\xflxlfr.exe29⤵
- Executes dropped EXE
PID:2428 -
\??\c:\hnnhht.exec:\hnnhht.exe30⤵
- Executes dropped EXE
PID:2600 -
\??\c:\3ttnbh.exec:\3ttnbh.exe31⤵
- Executes dropped EXE
PID:2100 -
\??\c:\rffxlfr.exec:\rffxlfr.exe32⤵
- Executes dropped EXE
PID:4664 -
\??\c:\djvvd.exec:\djvvd.exe33⤵
- Executes dropped EXE
PID:4496 -
\??\c:\fxfflrr.exec:\fxfflrr.exe34⤵
- Executes dropped EXE
PID:4888 -
\??\c:\xrxffrf.exec:\xrxffrf.exe35⤵
- Executes dropped EXE
PID:3780 -
\??\c:\hthbth.exec:\hthbth.exe36⤵
- Executes dropped EXE
PID:1436 -
\??\c:\nnhbnb.exec:\nnhbnb.exe37⤵
- Executes dropped EXE
PID:5076 -
\??\c:\9jddp.exec:\9jddp.exe38⤵
- Executes dropped EXE
PID:3820 -
\??\c:\lrrfllx.exec:\lrrfllx.exe39⤵
- Executes dropped EXE
PID:4044 -
\??\c:\rlfxrrx.exec:\rlfxrrx.exe40⤵
- Executes dropped EXE
PID:1736 -
\??\c:\9bbthh.exec:\9bbthh.exe41⤵
- Executes dropped EXE
PID:2228 -
\??\c:\nbnhbt.exec:\nbnhbt.exe42⤵
- Executes dropped EXE
PID:4180 -
\??\c:\vjpjp.exec:\vjpjp.exe43⤵
- Executes dropped EXE
PID:4188 -
\??\c:\5vpjv.exec:\5vpjv.exe44⤵
- Executes dropped EXE
PID:920 -
\??\c:\flxrlfr.exec:\flxrlfr.exe45⤵
- Executes dropped EXE
PID:2684 -
\??\c:\lrllfrf.exec:\lrllfrf.exe46⤵
- Executes dropped EXE
PID:1032 -
\??\c:\tbbtnn.exec:\tbbtnn.exe47⤵
- Executes dropped EXE
PID:2180 -
\??\c:\dpjjv.exec:\dpjjv.exe48⤵
- Executes dropped EXE
PID:4604 -
\??\c:\1vdvj.exec:\1vdvj.exe49⤵
- Executes dropped EXE
PID:4380 -
\??\c:\rrlfrlx.exec:\rrlfrlx.exe50⤵
- Executes dropped EXE
PID:2744 -
\??\c:\ffrrrxl.exec:\ffrrrxl.exe51⤵
- Executes dropped EXE
PID:4616 -
\??\c:\tbbtbt.exec:\tbbtbt.exe52⤵
- Executes dropped EXE
PID:4420 -
\??\c:\7ppdp.exec:\7ppdp.exe53⤵
- Executes dropped EXE
PID:4484 -
\??\c:\5vpjp.exec:\5vpjp.exe54⤵
- Executes dropped EXE
PID:2316 -
\??\c:\fxxxlrx.exec:\fxxxlrx.exe55⤵
- Executes dropped EXE
PID:1280 -
\??\c:\lfxrlfx.exec:\lfxrlfx.exe56⤵
- Executes dropped EXE
PID:676 -
\??\c:\hnbnnb.exec:\hnbnnb.exe57⤵
- Executes dropped EXE
PID:3588 -
\??\c:\vjjdv.exec:\vjjdv.exe58⤵
- Executes dropped EXE
PID:3280 -
\??\c:\vppdp.exec:\vppdp.exe59⤵
- Executes dropped EXE
PID:4328 -
\??\c:\dpvjv.exec:\dpvjv.exe60⤵
- Executes dropped EXE
PID:3800 -
\??\c:\flfrxfr.exec:\flfrxfr.exe61⤵
- Executes dropped EXE
PID:4900 -
\??\c:\nhttnn.exec:\nhttnn.exe62⤵
- Executes dropped EXE
PID:1488 -
\??\c:\thtbtb.exec:\thtbtb.exe63⤵
- Executes dropped EXE
PID:2688 -
\??\c:\9vdvj.exec:\9vdvj.exe64⤵
- Executes dropped EXE
PID:3084 -
\??\c:\dpjvj.exec:\dpjvj.exe65⤵
- Executes dropped EXE
PID:2692 -
\??\c:\flxlxlr.exec:\flxlxlr.exe66⤵PID:3088
-
\??\c:\bhnnhn.exec:\bhnnhn.exe67⤵PID:3308
-
\??\c:\djpdp.exec:\djpdp.exe68⤵PID:4296
-
\??\c:\jddjd.exec:\jddjd.exe69⤵PID:1252
-
\??\c:\llrrrfr.exec:\llrrrfr.exe70⤵PID:1740
-
\??\c:\htntnh.exec:\htntnh.exe71⤵PID:1788
-
\??\c:\bhhhbt.exec:\bhhhbt.exe72⤵PID:3300
-
\??\c:\5jddv.exec:\5jddv.exe73⤵PID:808
-
\??\c:\flffxrl.exec:\flffxrl.exe74⤵PID:1656
-
\??\c:\lrxfxxx.exec:\lrxfxxx.exe75⤵PID:3288
-
\??\c:\nhnnhh.exec:\nhnnhh.exe76⤵PID:2520
-
\??\c:\1nnnhb.exec:\1nnnhb.exe77⤵PID:4824
-
\??\c:\vvvvp.exec:\vvvvp.exe78⤵PID:1932
-
\??\c:\pdpjp.exec:\pdpjp.exe79⤵PID:5060
-
\??\c:\xxfflxf.exec:\xxfflxf.exe80⤵PID:784
-
\??\c:\hhnnhh.exec:\hhnnhh.exe81⤵PID:368
-
\??\c:\ttbtbh.exec:\ttbtbh.exe82⤵PID:2904
-
\??\c:\vpdvd.exec:\vpdvd.exe83⤵PID:452
-
\??\c:\jdjdd.exec:\jdjdd.exe84⤵PID:3472
-
\??\c:\3llxlfx.exec:\3llxlfx.exe85⤵PID:1956
-
\??\c:\lfrffxf.exec:\lfrffxf.exe86⤵PID:3196
-
\??\c:\nbnhhh.exec:\nbnhhh.exe87⤵PID:2704
-
\??\c:\bbbthh.exec:\bbbthh.exe88⤵PID:5012
-
\??\c:\pjddp.exec:\pjddp.exe89⤵PID:2728
-
\??\c:\3dvvd.exec:\3dvvd.exe90⤵PID:3332
-
\??\c:\rlfrllf.exec:\rlfrllf.exe91⤵PID:4784
-
\??\c:\jddvj.exec:\jddvj.exe92⤵PID:3716
-
\??\c:\7lxrfrl.exec:\7lxrfrl.exe93⤵PID:3744
-
\??\c:\xlxflxf.exec:\xlxflxf.exe94⤵PID:2596
-
\??\c:\3thbnn.exec:\3thbnn.exe95⤵PID:4248
-
\??\c:\htnhbb.exec:\htnhbb.exe96⤵PID:4968
-
\??\c:\5djdd.exec:\5djdd.exe97⤵PID:2600
-
\??\c:\flxrffx.exec:\flxrffx.exe98⤵PID:388
-
\??\c:\lflfxlf.exec:\lflfxlf.exe99⤵PID:1492
-
\??\c:\nttnhb.exec:\nttnhb.exe100⤵PID:2936
-
\??\c:\nhtnhb.exec:\nhtnhb.exe101⤵PID:736
-
\??\c:\dvpvv.exec:\dvpvv.exe102⤵PID:3608
-
\??\c:\pdpdv.exec:\pdpdv.exe103⤵PID:3620
-
\??\c:\frllfxr.exec:\frllfxr.exe104⤵PID:4336
-
\??\c:\3lrrlrl.exec:\3lrrlrl.exe105⤵PID:4696
-
\??\c:\bnnnbn.exec:\bnnnbn.exe106⤵PID:2216
-
\??\c:\tntnbh.exec:\tntnbh.exe107⤵PID:3252
-
\??\c:\jpvpj.exec:\jpvpj.exe108⤵PID:4044
-
\??\c:\dpjdp.exec:\dpjdp.exe109⤵PID:4584
-
\??\c:\xffflfl.exec:\xffflfl.exe110⤵PID:2228
-
\??\c:\flfxlfx.exec:\flfxlfx.exe111⤵PID:3932
-
\??\c:\1bhbhb.exec:\1bhbhb.exe112⤵PID:4160
-
\??\c:\bnthbt.exec:\bnthbt.exe113⤵PID:920
-
\??\c:\vjjdv.exec:\vjjdv.exe114⤵PID:1916
-
\??\c:\rxfllrr.exec:\rxfllrr.exe115⤵PID:1732
-
\??\c:\7rxrffr.exec:\7rxrffr.exe116⤵PID:4700
-
\??\c:\3tnbtb.exec:\3tnbtb.exe117⤵PID:4604
-
\??\c:\bttttn.exec:\bttttn.exe118⤵PID:2036
-
\??\c:\pdvpd.exec:\pdvpd.exe119⤵PID:4624
-
\??\c:\3vdvv.exec:\3vdvv.exe120⤵PID:4060
-
\??\c:\llfrrlf.exec:\llfrrlf.exe121⤵PID:4488
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-