Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
21-06-2024 00:55
Behavioral task
behavioral1
Sample
900e8ea10e9e9800025d5bad4c3560982c1a1bd4006ba5c23334029e64968f97.exe
Resource
win7-20231129-en
6 signatures
150 seconds
General
-
Target
900e8ea10e9e9800025d5bad4c3560982c1a1bd4006ba5c23334029e64968f97.exe
-
Size
364KB
-
MD5
ebbd5a6cf9ce73a30d8f9ee044787581
-
SHA1
1adb17411b215052106b971c0d464bcd4548efc1
-
SHA256
900e8ea10e9e9800025d5bad4c3560982c1a1bd4006ba5c23334029e64968f97
-
SHA512
fb63589fbfd127d77b08953d4aba89917e749960f93dfc6a79ca540dbc8de615b10be4ab0c96b40408b773e11e8a259b44374a46958ed4cf7350def1048cb01f
-
SSDEEP
6144:9cm4FmowdHoSdSyEAxyx/ZrTTr4qIMgE8L:/4wFHoSQuxy3rTXIM18L
Malware Config
Signatures
-
Detect Blackmoon payload 47 IoCs
Processes:
resource yara_rule behavioral1/memory/2012-1-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2384-21-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1468-18-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2064-36-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2696-52-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2628-62-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2596-70-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/2596-73-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2244-82-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2496-92-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2776-100-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2188-110-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2732-112-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1900-121-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/952-132-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1900-127-0x00000000003B0000-0x00000000003D7000-memory.dmp family_blackmoon behavioral1/memory/1720-140-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2548-155-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2828-173-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1876-185-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2120-182-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1876-190-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/1876-189-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/540-202-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1336-205-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2664-221-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/904-230-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1540-249-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1540-252-0x0000000000230000-0x0000000000257000-memory.dmp family_blackmoon behavioral1/memory/2304-316-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2620-343-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2716-356-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2244-395-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1964-408-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1964-415-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1964-416-0x00000000001B0000-0x00000000001D7000-memory.dmp family_blackmoon behavioral1/memory/948-447-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2816-463-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/2096-495-0x0000000001B50000-0x0000000001B77000-memory.dmp family_blackmoon behavioral1/memory/3048-576-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1900-723-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1892-736-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/848-757-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1960-821-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2352-917-0x00000000002A0000-0x00000000002C7000-memory.dmp family_blackmoon behavioral1/memory/2476-995-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/2476-996-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
Processes:
resource yara_rule behavioral1/memory/2012-1-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\pjjdd.exe UPX behavioral1/memory/1468-8-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2384-21-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\thtthb.exe UPX behavioral1/memory/1468-18-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\hbbbbb.exe UPX C:\fxlrxxf.exe UPX behavioral1/memory/2064-36-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\ffxrfrf.exe UPX behavioral1/memory/2696-52-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\ppjdj.exe UPX behavioral1/memory/2628-53-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\5fflrxl.exe UPX behavioral1/memory/2628-62-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2596-63-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2596-70-0x0000000000220000-0x0000000000247000-memory.dmp UPX behavioral1/memory/2596-73-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\7bhnnh.exe UPX behavioral1/memory/2244-74-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2244-82-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\fxrxlll.exe UPX behavioral1/memory/2496-92-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\bhtbhh.exe UPX C:\hhbbnb.exe UPX behavioral1/memory/2776-100-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\rlxrxxf.exe UPX behavioral1/memory/2188-110-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2732-112-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\9xrfrxl.exe UPX behavioral1/memory/1900-121-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/952-132-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\ttnttn.exe UPX C:\3vjpv.exe UPX behavioral1/memory/1720-140-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\pjvdd.exe UPX behavioral1/memory/2548-155-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\htbbhh.exe UPX C:\9pddp.exe UPX behavioral1/memory/2828-165-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\1pdvd.exe UPX behavioral1/memory/2828-173-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1876-185-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\btnttb.exe UPX behavioral1/memory/2120-182-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1876-189-0x0000000000220000-0x0000000000247000-memory.dmp UPX C:\hbthtb.exe UPX behavioral1/memory/540-202-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\frxrfxx.exe UPX behavioral1/memory/1336-205-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\hbnthn.exe UPX behavioral1/memory/2664-213-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2664-221-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\vvdpd.exe UPX behavioral1/memory/904-230-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\3lfxffr.exe UPX C:\bbttht.exe UPX C:\vvpjp.exe UPX behavioral1/memory/1540-249-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\3htthh.exe UPX \??\c:\rfflrlx.exe UPX C:\fxlrrxl.exe UPX C:\lxlrffl.exe UPX behavioral1/memory/2324-282-0x0000000000400000-0x0000000000427000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
Processes:
pjjdd.exethtthb.exehbbbbb.exefxlrxxf.exeffxrfrf.exeppjdj.exe5fflrxl.exe7bhnnh.exefxrxlll.exebhtbhh.exehhbbnb.exerlxrxxf.exe9xrfrxl.exettnttn.exe3vjpv.exepjvdd.exehtbbhh.exe9pddp.exe1pdvd.exebtnttb.exehbthtb.exefrxrfxx.exehbnthn.exevvdpd.exe3lfxffr.exebbttht.exevvpjp.exerfflrlx.exe3htthh.exefxlrrxl.exelxlrffl.exenhtttt.exejpdjp.exe9xlrxlx.exefxrfrrf.exebtnnbb.exe9jpdj.exe9pvvv.exerlrflfr.exehnthnn.exebhhhhn.exedvjdd.exe5pjpd.exerfrrfff.exe3btbhn.exe5htnbb.exe1jppv.exexlrxflx.exerlxfllx.exe1nbbnt.exeppjpj.exe3jvvv.exeffxfxfl.exehthhbt.exe3hnbtb.exevvvjd.exejpvvd.exerlxrxrr.exebtnhbb.exehtnntb.exevpppd.exe3lxxfxf.exerfxxffl.exetnbbnn.exepid process 1468 pjjdd.exe 2384 thtthb.exe 2064 hbbbbb.exe 2624 fxlrxxf.exe 2696 ffxrfrf.exe 2628 ppjdj.exe 2596 5fflrxl.exe 2244 7bhnnh.exe 2496 fxrxlll.exe 2776 bhtbhh.exe 2188 hhbbnb.exe 2732 rlxrxxf.exe 1900 9xrfrxl.exe 952 ttnttn.exe 1720 3vjpv.exe 2548 pjvdd.exe 2768 htbbhh.exe 2828 9pddp.exe 2120 1pdvd.exe 1876 btnttb.exe 540 hbthtb.exe 1336 frxrfxx.exe 2664 hbnthn.exe 904 vvdpd.exe 2448 3lfxffr.exe 1748 bbttht.exe 1540 vvpjp.exe 1068 rfflrlx.exe 1692 3htthh.exe 1952 fxlrrxl.exe 2324 lxlrffl.exe 1512 nhtttt.exe 2128 jpdjp.exe 1920 9xlrxlx.exe 2304 fxrfrrf.exe 1596 btnnbb.exe 1080 9jpdj.exe 2564 9pvvv.exe 2024 rlrflfr.exe 2620 hnthnn.exe 2716 bhhhhn.exe 2632 dvjdd.exe 2488 5pjpd.exe 2628 rfrrfff.exe 2504 3btbhn.exe 2644 5htnbb.exe 2244 1jppv.exe 2268 xlrxflx.exe 2776 rlxfllx.exe 1964 1nbbnt.exe 1992 ppjpj.exe 616 3jvvv.exe 2216 ffxfxfl.exe 2356 hthhbt.exe 948 3hnbtb.exe 2804 vvvjd.exe 2788 jpvvd.exe 2816 rlxrxrr.exe 2768 btnhbb.exe 2948 htnntb.exe 2316 vpppd.exe 2096 3lxxfxf.exe 488 rfxxffl.exe 540 tnbbnn.exe -
Processes:
resource yara_rule behavioral1/memory/2012-1-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\pjjdd.exe upx behavioral1/memory/1468-8-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2384-21-0x0000000000400000-0x0000000000427000-memory.dmp upx \??\c:\thtthb.exe upx behavioral1/memory/1468-18-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\hbbbbb.exe upx C:\fxlrxxf.exe upx behavioral1/memory/2064-36-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\ffxrfrf.exe upx behavioral1/memory/2696-52-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\ppjdj.exe upx behavioral1/memory/2628-53-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\5fflrxl.exe upx behavioral1/memory/2628-62-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2596-63-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2596-70-0x0000000000220000-0x0000000000247000-memory.dmp upx behavioral1/memory/2596-73-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\7bhnnh.exe upx behavioral1/memory/2244-74-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2244-82-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\fxrxlll.exe upx behavioral1/memory/2496-92-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\bhtbhh.exe upx C:\hhbbnb.exe upx behavioral1/memory/2776-100-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\rlxrxxf.exe upx behavioral1/memory/2188-110-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2732-112-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\9xrfrxl.exe upx behavioral1/memory/1900-121-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/952-132-0x0000000000400000-0x0000000000427000-memory.dmp upx \??\c:\ttnttn.exe upx C:\3vjpv.exe upx behavioral1/memory/1720-140-0x0000000000400000-0x0000000000427000-memory.dmp upx \??\c:\pjvdd.exe upx behavioral1/memory/2548-155-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\htbbhh.exe upx C:\9pddp.exe upx behavioral1/memory/2828-165-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\1pdvd.exe upx behavioral1/memory/2828-173-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1876-185-0x0000000000400000-0x0000000000427000-memory.dmp upx \??\c:\btnttb.exe upx behavioral1/memory/2120-182-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1876-189-0x0000000000220000-0x0000000000247000-memory.dmp upx C:\hbthtb.exe upx behavioral1/memory/540-202-0x0000000000400000-0x0000000000427000-memory.dmp upx \??\c:\frxrfxx.exe upx behavioral1/memory/1336-205-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\hbnthn.exe upx behavioral1/memory/2664-213-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2664-221-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\vvdpd.exe upx behavioral1/memory/904-230-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\3lfxffr.exe upx C:\bbttht.exe upx C:\vvpjp.exe upx behavioral1/memory/1540-249-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\3htthh.exe upx \??\c:\rfflrlx.exe upx C:\fxlrrxl.exe upx C:\lxlrffl.exe upx behavioral1/memory/2324-282-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
900e8ea10e9e9800025d5bad4c3560982c1a1bd4006ba5c23334029e64968f97.exepjjdd.exethtthb.exehbbbbb.exefxlrxxf.exeffxrfrf.exeppjdj.exe5fflrxl.exe7bhnnh.exefxrxlll.exebhtbhh.exehhbbnb.exerlxrxxf.exe9xrfrxl.exettnttn.exe3vjpv.exedescription pid process target process PID 2012 wrote to memory of 1468 2012 900e8ea10e9e9800025d5bad4c3560982c1a1bd4006ba5c23334029e64968f97.exe pjjdd.exe PID 2012 wrote to memory of 1468 2012 900e8ea10e9e9800025d5bad4c3560982c1a1bd4006ba5c23334029e64968f97.exe pjjdd.exe PID 2012 wrote to memory of 1468 2012 900e8ea10e9e9800025d5bad4c3560982c1a1bd4006ba5c23334029e64968f97.exe pjjdd.exe PID 2012 wrote to memory of 1468 2012 900e8ea10e9e9800025d5bad4c3560982c1a1bd4006ba5c23334029e64968f97.exe pjjdd.exe PID 1468 wrote to memory of 2384 1468 pjjdd.exe thtthb.exe PID 1468 wrote to memory of 2384 1468 pjjdd.exe thtthb.exe PID 1468 wrote to memory of 2384 1468 pjjdd.exe thtthb.exe PID 1468 wrote to memory of 2384 1468 pjjdd.exe thtthb.exe PID 2384 wrote to memory of 2064 2384 thtthb.exe hbbbbb.exe PID 2384 wrote to memory of 2064 2384 thtthb.exe hbbbbb.exe PID 2384 wrote to memory of 2064 2384 thtthb.exe hbbbbb.exe PID 2384 wrote to memory of 2064 2384 thtthb.exe hbbbbb.exe PID 2064 wrote to memory of 2624 2064 hbbbbb.exe fxlrxxf.exe PID 2064 wrote to memory of 2624 2064 hbbbbb.exe fxlrxxf.exe PID 2064 wrote to memory of 2624 2064 hbbbbb.exe fxlrxxf.exe PID 2064 wrote to memory of 2624 2064 hbbbbb.exe fxlrxxf.exe PID 2624 wrote to memory of 2696 2624 fxlrxxf.exe ffxrfrf.exe PID 2624 wrote to memory of 2696 2624 fxlrxxf.exe ffxrfrf.exe PID 2624 wrote to memory of 2696 2624 fxlrxxf.exe ffxrfrf.exe PID 2624 wrote to memory of 2696 2624 fxlrxxf.exe ffxrfrf.exe PID 2696 wrote to memory of 2628 2696 ffxrfrf.exe ppjdj.exe PID 2696 wrote to memory of 2628 2696 ffxrfrf.exe ppjdj.exe PID 2696 wrote to memory of 2628 2696 ffxrfrf.exe ppjdj.exe PID 2696 wrote to memory of 2628 2696 ffxrfrf.exe ppjdj.exe PID 2628 wrote to memory of 2596 2628 ppjdj.exe 5fflrxl.exe PID 2628 wrote to memory of 2596 2628 ppjdj.exe 5fflrxl.exe PID 2628 wrote to memory of 2596 2628 ppjdj.exe 5fflrxl.exe PID 2628 wrote to memory of 2596 2628 ppjdj.exe 5fflrxl.exe PID 2596 wrote to memory of 2244 2596 5fflrxl.exe 7bhnnh.exe PID 2596 wrote to memory of 2244 2596 5fflrxl.exe 7bhnnh.exe PID 2596 wrote to memory of 2244 2596 5fflrxl.exe 7bhnnh.exe PID 2596 wrote to memory of 2244 2596 5fflrxl.exe 7bhnnh.exe PID 2244 wrote to memory of 2496 2244 7bhnnh.exe fxrxlll.exe PID 2244 wrote to memory of 2496 2244 7bhnnh.exe fxrxlll.exe PID 2244 wrote to memory of 2496 2244 7bhnnh.exe fxrxlll.exe PID 2244 wrote to memory of 2496 2244 7bhnnh.exe fxrxlll.exe PID 2496 wrote to memory of 2776 2496 fxrxlll.exe bhtbhh.exe PID 2496 wrote to memory of 2776 2496 fxrxlll.exe bhtbhh.exe PID 2496 wrote to memory of 2776 2496 fxrxlll.exe bhtbhh.exe PID 2496 wrote to memory of 2776 2496 fxrxlll.exe bhtbhh.exe PID 2776 wrote to memory of 2188 2776 bhtbhh.exe hhbbnb.exe PID 2776 wrote to memory of 2188 2776 bhtbhh.exe hhbbnb.exe PID 2776 wrote to memory of 2188 2776 bhtbhh.exe hhbbnb.exe PID 2776 wrote to memory of 2188 2776 bhtbhh.exe hhbbnb.exe PID 2188 wrote to memory of 2732 2188 hhbbnb.exe rlxrxxf.exe PID 2188 wrote to memory of 2732 2188 hhbbnb.exe rlxrxxf.exe PID 2188 wrote to memory of 2732 2188 hhbbnb.exe rlxrxxf.exe PID 2188 wrote to memory of 2732 2188 hhbbnb.exe rlxrxxf.exe PID 2732 wrote to memory of 1900 2732 rlxrxxf.exe 9xrfrxl.exe PID 2732 wrote to memory of 1900 2732 rlxrxxf.exe 9xrfrxl.exe PID 2732 wrote to memory of 1900 2732 rlxrxxf.exe 9xrfrxl.exe PID 2732 wrote to memory of 1900 2732 rlxrxxf.exe 9xrfrxl.exe PID 1900 wrote to memory of 952 1900 9xrfrxl.exe ttnttn.exe PID 1900 wrote to memory of 952 1900 9xrfrxl.exe ttnttn.exe PID 1900 wrote to memory of 952 1900 9xrfrxl.exe ttnttn.exe PID 1900 wrote to memory of 952 1900 9xrfrxl.exe ttnttn.exe PID 952 wrote to memory of 1720 952 ttnttn.exe 3vjpv.exe PID 952 wrote to memory of 1720 952 ttnttn.exe 3vjpv.exe PID 952 wrote to memory of 1720 952 ttnttn.exe 3vjpv.exe PID 952 wrote to memory of 1720 952 ttnttn.exe 3vjpv.exe PID 1720 wrote to memory of 2548 1720 3vjpv.exe pjvdd.exe PID 1720 wrote to memory of 2548 1720 3vjpv.exe pjvdd.exe PID 1720 wrote to memory of 2548 1720 3vjpv.exe pjvdd.exe PID 1720 wrote to memory of 2548 1720 3vjpv.exe pjvdd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\900e8ea10e9e9800025d5bad4c3560982c1a1bd4006ba5c23334029e64968f97.exe"C:\Users\Admin\AppData\Local\Temp\900e8ea10e9e9800025d5bad4c3560982c1a1bd4006ba5c23334029e64968f97.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2012 -
\??\c:\pjjdd.exec:\pjjdd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1468 -
\??\c:\thtthb.exec:\thtthb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2384 -
\??\c:\hbbbbb.exec:\hbbbbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2064 -
\??\c:\fxlrxxf.exec:\fxlrxxf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2624 -
\??\c:\ffxrfrf.exec:\ffxrfrf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2696 -
\??\c:\ppjdj.exec:\ppjdj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2628 -
\??\c:\5fflrxl.exec:\5fflrxl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2596 -
\??\c:\7bhnnh.exec:\7bhnnh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2244 -
\??\c:\fxrxlll.exec:\fxrxlll.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2496 -
\??\c:\bhtbhh.exec:\bhtbhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2776 -
\??\c:\hhbbnb.exec:\hhbbnb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2188 -
\??\c:\rlxrxxf.exec:\rlxrxxf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2732 -
\??\c:\9xrfrxl.exec:\9xrfrxl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1900 -
\??\c:\ttnttn.exec:\ttnttn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:952 -
\??\c:\3vjpv.exec:\3vjpv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1720 -
\??\c:\pjvdd.exec:\pjvdd.exe17⤵
- Executes dropped EXE
PID:2548 -
\??\c:\htbbhh.exec:\htbbhh.exe18⤵
- Executes dropped EXE
PID:2768 -
\??\c:\9pddp.exec:\9pddp.exe19⤵
- Executes dropped EXE
PID:2828 -
\??\c:\1pdvd.exec:\1pdvd.exe20⤵
- Executes dropped EXE
PID:2120 -
\??\c:\btnttb.exec:\btnttb.exe21⤵
- Executes dropped EXE
PID:1876 -
\??\c:\hbthtb.exec:\hbthtb.exe22⤵
- Executes dropped EXE
PID:540 -
\??\c:\frxrfxx.exec:\frxrfxx.exe23⤵
- Executes dropped EXE
PID:1336 -
\??\c:\hbnthn.exec:\hbnthn.exe24⤵
- Executes dropped EXE
PID:2664 -
\??\c:\vvdpd.exec:\vvdpd.exe25⤵
- Executes dropped EXE
PID:904 -
\??\c:\3lfxffr.exec:\3lfxffr.exe26⤵
- Executes dropped EXE
PID:2448 -
\??\c:\bbttht.exec:\bbttht.exe27⤵
- Executes dropped EXE
PID:1748 -
\??\c:\vvpjp.exec:\vvpjp.exe28⤵
- Executes dropped EXE
PID:1540 -
\??\c:\rfflrlx.exec:\rfflrlx.exe29⤵
- Executes dropped EXE
PID:1068 -
\??\c:\3htthh.exec:\3htthh.exe30⤵
- Executes dropped EXE
PID:1692 -
\??\c:\fxlrrxl.exec:\fxlrrxl.exe31⤵
- Executes dropped EXE
PID:1952 -
\??\c:\lxlrffl.exec:\lxlrffl.exe32⤵
- Executes dropped EXE
PID:2324 -
\??\c:\nhtttt.exec:\nhtttt.exe33⤵
- Executes dropped EXE
PID:1512 -
\??\c:\jpdjp.exec:\jpdjp.exe34⤵
- Executes dropped EXE
PID:2128 -
\??\c:\9xlrxlx.exec:\9xlrxlx.exe35⤵
- Executes dropped EXE
PID:1920 -
\??\c:\fxrfrrf.exec:\fxrfrrf.exe36⤵
- Executes dropped EXE
PID:2304 -
\??\c:\btnnbb.exec:\btnnbb.exe37⤵
- Executes dropped EXE
PID:1596 -
\??\c:\9jpdj.exec:\9jpdj.exe38⤵
- Executes dropped EXE
PID:1080 -
\??\c:\9pvvv.exec:\9pvvv.exe39⤵
- Executes dropped EXE
PID:2564 -
\??\c:\rlrflfr.exec:\rlrflfr.exe40⤵
- Executes dropped EXE
PID:2024 -
\??\c:\hnthnn.exec:\hnthnn.exe41⤵
- Executes dropped EXE
PID:2620 -
\??\c:\bhhhhn.exec:\bhhhhn.exe42⤵
- Executes dropped EXE
PID:2716 -
\??\c:\dvjdd.exec:\dvjdd.exe43⤵
- Executes dropped EXE
PID:2632 -
\??\c:\5pjpd.exec:\5pjpd.exe44⤵
- Executes dropped EXE
PID:2488 -
\??\c:\rfrrfff.exec:\rfrrfff.exe45⤵
- Executes dropped EXE
PID:2628 -
\??\c:\3btbhn.exec:\3btbhn.exe46⤵
- Executes dropped EXE
PID:2504 -
\??\c:\5htnbb.exec:\5htnbb.exe47⤵
- Executes dropped EXE
PID:2644 -
\??\c:\1jppv.exec:\1jppv.exe48⤵
- Executes dropped EXE
PID:2244 -
\??\c:\xlrxflx.exec:\xlrxflx.exe49⤵
- Executes dropped EXE
PID:2268 -
\??\c:\rlxfllx.exec:\rlxfllx.exe50⤵
- Executes dropped EXE
PID:2776 -
\??\c:\1nbbnt.exec:\1nbbnt.exe51⤵
- Executes dropped EXE
PID:1964 -
\??\c:\ppjpj.exec:\ppjpj.exe52⤵
- Executes dropped EXE
PID:1992 -
\??\c:\3jvvv.exec:\3jvvv.exe53⤵
- Executes dropped EXE
PID:616 -
\??\c:\ffxfxfl.exec:\ffxfxfl.exe54⤵
- Executes dropped EXE
PID:2216 -
\??\c:\hthhbt.exec:\hthhbt.exe55⤵
- Executes dropped EXE
PID:2356 -
\??\c:\3hnbtb.exec:\3hnbtb.exe56⤵
- Executes dropped EXE
PID:948 -
\??\c:\vvvjd.exec:\vvvjd.exe57⤵
- Executes dropped EXE
PID:2804 -
\??\c:\jpvvd.exec:\jpvvd.exe58⤵
- Executes dropped EXE
PID:2788 -
\??\c:\rlxrxrr.exec:\rlxrxrr.exe59⤵
- Executes dropped EXE
PID:2816 -
\??\c:\btnhbb.exec:\btnhbb.exe60⤵
- Executes dropped EXE
PID:2768 -
\??\c:\htnntb.exec:\htnntb.exe61⤵
- Executes dropped EXE
PID:2948 -
\??\c:\vpppd.exec:\vpppd.exe62⤵
- Executes dropped EXE
PID:2316 -
\??\c:\3lxxfxf.exec:\3lxxfxf.exe63⤵
- Executes dropped EXE
PID:2096 -
\??\c:\rfxxffl.exec:\rfxxffl.exe64⤵
- Executes dropped EXE
PID:488 -
\??\c:\tnbbnn.exec:\tnbbnn.exe65⤵
- Executes dropped EXE
PID:540 -
\??\c:\dvjvv.exec:\dvjvv.exe66⤵PID:1144
-
\??\c:\jdjvv.exec:\jdjvv.exe67⤵PID:852
-
\??\c:\rlfrflr.exec:\rlfrflr.exe68⤵PID:3036
-
\??\c:\rfrllfl.exec:\rfrllfl.exe69⤵PID:2240
-
\??\c:\3hntbt.exec:\3hntbt.exe70⤵PID:2880
-
\??\c:\dpvdd.exec:\dpvdd.exe71⤵PID:1476
-
\??\c:\jdjpd.exec:\jdjpd.exe72⤵PID:1112
-
\??\c:\rlfffll.exec:\rlfffll.exe73⤵PID:1688
-
\??\c:\xrxxlxl.exec:\xrxxlxl.exe74⤵PID:1684
-
\??\c:\htnnth.exec:\htnnth.exe75⤵PID:2424
-
\??\c:\jvjpv.exec:\jvjpv.exe76⤵PID:3048
-
\??\c:\pdjpp.exec:\pdjpp.exe77⤵PID:1924
-
\??\c:\ffxfllr.exec:\ffxfllr.exe78⤵PID:2200
-
\??\c:\xrflrrx.exec:\xrflrrx.exe79⤵PID:1512
-
\??\c:\bnbbbt.exec:\bnbbbt.exe80⤵PID:1396
-
\??\c:\jvvpp.exec:\jvvpp.exe81⤵PID:2928
-
\??\c:\dpdpp.exec:\dpdpp.exe82⤵PID:1472
-
\??\c:\9rlrrrx.exec:\9rlrrrx.exe83⤵PID:1932
-
\??\c:\hnhhnt.exec:\hnhhnt.exe84⤵PID:2396
-
\??\c:\tntthb.exec:\tntthb.exe85⤵PID:2944
-
\??\c:\vvjjp.exec:\vvjjp.exe86⤵PID:2140
-
\??\c:\1pvjd.exec:\1pvjd.exe87⤵PID:2636
-
\??\c:\lfffrxx.exec:\lfffrxx.exe88⤵PID:2624
-
\??\c:\xrlrllr.exec:\xrlrllr.exe89⤵PID:2756
-
\??\c:\nhhnbh.exec:\nhhnbh.exe90⤵PID:2668
-
\??\c:\5vjjj.exec:\5vjjj.exe91⤵PID:2516
-
\??\c:\ppjjd.exec:\ppjjd.exe92⤵PID:2800
-
\??\c:\5rxffxl.exec:\5rxffxl.exe93⤵PID:2528
-
\??\c:\ffrfllx.exec:\ffrfllx.exe94⤵PID:2616
-
\??\c:\5htthb.exec:\5htthb.exe95⤵PID:2524
-
\??\c:\dvdjp.exec:\dvdjp.exe96⤵PID:2796
-
\??\c:\dpvpp.exec:\dpvpp.exe97⤵PID:1988
-
\??\c:\xxrxlrx.exec:\xxrxlrx.exe98⤵PID:900
-
\??\c:\hbtnbb.exec:\hbtnbb.exe99⤵PID:1996
-
\??\c:\5hntbb.exec:\5hntbb.exe100⤵PID:1928
-
\??\c:\1dppv.exec:\1dppv.exe101⤵PID:1900
-
\??\c:\xlffffr.exec:\xlffffr.exe102⤵PID:1892
-
\??\c:\rlrllff.exec:\rlrllff.exe103⤵PID:1260
-
\??\c:\ttnbtn.exec:\ttnbtn.exe104⤵PID:2568
-
\??\c:\bntbbt.exec:\bntbbt.exe105⤵PID:2656
-
\??\c:\7ppdp.exec:\7ppdp.exe106⤵PID:848
-
\??\c:\7lxfllr.exec:\7lxfllr.exe107⤵PID:1560
-
\??\c:\rlrxflf.exec:\rlrxflf.exe108⤵PID:2856
-
\??\c:\nbthhb.exec:\nbthhb.exe109⤵PID:2332
-
\??\c:\vpdjv.exec:\vpdjv.exe110⤵PID:1460
-
\??\c:\xlfxffr.exec:\xlfxffr.exe111⤵PID:572
-
\??\c:\fxflrrr.exec:\fxflrrr.exe112⤵PID:1028
-
\??\c:\hhntnn.exec:\hhntnn.exe113⤵PID:1336
-
\??\c:\7htntb.exec:\7htntb.exe114⤵PID:1796
-
\??\c:\pjjdv.exec:\pjjdv.exe115⤵PID:828
-
\??\c:\vjdjj.exec:\vjdjj.exe116⤵PID:1960
-
\??\c:\xlrxfxf.exec:\xlrxfxf.exe117⤵PID:2448
-
\??\c:\bbnbhn.exec:\bbnbhn.exe118⤵PID:1104
-
\??\c:\bnttbb.exec:\bnttbb.exe119⤵PID:1540
-
\??\c:\vpvpv.exec:\vpvpv.exe120⤵PID:1820
-
\??\c:\xllflfr.exec:\xllflfr.exe121⤵PID:2320
-
\??\c:\rlfflrx.exec:\rlfflrx.exe122⤵PID:2220
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-