Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
21-06-2024 02:09
Behavioral task
behavioral1
Sample
aafcc60288275ae4f5ab74fb72536308e2d83a6d1920a7eb84c0366a77a615b6.exe
Resource
win7-20231129-en
6 signatures
150 seconds
General
-
Target
aafcc60288275ae4f5ab74fb72536308e2d83a6d1920a7eb84c0366a77a615b6.exe
-
Size
77KB
-
MD5
1acd552d4ec52d9962234cfe51ea5649
-
SHA1
88730848455ce1e1a0c42c2d081b1a53a3f82656
-
SHA256
aafcc60288275ae4f5ab74fb72536308e2d83a6d1920a7eb84c0366a77a615b6
-
SHA512
58b5927f9cfe3e605dbff229b4d8a2e079fd3045441ce29b9a96d4ae04dce7a0227a6570b2202c4b08fc0a64d2367818c39fa81430e6d160a6d5e872f3902673
-
SSDEEP
1536:9vQBeOGtrYS3srx93UBWfwC6Ggnouy8PbhnyLFWoFLAxZhMDzE8mpcNoK:9hOmTsF93UYfwC6GIoutz5yLpOSDpoK
Malware Config
Signatures
-
Detect Blackmoon payload 48 IoCs
Processes:
resource yara_rule behavioral1/memory/1364-8-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2792-12-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2168-28-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2384-36-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2536-46-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2808-49-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2460-72-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2544-82-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2452-91-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2484-100-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1992-117-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2012-134-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2192-142-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1180-152-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1276-160-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1672-170-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1756-178-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2736-188-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2052-196-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/484-207-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1460-223-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1800-231-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2044-240-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1816-260-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/708-263-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2476-368-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2432-376-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2496-382-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1768-396-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2100-473-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/3000-530-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/3000-537-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2996-577-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/2092-602-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/2696-633-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1996-693-0x00000000001B0000-0x00000000001D7000-memory.dmp family_blackmoon behavioral1/memory/1204-702-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1900-706-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/2588-906-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2468-909-0x0000000000250000-0x0000000000277000-memory.dmp family_blackmoon behavioral1/memory/2768-944-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/2140-1044-0x00000000005C0000-0x00000000005E7000-memory.dmp family_blackmoon behavioral1/memory/596-1052-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1160-1096-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/1916-1121-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/1588-1152-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2336-1260-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/2540-1456-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
Processes:
resource yara_rule behavioral1/memory/1364-0-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1364-3-0x0000000000220000-0x0000000000247000-memory.dmp UPX C:\lrflrff.exe UPX behavioral1/memory/1364-8-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2792-12-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\xrxfrrf.exe UPX behavioral1/memory/2168-19-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2168-28-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\thtttb.exe UPX C:\jvddp.exe UPX behavioral1/memory/2384-36-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\xrlrfll.exe UPX behavioral1/memory/2536-46-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\nttbnh.exe UPX behavioral1/memory/2808-49-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\3hnnnt.exe UPX behavioral1/memory/2460-64-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\pjvdd.exe UPX behavioral1/memory/2460-72-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2544-82-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2452-83-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\frllrrx.exe UPX C:\bthhnt.exe UPX behavioral1/memory/2452-91-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\hhbhhn.exe UPX behavioral1/memory/2484-100-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\1ppvv.exe UPX C:\xrfllrx.exe UPX behavioral1/memory/1992-117-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\rllrxlf.exe UPX C:\9nhnnn.exe UPX behavioral1/memory/2012-134-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\vppvv.exe UPX behavioral1/memory/2192-142-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\9pjjp.exe UPX behavioral1/memory/1180-152-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\1frffff.exe UPX behavioral1/memory/1276-160-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\btnnht.exe UPX behavioral1/memory/1672-170-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1756-178-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\thtttb.exe UPX C:\vjvdj.exe UPX behavioral1/memory/2736-188-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/2052-196-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\lfrxlrx.exe UPX C:\nhhbnt.exe UPX behavioral1/memory/484-207-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\5bttbb.exe UPX \??\c:\pdppp.exe UPX behavioral1/memory/1460-223-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/1800-231-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\5dvpp.exe UPX behavioral1/memory/2044-240-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\lrfflfr.exe UPX behavioral1/memory/1160-242-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\3hnttn.exe UPX behavioral1/memory/1816-252-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\vpdjj.exe UPX behavioral1/memory/1816-260-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral1/memory/708-263-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\jvppp.exe UPX C:\9lxxxxf.exe UPX C:\fxrlrrf.exe UPX -
Executes dropped EXE 64 IoCs
Processes:
lrflrff.exexrxfrrf.exethtttb.exejvddp.exexrlrfll.exenttbnh.exe3hnnnt.exepjvdd.exefrllrrx.exebthhnt.exehhbhhn.exe1ppvv.exexrfllrx.exerllrxlf.exe9nhnnn.exevppvv.exe9pjjp.exe1frffff.exebtnnht.exethtttb.exevjvdj.exelfrxlrx.exenhhbnt.exe5bttbb.exepdppp.exe5dvpp.exelrfflfr.exe3hnttn.exevpdjj.exejvppp.exe9lxxxxf.exefxrlrrf.exenbtbhn.exe9vddd.exedvjpj.exerxxfllx.exelrllrrr.exenthtbb.exenbbbhh.exethnthb.exedpvdj.exe3pvdd.exe7fllllr.exerlrxlll.exe7bntbb.exejpvpv.exepvjdj.exefxrrlfl.exexrlxffl.exe7htttn.exe7bttbh.exevjppd.exejdpjd.exefrlffff.exerfrxlff.exethhnbt.exejpvpv.exefxxxlxl.exebtbbhh.exehtbbtt.exedjppv.exepjjjv.exe9llrflr.exennttbb.exepid process 2792 lrflrff.exe 2168 xrxfrrf.exe 2384 thtttb.exe 2536 jvddp.exe 2808 xrlrfll.exe 2548 nttbnh.exe 2460 3hnnnt.exe 2544 pjvdd.exe 2452 frllrrx.exe 2484 bthhnt.exe 2288 hhbhhn.exe 1992 1ppvv.exe 1932 xrfllrx.exe 2012 rllrxlf.exe 2192 9nhnnn.exe 1180 vppvv.exe 1276 9pjjp.exe 1672 1frffff.exe 1756 btnnht.exe 2736 thtttb.exe 2052 vjvdj.exe 1968 lfrxlrx.exe 484 nhhbnt.exe 1460 5bttbb.exe 1800 pdppp.exe 2044 5dvpp.exe 1160 lrfflfr.exe 1816 3hnttn.exe 708 vpdjj.exe 1924 jvppp.exe 2232 9lxxxxf.exe 2072 fxrlrrf.exe 2976 nbtbhn.exe 1364 9vddd.exe 2620 dvjpj.exe 2908 rxxfllx.exe 1584 lrllrrr.exe 2168 nthtbb.exe 2240 nbbbhh.exe 2540 thnthb.exe 2576 dpvdj.exe 2556 3pvdd.exe 2520 7fllllr.exe 2476 rlrxlll.exe 2432 7bntbb.exe 2496 jpvpv.exe 2464 pvjdj.exe 1896 fxrrlfl.exe 1768 xrlxffl.exe 2316 7htttn.exe 1920 7bttbh.exe 2004 vjppd.exe 2204 jdpjd.exe 2344 frlffff.exe 2160 rfrxlff.exe 956 thhnbt.exe 1620 jpvpv.exe 1536 fxxxlxl.exe 2772 btbbhh.exe 1756 htbbtt.exe 2100 djppv.exe 2108 pjjjv.exe 596 9llrflr.exe 668 nnttbb.exe -
Processes:
resource yara_rule behavioral1/memory/1364-0-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1364-3-0x0000000000220000-0x0000000000247000-memory.dmp upx C:\lrflrff.exe upx behavioral1/memory/1364-8-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2792-12-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\xrxfrrf.exe upx behavioral1/memory/2168-19-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2168-28-0x0000000000400000-0x0000000000427000-memory.dmp upx \??\c:\thtttb.exe upx C:\jvddp.exe upx behavioral1/memory/2384-36-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\xrlrfll.exe upx behavioral1/memory/2536-46-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\nttbnh.exe upx behavioral1/memory/2808-49-0x0000000000400000-0x0000000000427000-memory.dmp upx \??\c:\3hnnnt.exe upx behavioral1/memory/2460-64-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\pjvdd.exe upx behavioral1/memory/2460-72-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2544-82-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2452-83-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\frllrrx.exe upx C:\bthhnt.exe upx behavioral1/memory/2452-91-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\hhbhhn.exe upx behavioral1/memory/2484-100-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\1ppvv.exe upx C:\xrfllrx.exe upx behavioral1/memory/1992-117-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\rllrxlf.exe upx C:\9nhnnn.exe upx behavioral1/memory/2012-134-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\vppvv.exe upx behavioral1/memory/2192-142-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\9pjjp.exe upx behavioral1/memory/1180-152-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\1frffff.exe upx behavioral1/memory/1276-160-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\btnnht.exe upx behavioral1/memory/1672-170-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1756-178-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\thtttb.exe upx C:\vjvdj.exe upx behavioral1/memory/2736-188-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2052-196-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\lfrxlrx.exe upx C:\nhhbnt.exe upx behavioral1/memory/484-207-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\5bttbb.exe upx \??\c:\pdppp.exe upx behavioral1/memory/1460-223-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1800-231-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\5dvpp.exe upx behavioral1/memory/2044-240-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\lrfflfr.exe upx behavioral1/memory/1160-242-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\3hnttn.exe upx behavioral1/memory/1816-252-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\vpdjj.exe upx behavioral1/memory/1816-260-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/708-263-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\jvppp.exe upx C:\9lxxxxf.exe upx C:\fxrlrrf.exe upx -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
aafcc60288275ae4f5ab74fb72536308e2d83a6d1920a7eb84c0366a77a615b6.exelrflrff.exexrxfrrf.exethtttb.exejvddp.exexrlrfll.exenttbnh.exe3hnnnt.exepjvdd.exefrllrrx.exebthhnt.exehhbhhn.exe1ppvv.exexrfllrx.exerllrxlf.exe9nhnnn.exedescription pid process target process PID 1364 wrote to memory of 2792 1364 aafcc60288275ae4f5ab74fb72536308e2d83a6d1920a7eb84c0366a77a615b6.exe lrflrff.exe PID 1364 wrote to memory of 2792 1364 aafcc60288275ae4f5ab74fb72536308e2d83a6d1920a7eb84c0366a77a615b6.exe lrflrff.exe PID 1364 wrote to memory of 2792 1364 aafcc60288275ae4f5ab74fb72536308e2d83a6d1920a7eb84c0366a77a615b6.exe lrflrff.exe PID 1364 wrote to memory of 2792 1364 aafcc60288275ae4f5ab74fb72536308e2d83a6d1920a7eb84c0366a77a615b6.exe lrflrff.exe PID 2792 wrote to memory of 2168 2792 lrflrff.exe xrxfrrf.exe PID 2792 wrote to memory of 2168 2792 lrflrff.exe xrxfrrf.exe PID 2792 wrote to memory of 2168 2792 lrflrff.exe xrxfrrf.exe PID 2792 wrote to memory of 2168 2792 lrflrff.exe xrxfrrf.exe PID 2168 wrote to memory of 2384 2168 xrxfrrf.exe thtttb.exe PID 2168 wrote to memory of 2384 2168 xrxfrrf.exe thtttb.exe PID 2168 wrote to memory of 2384 2168 xrxfrrf.exe thtttb.exe PID 2168 wrote to memory of 2384 2168 xrxfrrf.exe thtttb.exe PID 2384 wrote to memory of 2536 2384 thtttb.exe jvddp.exe PID 2384 wrote to memory of 2536 2384 thtttb.exe jvddp.exe PID 2384 wrote to memory of 2536 2384 thtttb.exe jvddp.exe PID 2384 wrote to memory of 2536 2384 thtttb.exe jvddp.exe PID 2536 wrote to memory of 2808 2536 jvddp.exe xrlrfll.exe PID 2536 wrote to memory of 2808 2536 jvddp.exe xrlrfll.exe PID 2536 wrote to memory of 2808 2536 jvddp.exe xrlrfll.exe PID 2536 wrote to memory of 2808 2536 jvddp.exe xrlrfll.exe PID 2808 wrote to memory of 2548 2808 xrlrfll.exe nttbnh.exe PID 2808 wrote to memory of 2548 2808 xrlrfll.exe nttbnh.exe PID 2808 wrote to memory of 2548 2808 xrlrfll.exe nttbnh.exe PID 2808 wrote to memory of 2548 2808 xrlrfll.exe nttbnh.exe PID 2548 wrote to memory of 2460 2548 nttbnh.exe 3hnnnt.exe PID 2548 wrote to memory of 2460 2548 nttbnh.exe 3hnnnt.exe PID 2548 wrote to memory of 2460 2548 nttbnh.exe 3hnnnt.exe PID 2548 wrote to memory of 2460 2548 nttbnh.exe 3hnnnt.exe PID 2460 wrote to memory of 2544 2460 3hnnnt.exe pjvdd.exe PID 2460 wrote to memory of 2544 2460 3hnnnt.exe pjvdd.exe PID 2460 wrote to memory of 2544 2460 3hnnnt.exe pjvdd.exe PID 2460 wrote to memory of 2544 2460 3hnnnt.exe pjvdd.exe PID 2544 wrote to memory of 2452 2544 pjvdd.exe frllrrx.exe PID 2544 wrote to memory of 2452 2544 pjvdd.exe frllrrx.exe PID 2544 wrote to memory of 2452 2544 pjvdd.exe frllrrx.exe PID 2544 wrote to memory of 2452 2544 pjvdd.exe frllrrx.exe PID 2452 wrote to memory of 2484 2452 frllrrx.exe bthhnt.exe PID 2452 wrote to memory of 2484 2452 frllrrx.exe bthhnt.exe PID 2452 wrote to memory of 2484 2452 frllrrx.exe bthhnt.exe PID 2452 wrote to memory of 2484 2452 frllrrx.exe bthhnt.exe PID 2484 wrote to memory of 2288 2484 bthhnt.exe hhbhhn.exe PID 2484 wrote to memory of 2288 2484 bthhnt.exe hhbhhn.exe PID 2484 wrote to memory of 2288 2484 bthhnt.exe hhbhhn.exe PID 2484 wrote to memory of 2288 2484 bthhnt.exe hhbhhn.exe PID 2288 wrote to memory of 1992 2288 hhbhhn.exe 1ppvv.exe PID 2288 wrote to memory of 1992 2288 hhbhhn.exe 1ppvv.exe PID 2288 wrote to memory of 1992 2288 hhbhhn.exe 1ppvv.exe PID 2288 wrote to memory of 1992 2288 hhbhhn.exe 1ppvv.exe PID 1992 wrote to memory of 1932 1992 1ppvv.exe xrfllrx.exe PID 1992 wrote to memory of 1932 1992 1ppvv.exe xrfllrx.exe PID 1992 wrote to memory of 1932 1992 1ppvv.exe xrfllrx.exe PID 1992 wrote to memory of 1932 1992 1ppvv.exe xrfllrx.exe PID 1932 wrote to memory of 2012 1932 xrfllrx.exe rllrxlf.exe PID 1932 wrote to memory of 2012 1932 xrfllrx.exe rllrxlf.exe PID 1932 wrote to memory of 2012 1932 xrfllrx.exe rllrxlf.exe PID 1932 wrote to memory of 2012 1932 xrfllrx.exe rllrxlf.exe PID 2012 wrote to memory of 2192 2012 rllrxlf.exe 9nhnnn.exe PID 2012 wrote to memory of 2192 2012 rllrxlf.exe 9nhnnn.exe PID 2012 wrote to memory of 2192 2012 rllrxlf.exe 9nhnnn.exe PID 2012 wrote to memory of 2192 2012 rllrxlf.exe 9nhnnn.exe PID 2192 wrote to memory of 1180 2192 9nhnnn.exe vppvv.exe PID 2192 wrote to memory of 1180 2192 9nhnnn.exe vppvv.exe PID 2192 wrote to memory of 1180 2192 9nhnnn.exe vppvv.exe PID 2192 wrote to memory of 1180 2192 9nhnnn.exe vppvv.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\aafcc60288275ae4f5ab74fb72536308e2d83a6d1920a7eb84c0366a77a615b6.exe"C:\Users\Admin\AppData\Local\Temp\aafcc60288275ae4f5ab74fb72536308e2d83a6d1920a7eb84c0366a77a615b6.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1364 -
\??\c:\lrflrff.exec:\lrflrff.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2792 -
\??\c:\xrxfrrf.exec:\xrxfrrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2168 -
\??\c:\thtttb.exec:\thtttb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2384 -
\??\c:\jvddp.exec:\jvddp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2536 -
\??\c:\xrlrfll.exec:\xrlrfll.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2808 -
\??\c:\nttbnh.exec:\nttbnh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2548 -
\??\c:\3hnnnt.exec:\3hnnnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2460 -
\??\c:\pjvdd.exec:\pjvdd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2544 -
\??\c:\frllrrx.exec:\frllrrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2452 -
\??\c:\bthhnt.exec:\bthhnt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2484 -
\??\c:\hhbhhn.exec:\hhbhhn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2288 -
\??\c:\1ppvv.exec:\1ppvv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1992 -
\??\c:\xrfllrx.exec:\xrfllrx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1932 -
\??\c:\rllrxlf.exec:\rllrxlf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2012 -
\??\c:\9nhnnn.exec:\9nhnnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2192 -
\??\c:\vppvv.exec:\vppvv.exe17⤵
- Executes dropped EXE
PID:1180 -
\??\c:\9pjjp.exec:\9pjjp.exe18⤵
- Executes dropped EXE
PID:1276 -
\??\c:\1frffff.exec:\1frffff.exe19⤵
- Executes dropped EXE
PID:1672 -
\??\c:\btnnht.exec:\btnnht.exe20⤵
- Executes dropped EXE
PID:1756 -
\??\c:\thtttb.exec:\thtttb.exe21⤵
- Executes dropped EXE
PID:2736 -
\??\c:\vjvdj.exec:\vjvdj.exe22⤵
- Executes dropped EXE
PID:2052 -
\??\c:\lfrxlrx.exec:\lfrxlrx.exe23⤵
- Executes dropped EXE
PID:1968 -
\??\c:\nhhbnt.exec:\nhhbnt.exe24⤵
- Executes dropped EXE
PID:484 -
\??\c:\5bttbb.exec:\5bttbb.exe25⤵
- Executes dropped EXE
PID:1460 -
\??\c:\pdppp.exec:\pdppp.exe26⤵
- Executes dropped EXE
PID:1800 -
\??\c:\5dvpp.exec:\5dvpp.exe27⤵
- Executes dropped EXE
PID:2044 -
\??\c:\lrfflfr.exec:\lrfflfr.exe28⤵
- Executes dropped EXE
PID:1160 -
\??\c:\3hnttn.exec:\3hnttn.exe29⤵
- Executes dropped EXE
PID:1816 -
\??\c:\vpdjj.exec:\vpdjj.exe30⤵
- Executes dropped EXE
PID:708 -
\??\c:\jvppp.exec:\jvppp.exe31⤵
- Executes dropped EXE
PID:1924 -
\??\c:\9lxxxxf.exec:\9lxxxxf.exe32⤵
- Executes dropped EXE
PID:2232 -
\??\c:\fxrlrrf.exec:\fxrlrrf.exe33⤵
- Executes dropped EXE
PID:2072 -
\??\c:\nbtbhn.exec:\nbtbhn.exe34⤵
- Executes dropped EXE
PID:2976 -
\??\c:\9vddd.exec:\9vddd.exe35⤵
- Executes dropped EXE
PID:1364 -
\??\c:\dvjpj.exec:\dvjpj.exe36⤵
- Executes dropped EXE
PID:2620 -
\??\c:\rxxfllx.exec:\rxxfllx.exe37⤵
- Executes dropped EXE
PID:2908 -
\??\c:\lrllrrr.exec:\lrllrrr.exe38⤵
- Executes dropped EXE
PID:1584 -
\??\c:\nthtbb.exec:\nthtbb.exe39⤵
- Executes dropped EXE
PID:2168 -
\??\c:\nbbbhh.exec:\nbbbhh.exe40⤵
- Executes dropped EXE
PID:2240 -
\??\c:\thnthb.exec:\thnthb.exe41⤵
- Executes dropped EXE
PID:2540 -
\??\c:\dpvdj.exec:\dpvdj.exe42⤵
- Executes dropped EXE
PID:2576 -
\??\c:\3pvdd.exec:\3pvdd.exe43⤵
- Executes dropped EXE
PID:2556 -
\??\c:\7fllllr.exec:\7fllllr.exe44⤵
- Executes dropped EXE
PID:2520 -
\??\c:\rlrxlll.exec:\rlrxlll.exe45⤵
- Executes dropped EXE
PID:2476 -
\??\c:\7bntbb.exec:\7bntbb.exe46⤵
- Executes dropped EXE
PID:2432 -
\??\c:\jpvpv.exec:\jpvpv.exe47⤵
- Executes dropped EXE
PID:2496 -
\??\c:\pvjdj.exec:\pvjdj.exe48⤵
- Executes dropped EXE
PID:2464 -
\??\c:\fxrrlfl.exec:\fxrrlfl.exe49⤵
- Executes dropped EXE
PID:1896 -
\??\c:\xrlxffl.exec:\xrlxffl.exe50⤵
- Executes dropped EXE
PID:1768 -
\??\c:\7htttn.exec:\7htttn.exe51⤵
- Executes dropped EXE
PID:2316 -
\??\c:\7bttbh.exec:\7bttbh.exe52⤵
- Executes dropped EXE
PID:1920 -
\??\c:\vjppd.exec:\vjppd.exe53⤵
- Executes dropped EXE
PID:2004 -
\??\c:\jdpjd.exec:\jdpjd.exe54⤵
- Executes dropped EXE
PID:2204 -
\??\c:\frlffff.exec:\frlffff.exe55⤵
- Executes dropped EXE
PID:2344 -
\??\c:\rfrxlff.exec:\rfrxlff.exe56⤵
- Executes dropped EXE
PID:2160 -
\??\c:\thhnbt.exec:\thhnbt.exe57⤵
- Executes dropped EXE
PID:956 -
\??\c:\jpvpv.exec:\jpvpv.exe58⤵
- Executes dropped EXE
PID:1620 -
\??\c:\fxxxlxl.exec:\fxxxlxl.exe59⤵
- Executes dropped EXE
PID:1536 -
\??\c:\btbbhh.exec:\btbbhh.exe60⤵
- Executes dropped EXE
PID:2772 -
\??\c:\htbbtt.exec:\htbbtt.exe61⤵
- Executes dropped EXE
PID:1756 -
\??\c:\djppv.exec:\djppv.exe62⤵
- Executes dropped EXE
PID:2100 -
\??\c:\pjjjv.exec:\pjjjv.exe63⤵
- Executes dropped EXE
PID:2108 -
\??\c:\9llrflr.exec:\9llrflr.exe64⤵
- Executes dropped EXE
PID:596 -
\??\c:\nnttbb.exec:\nnttbb.exe65⤵
- Executes dropped EXE
PID:668 -
\??\c:\5httht.exec:\5httht.exe66⤵PID:560
-
\??\c:\5pddp.exec:\5pddp.exe67⤵PID:2864
-
\??\c:\pjjvv.exec:\pjjvv.exe68⤵PID:1652
-
\??\c:\fxfllxl.exec:\fxfllxl.exe69⤵PID:1544
-
\??\c:\rflxxlr.exec:\rflxxlr.exe70⤵PID:1936
-
\??\c:\thbhnh.exec:\thbhnh.exe71⤵PID:3000
-
\??\c:\nnnbht.exec:\nnnbht.exe72⤵PID:1104
-
\??\c:\5jvjd.exec:\5jvjd.exe73⤵PID:1164
-
\??\c:\jjppj.exec:\jjppj.exe74⤵PID:3056
-
\??\c:\frfxfll.exec:\frfxfll.exe75⤵PID:1132
-
\??\c:\9lxlffr.exec:\9lxlffr.exe76⤵PID:2172
-
\??\c:\thttth.exec:\thttth.exe77⤵PID:2996
-
\??\c:\nnnbht.exec:\nnnbht.exe78⤵PID:2032
-
\??\c:\dvjjd.exec:\dvjjd.exe79⤵PID:2976
-
\??\c:\pjvdd.exec:\pjvdd.exe80⤵PID:2856
-
\??\c:\rlllrrx.exec:\rlllrrx.exe81⤵PID:2092
-
\??\c:\lfxflxf.exec:\lfxflxf.exe82⤵PID:2916
-
\??\c:\rlffrlr.exec:\rlffrlr.exe83⤵PID:2744
-
\??\c:\hbtbtt.exec:\hbtbtt.exe84⤵PID:2652
-
\??\c:\9jjdd.exec:\9jjdd.exe85⤵PID:2580
-
\??\c:\5dpjj.exec:\5dpjj.exe86⤵PID:2808
-
\??\c:\rlfrlrx.exec:\rlfrlrx.exe87⤵PID:2696
-
\??\c:\lrrrfff.exec:\lrrrfff.exe88⤵PID:2596
-
\??\c:\7bhnnh.exec:\7bhnnh.exe89⤵PID:2460
-
\??\c:\3ntbhh.exec:\3ntbhh.exe90⤵PID:2444
-
\??\c:\pdjjp.exec:\pdjjp.exe91⤵PID:2544
-
\??\c:\jvpjj.exec:\jvpjj.exe92⤵PID:2952
-
\??\c:\xlxxxrf.exec:\xlxxxrf.exe93⤵PID:2452
-
\??\c:\fxxlrxl.exec:\fxxlrxl.exe94⤵PID:940
-
\??\c:\lxlfrrr.exec:\lxlfrrr.exe95⤵PID:1768
-
\??\c:\hbhttb.exec:\hbhttb.exe96⤵PID:1996
-
\??\c:\1hbbbh.exec:\1hbbbh.exe97⤵PID:1204
-
\??\c:\dvdjj.exec:\dvdjj.exe98⤵PID:1900
-
\??\c:\jdpjj.exec:\jdpjj.exe99⤵PID:2196
-
\??\c:\lxlrxlx.exec:\lxlrxlx.exe100⤵PID:2408
-
\??\c:\xrllxfr.exec:\xrllxfr.exe101⤵PID:808
-
\??\c:\3bnthn.exec:\3bnthn.exe102⤵PID:1180
-
\??\c:\7hhthb.exec:\7hhthb.exe103⤵PID:1628
-
\??\c:\dppvd.exec:\dppvd.exe104⤵PID:1616
-
\??\c:\dpvpj.exec:\dpvpj.exe105⤵PID:2772
-
\??\c:\rfxllll.exec:\rfxllll.exe106⤵PID:2060
-
\??\c:\rrxrrrr.exec:\rrxrrrr.exe107⤵PID:2100
-
\??\c:\rlfxlxx.exec:\rlfxlxx.exe108⤵PID:600
-
\??\c:\3htnbb.exec:\3htnbb.exe109⤵PID:280
-
\??\c:\htbtnn.exec:\htbtnn.exe110⤵PID:2120
-
\??\c:\3dpvv.exec:\3dpvv.exe111⤵PID:840
-
\??\c:\jvjjj.exec:\jvjjj.exe112⤵PID:1296
-
\??\c:\xxllrxr.exec:\xxllrxr.exe113⤵PID:1128
-
\??\c:\rllrxff.exec:\rllrxff.exe114⤵PID:980
-
\??\c:\bnbhbh.exec:\bnbhbh.exe115⤵PID:2220
-
\??\c:\tbthhb.exec:\tbthhb.exe116⤵PID:2312
-
\??\c:\3bnhbh.exec:\3bnhbh.exe117⤵PID:2088
-
\??\c:\dvpdj.exec:\dvpdj.exe118⤵PID:1104
-
\??\c:\dpddd.exec:\dpddd.exe119⤵PID:1164
-
\??\c:\rfrllrx.exec:\rfrllrx.exe120⤵PID:2944
-
\??\c:\lflrflx.exec:\lflrflx.exe121⤵PID:888
-
\??\c:\5htbbt.exec:\5htbbt.exe122⤵PID:2244
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-