Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12-06-2024 04:59
Behavioral task
behavioral1
Sample
da03d280d83a4ae2710a8eed7aa5ee9ccf86ec14e0983ff75ff0570e7bd66a99.exe
Resource
win7-20240508-en
windows7-x64
6 signatures
150 seconds
General
-
Target
da03d280d83a4ae2710a8eed7aa5ee9ccf86ec14e0983ff75ff0570e7bd66a99.exe
-
Size
92KB
-
MD5
4972a839c57f9aa63a943ef78db9c7da
-
SHA1
0cf2f3f208c88a912f5abb0a324a65673db99bbf
-
SHA256
da03d280d83a4ae2710a8eed7aa5ee9ccf86ec14e0983ff75ff0570e7bd66a99
-
SHA512
0be2c67eb88882c2e1a6b326b715b61a48c389324be911019bfa0bc2d537b753fbb5b6989b09a50f3cb1e391874b2785e3c5790bb02e8e7af62ed87cbb074d68
-
SSDEEP
1536:8vQBeOGtrYS3srx93UBWfwC6Ggnouy80fg3Cip8iXAsG5M0u5YoWpZ8:8hOmTsF93UYfwC6GIout0fmCiiiXA6mQ
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/4840-4-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3092-10-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2892-14-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/532-19-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2524-22-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4892-31-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1360-32-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3272-40-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4368-53-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3432-62-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2176-67-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2608-73-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5052-78-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2592-81-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2576-87-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3812-93-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3032-98-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3572-102-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4628-108-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/836-110-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3832-124-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3984-122-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4612-134-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/936-141-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/748-147-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4204-151-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1872-162-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2040-165-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4948-169-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5056-172-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2620-185-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1148-193-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4356-204-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1704-209-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/736-225-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/636-233-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1944-240-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2176-247-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4580-254-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4172-265-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3032-267-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1520-271-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2884-273-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4248-282-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/436-280-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1396-288-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1152-310-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1888-313-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3928-322-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2672-332-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3520-345-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4460-348-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4004-354-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2208-362-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4436-371-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2392-409-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3672-428-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3980-439-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4224-473-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3312-495-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3052-519-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4636-584-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4620-589-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4692-647-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/4840-0-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002336e-3.dat UPX behavioral2/memory/4840-4-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000900000002353b-8.dat UPX behavioral2/memory/3092-10-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2892-14-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000800000002354c-13.dat UPX behavioral2/files/0x000700000002354d-18.dat UPX behavioral2/memory/532-19-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2524-22-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002354e-25.dat UPX behavioral2/memory/4892-26-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002354f-29.dat UPX behavioral2/memory/4892-31-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1360-32-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023550-35.dat UPX behavioral2/files/0x0007000000023551-39.dat UPX behavioral2/memory/3272-40-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023552-44.dat UPX behavioral2/files/0x0007000000023553-48.dat UPX behavioral2/files/0x0007000000023554-52.dat UPX behavioral2/memory/4368-53-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023555-57.dat UPX behavioral2/memory/3432-62-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023556-61.dat UPX behavioral2/files/0x0007000000023557-66.dat UPX behavioral2/memory/2176-67-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2608-69-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2608-73-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023558-72.dat UPX behavioral2/files/0x0007000000023559-77.dat UPX behavioral2/memory/5052-78-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2592-81-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002355a-83.dat UPX behavioral2/memory/2576-87-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002355b-88.dat UPX behavioral2/memory/3812-93-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002355c-92.dat UPX behavioral2/files/0x000700000002355d-97.dat UPX behavioral2/memory/3032-98-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3572-102-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002355e-103.dat UPX behavioral2/files/0x000700000002355f-107.dat UPX behavioral2/memory/4628-108-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/836-110-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023560-114.dat UPX behavioral2/files/0x0007000000023561-117.dat UPX behavioral2/memory/3832-124-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023562-123.dat UPX behavioral2/memory/3984-122-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023563-127.dat UPX behavioral2/files/0x0007000000023564-131.dat UPX behavioral2/memory/4612-134-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023565-136.dat UPX behavioral2/memory/936-138-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023566-142.dat UPX behavioral2/memory/936-141-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/748-147-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a000000023541-146.dat UPX behavioral2/files/0x0007000000023567-152.dat UPX behavioral2/memory/4204-151-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023568-156.dat UPX behavioral2/memory/1872-162-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2040-165-0x0000000000400000-0x0000000000427000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 3092 hntttn.exe 2892 vpvvp.exe 532 rlrxlrl.exe 2524 nhtnbn.exe 4892 nhtntt.exe 1360 fxxxllx.exe 3272 3ffxrlx.exe 2800 vddpd.exe 2480 5fflxxl.exe 4368 bhhtnb.exe 2872 bnnbhb.exe 3432 9ppdj.exe 2176 llxlxlx.exe 2608 nbtnbn.exe 5052 pjdpd.exe 2592 xxxlxfr.exe 2576 frlrfrf.exe 3812 ntthbt.exe 3032 pddpd.exe 3572 dddvp.exe 4628 rfxlxrl.exe 836 3bbnnh.exe 1620 bbbnth.exe 3984 dpvvj.exe 3832 rflxrrr.exe 4636 rfffxfx.exe 4612 bthtbt.exe 936 thnhht.exe 748 pvpdd.exe 4204 1fxlxrl.exe 1472 9xxlrfl.exe 1868 9hbtnh.exe 1872 jdvpj.exe 2040 lrlxxrl.exe 4948 frrlxrl.exe 5056 ththbb.exe 3928 pdvpd.exe 2248 7jjpp.exe 2764 5llxrll.exe 4264 xllxlxr.exe 3316 hbhhbh.exe 2620 vjjvj.exe 4432 dpdpd.exe 3448 lrfrfrl.exe 1148 xllflfr.exe 3520 nbtnhb.exe 4460 jpdjv.exe 4836 jpjdp.exe 4356 xffxlfx.exe 4004 btttbt.exe 1704 rxlfxxr.exe 4940 hnnhbt.exe 5068 tntnnh.exe 3528 9ppjv.exe 4892 xllrlrl.exe 5112 3nnbbt.exe 4376 hthbbt.exe 2968 dvpjd.exe 736 vddvv.exe 3004 xrxrfxr.exe 640 nhbtnn.exe 636 hbbnbn.exe 1924 pjjdd.exe 3624 fxfrrlf.exe -
resource yara_rule behavioral2/memory/4840-0-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002336e-3.dat upx behavioral2/memory/4840-4-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000900000002353b-8.dat upx behavioral2/memory/3092-10-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2892-14-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000800000002354c-13.dat upx behavioral2/files/0x000700000002354d-18.dat upx behavioral2/memory/532-19-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2524-22-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002354e-25.dat upx behavioral2/memory/4892-26-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002354f-29.dat upx behavioral2/memory/4892-31-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1360-32-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023550-35.dat upx behavioral2/files/0x0007000000023551-39.dat upx behavioral2/memory/3272-40-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023552-44.dat upx behavioral2/files/0x0007000000023553-48.dat upx behavioral2/files/0x0007000000023554-52.dat upx behavioral2/memory/4368-53-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023555-57.dat upx behavioral2/memory/3432-62-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023556-61.dat upx behavioral2/files/0x0007000000023557-66.dat upx behavioral2/memory/2176-67-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2608-69-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2608-73-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023558-72.dat upx behavioral2/files/0x0007000000023559-77.dat upx behavioral2/memory/5052-78-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2592-81-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002355a-83.dat upx behavioral2/memory/2576-87-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002355b-88.dat upx behavioral2/memory/3812-93-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002355c-92.dat upx behavioral2/files/0x000700000002355d-97.dat upx behavioral2/memory/3032-98-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3572-102-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002355e-103.dat upx behavioral2/files/0x000700000002355f-107.dat upx behavioral2/memory/4628-108-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/836-110-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023560-114.dat upx behavioral2/files/0x0007000000023561-117.dat upx behavioral2/memory/3832-124-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023562-123.dat upx behavioral2/memory/3984-122-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023563-127.dat upx behavioral2/files/0x0007000000023564-131.dat upx behavioral2/memory/4612-134-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023565-136.dat upx behavioral2/memory/936-138-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023566-142.dat upx behavioral2/memory/936-141-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/748-147-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000023541-146.dat upx behavioral2/files/0x0007000000023567-152.dat upx behavioral2/memory/4204-151-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023568-156.dat upx behavioral2/memory/1872-162-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2040-165-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4840 wrote to memory of 3092 4840 da03d280d83a4ae2710a8eed7aa5ee9ccf86ec14e0983ff75ff0570e7bd66a99.exe 80 PID 4840 wrote to memory of 3092 4840 da03d280d83a4ae2710a8eed7aa5ee9ccf86ec14e0983ff75ff0570e7bd66a99.exe 80 PID 4840 wrote to memory of 3092 4840 da03d280d83a4ae2710a8eed7aa5ee9ccf86ec14e0983ff75ff0570e7bd66a99.exe 80 PID 3092 wrote to memory of 2892 3092 hntttn.exe 81 PID 3092 wrote to memory of 2892 3092 hntttn.exe 81 PID 3092 wrote to memory of 2892 3092 hntttn.exe 81 PID 2892 wrote to memory of 532 2892 vpvvp.exe 82 PID 2892 wrote to memory of 532 2892 vpvvp.exe 82 PID 2892 wrote to memory of 532 2892 vpvvp.exe 82 PID 532 wrote to memory of 2524 532 rlrxlrl.exe 83 PID 532 wrote to memory of 2524 532 rlrxlrl.exe 83 PID 532 wrote to memory of 2524 532 rlrxlrl.exe 83 PID 2524 wrote to memory of 4892 2524 nhtnbn.exe 85 PID 2524 wrote to memory of 4892 2524 nhtnbn.exe 85 PID 2524 wrote to memory of 4892 2524 nhtnbn.exe 85 PID 4892 wrote to memory of 1360 4892 nhtntt.exe 86 PID 4892 wrote to memory of 1360 4892 nhtntt.exe 86 PID 4892 wrote to memory of 1360 4892 nhtntt.exe 86 PID 1360 wrote to memory of 3272 1360 fxxxllx.exe 87 PID 1360 wrote to memory of 3272 1360 fxxxllx.exe 87 PID 1360 wrote to memory of 3272 1360 fxxxllx.exe 87 PID 3272 wrote to memory of 2800 3272 3ffxrlx.exe 89 PID 3272 wrote to memory of 2800 3272 3ffxrlx.exe 89 PID 3272 wrote to memory of 2800 3272 3ffxrlx.exe 89 PID 2800 wrote to memory of 2480 2800 vddpd.exe 90 PID 2800 wrote to memory of 2480 2800 vddpd.exe 90 PID 2800 wrote to memory of 2480 2800 vddpd.exe 90 PID 2480 wrote to memory of 4368 2480 5fflxxl.exe 91 PID 2480 wrote to memory of 4368 2480 5fflxxl.exe 91 PID 2480 wrote to memory of 4368 2480 5fflxxl.exe 91 PID 4368 wrote to memory of 2872 4368 bhhtnb.exe 92 PID 4368 wrote to memory of 2872 4368 bhhtnb.exe 92 PID 4368 wrote to memory of 2872 4368 bhhtnb.exe 92 PID 2872 wrote to memory of 3432 2872 bnnbhb.exe 93 PID 2872 wrote to memory of 3432 2872 bnnbhb.exe 93 PID 2872 wrote to memory of 3432 2872 bnnbhb.exe 93 PID 3432 wrote to memory of 2176 3432 9ppdj.exe 94 PID 3432 wrote to memory of 2176 3432 9ppdj.exe 94 PID 3432 wrote to memory of 2176 3432 9ppdj.exe 94 PID 2176 wrote to memory of 2608 2176 llxlxlx.exe 96 PID 2176 wrote to memory of 2608 2176 llxlxlx.exe 96 PID 2176 wrote to memory of 2608 2176 llxlxlx.exe 96 PID 2608 wrote to memory of 5052 2608 nbtnbn.exe 97 PID 2608 wrote to memory of 5052 2608 nbtnbn.exe 97 PID 2608 wrote to memory of 5052 2608 nbtnbn.exe 97 PID 5052 wrote to memory of 2592 5052 pjdpd.exe 98 PID 5052 wrote to memory of 2592 5052 pjdpd.exe 98 PID 5052 wrote to memory of 2592 5052 pjdpd.exe 98 PID 2592 wrote to memory of 2576 2592 xxxlxfr.exe 99 PID 2592 wrote to memory of 2576 2592 xxxlxfr.exe 99 PID 2592 wrote to memory of 2576 2592 xxxlxfr.exe 99 PID 2576 wrote to memory of 3812 2576 frlrfrf.exe 100 PID 2576 wrote to memory of 3812 2576 frlrfrf.exe 100 PID 2576 wrote to memory of 3812 2576 frlrfrf.exe 100 PID 3812 wrote to memory of 3032 3812 ntthbt.exe 101 PID 3812 wrote to memory of 3032 3812 ntthbt.exe 101 PID 3812 wrote to memory of 3032 3812 ntthbt.exe 101 PID 3032 wrote to memory of 3572 3032 pddpd.exe 102 PID 3032 wrote to memory of 3572 3032 pddpd.exe 102 PID 3032 wrote to memory of 3572 3032 pddpd.exe 102 PID 3572 wrote to memory of 4628 3572 dddvp.exe 103 PID 3572 wrote to memory of 4628 3572 dddvp.exe 103 PID 3572 wrote to memory of 4628 3572 dddvp.exe 103 PID 4628 wrote to memory of 836 4628 rfxlxrl.exe 104
Processes
-
C:\Users\Admin\AppData\Local\Temp\da03d280d83a4ae2710a8eed7aa5ee9ccf86ec14e0983ff75ff0570e7bd66a99.exe"C:\Users\Admin\AppData\Local\Temp\da03d280d83a4ae2710a8eed7aa5ee9ccf86ec14e0983ff75ff0570e7bd66a99.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4840 -
\??\c:\hntttn.exec:\hntttn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3092 -
\??\c:\vpvvp.exec:\vpvvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2892 -
\??\c:\rlrxlrl.exec:\rlrxlrl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:532 -
\??\c:\nhtnbn.exec:\nhtnbn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2524 -
\??\c:\nhtntt.exec:\nhtntt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4892 -
\??\c:\fxxxllx.exec:\fxxxllx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1360 -
\??\c:\3ffxrlx.exec:\3ffxrlx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3272 -
\??\c:\vddpd.exec:\vddpd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2800 -
\??\c:\5fflxxl.exec:\5fflxxl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2480 -
\??\c:\bhhtnb.exec:\bhhtnb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4368 -
\??\c:\bnnbhb.exec:\bnnbhb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2872 -
\??\c:\9ppdj.exec:\9ppdj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3432 -
\??\c:\llxlxlx.exec:\llxlxlx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2176 -
\??\c:\nbtnbn.exec:\nbtnbn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2608 -
\??\c:\pjdpd.exec:\pjdpd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5052 -
\??\c:\xxxlxfr.exec:\xxxlxfr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2592 -
\??\c:\frlrfrf.exec:\frlrfrf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2576 -
\??\c:\ntthbt.exec:\ntthbt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3812 -
\??\c:\pddpd.exec:\pddpd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3032 -
\??\c:\dddvp.exec:\dddvp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3572 -
\??\c:\rfxlxrl.exec:\rfxlxrl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4628 -
\??\c:\3bbnnh.exec:\3bbnnh.exe23⤵
- Executes dropped EXE
PID:836 -
\??\c:\bbbnth.exec:\bbbnth.exe24⤵
- Executes dropped EXE
PID:1620 -
\??\c:\dpvvj.exec:\dpvvj.exe25⤵
- Executes dropped EXE
PID:3984 -
\??\c:\rflxrrr.exec:\rflxrrr.exe26⤵
- Executes dropped EXE
PID:3832 -
\??\c:\rfffxfx.exec:\rfffxfx.exe27⤵
- Executes dropped EXE
PID:4636 -
\??\c:\bthtbt.exec:\bthtbt.exe28⤵
- Executes dropped EXE
PID:4612 -
\??\c:\thnhht.exec:\thnhht.exe29⤵
- Executes dropped EXE
PID:936 -
\??\c:\pvpdd.exec:\pvpdd.exe30⤵
- Executes dropped EXE
PID:748 -
\??\c:\1fxlxrl.exec:\1fxlxrl.exe31⤵
- Executes dropped EXE
PID:4204 -
\??\c:\9xxlrfl.exec:\9xxlrfl.exe32⤵
- Executes dropped EXE
PID:1472 -
\??\c:\9hbtnh.exec:\9hbtnh.exe33⤵
- Executes dropped EXE
PID:1868 -
\??\c:\jdvpj.exec:\jdvpj.exe34⤵
- Executes dropped EXE
PID:1872 -
\??\c:\lrlxxrl.exec:\lrlxxrl.exe35⤵
- Executes dropped EXE
PID:2040 -
\??\c:\frrlxrl.exec:\frrlxrl.exe36⤵
- Executes dropped EXE
PID:4948 -
\??\c:\ththbb.exec:\ththbb.exe37⤵
- Executes dropped EXE
PID:5056 -
\??\c:\pdvpd.exec:\pdvpd.exe38⤵
- Executes dropped EXE
PID:3928 -
\??\c:\7jjpp.exec:\7jjpp.exe39⤵
- Executes dropped EXE
PID:2248 -
\??\c:\5llxrll.exec:\5llxrll.exe40⤵
- Executes dropped EXE
PID:2764 -
\??\c:\xllxlxr.exec:\xllxlxr.exe41⤵
- Executes dropped EXE
PID:4264 -
\??\c:\hbhhbh.exec:\hbhhbh.exe42⤵
- Executes dropped EXE
PID:3316 -
\??\c:\vjjvj.exec:\vjjvj.exe43⤵
- Executes dropped EXE
PID:2620 -
\??\c:\dpdpd.exec:\dpdpd.exe44⤵
- Executes dropped EXE
PID:4432 -
\??\c:\lrfrfrl.exec:\lrfrfrl.exe45⤵
- Executes dropped EXE
PID:3448 -
\??\c:\xllflfr.exec:\xllflfr.exe46⤵
- Executes dropped EXE
PID:1148 -
\??\c:\nbtnhb.exec:\nbtnhb.exe47⤵
- Executes dropped EXE
PID:3520 -
\??\c:\jpdjv.exec:\jpdjv.exe48⤵
- Executes dropped EXE
PID:4460 -
\??\c:\jpjdp.exec:\jpjdp.exe49⤵
- Executes dropped EXE
PID:4836 -
\??\c:\xffxlfx.exec:\xffxlfx.exe50⤵
- Executes dropped EXE
PID:4356 -
\??\c:\btttbt.exec:\btttbt.exe51⤵
- Executes dropped EXE
PID:4004 -
\??\c:\rxlfxxr.exec:\rxlfxxr.exe52⤵
- Executes dropped EXE
PID:1704 -
\??\c:\hnnhbt.exec:\hnnhbt.exe53⤵
- Executes dropped EXE
PID:4940 -
\??\c:\tntnnh.exec:\tntnnh.exe54⤵
- Executes dropped EXE
PID:5068 -
\??\c:\9ppjv.exec:\9ppjv.exe55⤵
- Executes dropped EXE
PID:3528 -
\??\c:\xllrlrl.exec:\xllrlrl.exe56⤵
- Executes dropped EXE
PID:4892 -
\??\c:\3nnbbt.exec:\3nnbbt.exe57⤵
- Executes dropped EXE
PID:5112 -
\??\c:\hthbbt.exec:\hthbbt.exe58⤵
- Executes dropped EXE
PID:4376 -
\??\c:\dvpjd.exec:\dvpjd.exe59⤵
- Executes dropped EXE
PID:2968 -
\??\c:\vddvv.exec:\vddvv.exe60⤵
- Executes dropped EXE
PID:736 -
\??\c:\xrxrfxr.exec:\xrxrfxr.exe61⤵
- Executes dropped EXE
PID:3004 -
\??\c:\nhbtnn.exec:\nhbtnn.exe62⤵
- Executes dropped EXE
PID:640 -
\??\c:\hbbnbn.exec:\hbbnbn.exe63⤵
- Executes dropped EXE
PID:636 -
\??\c:\pjjdd.exec:\pjjdd.exe64⤵
- Executes dropped EXE
PID:1924 -
\??\c:\fxfrrlf.exec:\fxfrrlf.exe65⤵
- Executes dropped EXE
PID:3624 -
\??\c:\xlxxrlx.exec:\xlxxrlx.exe66⤵PID:1944
-
\??\c:\hbbtnn.exec:\hbbtnn.exe67⤵PID:3648
-
\??\c:\bttnbt.exec:\bttnbt.exe68⤵PID:744
-
\??\c:\dppjv.exec:\dppjv.exe69⤵PID:2176
-
\??\c:\3frlllr.exec:\3frlllr.exe70⤵PID:2760
-
\??\c:\ttbbtt.exec:\ttbbtt.exe71⤵PID:3500
-
\??\c:\tnthbb.exec:\tnthbb.exe72⤵PID:4580
-
\??\c:\pddvp.exec:\pddvp.exe73⤵PID:2220
-
\??\c:\1xxlxrf.exec:\1xxlxrf.exe74⤵PID:3076
-
\??\c:\lflffxf.exec:\lflffxf.exe75⤵PID:4988
-
\??\c:\nnhbnh.exec:\nnhbnh.exe76⤵PID:4668
-
\??\c:\tbbthh.exec:\tbbthh.exe77⤵PID:4172
-
\??\c:\vvpjv.exec:\vvpjv.exe78⤵PID:3032
-
\??\c:\1pvpp.exec:\1pvpp.exe79⤵PID:1520
-
\??\c:\3lrllfr.exec:\3lrllfr.exe80⤵PID:2884
-
\??\c:\tnttnh.exec:\tnttnh.exe81⤵PID:4520
-
\??\c:\3ddvj.exec:\3ddvj.exe82⤵PID:436
-
\??\c:\rrfxlfl.exec:\rrfxlfl.exe83⤵PID:4248
-
\??\c:\rllllff.exec:\rllllff.exe84⤵PID:3976
-
\??\c:\tnbbbn.exec:\tnbbbn.exe85⤵PID:3832
-
\??\c:\nhbthb.exec:\nhbthb.exe86⤵PID:1396
-
\??\c:\5vjdp.exec:\5vjdp.exe87⤵PID:1000
-
\??\c:\lffxrxr.exec:\lffxrxr.exe88⤵PID:3848
-
\??\c:\xfrffxx.exec:\xfrffxx.exe89⤵PID:844
-
\??\c:\btbbnh.exec:\btbbnh.exe90⤵PID:3688
-
\??\c:\nnnnnt.exec:\nnnnnt.exe91⤵PID:5096
-
\??\c:\jppjd.exec:\jppjd.exe92⤵PID:4596
-
\??\c:\3rxfrrr.exec:\3rxfrrr.exe93⤵PID:3704
-
\??\c:\1lrllxr.exec:\1lrllxr.exe94⤵PID:4508
-
\??\c:\hbnbnh.exec:\hbnbnh.exe95⤵PID:1152
-
\??\c:\nnnbtn.exec:\nnnbtn.exe96⤵PID:1888
-
\??\c:\jjppp.exec:\jjppp.exe97⤵PID:2448
-
\??\c:\pvdvj.exec:\pvdvj.exe98⤵PID:3992
-
\??\c:\rxxlxrl.exec:\rxxlxrl.exe99⤵PID:3196
-
\??\c:\bhbthb.exec:\bhbthb.exe100⤵PID:3928
-
\??\c:\tnttnn.exec:\tnttnn.exe101⤵PID:2248
-
\??\c:\dpvpj.exec:\dpvpj.exe102⤵PID:3440
-
\??\c:\1xrfrrl.exec:\1xrfrrl.exe103⤵PID:4264
-
\??\c:\tbbnbt.exec:\tbbnbt.exe104⤵PID:2672
-
\??\c:\5hhbbb.exec:\5hhbbb.exe105⤵PID:4068
-
\??\c:\9vvpd.exec:\9vvpd.exe106⤵PID:4432
-
\??\c:\pdddd.exec:\pdddd.exe107⤵PID:3448
-
\??\c:\lfrlrlf.exec:\lfrlrlf.exe108⤵PID:2560
-
\??\c:\7btnbb.exec:\7btnbb.exe109⤵PID:1968
-
\??\c:\7nnhtn.exec:\7nnhtn.exe110⤵PID:3520
-
\??\c:\vpjdj.exec:\vpjdj.exe111⤵PID:4460
-
\??\c:\rfxrlff.exec:\rfxrlff.exe112⤵PID:4836
-
\??\c:\bttnth.exec:\bttnth.exe113⤵PID:4768
-
\??\c:\nnbnnh.exec:\nnbnnh.exe114⤵PID:4004
-
\??\c:\nbhbnh.exec:\nbhbnh.exe115⤵PID:1704
-
\??\c:\pddjv.exec:\pddjv.exe116⤵PID:4940
-
\??\c:\5xrrxfr.exec:\5xrrxfr.exe117⤵PID:2208
-
\??\c:\1nnnnn.exec:\1nnnnn.exe118⤵PID:3528
-
\??\c:\3nhbhb.exec:\3nhbhb.exe119⤵PID:3796
-
\??\c:\jpjdp.exec:\jpjdp.exe120⤵PID:5112
-
\??\c:\jddjv.exec:\jddjv.exe121⤵PID:4436
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-