Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
21-06-2024 03:21
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c606a2a9f80df8eb76648217fc15ea6ee691fa1dc2b28ced9f55a44a10ec3933.exe
Resource
win7-20231129-en
6 signatures
150 seconds
General
-
Target
c606a2a9f80df8eb76648217fc15ea6ee691fa1dc2b28ced9f55a44a10ec3933.exe
-
Size
484KB
-
MD5
f280c90aa96bb3e98dda14dfcb4590ea
-
SHA1
a7524c0f29d52db6817517eb434cc27b74099a5d
-
SHA256
c606a2a9f80df8eb76648217fc15ea6ee691fa1dc2b28ced9f55a44a10ec3933
-
SHA512
774cb2405a731a335373c8647802285d109017c3ffe0566b9d65ce5fbbc0de83d795d0c6fe6c2d319853a0444ef10436f099a057cc0b99cdca1df6843b6217cb
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwu1b26X1wjhtSizj4:q7Tc2NYHUrAwqzce
Malware Config
Signatures
-
Detect Blackmoon payload 38 IoCs
Processes:
resource yara_rule behavioral1/memory/948-7-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2184-21-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1468-17-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2596-47-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2908-56-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2044-67-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2692-65-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2616-84-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2468-87-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2996-102-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/952-111-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2520-120-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/320-129-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2816-138-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2772-156-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2264-181-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2012-192-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2228-207-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1988-216-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2124-225-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/1792-242-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1076-261-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2948-279-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1760-295-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2332-296-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2332-299-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/948-310-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2724-363-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2504-389-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2828-396-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1108-410-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2796-417-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2796-424-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1776-461-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1080-832-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1716-882-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2892-921-0x00000000001B0000-0x00000000001DA000-memory.dmp family_blackmoon behavioral1/memory/404-1373-0x00000000003C0000-0x00000000003EA000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
Processes:
resource yara_rule behavioral1/memory/948-0-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/948-7-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2184-21-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1468-17-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/3040-28-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2596-47-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2908-56-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2044-67-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2692-65-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2616-84-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2468-87-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2996-102-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/952-111-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2520-120-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/320-129-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2816-138-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2772-147-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2772-156-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2264-181-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2012-192-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2228-207-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1988-216-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1792-242-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1076-261-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2948-279-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1760-295-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2332-296-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/948-310-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1604-311-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2784-331-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2724-356-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2724-363-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2496-370-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2504-389-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2828-396-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1728-397-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1108-410-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2796-417-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2796-424-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1776-461-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2032-486-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/868-511-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1792-531-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2536-594-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2596-626-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2516-663-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2816-719-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2812-726-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1864-769-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2312-788-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2324-795-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1080-832-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1716-882-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2532-895-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2652-908-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2892-921-0x00000000001B0000-0x00000000001DA000-memory.dmp UPX behavioral1/memory/2820-966-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2800-979-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2632-998-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1700-1078-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1188-1097-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/108-1128-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1716-1174-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1604-1181-0x0000000000400000-0x000000000042A000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
Processes:
vpdvd.exetnbbhh.exenntntt.exenbhhtt.exeddpvd.exeflrflrx.exepvjdj.exe5lflllx.exebthhnn.exe3pvdd.exejjjdp.exehbttbb.exexrxxxxf.exe3nbhhh.exevppjj.exettnttn.exedpdjj.exe3frxflr.exevpdvd.exe3pjvj.exetnhbnt.exepjvpv.exexrffxxf.exepvdvv.exefrlflfl.exebhbhtb.exe3lffllr.exebbnhnt.exe7pjjv.exefxxlrfl.exepddpv.exevpvjv.exenhhnbh.exedjppd.exelfrlllr.exehhhnbn.exebhbttt.exepdjdj.exerlxfrrf.exeffrrrfl.exennhthn.exedpdpp.exe9xlllll.exe7bhttn.exevdvpj.exefrlxllr.exexrflrfl.exetnnnbb.exedjjvd.exerlflflx.exe9flxfrf.exennnthb.exeddvjv.exe5frrrxf.exerllfrxl.exetntbbh.exe1dvjp.exerllrxfr.exe5lrxflx.exe3nbhnt.exe5pdjv.exejjpvp.exerlfflrf.exebbbbnn.exepid process 1468 vpdvd.exe 2184 tnbbhh.exe 3040 nntntt.exe 2596 nbhhtt.exe 2908 ddpvd.exe 2692 flrflrx.exe 2044 pvjdj.exe 2616 5lflllx.exe 2468 bthhnn.exe 2996 3pvdd.exe 952 jjjdp.exe 2520 hbttbb.exe 320 xrxxxxf.exe 2816 3nbhhh.exe 2764 vppjj.exe 2772 ttnttn.exe 1684 dpdjj.exe 2984 3frxflr.exe 2264 vpdvd.exe 2036 3pjvj.exe 2012 tnhbnt.exe 2228 pjvpv.exe 1988 xrffxxf.exe 2124 pvdvv.exe 2400 frlflfl.exe 1792 bhbhtb.exe 1168 3lffllr.exe 1856 bbnhnt.exe 1076 7pjjv.exe 2960 fxxlrfl.exe 2948 pddpv.exe 1760 vpvjv.exe 2332 nhhnbh.exe 948 djppd.exe 1604 lfrlllr.exe 2532 hhhnbn.exe 1644 bhbttt.exe 2784 pdjdj.exe 2656 rlxfrrf.exe 2608 ffrrrfl.exe 2580 nnhthn.exe 2724 dpdpp.exe 2492 9xlllll.exe 2496 7bhttn.exe 2464 vdvpj.exe 2504 frlxllr.exe 2828 xrflrfl.exe 1728 tnnnbb.exe 3000 djjvd.exe 1108 rlflflx.exe 2796 9flxfrf.exe 1588 nnnthb.exe 2816 ddvjv.exe 2844 5frrrxf.exe 2840 rllfrxl.exe 3008 tntbbh.exe 1652 1dvjp.exe 1776 rllrxfr.exe 3020 5lrxflx.exe 3032 3nbhnt.exe 2040 5pdjv.exe 2032 jjpvp.exe 324 rlfflrf.exe 1536 bbbbnn.exe -
Processes:
resource yara_rule behavioral1/memory/948-7-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2184-21-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1468-17-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/3040-28-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2596-47-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2908-56-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2044-67-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2692-65-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2616-84-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2468-87-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2996-102-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/952-111-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2520-120-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/320-129-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2816-138-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2772-147-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2772-156-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2264-181-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2012-192-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2228-207-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1988-216-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1792-242-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1076-261-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2948-279-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1760-295-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2332-296-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/948-310-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1604-311-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2784-331-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2724-356-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2724-363-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2496-370-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2504-389-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2828-396-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1728-397-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1108-410-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2796-417-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2796-424-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1776-461-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2032-486-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/868-511-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1792-531-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2536-594-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2596-626-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2516-663-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2816-719-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2812-726-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1864-769-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2312-788-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2324-795-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1080-832-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1716-882-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2532-895-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2652-908-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2892-921-0x00000000001B0000-0x00000000001DA000-memory.dmp upx behavioral1/memory/2820-966-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2800-979-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2632-998-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1700-1078-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1188-1097-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/108-1128-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1604-1181-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2572-1236-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2252-1245-0x0000000001C50000-0x0000000001C7A000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
c606a2a9f80df8eb76648217fc15ea6ee691fa1dc2b28ced9f55a44a10ec3933.exevpdvd.exetnbbhh.exenntntt.exenbhhtt.exeddpvd.exeflrflrx.exepvjdj.exe5lflllx.exebthhnn.exe3pvdd.exejjjdp.exehbttbb.exexrxxxxf.exe3nbhhh.exevppjj.exedescription pid process target process PID 948 wrote to memory of 1468 948 c606a2a9f80df8eb76648217fc15ea6ee691fa1dc2b28ced9f55a44a10ec3933.exe vpdvd.exe PID 948 wrote to memory of 1468 948 c606a2a9f80df8eb76648217fc15ea6ee691fa1dc2b28ced9f55a44a10ec3933.exe vpdvd.exe PID 948 wrote to memory of 1468 948 c606a2a9f80df8eb76648217fc15ea6ee691fa1dc2b28ced9f55a44a10ec3933.exe vpdvd.exe PID 948 wrote to memory of 1468 948 c606a2a9f80df8eb76648217fc15ea6ee691fa1dc2b28ced9f55a44a10ec3933.exe vpdvd.exe PID 1468 wrote to memory of 2184 1468 vpdvd.exe tnbbhh.exe PID 1468 wrote to memory of 2184 1468 vpdvd.exe tnbbhh.exe PID 1468 wrote to memory of 2184 1468 vpdvd.exe tnbbhh.exe PID 1468 wrote to memory of 2184 1468 vpdvd.exe tnbbhh.exe PID 2184 wrote to memory of 3040 2184 tnbbhh.exe nntntt.exe PID 2184 wrote to memory of 3040 2184 tnbbhh.exe nntntt.exe PID 2184 wrote to memory of 3040 2184 tnbbhh.exe nntntt.exe PID 2184 wrote to memory of 3040 2184 tnbbhh.exe nntntt.exe PID 3040 wrote to memory of 2596 3040 nntntt.exe nbhhtt.exe PID 3040 wrote to memory of 2596 3040 nntntt.exe nbhhtt.exe PID 3040 wrote to memory of 2596 3040 nntntt.exe nbhhtt.exe PID 3040 wrote to memory of 2596 3040 nntntt.exe nbhhtt.exe PID 2596 wrote to memory of 2908 2596 nbhhtt.exe ddpvd.exe PID 2596 wrote to memory of 2908 2596 nbhhtt.exe ddpvd.exe PID 2596 wrote to memory of 2908 2596 nbhhtt.exe ddpvd.exe PID 2596 wrote to memory of 2908 2596 nbhhtt.exe ddpvd.exe PID 2908 wrote to memory of 2692 2908 ddpvd.exe flrflrx.exe PID 2908 wrote to memory of 2692 2908 ddpvd.exe flrflrx.exe PID 2908 wrote to memory of 2692 2908 ddpvd.exe flrflrx.exe PID 2908 wrote to memory of 2692 2908 ddpvd.exe flrflrx.exe PID 2692 wrote to memory of 2044 2692 flrflrx.exe pvjdj.exe PID 2692 wrote to memory of 2044 2692 flrflrx.exe pvjdj.exe PID 2692 wrote to memory of 2044 2692 flrflrx.exe pvjdj.exe PID 2692 wrote to memory of 2044 2692 flrflrx.exe pvjdj.exe PID 2044 wrote to memory of 2616 2044 pvjdj.exe 5lflllx.exe PID 2044 wrote to memory of 2616 2044 pvjdj.exe 5lflllx.exe PID 2044 wrote to memory of 2616 2044 pvjdj.exe 5lflllx.exe PID 2044 wrote to memory of 2616 2044 pvjdj.exe 5lflllx.exe PID 2616 wrote to memory of 2468 2616 5lflllx.exe bthhnn.exe PID 2616 wrote to memory of 2468 2616 5lflllx.exe bthhnn.exe PID 2616 wrote to memory of 2468 2616 5lflllx.exe bthhnn.exe PID 2616 wrote to memory of 2468 2616 5lflllx.exe bthhnn.exe PID 2468 wrote to memory of 2996 2468 bthhnn.exe 3pvdd.exe PID 2468 wrote to memory of 2996 2468 bthhnn.exe 3pvdd.exe PID 2468 wrote to memory of 2996 2468 bthhnn.exe 3pvdd.exe PID 2468 wrote to memory of 2996 2468 bthhnn.exe 3pvdd.exe PID 2996 wrote to memory of 952 2996 3pvdd.exe jjjdp.exe PID 2996 wrote to memory of 952 2996 3pvdd.exe jjjdp.exe PID 2996 wrote to memory of 952 2996 3pvdd.exe jjjdp.exe PID 2996 wrote to memory of 952 2996 3pvdd.exe jjjdp.exe PID 952 wrote to memory of 2520 952 jjjdp.exe hbttbb.exe PID 952 wrote to memory of 2520 952 jjjdp.exe hbttbb.exe PID 952 wrote to memory of 2520 952 jjjdp.exe hbttbb.exe PID 952 wrote to memory of 2520 952 jjjdp.exe hbttbb.exe PID 2520 wrote to memory of 320 2520 hbttbb.exe xrxxxxf.exe PID 2520 wrote to memory of 320 2520 hbttbb.exe xrxxxxf.exe PID 2520 wrote to memory of 320 2520 hbttbb.exe xrxxxxf.exe PID 2520 wrote to memory of 320 2520 hbttbb.exe xrxxxxf.exe PID 320 wrote to memory of 2816 320 xrxxxxf.exe 3nbhhh.exe PID 320 wrote to memory of 2816 320 xrxxxxf.exe 3nbhhh.exe PID 320 wrote to memory of 2816 320 xrxxxxf.exe 3nbhhh.exe PID 320 wrote to memory of 2816 320 xrxxxxf.exe 3nbhhh.exe PID 2816 wrote to memory of 2764 2816 3nbhhh.exe vppjj.exe PID 2816 wrote to memory of 2764 2816 3nbhhh.exe vppjj.exe PID 2816 wrote to memory of 2764 2816 3nbhhh.exe vppjj.exe PID 2816 wrote to memory of 2764 2816 3nbhhh.exe vppjj.exe PID 2764 wrote to memory of 2772 2764 vppjj.exe ttnttn.exe PID 2764 wrote to memory of 2772 2764 vppjj.exe ttnttn.exe PID 2764 wrote to memory of 2772 2764 vppjj.exe ttnttn.exe PID 2764 wrote to memory of 2772 2764 vppjj.exe ttnttn.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\c606a2a9f80df8eb76648217fc15ea6ee691fa1dc2b28ced9f55a44a10ec3933.exe"C:\Users\Admin\AppData\Local\Temp\c606a2a9f80df8eb76648217fc15ea6ee691fa1dc2b28ced9f55a44a10ec3933.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:948 -
\??\c:\vpdvd.exec:\vpdvd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1468 -
\??\c:\tnbbhh.exec:\tnbbhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2184 -
\??\c:\nntntt.exec:\nntntt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3040 -
\??\c:\nbhhtt.exec:\nbhhtt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2596 -
\??\c:\ddpvd.exec:\ddpvd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2908 -
\??\c:\flrflrx.exec:\flrflrx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2692 -
\??\c:\pvjdj.exec:\pvjdj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2044 -
\??\c:\5lflllx.exec:\5lflllx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2616 -
\??\c:\bthhnn.exec:\bthhnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2468 -
\??\c:\3pvdd.exec:\3pvdd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2996 -
\??\c:\jjjdp.exec:\jjjdp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:952 -
\??\c:\hbttbb.exec:\hbttbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2520 -
\??\c:\xrxxxxf.exec:\xrxxxxf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:320 -
\??\c:\3nbhhh.exec:\3nbhhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2816 -
\??\c:\vppjj.exec:\vppjj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2764 -
\??\c:\ttnttn.exec:\ttnttn.exe17⤵
- Executes dropped EXE
PID:2772 -
\??\c:\dpdjj.exec:\dpdjj.exe18⤵
- Executes dropped EXE
PID:1684 -
\??\c:\3frxflr.exec:\3frxflr.exe19⤵
- Executes dropped EXE
PID:2984 -
\??\c:\vpdvd.exec:\vpdvd.exe20⤵
- Executes dropped EXE
PID:2264 -
\??\c:\3pjvj.exec:\3pjvj.exe21⤵
- Executes dropped EXE
PID:2036 -
\??\c:\tnhbnt.exec:\tnhbnt.exe22⤵
- Executes dropped EXE
PID:2012 -
\??\c:\pjvpv.exec:\pjvpv.exe23⤵
- Executes dropped EXE
PID:2228 -
\??\c:\xrffxxf.exec:\xrffxxf.exe24⤵
- Executes dropped EXE
PID:1988 -
\??\c:\pvdvv.exec:\pvdvv.exe25⤵
- Executes dropped EXE
PID:2124 -
\??\c:\frlflfl.exec:\frlflfl.exe26⤵
- Executes dropped EXE
PID:2400 -
\??\c:\bhbhtb.exec:\bhbhtb.exe27⤵
- Executes dropped EXE
PID:1792 -
\??\c:\3lffllr.exec:\3lffllr.exe28⤵
- Executes dropped EXE
PID:1168 -
\??\c:\bbnhnt.exec:\bbnhnt.exe29⤵
- Executes dropped EXE
PID:1856 -
\??\c:\7pjjv.exec:\7pjjv.exe30⤵
- Executes dropped EXE
PID:1076 -
\??\c:\fxxlrfl.exec:\fxxlrfl.exe31⤵
- Executes dropped EXE
PID:2960 -
\??\c:\pddpv.exec:\pddpv.exe32⤵
- Executes dropped EXE
PID:2948 -
\??\c:\vpvjv.exec:\vpvjv.exe33⤵
- Executes dropped EXE
PID:1760 -
\??\c:\nhhnbh.exec:\nhhnbh.exe34⤵
- Executes dropped EXE
PID:2332 -
\??\c:\djppd.exec:\djppd.exe35⤵
- Executes dropped EXE
PID:948 -
\??\c:\lfrlllr.exec:\lfrlllr.exe36⤵
- Executes dropped EXE
PID:1604 -
\??\c:\hhhnbn.exec:\hhhnbn.exe37⤵
- Executes dropped EXE
PID:2532 -
\??\c:\bhbttt.exec:\bhbttt.exe38⤵
- Executes dropped EXE
PID:1644 -
\??\c:\pdjdj.exec:\pdjdj.exe39⤵
- Executes dropped EXE
PID:2784 -
\??\c:\rlxfrrf.exec:\rlxfrrf.exe40⤵
- Executes dropped EXE
PID:2656 -
\??\c:\ffrrrfl.exec:\ffrrrfl.exe41⤵
- Executes dropped EXE
PID:2608 -
\??\c:\nnhthn.exec:\nnhthn.exe42⤵
- Executes dropped EXE
PID:2580 -
\??\c:\dpdpp.exec:\dpdpp.exe43⤵
- Executes dropped EXE
PID:2724 -
\??\c:\9xlllll.exec:\9xlllll.exe44⤵
- Executes dropped EXE
PID:2492 -
\??\c:\7bhttn.exec:\7bhttn.exe45⤵
- Executes dropped EXE
PID:2496 -
\??\c:\vdvpj.exec:\vdvpj.exe46⤵
- Executes dropped EXE
PID:2464 -
\??\c:\frlxllr.exec:\frlxllr.exe47⤵
- Executes dropped EXE
PID:2504 -
\??\c:\xrflrfl.exec:\xrflrfl.exe48⤵
- Executes dropped EXE
PID:2828 -
\??\c:\tnnnbb.exec:\tnnnbb.exe49⤵
- Executes dropped EXE
PID:1728 -
\??\c:\djjvd.exec:\djjvd.exe50⤵
- Executes dropped EXE
PID:3000 -
\??\c:\rlflflx.exec:\rlflflx.exe51⤵
- Executes dropped EXE
PID:1108 -
\??\c:\9flxfrf.exec:\9flxfrf.exe52⤵
- Executes dropped EXE
PID:2796 -
\??\c:\nnnthb.exec:\nnnthb.exe53⤵
- Executes dropped EXE
PID:1588 -
\??\c:\ddvjv.exec:\ddvjv.exe54⤵
- Executes dropped EXE
PID:2816 -
\??\c:\5frrrxf.exec:\5frrrxf.exe55⤵
- Executes dropped EXE
PID:2844 -
\??\c:\rllfrxl.exec:\rllfrxl.exe56⤵
- Executes dropped EXE
PID:2840 -
\??\c:\tntbbh.exec:\tntbbh.exe57⤵
- Executes dropped EXE
PID:3008 -
\??\c:\1dvjp.exec:\1dvjp.exe58⤵
- Executes dropped EXE
PID:1652 -
\??\c:\rllrxfr.exec:\rllrxfr.exe59⤵
- Executes dropped EXE
PID:1776 -
\??\c:\5lrxflx.exec:\5lrxflx.exe60⤵
- Executes dropped EXE
PID:3020 -
\??\c:\3nbhnt.exec:\3nbhnt.exe61⤵
- Executes dropped EXE
PID:3032 -
\??\c:\5pdjv.exec:\5pdjv.exe62⤵
- Executes dropped EXE
PID:2040 -
\??\c:\jjpvp.exec:\jjpvp.exe63⤵
- Executes dropped EXE
PID:2032 -
\??\c:\rlfflrf.exec:\rlfflrf.exe64⤵
- Executes dropped EXE
PID:324 -
\??\c:\bbbbnn.exec:\bbbbnn.exe65⤵
- Executes dropped EXE
PID:1536 -
\??\c:\ntnnbh.exec:\ntnnbh.exe66⤵PID:2324
-
\??\c:\vpjpd.exec:\vpjpd.exe67⤵PID:868
-
\??\c:\5llxxfr.exec:\5llxxfr.exe68⤵PID:2412
-
\??\c:\nnntbh.exec:\nnntbh.exe69⤵PID:2400
-
\??\c:\btntbh.exec:\btntbh.exe70⤵PID:1792
-
\??\c:\vddpv.exec:\vddpv.exe71⤵PID:1620
-
\??\c:\rxxfllr.exec:\rxxfllr.exe72⤵PID:908
-
\??\c:\bbthtb.exec:\bbthtb.exe73⤵PID:2272
-
\??\c:\tttnbb.exec:\tttnbb.exe74⤵PID:1056
-
\??\c:\vpvjd.exec:\vpvjd.exe75⤵PID:3060
-
\??\c:\xxxlrxl.exec:\xxxlrxl.exe76⤵PID:1744
-
\??\c:\nnbhtb.exec:\nnbhtb.exe77⤵PID:1824
-
\??\c:\5tbbbh.exec:\5tbbbh.exe78⤵PID:2936
-
\??\c:\1ddjv.exec:\1ddjv.exe79⤵PID:2332
-
\??\c:\rlxflxr.exec:\rlxflxr.exe80⤵PID:2536
-
\??\c:\bbtbhh.exec:\bbtbhh.exe81⤵PID:1604
-
\??\c:\dvjjp.exec:\dvjjp.exe82⤵PID:2532
-
\??\c:\llflrrl.exec:\llflrrl.exe83⤵PID:1644
-
\??\c:\1ffxlrx.exec:\1ffxlrx.exe84⤵PID:2660
-
\??\c:\bhhhnt.exec:\bhhhnt.exe85⤵PID:2596
-
\??\c:\vpddd.exec:\vpddd.exe86⤵PID:2600
-
\??\c:\9vppv.exec:\9vppv.exe87⤵PID:2568
-
\??\c:\5xlffrr.exec:\5xlffrr.exe88⤵PID:2480
-
\??\c:\hhbhnn.exec:\hhbhnn.exe89⤵PID:2588
-
\??\c:\hhbthn.exec:\hhbthn.exe90⤵PID:2456
-
\??\c:\5pjjp.exec:\5pjjp.exe91⤵PID:2516
-
\??\c:\xrflxfx.exec:\xrflxfx.exe92⤵PID:2252
-
\??\c:\nnnntb.exec:\nnnntb.exe93⤵PID:2088
-
\??\c:\tbnnbb.exec:\tbnnbb.exe94⤵PID:2872
-
\??\c:\jpjvv.exec:\jpjvv.exe95⤵PID:2952
-
\??\c:\9xlrlrf.exec:\9xlrlrf.exe96⤵PID:1624
-
\??\c:\fxlrrxr.exec:\fxlrrxr.exe97⤵PID:1812
-
\??\c:\bnbhnt.exec:\bnbhnt.exe98⤵PID:2512
-
\??\c:\vpddj.exec:\vpddj.exe99⤵PID:1548
-
\??\c:\rxrxllx.exec:\rxrxllx.exe100⤵PID:2816
-
\??\c:\nnttbn.exec:\nnttbn.exe101⤵PID:2812
-
\??\c:\nhhtnb.exec:\nhhtnb.exe102⤵PID:1528
-
\??\c:\5jdjp.exec:\5jdjp.exe103⤵PID:1444
-
\??\c:\7lfffrl.exec:\7lfffrl.exe104⤵PID:2392
-
\??\c:\7fxffrf.exec:\7fxffrf.exe105⤵PID:3016
-
\??\c:\3nbhhn.exec:\3nbhhn.exe106⤵PID:1264
-
\??\c:\vvddj.exec:\vvddj.exe107⤵PID:2036
-
\??\c:\fflrrxl.exec:\fflrrxl.exe108⤵PID:1864
-
\??\c:\3rlrxfl.exec:\3rlrxfl.exe109⤵PID:2424
-
\??\c:\hhbntb.exec:\hhbntb.exe110⤵PID:2304
-
\??\c:\pjddj.exec:\pjddj.exe111⤵PID:2312
-
\??\c:\rfxlxff.exec:\rfxlxff.exe112⤵PID:2324
-
\??\c:\3fxfrxf.exec:\3fxfrxf.exe113⤵PID:1204
-
\??\c:\3bbntt.exec:\3bbntt.exe114⤵PID:1692
-
\??\c:\jpjpv.exec:\jpjpv.exe115⤵PID:1440
-
\??\c:\jjjjv.exec:\jjjjv.exe116⤵PID:1184
-
\??\c:\3lfllrf.exec:\3lfllrf.exe117⤵PID:1620
-
\??\c:\9btbhn.exec:\9btbhn.exe118⤵PID:1080
-
\??\c:\9nbhnn.exec:\9nbhnn.exe119⤵PID:2920
-
\??\c:\dvvdj.exec:\dvvdj.exe120⤵PID:616
-
\??\c:\7fxfrxf.exec:\7fxfrxf.exe121⤵PID:896
-
\??\c:\hbhhnn.exec:\hbhhnn.exe122⤵PID:1760
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-