Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
17-06-2024 01:30
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
b9f012cfcf7775fb1d894ef74675ca3f95b80029bbc62b470e2fc567bff9dfd0.exe
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
General
-
Target
b9f012cfcf7775fb1d894ef74675ca3f95b80029bbc62b470e2fc567bff9dfd0.exe
-
Size
341KB
-
MD5
4c3cc2f31ba695dcadd8c6294c09b196
-
SHA1
d8bfcb1ce535b26505d4b6ba8393efb523302c8b
-
SHA256
b9f012cfcf7775fb1d894ef74675ca3f95b80029bbc62b470e2fc567bff9dfd0
-
SHA512
7458a2a6d0c9a9bf79942d9b03a87334055f4e409a6f4ce81316d2edaa56ee33a5dece0cab57b8a0d894f4f448162844923c9a2e8e590de4282c4306be02f31c
-
SSDEEP
6144:Xcm7ImGddXgYW5fNZWB5hFfci3Add4kGYA+:l7TcbWXZshJX2VGd+
Malware Config
Signatures
-
Detect Blackmoon payload 43 IoCs
resource yara_rule behavioral1/memory/2000-0-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/1896-15-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/1984-18-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/1984-26-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/1984-25-0x0000000000220000-0x0000000000248000-memory.dmp family_blackmoon behavioral1/memory/2472-38-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/2524-40-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/2900-57-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/2552-67-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/2416-75-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/2972-93-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/2244-103-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/1664-114-0x0000000000220000-0x0000000000248000-memory.dmp family_blackmoon behavioral1/memory/2660-123-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/2144-139-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/1616-180-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/1720-183-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/1412-198-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/2320-201-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/1084-210-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/1084-217-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/2932-226-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/3052-236-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/952-254-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/1260-275-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/960-273-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/1908-328-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/2632-347-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/2600-418-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/888-419-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/1780-432-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/376-433-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/2796-459-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/2300-547-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/2892-572-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/1632-708-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/2700-759-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/2216-766-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/884-884-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/916-1183-0x00000000001B0000-0x00000000001D8000-memory.dmp family_blackmoon behavioral1/memory/1896-1196-0x00000000001B0000-0x00000000001D8000-memory.dmp family_blackmoon behavioral1/memory/2668-1296-0x0000000000220000-0x0000000000248000-memory.dmp family_blackmoon behavioral1/memory/1780-1322-0x0000000000220000-0x0000000000248000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral1/memory/2000-0-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/1896-15-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/1984-18-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/1984-26-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/2472-38-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/2524-40-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/2900-57-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/2552-58-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/2552-67-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/2416-75-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/2972-85-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/2972-93-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/2244-103-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/1664-104-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/2660-123-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/2144-139-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/1616-180-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/1720-183-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/1412-198-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/2320-201-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/1084-210-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/1084-217-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/2932-226-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/3052-228-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/3052-236-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/952-254-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/960-269-0x00000000003A0000-0x00000000003C8000-memory.dmp UPX behavioral1/memory/1260-275-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/960-273-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/1908-328-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/2632-347-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/1356-366-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/2412-386-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/3012-399-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/2600-418-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/888-419-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/1780-432-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/376-433-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/2796-459-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/2864-521-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/2300-547-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/2892-572-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/2692-585-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/472-688-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/1632-708-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/1492-714-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/2248-727-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/2700-759-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/2216-766-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/2208-773-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/2952-816-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/2832-853-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/884-884-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/1856-894-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/1040-907-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/2504-945-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/2780-1049-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/2064-1080-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/620-1137-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/1740-1150-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/916-1175-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/1896-1196-0x00000000001B0000-0x00000000001D8000-memory.dmp UPX behavioral1/memory/1928-1215-0x0000000000400000-0x0000000000428000-memory.dmp UPX behavioral1/memory/2900-1240-0x0000000000400000-0x0000000000428000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 1896 jpvpv.exe 1984 rfrrrfr.exe 2472 tbhhht.exe 2524 xrrxrxr.exe 2900 bhbnnn.exe 2552 xrffrxf.exe 2416 llrlffr.exe 2428 jdpdp.exe 2972 7rxlrxf.exe 2244 9tnbhh.exe 1664 dpvdd.exe 2660 9thbbb.exe 2104 nnbthn.exe 2144 rxlrxfr.exe 544 tbnnnb.exe 2040 vpdpv.exe 2020 xrrlllr.exe 2780 7pjvd.exe 1616 dvjdj.exe 1720 5httbh.exe 1412 5bnbth.exe 2320 jvdjp.exe 1084 fxlxxfx.exe 2932 tnbhnn.exe 3052 btbntb.exe 832 jdpdj.exe 952 rxflrlr.exe 808 nbntnb.exe 960 pjvjv.exe 1260 btbhnh.exe 1464 hbnhtn.exe 2964 xrfxffr.exe 2076 tnhnnh.exe 2268 7vpdd.exe 1040 ddpvp.exe 1896 llllxfx.exe 2824 nhbhhh.exe 1908 dpddp.exe 2576 5rflxxl.exe 2632 xrrflxl.exe 2472 tbtnth.exe 2088 vpppv.exe 2096 xllxflx.exe 1356 hhbbhn.exe 2356 nhnhbh.exe 2420 pvjjv.exe 2412 fxrxrxl.exe 2336 fxfxrxl.exe 3012 nnhtbb.exe 1240 jdpjv.exe 2600 jvjvd.exe 888 rffrlrf.exe 1780 htnhnn.exe 376 5pdjj.exe 688 vvjjj.exe 2560 llfrfxl.exe 544 bhbnbn.exe 2796 jjpdj.exe 2020 lllflrr.exe 564 flfxlff.exe 1912 5tbbbt.exe 2028 jpdvp.exe 640 pvjvv.exe 2344 bhtbbh.exe -
resource yara_rule behavioral1/memory/2000-0-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/1896-15-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/1984-18-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/1984-26-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2472-38-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2524-40-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2900-57-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2552-58-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2552-67-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2416-75-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2972-85-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2972-93-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2244-103-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/1664-104-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2660-123-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2144-139-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/1616-180-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/1720-183-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/1412-198-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2320-201-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/1084-210-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/1084-217-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2932-226-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/3052-228-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/3052-236-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/952-254-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/1260-275-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/960-273-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/1908-328-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2632-347-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/1356-366-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2412-386-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/3012-399-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2600-418-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/888-419-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/1780-432-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/376-433-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2796-459-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2864-521-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2300-547-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2892-572-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2692-585-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/472-688-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/1632-708-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/1492-714-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2248-727-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2700-759-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2216-766-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2208-773-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2952-816-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2832-853-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/884-884-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/1856-894-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/1040-907-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2504-945-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2780-1049-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2064-1080-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/620-1137-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/1740-1150-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/916-1175-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/1928-1215-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2900-1240-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2380-1253-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2668-1290-0x0000000000400000-0x0000000000428000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2000 wrote to memory of 1896 2000 b9f012cfcf7775fb1d894ef74675ca3f95b80029bbc62b470e2fc567bff9dfd0.exe 28 PID 2000 wrote to memory of 1896 2000 b9f012cfcf7775fb1d894ef74675ca3f95b80029bbc62b470e2fc567bff9dfd0.exe 28 PID 2000 wrote to memory of 1896 2000 b9f012cfcf7775fb1d894ef74675ca3f95b80029bbc62b470e2fc567bff9dfd0.exe 28 PID 2000 wrote to memory of 1896 2000 b9f012cfcf7775fb1d894ef74675ca3f95b80029bbc62b470e2fc567bff9dfd0.exe 28 PID 1896 wrote to memory of 1984 1896 jpvpv.exe 29 PID 1896 wrote to memory of 1984 1896 jpvpv.exe 29 PID 1896 wrote to memory of 1984 1896 jpvpv.exe 29 PID 1896 wrote to memory of 1984 1896 jpvpv.exe 29 PID 1984 wrote to memory of 2472 1984 rfrrrfr.exe 30 PID 1984 wrote to memory of 2472 1984 rfrrrfr.exe 30 PID 1984 wrote to memory of 2472 1984 rfrrrfr.exe 30 PID 1984 wrote to memory of 2472 1984 rfrrrfr.exe 30 PID 2472 wrote to memory of 2524 2472 tbhhht.exe 31 PID 2472 wrote to memory of 2524 2472 tbhhht.exe 31 PID 2472 wrote to memory of 2524 2472 tbhhht.exe 31 PID 2472 wrote to memory of 2524 2472 tbhhht.exe 31 PID 2524 wrote to memory of 2900 2524 xrrxrxr.exe 32 PID 2524 wrote to memory of 2900 2524 xrrxrxr.exe 32 PID 2524 wrote to memory of 2900 2524 xrrxrxr.exe 32 PID 2524 wrote to memory of 2900 2524 xrrxrxr.exe 32 PID 2900 wrote to memory of 2552 2900 bhbnnn.exe 33 PID 2900 wrote to memory of 2552 2900 bhbnnn.exe 33 PID 2900 wrote to memory of 2552 2900 bhbnnn.exe 33 PID 2900 wrote to memory of 2552 2900 bhbnnn.exe 33 PID 2552 wrote to memory of 2416 2552 xrffrxf.exe 34 PID 2552 wrote to memory of 2416 2552 xrffrxf.exe 34 PID 2552 wrote to memory of 2416 2552 xrffrxf.exe 34 PID 2552 wrote to memory of 2416 2552 xrffrxf.exe 34 PID 2416 wrote to memory of 2428 2416 llrlffr.exe 35 PID 2416 wrote to memory of 2428 2416 llrlffr.exe 35 PID 2416 wrote to memory of 2428 2416 llrlffr.exe 35 PID 2416 wrote to memory of 2428 2416 llrlffr.exe 35 PID 2428 wrote to memory of 2972 2428 jdpdp.exe 36 PID 2428 wrote to memory of 2972 2428 jdpdp.exe 36 PID 2428 wrote to memory of 2972 2428 jdpdp.exe 36 PID 2428 wrote to memory of 2972 2428 jdpdp.exe 36 PID 2972 wrote to memory of 2244 2972 7rxlrxf.exe 37 PID 2972 wrote to memory of 2244 2972 7rxlrxf.exe 37 PID 2972 wrote to memory of 2244 2972 7rxlrxf.exe 37 PID 2972 wrote to memory of 2244 2972 7rxlrxf.exe 37 PID 2244 wrote to memory of 1664 2244 9tnbhh.exe 38 PID 2244 wrote to memory of 1664 2244 9tnbhh.exe 38 PID 2244 wrote to memory of 1664 2244 9tnbhh.exe 38 PID 2244 wrote to memory of 1664 2244 9tnbhh.exe 38 PID 1664 wrote to memory of 2660 1664 dpvdd.exe 39 PID 1664 wrote to memory of 2660 1664 dpvdd.exe 39 PID 1664 wrote to memory of 2660 1664 dpvdd.exe 39 PID 1664 wrote to memory of 2660 1664 dpvdd.exe 39 PID 2660 wrote to memory of 2104 2660 9thbbb.exe 40 PID 2660 wrote to memory of 2104 2660 9thbbb.exe 40 PID 2660 wrote to memory of 2104 2660 9thbbb.exe 40 PID 2660 wrote to memory of 2104 2660 9thbbb.exe 40 PID 2104 wrote to memory of 2144 2104 nnbthn.exe 41 PID 2104 wrote to memory of 2144 2104 nnbthn.exe 41 PID 2104 wrote to memory of 2144 2104 nnbthn.exe 41 PID 2104 wrote to memory of 2144 2104 nnbthn.exe 41 PID 2144 wrote to memory of 544 2144 rxlrxfr.exe 42 PID 2144 wrote to memory of 544 2144 rxlrxfr.exe 42 PID 2144 wrote to memory of 544 2144 rxlrxfr.exe 42 PID 2144 wrote to memory of 544 2144 rxlrxfr.exe 42 PID 544 wrote to memory of 2040 544 tbnnnb.exe 43 PID 544 wrote to memory of 2040 544 tbnnnb.exe 43 PID 544 wrote to memory of 2040 544 tbnnnb.exe 43 PID 544 wrote to memory of 2040 544 tbnnnb.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\b9f012cfcf7775fb1d894ef74675ca3f95b80029bbc62b470e2fc567bff9dfd0.exe"C:\Users\Admin\AppData\Local\Temp\b9f012cfcf7775fb1d894ef74675ca3f95b80029bbc62b470e2fc567bff9dfd0.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2000 -
\??\c:\jpvpv.exec:\jpvpv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1896 -
\??\c:\rfrrrfr.exec:\rfrrrfr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1984 -
\??\c:\tbhhht.exec:\tbhhht.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2472 -
\??\c:\xrrxrxr.exec:\xrrxrxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2524 -
\??\c:\bhbnnn.exec:\bhbnnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2900 -
\??\c:\xrffrxf.exec:\xrffrxf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2552 -
\??\c:\llrlffr.exec:\llrlffr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2416 -
\??\c:\jdpdp.exec:\jdpdp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2428 -
\??\c:\7rxlrxf.exec:\7rxlrxf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2972 -
\??\c:\9tnbhh.exec:\9tnbhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2244 -
\??\c:\dpvdd.exec:\dpvdd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1664 -
\??\c:\9thbbb.exec:\9thbbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2660 -
\??\c:\nnbthn.exec:\nnbthn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2104 -
\??\c:\rxlrxfr.exec:\rxlrxfr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2144 -
\??\c:\tbnnnb.exec:\tbnnnb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:544 -
\??\c:\vpdpv.exec:\vpdpv.exe17⤵
- Executes dropped EXE
PID:2040 -
\??\c:\xrrlllr.exec:\xrrlllr.exe18⤵
- Executes dropped EXE
PID:2020 -
\??\c:\7pjvd.exec:\7pjvd.exe19⤵
- Executes dropped EXE
PID:2780 -
\??\c:\dvjdj.exec:\dvjdj.exe20⤵
- Executes dropped EXE
PID:1616 -
\??\c:\5httbh.exec:\5httbh.exe21⤵
- Executes dropped EXE
PID:1720 -
\??\c:\5bnbth.exec:\5bnbth.exe22⤵
- Executes dropped EXE
PID:1412 -
\??\c:\jvdjp.exec:\jvdjp.exe23⤵
- Executes dropped EXE
PID:2320 -
\??\c:\fxlxxfx.exec:\fxlxxfx.exe24⤵
- Executes dropped EXE
PID:1084 -
\??\c:\tnbhnn.exec:\tnbhnn.exe25⤵
- Executes dropped EXE
PID:2932 -
\??\c:\btbntb.exec:\btbntb.exe26⤵
- Executes dropped EXE
PID:3052 -
\??\c:\jdpdj.exec:\jdpdj.exe27⤵
- Executes dropped EXE
PID:832 -
\??\c:\rxflrlr.exec:\rxflrlr.exe28⤵
- Executes dropped EXE
PID:952 -
\??\c:\nbntnb.exec:\nbntnb.exe29⤵
- Executes dropped EXE
PID:808 -
\??\c:\pjvjv.exec:\pjvjv.exe30⤵
- Executes dropped EXE
PID:960 -
\??\c:\btbhnh.exec:\btbhnh.exe31⤵
- Executes dropped EXE
PID:1260 -
\??\c:\hbnhtn.exec:\hbnhtn.exe32⤵
- Executes dropped EXE
PID:1464 -
\??\c:\xrfxffr.exec:\xrfxffr.exe33⤵
- Executes dropped EXE
PID:2964 -
\??\c:\tnhnnh.exec:\tnhnnh.exe34⤵
- Executes dropped EXE
PID:2076 -
\??\c:\7vpdd.exec:\7vpdd.exe35⤵
- Executes dropped EXE
PID:2268 -
\??\c:\ddpvp.exec:\ddpvp.exe36⤵
- Executes dropped EXE
PID:1040 -
\??\c:\llllxfx.exec:\llllxfx.exe37⤵
- Executes dropped EXE
PID:1896 -
\??\c:\nhbhhh.exec:\nhbhhh.exe38⤵
- Executes dropped EXE
PID:2824 -
\??\c:\dpddp.exec:\dpddp.exe39⤵
- Executes dropped EXE
PID:1908 -
\??\c:\5rflxxl.exec:\5rflxxl.exe40⤵
- Executes dropped EXE
PID:2576 -
\??\c:\xrrflxl.exec:\xrrflxl.exe41⤵
- Executes dropped EXE
PID:2632 -
\??\c:\tbtnth.exec:\tbtnth.exe42⤵
- Executes dropped EXE
PID:2472 -
\??\c:\vpppv.exec:\vpppv.exe43⤵
- Executes dropped EXE
PID:2088 -
\??\c:\xllxflx.exec:\xllxflx.exe44⤵
- Executes dropped EXE
PID:2096 -
\??\c:\hhbbhn.exec:\hhbbhn.exe45⤵
- Executes dropped EXE
PID:1356 -
\??\c:\nhnhbh.exec:\nhnhbh.exe46⤵
- Executes dropped EXE
PID:2356 -
\??\c:\pvjjv.exec:\pvjjv.exe47⤵
- Executes dropped EXE
PID:2420 -
\??\c:\fxrxrxl.exec:\fxrxrxl.exe48⤵
- Executes dropped EXE
PID:2412 -
\??\c:\fxfxrxl.exec:\fxfxrxl.exe49⤵
- Executes dropped EXE
PID:2336 -
\??\c:\nnhtbb.exec:\nnhtbb.exe50⤵
- Executes dropped EXE
PID:3012 -
\??\c:\jdpjv.exec:\jdpjv.exe51⤵
- Executes dropped EXE
PID:1240 -
\??\c:\jvjvd.exec:\jvjvd.exe52⤵
- Executes dropped EXE
PID:2600 -
\??\c:\rffrlrf.exec:\rffrlrf.exe53⤵
- Executes dropped EXE
PID:888 -
\??\c:\htnhnn.exec:\htnhnn.exe54⤵
- Executes dropped EXE
PID:1780 -
\??\c:\5pdjj.exec:\5pdjj.exe55⤵
- Executes dropped EXE
PID:376 -
\??\c:\vvjjj.exec:\vvjjj.exe56⤵
- Executes dropped EXE
PID:688 -
\??\c:\llfrfxl.exec:\llfrfxl.exe57⤵
- Executes dropped EXE
PID:2560 -
\??\c:\bhbnbn.exec:\bhbnbn.exe58⤵
- Executes dropped EXE
PID:544 -
\??\c:\jjpdj.exec:\jjpdj.exe59⤵
- Executes dropped EXE
PID:2796 -
\??\c:\lllflrr.exec:\lllflrr.exe60⤵
- Executes dropped EXE
PID:2020 -
\??\c:\flfxlff.exec:\flfxlff.exe61⤵
- Executes dropped EXE
PID:564 -
\??\c:\5tbbbt.exec:\5tbbbt.exe62⤵
- Executes dropped EXE
PID:1912 -
\??\c:\jpdvp.exec:\jpdvp.exe63⤵
- Executes dropped EXE
PID:2028 -
\??\c:\pvjvv.exec:\pvjvv.exe64⤵
- Executes dropped EXE
PID:640 -
\??\c:\bhtbbh.exec:\bhtbbh.exe65⤵
- Executes dropped EXE
PID:2344 -
\??\c:\ntttnb.exec:\ntttnb.exe66⤵PID:656
-
\??\c:\jjdpv.exec:\jjdpv.exe67⤵PID:1444
-
\??\c:\rlllrrx.exec:\rlllrrx.exe68⤵PID:2308
-
\??\c:\3tnthn.exec:\3tnthn.exe69⤵PID:2864
-
\??\c:\ddjjp.exec:\ddjjp.exe70⤵PID:2192
-
\??\c:\pjjdv.exec:\pjjdv.exe71⤵PID:1704
-
\??\c:\lfflxfx.exec:\lfflxfx.exe72⤵PID:2300
-
\??\c:\hbttbb.exec:\hbttbb.exe73⤵PID:2236
-
\??\c:\hbttnb.exec:\hbttnb.exe74⤵PID:804
-
\??\c:\pjdpv.exec:\pjdpv.exe75⤵PID:1052
-
\??\c:\xrxffrr.exec:\xrxffrr.exe76⤵PID:1080
-
\??\c:\nnhhnt.exec:\nnhhnt.exe77⤵PID:2892
-
\??\c:\hbntnn.exec:\hbntnn.exe78⤵PID:1672
-
\??\c:\ddjpp.exec:\ddjpp.exe79⤵PID:2692
-
\??\c:\fxrxllx.exec:\fxrxllx.exe80⤵PID:2288
-
\??\c:\rrlxffl.exec:\rrlxffl.exe81⤵PID:1864
-
\??\c:\nbnbhh.exec:\nbnbhh.exe82⤵PID:2000
-
\??\c:\ppdpd.exec:\ppdpd.exe83⤵PID:1040
-
\??\c:\jdvjj.exec:\jdvjj.exe84⤵PID:1508
-
\??\c:\lllrxfl.exec:\lllrxfl.exe85⤵PID:1752
-
\??\c:\5thhnn.exec:\5thhnn.exe86⤵PID:2584
-
\??\c:\nnbbhn.exec:\nnbbhn.exe87⤵PID:2576
-
\??\c:\7jvjj.exec:\7jvjj.exe88⤵PID:2632
-
\??\c:\1rlxflx.exec:\1rlxflx.exe89⤵PID:2496
-
\??\c:\nnttnn.exec:\nnttnn.exe90⤵PID:2088
-
\??\c:\thhnnh.exec:\thhnnh.exe91⤵PID:2468
-
\??\c:\dvpvv.exec:\dvpvv.exe92⤵PID:2532
-
\??\c:\xllrflx.exec:\xllrflx.exe93⤵PID:2276
-
\??\c:\hbntbb.exec:\hbntbb.exe94⤵PID:2852
-
\??\c:\1tbnhb.exec:\1tbnhb.exe95⤵PID:2816
-
\??\c:\vppdp.exec:\vppdp.exe96⤵PID:472
-
\??\c:\xrllrxl.exec:\xrllrxl.exe97⤵PID:1280
-
\??\c:\xxrrxfx.exec:\xxrrxfx.exe98⤵PID:2592
-
\??\c:\hhbbtb.exec:\hhbbtb.exe99⤵PID:1632
-
\??\c:\pdddj.exec:\pdddj.exe100⤵PID:1492
-
\??\c:\fxfffrr.exec:\fxfffrr.exe101⤵PID:1528
-
\??\c:\lfrrffr.exec:\lfrrffr.exe102⤵PID:2248
-
\??\c:\tbthnn.exec:\tbthnn.exe103⤵PID:384
-
\??\c:\nntnnb.exec:\nntnnb.exe104⤵PID:2272
-
\??\c:\7pjpv.exec:\7pjpv.exe105⤵PID:2040
-
\??\c:\xxfffxx.exec:\xxfffxx.exe106⤵PID:3028
-
\??\c:\fxlxffl.exec:\fxlxffl.exe107⤵PID:2700
-
\??\c:\3thntb.exec:\3thntb.exe108⤵PID:2216
-
\??\c:\vpddj.exec:\vpddj.exe109⤵PID:2208
-
\??\c:\vjvjj.exec:\vjvjj.exe110⤵PID:2224
-
\??\c:\xxfrrfr.exec:\xxfrrfr.exe111⤵PID:1308
-
\??\c:\5tnbhn.exec:\5tnbhn.exe112⤵PID:1728
-
\??\c:\hhhbnn.exec:\hhhbnn.exe113⤵PID:2320
-
\??\c:\vdvjv.exec:\vdvjv.exe114⤵PID:2988
-
\??\c:\rxrllrf.exec:\rxrllrf.exe115⤵PID:712
-
\??\c:\5hthnh.exec:\5hthnh.exe116⤵PID:2952
-
\??\c:\1pddp.exec:\1pddp.exe117⤵PID:2880
-
\??\c:\jpvpv.exec:\jpvpv.exe118⤵PID:552
-
\??\c:\9flrffr.exec:\9flrffr.exe119⤵PID:936
-
\??\c:\tnhnbh.exec:\tnhnbh.exe120⤵PID:352
-
\??\c:\vjpvj.exec:\vjpvj.exe121⤵PID:920
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-