Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
17/06/2024, 02:09
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c8246fb2f9119ba24da9915f22ee65380338ce97a554e84416ae2ffb082e2634.exe
Resource
win7-20240611-en
windows7-x64
6 signatures
150 seconds
General
-
Target
c8246fb2f9119ba24da9915f22ee65380338ce97a554e84416ae2ffb082e2634.exe
-
Size
305KB
-
MD5
e5c2a98ce322ea8b9ab2a2a00bcc978a
-
SHA1
679eb791a7a122b6e15e5c2ed76e5f650ea15103
-
SHA256
c8246fb2f9119ba24da9915f22ee65380338ce97a554e84416ae2ffb082e2634
-
SHA512
d11f2f0ce3761b595bdd39501663ebee6c6fea9e39a125dc51e5ea50493e613f4e70aef2a2739052c49aef3199701952f1c31bd04fc2d81b86832e6c110219a9
-
SSDEEP
3072:PhOm2sI93UufdC67cihfmCiiiXAQ5lpBoG74Abtud+3SomfOTr00Q:Pcm7ImGddXtWrXF5lpKGsAbA+3pB0z
Malware Config
Signatures
-
Detect Blackmoon payload 44 IoCs
resource yara_rule behavioral1/memory/2836-1-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3048-10-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2596-18-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2748-34-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2716-42-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2628-52-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2492-62-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2636-75-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2716-83-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/2780-95-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2960-93-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/376-131-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/972-155-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2020-166-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1580-189-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2204-200-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1924-208-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2088-226-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2260-244-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2840-295-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2672-340-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2760-354-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2532-381-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2636-394-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2776-407-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1456-433-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2980-475-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2032-482-0x00000000001B0000-0x00000000001D9000-memory.dmp family_blackmoon behavioral1/memory/2220-489-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1988-502-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/784-533-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/748-577-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1852-633-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2572-655-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2800-668-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1112-772-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2340-829-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1020-913-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/2052-914-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2696-951-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/2492-991-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/2492-1029-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/2396-1190-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/1020-1215-0x00000000003B0000-0x00000000003D9000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral1/memory/2836-1-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/3048-10-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2596-18-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2748-34-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2716-42-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2492-53-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2628-52-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2492-62-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2468-64-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2636-75-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2780-95-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2960-93-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2924-104-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/380-114-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/376-131-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/972-155-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2020-166-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2204-191-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1580-189-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2204-200-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1924-208-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2088-226-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/836-228-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2260-244-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/820-262-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2840-295-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2552-315-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2672-340-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2676-341-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2760-354-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2604-367-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/3020-374-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2532-381-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2636-394-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2776-407-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1456-433-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1768-434-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1512-441-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/596-448-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1576-462-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2980-475-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2220-489-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1988-502-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/784-533-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/748-577-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1852-633-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2572-655-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2800-668-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1112-772-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2340-829-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/840-874-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2364-887-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2052-914-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2676-953-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2492-984-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2532-992-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2220-1084-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2216-1109-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2432-1165-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1020-1215-0x00000000003B0000-0x00000000003D9000-memory.dmp UPX behavioral1/memory/1740-1217-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2848-1243-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2504-1256-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2628-1263-0x0000000000400000-0x0000000000429000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 3048 hbthbh.exe 2596 nbtthh.exe 2748 fxlrffl.exe 2716 vdppv.exe 2628 lfxxfll.exe 2492 tnbbhh.exe 2468 vvpdp.exe 2636 hhtbth.exe 2960 3jdjp.exe 2780 flfxfxr.exe 2924 hnnbth.exe 380 rlxlfrx.exe 1716 hhbbtb.exe 376 9vvvd.exe 536 flffxrf.exe 972 vdjvd.exe 2116 rlfrxrx.exe 2020 5ntbtt.exe 1952 llrrffr.exe 1580 hhtbnh.exe 2204 vpvdp.exe 1924 ffrlxlr.exe 1984 hbhhnb.exe 2088 xxlfllr.exe 836 tnhnnh.exe 2260 vpvvv.exe 1696 lrfxrrl.exe 1552 vdvvd.exe 820 lrfxxff.exe 1144 thnhnn.exe 1216 9vpjp.exe 2840 tntbnn.exe 2064 ppjpd.exe 2052 rllxrrl.exe 3016 nnbntt.exe 2552 5vdvj.exe 2336 fxfrlrf.exe 2612 5lllxrx.exe 2672 hbbbht.exe 2676 ppvdd.exe 2600 fxrxfxr.exe 2760 tnnbnn.exe 2800 hntthn.exe 2604 jvjdp.exe 3020 frfrlrl.exe 2532 nhbhtb.exe 2944 5pdvp.exe 2636 5pddd.exe 2776 xrxxlff.exe 2796 nnhnbn.exe 2904 vdvvj.exe 1352 pvjjj.exe 1456 rlrfffr.exe 1768 nhhhnb.exe 1512 vvjjp.exe 596 9lffrlr.exe 600 rrfrxrf.exe 1576 htbbbb.exe 2980 dvjdj.exe 2032 ffrlrrl.exe 2220 frrrlrx.exe 2564 1nbbhn.exe 1972 3dvjp.exe 1988 xrffffl.exe -
resource yara_rule behavioral1/memory/2836-1-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3048-10-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2596-18-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2748-34-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2716-42-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2492-53-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2628-52-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2492-62-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2468-64-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2636-75-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2780-95-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2960-93-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2924-104-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/380-114-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/376-131-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/972-155-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2020-166-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2204-191-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1580-189-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2204-200-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1924-208-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2088-226-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/836-228-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2260-244-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/820-262-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2840-295-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2552-315-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2672-340-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2676-341-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2760-354-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2604-367-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3020-374-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2532-381-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2636-394-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2776-407-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1456-433-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1768-434-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1512-441-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/596-448-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2980-475-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2220-489-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1988-502-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/784-533-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/748-577-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1852-633-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2572-655-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2800-668-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1112-772-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2340-829-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/840-874-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2364-887-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2052-914-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2676-953-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2492-984-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2532-992-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2220-1084-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2216-1109-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2432-1165-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1020-1215-0x00000000003B0000-0x00000000003D9000-memory.dmp upx behavioral1/memory/1740-1217-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2848-1243-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2504-1256-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2628-1263-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2836 wrote to memory of 3048 2836 c8246fb2f9119ba24da9915f22ee65380338ce97a554e84416ae2ffb082e2634.exe 28 PID 2836 wrote to memory of 3048 2836 c8246fb2f9119ba24da9915f22ee65380338ce97a554e84416ae2ffb082e2634.exe 28 PID 2836 wrote to memory of 3048 2836 c8246fb2f9119ba24da9915f22ee65380338ce97a554e84416ae2ffb082e2634.exe 28 PID 2836 wrote to memory of 3048 2836 c8246fb2f9119ba24da9915f22ee65380338ce97a554e84416ae2ffb082e2634.exe 28 PID 3048 wrote to memory of 2596 3048 hbthbh.exe 29 PID 3048 wrote to memory of 2596 3048 hbthbh.exe 29 PID 3048 wrote to memory of 2596 3048 hbthbh.exe 29 PID 3048 wrote to memory of 2596 3048 hbthbh.exe 29 PID 2596 wrote to memory of 2748 2596 nbtthh.exe 30 PID 2596 wrote to memory of 2748 2596 nbtthh.exe 30 PID 2596 wrote to memory of 2748 2596 nbtthh.exe 30 PID 2596 wrote to memory of 2748 2596 nbtthh.exe 30 PID 2748 wrote to memory of 2716 2748 fxlrffl.exe 31 PID 2748 wrote to memory of 2716 2748 fxlrffl.exe 31 PID 2748 wrote to memory of 2716 2748 fxlrffl.exe 31 PID 2748 wrote to memory of 2716 2748 fxlrffl.exe 31 PID 2716 wrote to memory of 2628 2716 vdppv.exe 32 PID 2716 wrote to memory of 2628 2716 vdppv.exe 32 PID 2716 wrote to memory of 2628 2716 vdppv.exe 32 PID 2716 wrote to memory of 2628 2716 vdppv.exe 32 PID 2628 wrote to memory of 2492 2628 lfxxfll.exe 33 PID 2628 wrote to memory of 2492 2628 lfxxfll.exe 33 PID 2628 wrote to memory of 2492 2628 lfxxfll.exe 33 PID 2628 wrote to memory of 2492 2628 lfxxfll.exe 33 PID 2492 wrote to memory of 2468 2492 tnbbhh.exe 34 PID 2492 wrote to memory of 2468 2492 tnbbhh.exe 34 PID 2492 wrote to memory of 2468 2492 tnbbhh.exe 34 PID 2492 wrote to memory of 2468 2492 tnbbhh.exe 34 PID 2468 wrote to memory of 2636 2468 vvpdp.exe 35 PID 2468 wrote to memory of 2636 2468 vvpdp.exe 35 PID 2468 wrote to memory of 2636 2468 vvpdp.exe 35 PID 2468 wrote to memory of 2636 2468 vvpdp.exe 35 PID 2636 wrote to memory of 2960 2636 hhtbth.exe 36 PID 2636 wrote to memory of 2960 2636 hhtbth.exe 36 PID 2636 wrote to memory of 2960 2636 hhtbth.exe 36 PID 2636 wrote to memory of 2960 2636 hhtbth.exe 36 PID 2960 wrote to memory of 2780 2960 3jdjp.exe 37 PID 2960 wrote to memory of 2780 2960 3jdjp.exe 37 PID 2960 wrote to memory of 2780 2960 3jdjp.exe 37 PID 2960 wrote to memory of 2780 2960 3jdjp.exe 37 PID 2780 wrote to memory of 2924 2780 flfxfxr.exe 38 PID 2780 wrote to memory of 2924 2780 flfxfxr.exe 38 PID 2780 wrote to memory of 2924 2780 flfxfxr.exe 38 PID 2780 wrote to memory of 2924 2780 flfxfxr.exe 38 PID 2924 wrote to memory of 380 2924 hnnbth.exe 39 PID 2924 wrote to memory of 380 2924 hnnbth.exe 39 PID 2924 wrote to memory of 380 2924 hnnbth.exe 39 PID 2924 wrote to memory of 380 2924 hnnbth.exe 39 PID 380 wrote to memory of 1716 380 rlxlfrx.exe 40 PID 380 wrote to memory of 1716 380 rlxlfrx.exe 40 PID 380 wrote to memory of 1716 380 rlxlfrx.exe 40 PID 380 wrote to memory of 1716 380 rlxlfrx.exe 40 PID 1716 wrote to memory of 376 1716 hhbbtb.exe 41 PID 1716 wrote to memory of 376 1716 hhbbtb.exe 41 PID 1716 wrote to memory of 376 1716 hhbbtb.exe 41 PID 1716 wrote to memory of 376 1716 hhbbtb.exe 41 PID 376 wrote to memory of 536 376 9vvvd.exe 42 PID 376 wrote to memory of 536 376 9vvvd.exe 42 PID 376 wrote to memory of 536 376 9vvvd.exe 42 PID 376 wrote to memory of 536 376 9vvvd.exe 42 PID 536 wrote to memory of 972 536 flffxrf.exe 43 PID 536 wrote to memory of 972 536 flffxrf.exe 43 PID 536 wrote to memory of 972 536 flffxrf.exe 43 PID 536 wrote to memory of 972 536 flffxrf.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\c8246fb2f9119ba24da9915f22ee65380338ce97a554e84416ae2ffb082e2634.exe"C:\Users\Admin\AppData\Local\Temp\c8246fb2f9119ba24da9915f22ee65380338ce97a554e84416ae2ffb082e2634.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2836 -
\??\c:\hbthbh.exec:\hbthbh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3048 -
\??\c:\nbtthh.exec:\nbtthh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2596 -
\??\c:\fxlrffl.exec:\fxlrffl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2748 -
\??\c:\vdppv.exec:\vdppv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2716 -
\??\c:\lfxxfll.exec:\lfxxfll.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2628 -
\??\c:\tnbbhh.exec:\tnbbhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2492 -
\??\c:\vvpdp.exec:\vvpdp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2468 -
\??\c:\hhtbth.exec:\hhtbth.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2636 -
\??\c:\3jdjp.exec:\3jdjp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2960 -
\??\c:\flfxfxr.exec:\flfxfxr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2780 -
\??\c:\hnnbth.exec:\hnnbth.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2924 -
\??\c:\rlxlfrx.exec:\rlxlfrx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:380 -
\??\c:\hhbbtb.exec:\hhbbtb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1716 -
\??\c:\9vvvd.exec:\9vvvd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:376 -
\??\c:\flffxrf.exec:\flffxrf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:536 -
\??\c:\vdjvd.exec:\vdjvd.exe17⤵
- Executes dropped EXE
PID:972 -
\??\c:\rlfrxrx.exec:\rlfrxrx.exe18⤵
- Executes dropped EXE
PID:2116 -
\??\c:\5ntbtt.exec:\5ntbtt.exe19⤵
- Executes dropped EXE
PID:2020 -
\??\c:\llrrffr.exec:\llrrffr.exe20⤵
- Executes dropped EXE
PID:1952 -
\??\c:\hhtbnh.exec:\hhtbnh.exe21⤵
- Executes dropped EXE
PID:1580 -
\??\c:\vpvdp.exec:\vpvdp.exe22⤵
- Executes dropped EXE
PID:2204 -
\??\c:\ffrlxlr.exec:\ffrlxlr.exe23⤵
- Executes dropped EXE
PID:1924 -
\??\c:\hbhhnb.exec:\hbhhnb.exe24⤵
- Executes dropped EXE
PID:1984 -
\??\c:\xxlfllr.exec:\xxlfllr.exe25⤵
- Executes dropped EXE
PID:2088 -
\??\c:\tnhnnh.exec:\tnhnnh.exe26⤵
- Executes dropped EXE
PID:836 -
\??\c:\vpvvv.exec:\vpvvv.exe27⤵
- Executes dropped EXE
PID:2260 -
\??\c:\lrfxrrl.exec:\lrfxrrl.exe28⤵
- Executes dropped EXE
PID:1696 -
\??\c:\vdvvd.exec:\vdvvd.exe29⤵
- Executes dropped EXE
PID:1552 -
\??\c:\lrfxxff.exec:\lrfxxff.exe30⤵
- Executes dropped EXE
PID:820 -
\??\c:\thnhnn.exec:\thnhnn.exe31⤵
- Executes dropped EXE
PID:1144 -
\??\c:\9vpjp.exec:\9vpjp.exe32⤵
- Executes dropped EXE
PID:1216 -
\??\c:\tntbnn.exec:\tntbnn.exe33⤵
- Executes dropped EXE
PID:2840 -
\??\c:\ppjpd.exec:\ppjpd.exe34⤵
- Executes dropped EXE
PID:2064 -
\??\c:\rllxrrl.exec:\rllxrrl.exe35⤵
- Executes dropped EXE
PID:2052 -
\??\c:\nnbntt.exec:\nnbntt.exe36⤵
- Executes dropped EXE
PID:3016 -
\??\c:\5vdvj.exec:\5vdvj.exe37⤵
- Executes dropped EXE
PID:2552 -
\??\c:\fxfrlrf.exec:\fxfrlrf.exe38⤵
- Executes dropped EXE
PID:2336 -
\??\c:\5lllxrx.exec:\5lllxrx.exe39⤵
- Executes dropped EXE
PID:2612 -
\??\c:\hbbbht.exec:\hbbbht.exe40⤵
- Executes dropped EXE
PID:2672 -
\??\c:\ppvdd.exec:\ppvdd.exe41⤵
- Executes dropped EXE
PID:2676 -
\??\c:\fxrxfxr.exec:\fxrxfxr.exe42⤵
- Executes dropped EXE
PID:2600 -
\??\c:\tnnbnn.exec:\tnnbnn.exe43⤵
- Executes dropped EXE
PID:2760 -
\??\c:\hntthn.exec:\hntthn.exe44⤵
- Executes dropped EXE
PID:2800 -
\??\c:\jvjdp.exec:\jvjdp.exe45⤵
- Executes dropped EXE
PID:2604 -
\??\c:\frfrlrl.exec:\frfrlrl.exe46⤵
- Executes dropped EXE
PID:3020 -
\??\c:\nhbhtb.exec:\nhbhtb.exe47⤵
- Executes dropped EXE
PID:2532 -
\??\c:\5pdvp.exec:\5pdvp.exe48⤵
- Executes dropped EXE
PID:2944 -
\??\c:\5pddd.exec:\5pddd.exe49⤵
- Executes dropped EXE
PID:2636 -
\??\c:\xrxxlff.exec:\xrxxlff.exe50⤵
- Executes dropped EXE
PID:2776 -
\??\c:\nnhnbn.exec:\nnhnbn.exe51⤵
- Executes dropped EXE
PID:2796 -
\??\c:\vdvvj.exec:\vdvvj.exe52⤵
- Executes dropped EXE
PID:2904 -
\??\c:\pvjjj.exec:\pvjjj.exe53⤵
- Executes dropped EXE
PID:1352 -
\??\c:\rlrfffr.exec:\rlrfffr.exe54⤵
- Executes dropped EXE
PID:1456 -
\??\c:\nhhhnb.exec:\nhhhnb.exe55⤵
- Executes dropped EXE
PID:1768 -
\??\c:\vvjjp.exec:\vvjjp.exe56⤵
- Executes dropped EXE
PID:1512 -
\??\c:\9lffrlr.exec:\9lffrlr.exe57⤵
- Executes dropped EXE
PID:596 -
\??\c:\rrfrxrf.exec:\rrfrxrf.exe58⤵
- Executes dropped EXE
PID:600 -
\??\c:\htbbbb.exec:\htbbbb.exe59⤵
- Executes dropped EXE
PID:1576 -
\??\c:\dvjdj.exec:\dvjdj.exe60⤵
- Executes dropped EXE
PID:2980 -
\??\c:\ffrlrrl.exec:\ffrlrrl.exe61⤵
- Executes dropped EXE
PID:2032 -
\??\c:\frrrlrx.exec:\frrrlrx.exe62⤵
- Executes dropped EXE
PID:2220 -
\??\c:\1nbbhn.exec:\1nbbhn.exe63⤵
- Executes dropped EXE
PID:2564 -
\??\c:\3dvjp.exec:\3dvjp.exe64⤵
- Executes dropped EXE
PID:1972 -
\??\c:\xrffffl.exec:\xrffffl.exe65⤵
- Executes dropped EXE
PID:1988 -
\??\c:\tttnhn.exec:\tttnhn.exe66⤵PID:2216
-
\??\c:\nbntbh.exec:\nbntbh.exe67⤵PID:1780
-
\??\c:\jdjjd.exec:\jdjjd.exe68⤵PID:1588
-
\??\c:\1fxllxl.exec:\1fxllxl.exe69⤵PID:2252
-
\??\c:\fxlrlfx.exec:\fxlrlfx.exe70⤵PID:784
-
\??\c:\5nhbtt.exec:\5nhbtt.exe71⤵PID:2420
-
\??\c:\3djdd.exec:\3djdd.exe72⤵PID:1744
-
\??\c:\llxlxlf.exec:\llxlxlf.exe73⤵PID:1244
-
\??\c:\lflrrfl.exec:\lflrrfl.exe74⤵PID:280
-
\??\c:\hbbhnn.exec:\hbbhnn.exe75⤵PID:2432
-
\??\c:\vvpdv.exec:\vvpdv.exe76⤵PID:1748
-
\??\c:\xlxllxr.exec:\xlxllxr.exe77⤵PID:748
-
\??\c:\frxlrxf.exec:\frxlrxf.exe78⤵PID:2548
-
\??\c:\nhtthh.exec:\nhtthh.exe79⤵PID:992
-
\??\c:\9dpvv.exec:\9dpvv.exe80⤵PID:2840
-
\??\c:\vpjpp.exec:\vpjpp.exe81⤵PID:2852
-
\??\c:\7flfrlf.exec:\7flfrlf.exe82⤵PID:2124
-
\??\c:\7thnbt.exec:\7thnbt.exe83⤵PID:236
-
\??\c:\bhtnbt.exec:\bhtnbt.exe84⤵PID:1860
-
\??\c:\pjjjp.exec:\pjjjp.exe85⤵PID:2608
-
\??\c:\xrxxflx.exec:\xrxxflx.exe86⤵PID:1852
-
\??\c:\lxffffl.exec:\lxffffl.exe87⤵PID:2680
-
\??\c:\nnbhtt.exec:\nnbhtt.exe88⤵PID:2572
-
\??\c:\7dddp.exec:\7dddp.exe89⤵PID:2232
-
\??\c:\vvjdp.exec:\vvjdp.exe90⤵PID:2356
-
\??\c:\lfxffrr.exec:\lfxffrr.exe91⤵PID:2800
-
\??\c:\thbhnn.exec:\thbhnn.exe92⤵PID:2580
-
\??\c:\ddvpj.exec:\ddvpj.exe93⤵PID:2492
-
\??\c:\pppdp.exec:\pppdp.exe94⤵PID:2544
-
\??\c:\xrxfrrf.exec:\xrxfrrf.exe95⤵PID:2948
-
\??\c:\nbnntt.exec:\nbnntt.exe96⤵PID:2636
-
\??\c:\3nhhhh.exec:\3nhhhh.exe97⤵PID:2644
-
\??\c:\dvjpv.exec:\dvjpv.exe98⤵PID:2940
-
\??\c:\jdpvd.exec:\jdpvd.exe99⤵PID:1672
-
\??\c:\lrllxfr.exec:\lrllxfr.exe100⤵PID:2128
-
\??\c:\1hhnbb.exec:\1hhnbb.exe101⤵PID:1844
-
\??\c:\hhbhtt.exec:\hhbhtt.exe102⤵PID:1632
-
\??\c:\ddpdp.exec:\ddpdp.exe103⤵PID:2212
-
\??\c:\rlrflll.exec:\rlrflll.exe104⤵PID:1512
-
\??\c:\rlxxfff.exec:\rlxxfff.exe105⤵PID:1424
-
\??\c:\nhthnt.exec:\nhthnt.exe106⤵PID:536
-
\??\c:\jvvdv.exec:\jvvdv.exe107⤵PID:1452
-
\??\c:\lrrrlrr.exec:\lrrrlrr.exe108⤵PID:1112
-
\??\c:\3xlflxf.exec:\3xlflxf.exe109⤵PID:2412
-
\??\c:\nbtbnt.exec:\nbtbnt.exe110⤵PID:1720
-
\??\c:\jpjjd.exec:\jpjjd.exe111⤵PID:1996
-
\??\c:\7dvpp.exec:\7dvpp.exe112⤵PID:2448
-
\??\c:\xxxlrfx.exec:\xxxlrfx.exe113⤵PID:2856
-
\??\c:\nthbhh.exec:\nthbhh.exe114⤵PID:2012
-
\??\c:\ntnthh.exec:\ntnthh.exe115⤵PID:2424
-
\??\c:\vvddp.exec:\vvddp.exe116⤵PID:2340
-
\??\c:\lllrxlr.exec:\lllrxlr.exe117⤵PID:2328
-
\??\c:\xxrlflr.exec:\xxrlflr.exe118⤵PID:1944
-
\??\c:\tbttbt.exec:\tbttbt.exe119⤵PID:1308
-
\??\c:\9dvdj.exec:\9dvdj.exe120⤵PID:544
-
\??\c:\5lfxxlf.exec:\5lfxxlf.exe121⤵PID:316
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-