Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
21-06-2024 02:09
Behavioral task
behavioral1
Sample
aafcc60288275ae4f5ab74fb72536308e2d83a6d1920a7eb84c0366a77a615b6.exe
Resource
win7-20231129-en
6 signatures
150 seconds
General
-
Target
aafcc60288275ae4f5ab74fb72536308e2d83a6d1920a7eb84c0366a77a615b6.exe
-
Size
77KB
-
MD5
1acd552d4ec52d9962234cfe51ea5649
-
SHA1
88730848455ce1e1a0c42c2d081b1a53a3f82656
-
SHA256
aafcc60288275ae4f5ab74fb72536308e2d83a6d1920a7eb84c0366a77a615b6
-
SHA512
58b5927f9cfe3e605dbff229b4d8a2e079fd3045441ce29b9a96d4ae04dce7a0227a6570b2202c4b08fc0a64d2367818c39fa81430e6d160a6d5e872f3902673
-
SSDEEP
1536:9vQBeOGtrYS3srx93UBWfwC6Ggnouy8PbhnyLFWoFLAxZhMDzE8mpcNoK:9hOmTsF93UYfwC6GIoutz5yLpOSDpoK
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
Processes:
resource yara_rule behavioral2/memory/1836-5-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3612-8-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/632-17-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2948-23-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1704-32-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4200-41-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4164-51-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1888-106-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2060-117-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3540-230-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2828-252-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4968-286-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4944-373-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1788-384-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3600-398-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1724-428-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3516-437-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1084-380-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3176-449-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2364-362-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/648-355-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1080-347-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2856-340-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4624-336-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/960-326-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4572-294-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4844-288-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4468-279-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1740-264-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1676-250-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3104-237-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1716-218-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4044-214-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4612-203-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3816-199-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/676-196-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/620-193-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1828-182-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2172-171-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3412-166-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2516-160-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4804-137-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3056-129-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2236-119-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3440-104-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3416-98-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2496-87-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4988-85-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4272-80-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4824-69-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3424-66-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3000-61-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/912-49-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4728-514-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4356-558-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3336-569-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2252-600-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2708-620-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4200-641-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5088-660-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/312-664-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1888-688-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4920-705-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4612-769-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
Processes:
resource yara_rule behavioral2/memory/1836-0-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\9rxxrrl.exe UPX behavioral2/memory/1836-5-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3612-8-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\1hnnhh.exe UPX behavioral2/memory/632-17-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\tbbbnh.exe UPX behavioral2/memory/1484-25-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\dpvjd.exe UPX behavioral2/memory/2948-23-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1704-32-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\xrxxrrr.exe UPX C:\3rlfffr.exe UPX behavioral2/memory/4200-37-0x0000000000400000-0x0000000000427000-memory.dmp UPX C:\5tnntn.exe UPX behavioral2/memory/4200-41-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4164-51-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\jpjjd.exe UPX \??\c:\vjppp.exe UPX behavioral2/memory/4272-74-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\lxllfll.exe UPX \??\c:\1bbhbt.exe UPX \??\c:\3ddjd.exe UPX behavioral2/memory/1888-106-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\5frrrrx.exe UPX behavioral2/memory/2060-117-0x0000000000400000-0x0000000000427000-memory.dmp UPX \??\c:\hbhbhh.exe UPX \??\c:\5pppd.exe UPX \??\c:\fxfxrrx.exe UPX \??\c:\djppj.exe UPX \??\c:\lrxllll.exe UPX C:\bthbtt.exe UPX \??\c:\ppjjj.exe UPX behavioral2/memory/3540-230-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4364-233-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2828-252-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3092-268-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4968-286-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4500-313-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2364-358-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4944-373-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1788-384-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3856-385-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3600-398-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2984-417-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1724-428-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3516-437-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2720-441-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1084-380-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3176-445-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1084-376-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3176-449-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2364-362-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1928-456-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/648-355-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1080-347-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2856-340-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4624-336-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/960-326-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4572-294-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4844-288-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4968-282-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4468-279-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1740-264-0x0000000000400000-0x0000000000427000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
Processes:
9rxxrrl.exetbbbnh.exe1hnnhh.exedpvjd.exexrxxrrr.exe3rlfffr.exe5tnntn.exentnhhh.exejpjjd.exevjppp.exerflrrrr.exelxllfll.exettnnhh.exe1bbhbt.exeddjdd.exe3ddjd.exerlfxlrl.exe5frrrrx.exehbhbhh.exe7hnttt.exe5pppd.exexrrlllf.exefxfxrrx.exexxflrxx.exebthhnn.exebntntt.exedjppj.exeffllfll.exelrxllll.exehhnhbh.exebthbtt.exeppjjj.exejpdvv.exexxflfrl.exefrxxrrr.exenhbnnh.exebtnnhh.exe5bbbth.exevjpjv.exepjjjv.exexfllxxx.exelffrlrl.exelfffxfx.exenhnhbb.exehbbbbb.exejpddv.exe3dvjd.exevjdvv.exellrlfff.exe5lffxxx.exenhbbtt.exethhbbb.exe5dvjd.exejvppj.exerlflllr.exerffxrrr.exerllffrr.exebtnntt.exebhhhbb.exevvjpp.exevppjv.exefxfxxxf.exefxrllff.exerfffflf.exepid process 3612 9rxxrrl.exe 632 tbbbnh.exe 2948 1hnnhh.exe 1484 dpvjd.exe 1704 xrxxrrr.exe 4200 3rlfffr.exe 912 5tnntn.exe 4164 ntnhhh.exe 3000 jpjjd.exe 3424 vjppp.exe 4824 rflrrrr.exe 4272 lxllfll.exe 4988 ttnnhh.exe 2496 1bbhbt.exe 3416 ddjdd.exe 3440 3ddjd.exe 1888 rlfxlrl.exe 2060 5frrrrx.exe 2236 hbhbhh.exe 3056 7hnttt.exe 4624 5pppd.exe 4804 xrrlllf.exe 1080 fxfxrrx.exe 1700 xxflrxx.exe 2516 bthhnn.exe 3412 bntntt.exe 2172 djppj.exe 1932 ffllfll.exe 1828 lrxllll.exe 1084 hhnhbh.exe 620 bthbtt.exe 676 ppjjj.exe 3816 jpdvv.exe 4612 xxflfrl.exe 1876 frxxrrr.exe 4044 nhbnnh.exe 1716 btnnhh.exe 3356 5bbbth.exe 4792 vjpjv.exe 1200 pjjjv.exe 3540 xfllxxx.exe 4364 lffrlrl.exe 3104 lfffxfx.exe 3980 nhnhbb.exe 2772 hbbbbb.exe 1676 jpddv.exe 2828 3dvjd.exe 224 vjdvv.exe 1276 llrlfff.exe 1740 5lffxxx.exe 932 nhbbtt.exe 3092 thhbbb.exe 3040 5dvjd.exe 3648 jvppj.exe 4468 rlflllr.exe 4968 rffxrrr.exe 4844 rllffrr.exe 4988 btnntt.exe 4572 bhhhbb.exe 4836 vvjpp.exe 4712 vppjv.exe 1436 fxfxxxf.exe 4556 fxrllff.exe 396 rfffflf.exe -
Processes:
resource yara_rule behavioral2/memory/1836-0-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\9rxxrrl.exe upx behavioral2/memory/1836-5-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3612-8-0x0000000000400000-0x0000000000427000-memory.dmp upx \??\c:\1hnnhh.exe upx behavioral2/memory/632-17-0x0000000000400000-0x0000000000427000-memory.dmp upx \??\c:\tbbbnh.exe upx behavioral2/memory/1484-25-0x0000000000400000-0x0000000000427000-memory.dmp upx \??\c:\dpvjd.exe upx behavioral2/memory/2948-23-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1704-32-0x0000000000400000-0x0000000000427000-memory.dmp upx \??\c:\xrxxrrr.exe upx C:\3rlfffr.exe upx behavioral2/memory/4200-37-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\5tnntn.exe upx behavioral2/memory/4200-41-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4164-51-0x0000000000400000-0x0000000000427000-memory.dmp upx \??\c:\jpjjd.exe upx \??\c:\vjppp.exe upx behavioral2/memory/4272-74-0x0000000000400000-0x0000000000427000-memory.dmp upx \??\c:\lxllfll.exe upx \??\c:\1bbhbt.exe upx \??\c:\3ddjd.exe upx behavioral2/memory/1888-106-0x0000000000400000-0x0000000000427000-memory.dmp upx \??\c:\5frrrrx.exe upx behavioral2/memory/2060-117-0x0000000000400000-0x0000000000427000-memory.dmp upx \??\c:\hbhbhh.exe upx \??\c:\5pppd.exe upx \??\c:\fxfxrrx.exe upx \??\c:\djppj.exe upx \??\c:\lrxllll.exe upx C:\bthbtt.exe upx \??\c:\ppjjj.exe upx behavioral2/memory/3540-230-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4364-233-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2828-252-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3092-268-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4968-286-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4500-313-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2364-358-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4944-373-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1788-384-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3856-385-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3600-398-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2984-417-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1724-428-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3516-437-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2720-441-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1084-380-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3176-445-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1084-376-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3176-449-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2364-362-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1928-456-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/648-355-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1080-347-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2856-340-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4624-336-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/960-326-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4572-294-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4844-288-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4968-282-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4468-279-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1740-264-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
aafcc60288275ae4f5ab74fb72536308e2d83a6d1920a7eb84c0366a77a615b6.exe9rxxrrl.exetbbbnh.exe1hnnhh.exedpvjd.exexrxxrrr.exe3rlfffr.exe5tnntn.exentnhhh.exejpjjd.exevjppp.exerflrrrr.exelxllfll.exettnnhh.exe1bbhbt.exeddjdd.exe3ddjd.exerlfxlrl.exe5frrrrx.exehbhbhh.exe7hnttt.exe5pppd.exedescription pid process target process PID 1836 wrote to memory of 3612 1836 aafcc60288275ae4f5ab74fb72536308e2d83a6d1920a7eb84c0366a77a615b6.exe 9rxxrrl.exe PID 1836 wrote to memory of 3612 1836 aafcc60288275ae4f5ab74fb72536308e2d83a6d1920a7eb84c0366a77a615b6.exe 9rxxrrl.exe PID 1836 wrote to memory of 3612 1836 aafcc60288275ae4f5ab74fb72536308e2d83a6d1920a7eb84c0366a77a615b6.exe 9rxxrrl.exe PID 3612 wrote to memory of 632 3612 9rxxrrl.exe tbbbnh.exe PID 3612 wrote to memory of 632 3612 9rxxrrl.exe tbbbnh.exe PID 3612 wrote to memory of 632 3612 9rxxrrl.exe tbbbnh.exe PID 632 wrote to memory of 2948 632 tbbbnh.exe 1hnnhh.exe PID 632 wrote to memory of 2948 632 tbbbnh.exe 1hnnhh.exe PID 632 wrote to memory of 2948 632 tbbbnh.exe 1hnnhh.exe PID 2948 wrote to memory of 1484 2948 1hnnhh.exe dpvjd.exe PID 2948 wrote to memory of 1484 2948 1hnnhh.exe dpvjd.exe PID 2948 wrote to memory of 1484 2948 1hnnhh.exe dpvjd.exe PID 1484 wrote to memory of 1704 1484 dpvjd.exe xrxxrrr.exe PID 1484 wrote to memory of 1704 1484 dpvjd.exe xrxxrrr.exe PID 1484 wrote to memory of 1704 1484 dpvjd.exe xrxxrrr.exe PID 1704 wrote to memory of 4200 1704 xrxxrrr.exe bhhbbb.exe PID 1704 wrote to memory of 4200 1704 xrxxrrr.exe bhhbbb.exe PID 1704 wrote to memory of 4200 1704 xrxxrrr.exe bhhbbb.exe PID 4200 wrote to memory of 912 4200 3rlfffr.exe 5tnntn.exe PID 4200 wrote to memory of 912 4200 3rlfffr.exe 5tnntn.exe PID 4200 wrote to memory of 912 4200 3rlfffr.exe 5tnntn.exe PID 912 wrote to memory of 4164 912 5tnntn.exe ntnhhh.exe PID 912 wrote to memory of 4164 912 5tnntn.exe ntnhhh.exe PID 912 wrote to memory of 4164 912 5tnntn.exe ntnhhh.exe PID 4164 wrote to memory of 3000 4164 ntnhhh.exe jpjjd.exe PID 4164 wrote to memory of 3000 4164 ntnhhh.exe jpjjd.exe PID 4164 wrote to memory of 3000 4164 ntnhhh.exe jpjjd.exe PID 3000 wrote to memory of 3424 3000 jpjjd.exe vjppp.exe PID 3000 wrote to memory of 3424 3000 jpjjd.exe vjppp.exe PID 3000 wrote to memory of 3424 3000 jpjjd.exe vjppp.exe PID 3424 wrote to memory of 4824 3424 vjppp.exe rflrrrr.exe PID 3424 wrote to memory of 4824 3424 vjppp.exe rflrrrr.exe PID 3424 wrote to memory of 4824 3424 vjppp.exe rflrrrr.exe PID 4824 wrote to memory of 4272 4824 rflrrrr.exe lxllfll.exe PID 4824 wrote to memory of 4272 4824 rflrrrr.exe lxllfll.exe PID 4824 wrote to memory of 4272 4824 rflrrrr.exe lxllfll.exe PID 4272 wrote to memory of 4988 4272 lxllfll.exe flrrlxx.exe PID 4272 wrote to memory of 4988 4272 lxllfll.exe flrrlxx.exe PID 4272 wrote to memory of 4988 4272 lxllfll.exe flrrlxx.exe PID 4988 wrote to memory of 2496 4988 ttnnhh.exe 1bbhbt.exe PID 4988 wrote to memory of 2496 4988 ttnnhh.exe 1bbhbt.exe PID 4988 wrote to memory of 2496 4988 ttnnhh.exe 1bbhbt.exe PID 2496 wrote to memory of 3416 2496 1bbhbt.exe 3jddp.exe PID 2496 wrote to memory of 3416 2496 1bbhbt.exe 3jddp.exe PID 2496 wrote to memory of 3416 2496 1bbhbt.exe 3jddp.exe PID 3416 wrote to memory of 3440 3416 ddjdd.exe xflfxxx.exe PID 3416 wrote to memory of 3440 3416 ddjdd.exe xflfxxx.exe PID 3416 wrote to memory of 3440 3416 ddjdd.exe xflfxxx.exe PID 3440 wrote to memory of 1888 3440 3ddjd.exe rlfxlrl.exe PID 3440 wrote to memory of 1888 3440 3ddjd.exe rlfxlrl.exe PID 3440 wrote to memory of 1888 3440 3ddjd.exe rlfxlrl.exe PID 1888 wrote to memory of 2060 1888 rlfxlrl.exe 5frrrrx.exe PID 1888 wrote to memory of 2060 1888 rlfxlrl.exe 5frrrrx.exe PID 1888 wrote to memory of 2060 1888 rlfxlrl.exe 5frrrrx.exe PID 2060 wrote to memory of 2236 2060 5frrrrx.exe hbhbhh.exe PID 2060 wrote to memory of 2236 2060 5frrrrx.exe hbhbhh.exe PID 2060 wrote to memory of 2236 2060 5frrrrx.exe hbhbhh.exe PID 2236 wrote to memory of 3056 2236 hbhbhh.exe 7hnttt.exe PID 2236 wrote to memory of 3056 2236 hbhbhh.exe 7hnttt.exe PID 2236 wrote to memory of 3056 2236 hbhbhh.exe 7hnttt.exe PID 3056 wrote to memory of 4624 3056 7hnttt.exe 5pppd.exe PID 3056 wrote to memory of 4624 3056 7hnttt.exe 5pppd.exe PID 3056 wrote to memory of 4624 3056 7hnttt.exe 5pppd.exe PID 4624 wrote to memory of 4804 4624 5pppd.exe xrrlllf.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\aafcc60288275ae4f5ab74fb72536308e2d83a6d1920a7eb84c0366a77a615b6.exe"C:\Users\Admin\AppData\Local\Temp\aafcc60288275ae4f5ab74fb72536308e2d83a6d1920a7eb84c0366a77a615b6.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1836 -
\??\c:\9rxxrrl.exec:\9rxxrrl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3612 -
\??\c:\tbbbnh.exec:\tbbbnh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:632 -
\??\c:\1hnnhh.exec:\1hnnhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2948 -
\??\c:\dpvjd.exec:\dpvjd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1484 -
\??\c:\xrxxrrr.exec:\xrxxrrr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1704 -
\??\c:\3rlfffr.exec:\3rlfffr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4200 -
\??\c:\5tnntn.exec:\5tnntn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:912 -
\??\c:\ntnhhh.exec:\ntnhhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4164 -
\??\c:\jpjjd.exec:\jpjjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3000 -
\??\c:\vjppp.exec:\vjppp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3424 -
\??\c:\rflrrrr.exec:\rflrrrr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4824 -
\??\c:\lxllfll.exec:\lxllfll.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4272 -
\??\c:\ttnnhh.exec:\ttnnhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4988 -
\??\c:\1bbhbt.exec:\1bbhbt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2496 -
\??\c:\ddjdd.exec:\ddjdd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3416 -
\??\c:\3ddjd.exec:\3ddjd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3440 -
\??\c:\rlfxlrl.exec:\rlfxlrl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1888 -
\??\c:\5frrrrx.exec:\5frrrrx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2060 -
\??\c:\hbhbhh.exec:\hbhbhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2236 -
\??\c:\7hnttt.exec:\7hnttt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3056 -
\??\c:\5pppd.exec:\5pppd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4624 -
\??\c:\xrrlllf.exec:\xrrlllf.exe23⤵
- Executes dropped EXE
PID:4804 -
\??\c:\fxfxrrx.exec:\fxfxrrx.exe24⤵
- Executes dropped EXE
PID:1080 -
\??\c:\xxflrxx.exec:\xxflrxx.exe25⤵
- Executes dropped EXE
PID:1700 -
\??\c:\bthhnn.exec:\bthhnn.exe26⤵
- Executes dropped EXE
PID:2516 -
\??\c:\bntntt.exec:\bntntt.exe27⤵
- Executes dropped EXE
PID:3412 -
\??\c:\djppj.exec:\djppj.exe28⤵
- Executes dropped EXE
PID:2172 -
\??\c:\ffllfll.exec:\ffllfll.exe29⤵
- Executes dropped EXE
PID:1932 -
\??\c:\lrxllll.exec:\lrxllll.exe30⤵
- Executes dropped EXE
PID:1828 -
\??\c:\hhnhbh.exec:\hhnhbh.exe31⤵
- Executes dropped EXE
PID:1084 -
\??\c:\bthbtt.exec:\bthbtt.exe32⤵
- Executes dropped EXE
PID:620 -
\??\c:\ppjjj.exec:\ppjjj.exe33⤵
- Executes dropped EXE
PID:676 -
\??\c:\jpdvv.exec:\jpdvv.exe34⤵
- Executes dropped EXE
PID:3816 -
\??\c:\xxflfrl.exec:\xxflfrl.exe35⤵
- Executes dropped EXE
PID:4612 -
\??\c:\frxxrrr.exec:\frxxrrr.exe36⤵
- Executes dropped EXE
PID:1876 -
\??\c:\nhbnnh.exec:\nhbnnh.exe37⤵
- Executes dropped EXE
PID:4044 -
\??\c:\btnnhh.exec:\btnnhh.exe38⤵
- Executes dropped EXE
PID:1716 -
\??\c:\5bbbth.exec:\5bbbth.exe39⤵
- Executes dropped EXE
PID:3356 -
\??\c:\vjpjv.exec:\vjpjv.exe40⤵
- Executes dropped EXE
PID:4792 -
\??\c:\pjjjv.exec:\pjjjv.exe41⤵
- Executes dropped EXE
PID:1200 -
\??\c:\xfllxxx.exec:\xfllxxx.exe42⤵
- Executes dropped EXE
PID:3540 -
\??\c:\lffrlrl.exec:\lffrlrl.exe43⤵
- Executes dropped EXE
PID:4364 -
\??\c:\lfffxfx.exec:\lfffxfx.exe44⤵
- Executes dropped EXE
PID:3104 -
\??\c:\nhnhbb.exec:\nhnhbb.exe45⤵
- Executes dropped EXE
PID:3980 -
\??\c:\hbbbbb.exec:\hbbbbb.exe46⤵
- Executes dropped EXE
PID:2772 -
\??\c:\jpddv.exec:\jpddv.exe47⤵
- Executes dropped EXE
PID:1676 -
\??\c:\3dvjd.exec:\3dvjd.exe48⤵
- Executes dropped EXE
PID:2828 -
\??\c:\vjdvv.exec:\vjdvv.exe49⤵
- Executes dropped EXE
PID:224 -
\??\c:\llrlfff.exec:\llrlfff.exe50⤵
- Executes dropped EXE
PID:1276 -
\??\c:\5lffxxx.exec:\5lffxxx.exe51⤵
- Executes dropped EXE
PID:1740 -
\??\c:\nhbbtt.exec:\nhbbtt.exe52⤵
- Executes dropped EXE
PID:932 -
\??\c:\thhbbb.exec:\thhbbb.exe53⤵
- Executes dropped EXE
PID:3092 -
\??\c:\5dvjd.exec:\5dvjd.exe54⤵
- Executes dropped EXE
PID:3040 -
\??\c:\jvppj.exec:\jvppj.exe55⤵
- Executes dropped EXE
PID:3648 -
\??\c:\rlflllr.exec:\rlflllr.exe56⤵
- Executes dropped EXE
PID:4468 -
\??\c:\rffxrrr.exec:\rffxrrr.exe57⤵
- Executes dropped EXE
PID:4968 -
\??\c:\rllffrr.exec:\rllffrr.exe58⤵
- Executes dropped EXE
PID:4844 -
\??\c:\btnntt.exec:\btnntt.exe59⤵
- Executes dropped EXE
PID:4988 -
\??\c:\bhhhbb.exec:\bhhhbb.exe60⤵
- Executes dropped EXE
PID:4572 -
\??\c:\vvjpp.exec:\vvjpp.exe61⤵
- Executes dropped EXE
PID:4836 -
\??\c:\vppjv.exec:\vppjv.exe62⤵
- Executes dropped EXE
PID:4712 -
\??\c:\fxfxxxf.exec:\fxfxxxf.exe63⤵
- Executes dropped EXE
PID:1436 -
\??\c:\fxrllff.exec:\fxrllff.exe64⤵
- Executes dropped EXE
PID:4556 -
\??\c:\rfffflf.exec:\rfffflf.exe65⤵
- Executes dropped EXE
PID:396 -
\??\c:\btnhhb.exec:\btnhhb.exe66⤵PID:4500
-
\??\c:\bnbbtt.exec:\bnbbtt.exe67⤵PID:1076
-
\??\c:\jdpjp.exec:\jdpjp.exe68⤵PID:3960
-
\??\c:\jjjpp.exec:\jjjpp.exe69⤵PID:960
-
\??\c:\vvpjp.exec:\vvpjp.exe70⤵PID:1064
-
\??\c:\xffxllx.exec:\xffxllx.exe71⤵PID:1572
-
\??\c:\rllxrxf.exec:\rllxrxf.exe72⤵PID:4624
-
\??\c:\frfxrlf.exec:\frfxrlf.exe73⤵PID:2856
-
\??\c:\tnbbhh.exec:\tnbbhh.exe74⤵PID:2136
-
\??\c:\btbtnh.exec:\btbtnh.exe75⤵PID:1080
-
\??\c:\jvdpj.exec:\jvdpj.exe76⤵PID:760
-
\??\c:\dpvvp.exec:\dpvvp.exe77⤵PID:4604
-
\??\c:\5vdvp.exec:\5vdvp.exe78⤵PID:648
-
\??\c:\xrlflfl.exec:\xrlflfl.exe79⤵PID:2364
-
\??\c:\ffxfxll.exec:\ffxfxll.exe80⤵PID:388
-
\??\c:\5bbttn.exec:\5bbttn.exe81⤵PID:3696
-
\??\c:\nhhbtt.exec:\nhhbtt.exe82⤵PID:2884
-
\??\c:\thbhbb.exec:\thbhbb.exe83⤵PID:4944
-
\??\c:\5vvpp.exec:\5vvpp.exe84⤵PID:1084
-
\??\c:\7pdvp.exec:\7pdvp.exe85⤵PID:1788
-
\??\c:\7rxfxfx.exec:\7rxfxfx.exe86⤵PID:3856
-
\??\c:\lrfffff.exec:\lrfffff.exe87⤵PID:980
-
\??\c:\ffffxfx.exec:\ffffxfx.exe88⤵PID:3816
-
\??\c:\9bbtnh.exec:\9bbtnh.exe89⤵PID:4612
-
\??\c:\httbbh.exec:\httbbh.exe90⤵PID:3600
-
\??\c:\vjvvp.exec:\vjvvp.exe91⤵PID:3904
-
\??\c:\vpdvj.exec:\vpdvj.exe92⤵PID:4044
-
\??\c:\9jdvd.exec:\9jdvd.exe93⤵PID:1716
-
\??\c:\lfrrrrx.exec:\lfrrrrx.exe94⤵PID:1464
-
\??\c:\rrrllll.exec:\rrrllll.exe95⤵PID:1208
-
\??\c:\bthhbb.exec:\bthhbb.exe96⤵PID:2984
-
\??\c:\nnhbtt.exec:\nnhbtt.exe97⤵PID:1264
-
\??\c:\thtnhn.exec:\thtnhn.exe98⤵PID:3216
-
\??\c:\vddjv.exec:\vddjv.exe99⤵PID:1724
-
\??\c:\5jdvp.exec:\5jdvp.exe100⤵PID:208
-
\??\c:\3dppd.exec:\3dppd.exe101⤵PID:3980
-
\??\c:\lrffrfx.exec:\lrffrfx.exe102⤵PID:3516
-
\??\c:\rllllll.exec:\rllllll.exe103⤵PID:2720
-
\??\c:\7bnnnh.exec:\7bnnnh.exe104⤵PID:3176
-
\??\c:\1btttt.exec:\1btttt.exe105⤵PID:4244
-
\??\c:\bhhbbb.exec:\bhhbbb.exe106⤵PID:4200
-
\??\c:\jpvpv.exec:\jpvpv.exe107⤵PID:1928
-
\??\c:\7pppj.exec:\7pppj.exe108⤵PID:2384
-
\??\c:\rllfffx.exec:\rllfffx.exe109⤵PID:2900
-
\??\c:\5xffllf.exec:\5xffllf.exe110⤵PID:4496
-
\??\c:\htbbtt.exec:\htbbtt.exe111⤵PID:5088
-
\??\c:\tnhhtt.exec:\tnhhtt.exe112⤵PID:1768
-
\??\c:\3dddp.exec:\3dddp.exe113⤵PID:4468
-
\??\c:\jjvvp.exec:\jjvvp.exe114⤵PID:3708
-
\??\c:\lffxrxr.exec:\lffxrxr.exe115⤵PID:4524
-
\??\c:\flrrlxx.exec:\flrrlxx.exe116⤵PID:4988
-
\??\c:\7nttnt.exec:\7nttnt.exe117⤵PID:5032
-
\??\c:\nbhttn.exec:\nbhttn.exe118⤵PID:4896
-
\??\c:\3jddp.exec:\3jddp.exe119⤵PID:3416
-
\??\c:\dvpjd.exec:\dvpjd.exe120⤵PID:4324
-
\??\c:\xflfxxx.exec:\xflfxxx.exe121⤵PID:3440
-
\??\c:\dpvvp.exec:\dpvvp.exe122⤵PID:4940
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-