Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
24-06-2024 23:50
Behavioral task
behavioral1
Sample
8f0e8a2825ce3e716f5e99fedf5004972f0284b89b4cf0251b01778b8684bf9e.exe
Resource
win7-20240611-en
windows7-x64
6 signatures
150 seconds
General
-
Target
8f0e8a2825ce3e716f5e99fedf5004972f0284b89b4cf0251b01778b8684bf9e.exe
-
Size
205KB
-
MD5
b95793ca87f6834e4210a63a68f75483
-
SHA1
a7321604e34ea7c26a4778c95c605044af44a413
-
SHA256
8f0e8a2825ce3e716f5e99fedf5004972f0284b89b4cf0251b01778b8684bf9e
-
SHA512
9c9e9d570cb0aa7e001704aa012d1b878c1599e0dd4b4b9e8b86a2abecbc192aa9c16cbb44a4e143890d663143de083ac7ad2b15eba7feb46ab156af91a68506
-
SSDEEP
6144:rcm4FmowdHoStBuhW246lCXb7YpdnSj6KsaB:x4wFHoSLjr0+HsaB
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/1604-0-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1604-7-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3192-12-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/388-25-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4404-20-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4640-15-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/5040-30-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3364-36-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/912-41-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2560-51-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/100-59-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/552-61-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3008-75-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2456-82-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4024-87-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3236-93-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2288-99-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2068-115-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1148-129-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3160-134-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4876-127-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1840-146-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3288-152-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/760-160-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3168-173-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1084-178-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3376-192-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1616-195-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1436-199-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1044-203-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2784-210-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4488-214-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4572-218-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4232-222-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3248-237-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2296-243-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/324-245-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3652-260-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2312-261-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1604-268-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3496-275-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4528-279-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4000-287-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3364-298-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3700-312-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3276-345-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3240-362-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3816-369-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3720-376-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/5048-383-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2528-397-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2856-445-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3528-462-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3616-527-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1268-609-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4928-612-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4484-701-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1440-722-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3692-729-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3684-820-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4572-871-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2856-878-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4400-884-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3428-968-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/1604-0-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x0008000000022f51-3.dat UPX behavioral2/memory/1604-7-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/3192-5-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x000800000002340a-10.dat UPX behavioral2/memory/3192-12-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x000700000002340e-14.dat UPX behavioral2/files/0x000700000002340f-24.dat UPX behavioral2/memory/388-25-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/4404-20-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/4640-15-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/5040-30-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x0007000000023410-32.dat UPX behavioral2/memory/3364-36-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x0007000000023412-38.dat UPX behavioral2/files/0x0007000000023413-44.dat UPX behavioral2/memory/912-41-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/2560-47-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x0007000000023414-52.dat UPX behavioral2/memory/2560-51-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x0007000000023415-56.dat UPX behavioral2/memory/100-59-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/552-61-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x0007000000023416-63.dat UPX behavioral2/files/0x0007000000023417-69.dat UPX behavioral2/files/0x0007000000023418-73.dat UPX behavioral2/memory/3008-75-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x0007000000023419-79.dat UPX behavioral2/memory/2456-82-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x000700000002341a-85.dat UPX behavioral2/memory/4024-87-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x000700000002341b-91.dat UPX behavioral2/memory/3236-93-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x000700000002341c-97.dat UPX behavioral2/memory/2288-99-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x000700000002341d-103.dat UPX behavioral2/files/0x000700000002341e-109.dat UPX behavioral2/files/0x000700000002341f-113.dat UPX behavioral2/memory/2068-115-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x0007000000023420-119.dat UPX behavioral2/files/0x0007000000023421-124.dat UPX behavioral2/memory/1148-129-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x0007000000023422-131.dat UPX behavioral2/memory/3160-134-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x0007000000023423-138.dat UPX behavioral2/memory/4876-127-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x000800000002340b-142.dat UPX behavioral2/memory/1840-146-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x0007000000023424-148.dat UPX behavioral2/memory/3288-152-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x0007000000023425-156.dat UPX behavioral2/files/0x0007000000023426-161.dat UPX behavioral2/memory/760-160-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x0007000000023427-165.dat UPX behavioral2/files/0x0007000000023428-169.dat UPX behavioral2/memory/3168-173-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x0007000000023429-176.dat UPX behavioral2/memory/1084-178-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x000700000002342a-183.dat UPX behavioral2/files/0x000700000002342b-187.dat UPX behavioral2/memory/3376-192-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/1616-195-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/1436-199-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/1044-203-0x0000000000400000-0x0000000000436000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 3192 pvdpj.exe 4640 vdvjj.exe 4404 hnnnbt.exe 388 jvvjd.exe 5040 jvvjd.exe 3364 1tbtnn.exe 912 ppjdp.exe 2560 rfllflf.exe 100 tnthth.exe 552 rlrfxrl.exe 4216 rlfxlfr.exe 3008 thhbnh.exe 2456 ddjdp.exe 4024 xflxlfr.exe 3236 tntntn.exe 2288 vpppj.exe 3788 flffxrx.exe 4468 nbbhbn.exe 2068 ddpvj.exe 5100 rllfrlf.exe 1148 hnnhbt.exe 4876 vvddv.exe 3160 7dvjv.exe 3680 lrllflf.exe 1840 frfxxfx.exe 3288 hthhhh.exe 760 jdjdv.exe 4424 5hbnnn.exe 3168 jvdjd.exe 1084 1ttnnt.exe 4956 hbnhbh.exe 3752 dddjj.exe 3376 xrllfll.exe 1616 nbthhh.exe 1436 vdvvp.exe 1044 rxflfll.exe 4788 1nbtnn.exe 2784 vvdjv.exe 4488 fffrxxl.exe 4572 1thbtn.exe 4232 dvdvv.exe 4044 pjppj.exe 4756 1hbtbh.exe 4648 bbbthn.exe 3248 dvpjd.exe 3484 3jvpj.exe 2296 lrxrrll.exe 324 thhhbb.exe 524 bthtnh.exe 3336 jddvv.exe 2880 xrrfllf.exe 3652 3xlfrrf.exe 2312 hhhhbt.exe 1604 xfxrxxr.exe 1928 nnbtbb.exe 3496 jvjdp.exe 4528 pdjvj.exe 1904 9lrllfr.exe 1440 nbnthh.exe 4000 bthttt.exe 3692 dvdvj.exe 3364 rrrlfrl.exe 912 httttn.exe 1512 btnbtn.exe -
resource yara_rule behavioral2/memory/1604-0-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0008000000022f51-3.dat upx behavioral2/memory/1604-7-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/3192-5-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x000800000002340a-10.dat upx behavioral2/memory/3192-12-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x000700000002340e-14.dat upx behavioral2/files/0x000700000002340f-24.dat upx behavioral2/memory/388-25-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/4404-20-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/4640-15-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/5040-30-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023410-32.dat upx behavioral2/memory/3364-36-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023412-38.dat upx behavioral2/files/0x0007000000023413-44.dat upx behavioral2/memory/912-41-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/2560-47-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023414-52.dat upx behavioral2/memory/2560-51-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023415-56.dat upx behavioral2/memory/100-59-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/552-61-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023416-63.dat upx behavioral2/files/0x0007000000023417-69.dat upx behavioral2/files/0x0007000000023418-73.dat upx behavioral2/memory/3008-75-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023419-79.dat upx behavioral2/memory/2456-82-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x000700000002341a-85.dat upx behavioral2/memory/4024-87-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x000700000002341b-91.dat upx behavioral2/memory/3236-93-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x000700000002341c-97.dat upx behavioral2/memory/2288-99-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x000700000002341d-103.dat upx behavioral2/files/0x000700000002341e-109.dat upx behavioral2/files/0x000700000002341f-113.dat upx behavioral2/memory/2068-115-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023420-119.dat upx behavioral2/files/0x0007000000023421-124.dat upx behavioral2/memory/1148-129-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023422-131.dat upx behavioral2/memory/3160-134-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023423-138.dat upx behavioral2/memory/4876-127-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x000800000002340b-142.dat upx behavioral2/memory/1840-146-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023424-148.dat upx behavioral2/memory/3288-152-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023425-156.dat upx behavioral2/files/0x0007000000023426-161.dat upx behavioral2/memory/760-160-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023427-165.dat upx behavioral2/files/0x0007000000023428-169.dat upx behavioral2/memory/3168-173-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023429-176.dat upx behavioral2/memory/1084-178-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x000700000002342a-183.dat upx behavioral2/files/0x000700000002342b-187.dat upx behavioral2/memory/3376-192-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/1616-195-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/1436-199-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/1044-203-0x0000000000400000-0x0000000000436000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1604 wrote to memory of 3192 1604 8f0e8a2825ce3e716f5e99fedf5004972f0284b89b4cf0251b01778b8684bf9e.exe 81 PID 1604 wrote to memory of 3192 1604 8f0e8a2825ce3e716f5e99fedf5004972f0284b89b4cf0251b01778b8684bf9e.exe 81 PID 1604 wrote to memory of 3192 1604 8f0e8a2825ce3e716f5e99fedf5004972f0284b89b4cf0251b01778b8684bf9e.exe 81 PID 3192 wrote to memory of 4640 3192 pvdpj.exe 82 PID 3192 wrote to memory of 4640 3192 pvdpj.exe 82 PID 3192 wrote to memory of 4640 3192 pvdpj.exe 82 PID 4640 wrote to memory of 4404 4640 vdvjj.exe 83 PID 4640 wrote to memory of 4404 4640 vdvjj.exe 83 PID 4640 wrote to memory of 4404 4640 vdvjj.exe 83 PID 4404 wrote to memory of 388 4404 hnnnbt.exe 84 PID 4404 wrote to memory of 388 4404 hnnnbt.exe 84 PID 4404 wrote to memory of 388 4404 hnnnbt.exe 84 PID 388 wrote to memory of 5040 388 jvvjd.exe 85 PID 388 wrote to memory of 5040 388 jvvjd.exe 85 PID 388 wrote to memory of 5040 388 jvvjd.exe 85 PID 5040 wrote to memory of 3364 5040 jvvjd.exe 86 PID 5040 wrote to memory of 3364 5040 jvvjd.exe 86 PID 5040 wrote to memory of 3364 5040 jvvjd.exe 86 PID 3364 wrote to memory of 912 3364 1tbtnn.exe 87 PID 3364 wrote to memory of 912 3364 1tbtnn.exe 87 PID 3364 wrote to memory of 912 3364 1tbtnn.exe 87 PID 912 wrote to memory of 2560 912 ppjdp.exe 88 PID 912 wrote to memory of 2560 912 ppjdp.exe 88 PID 912 wrote to memory of 2560 912 ppjdp.exe 88 PID 2560 wrote to memory of 100 2560 rfllflf.exe 89 PID 2560 wrote to memory of 100 2560 rfllflf.exe 89 PID 2560 wrote to memory of 100 2560 rfllflf.exe 89 PID 100 wrote to memory of 552 100 tnthth.exe 90 PID 100 wrote to memory of 552 100 tnthth.exe 90 PID 100 wrote to memory of 552 100 tnthth.exe 90 PID 552 wrote to memory of 4216 552 rlrfxrl.exe 91 PID 552 wrote to memory of 4216 552 rlrfxrl.exe 91 PID 552 wrote to memory of 4216 552 rlrfxrl.exe 91 PID 4216 wrote to memory of 3008 4216 rlfxlfr.exe 92 PID 4216 wrote to memory of 3008 4216 rlfxlfr.exe 92 PID 4216 wrote to memory of 3008 4216 rlfxlfr.exe 92 PID 3008 wrote to memory of 2456 3008 thhbnh.exe 93 PID 3008 wrote to memory of 2456 3008 thhbnh.exe 93 PID 3008 wrote to memory of 2456 3008 thhbnh.exe 93 PID 2456 wrote to memory of 4024 2456 ddjdp.exe 94 PID 2456 wrote to memory of 4024 2456 ddjdp.exe 94 PID 2456 wrote to memory of 4024 2456 ddjdp.exe 94 PID 4024 wrote to memory of 3236 4024 xflxlfr.exe 95 PID 4024 wrote to memory of 3236 4024 xflxlfr.exe 95 PID 4024 wrote to memory of 3236 4024 xflxlfr.exe 95 PID 3236 wrote to memory of 2288 3236 tntntn.exe 96 PID 3236 wrote to memory of 2288 3236 tntntn.exe 96 PID 3236 wrote to memory of 2288 3236 tntntn.exe 96 PID 2288 wrote to memory of 3788 2288 vpppj.exe 97 PID 2288 wrote to memory of 3788 2288 vpppj.exe 97 PID 2288 wrote to memory of 3788 2288 vpppj.exe 97 PID 3788 wrote to memory of 4468 3788 flffxrx.exe 98 PID 3788 wrote to memory of 4468 3788 flffxrx.exe 98 PID 3788 wrote to memory of 4468 3788 flffxrx.exe 98 PID 4468 wrote to memory of 2068 4468 nbbhbn.exe 99 PID 4468 wrote to memory of 2068 4468 nbbhbn.exe 99 PID 4468 wrote to memory of 2068 4468 nbbhbn.exe 99 PID 2068 wrote to memory of 5100 2068 ddpvj.exe 100 PID 2068 wrote to memory of 5100 2068 ddpvj.exe 100 PID 2068 wrote to memory of 5100 2068 ddpvj.exe 100 PID 5100 wrote to memory of 1148 5100 rllfrlf.exe 101 PID 5100 wrote to memory of 1148 5100 rllfrlf.exe 101 PID 5100 wrote to memory of 1148 5100 rllfrlf.exe 101 PID 1148 wrote to memory of 4876 1148 hnnhbt.exe 102
Processes
-
C:\Users\Admin\AppData\Local\Temp\8f0e8a2825ce3e716f5e99fedf5004972f0284b89b4cf0251b01778b8684bf9e.exe"C:\Users\Admin\AppData\Local\Temp\8f0e8a2825ce3e716f5e99fedf5004972f0284b89b4cf0251b01778b8684bf9e.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1604 -
\??\c:\pvdpj.exec:\pvdpj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3192 -
\??\c:\vdvjj.exec:\vdvjj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4640 -
\??\c:\hnnnbt.exec:\hnnnbt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4404 -
\??\c:\jvvjd.exec:\jvvjd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:388 -
\??\c:\jvvjd.exec:\jvvjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5040 -
\??\c:\1tbtnn.exec:\1tbtnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3364 -
\??\c:\ppjdp.exec:\ppjdp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:912 -
\??\c:\rfllflf.exec:\rfllflf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2560 -
\??\c:\tnthth.exec:\tnthth.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:100 -
\??\c:\rlrfxrl.exec:\rlrfxrl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:552 -
\??\c:\rlfxlfr.exec:\rlfxlfr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4216 -
\??\c:\thhbnh.exec:\thhbnh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3008 -
\??\c:\ddjdp.exec:\ddjdp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2456 -
\??\c:\xflxlfr.exec:\xflxlfr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4024 -
\??\c:\tntntn.exec:\tntntn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3236 -
\??\c:\vpppj.exec:\vpppj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2288 -
\??\c:\flffxrx.exec:\flffxrx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3788 -
\??\c:\nbbhbn.exec:\nbbhbn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4468 -
\??\c:\ddpvj.exec:\ddpvj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2068 -
\??\c:\rllfrlf.exec:\rllfrlf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5100 -
\??\c:\hnnhbt.exec:\hnnhbt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1148 -
\??\c:\vvddv.exec:\vvddv.exe23⤵
- Executes dropped EXE
PID:4876 -
\??\c:\7dvjv.exec:\7dvjv.exe24⤵
- Executes dropped EXE
PID:3160 -
\??\c:\lrllflf.exec:\lrllflf.exe25⤵
- Executes dropped EXE
PID:3680 -
\??\c:\frfxxfx.exec:\frfxxfx.exe26⤵
- Executes dropped EXE
PID:1840 -
\??\c:\hthhhh.exec:\hthhhh.exe27⤵
- Executes dropped EXE
PID:3288 -
\??\c:\jdjdv.exec:\jdjdv.exe28⤵
- Executes dropped EXE
PID:760 -
\??\c:\5hbnnn.exec:\5hbnnn.exe29⤵
- Executes dropped EXE
PID:4424 -
\??\c:\jvdjd.exec:\jvdjd.exe30⤵
- Executes dropped EXE
PID:3168 -
\??\c:\1ttnnt.exec:\1ttnnt.exe31⤵
- Executes dropped EXE
PID:1084 -
\??\c:\hbnhbh.exec:\hbnhbh.exe32⤵
- Executes dropped EXE
PID:4956 -
\??\c:\dddjj.exec:\dddjj.exe33⤵
- Executes dropped EXE
PID:3752 -
\??\c:\xrllfll.exec:\xrllfll.exe34⤵
- Executes dropped EXE
PID:3376 -
\??\c:\nbthhh.exec:\nbthhh.exe35⤵
- Executes dropped EXE
PID:1616 -
\??\c:\vdvvp.exec:\vdvvp.exe36⤵
- Executes dropped EXE
PID:1436 -
\??\c:\rxflfll.exec:\rxflfll.exe37⤵
- Executes dropped EXE
PID:1044 -
\??\c:\1nbtnn.exec:\1nbtnn.exe38⤵
- Executes dropped EXE
PID:4788 -
\??\c:\vvdjv.exec:\vvdjv.exe39⤵
- Executes dropped EXE
PID:2784 -
\??\c:\fffrxxl.exec:\fffrxxl.exe40⤵
- Executes dropped EXE
PID:4488 -
\??\c:\1thbtn.exec:\1thbtn.exe41⤵
- Executes dropped EXE
PID:4572 -
\??\c:\dvdvv.exec:\dvdvv.exe42⤵
- Executes dropped EXE
PID:4232 -
\??\c:\pjppj.exec:\pjppj.exe43⤵
- Executes dropped EXE
PID:4044 -
\??\c:\1hbtbh.exec:\1hbtbh.exe44⤵
- Executes dropped EXE
PID:4756 -
\??\c:\bbbthn.exec:\bbbthn.exe45⤵
- Executes dropped EXE
PID:4648 -
\??\c:\dvpjd.exec:\dvpjd.exe46⤵
- Executes dropped EXE
PID:3248 -
\??\c:\3jvpj.exec:\3jvpj.exe47⤵
- Executes dropped EXE
PID:3484 -
\??\c:\lrxrrll.exec:\lrxrrll.exe48⤵
- Executes dropped EXE
PID:2296 -
\??\c:\thhhbb.exec:\thhhbb.exe49⤵
- Executes dropped EXE
PID:324 -
\??\c:\bthtnh.exec:\bthtnh.exe50⤵
- Executes dropped EXE
PID:524 -
\??\c:\jddvv.exec:\jddvv.exe51⤵
- Executes dropped EXE
PID:3336 -
\??\c:\xrrfllf.exec:\xrrfllf.exe52⤵
- Executes dropped EXE
PID:2880 -
\??\c:\3xlfrrf.exec:\3xlfrrf.exe53⤵
- Executes dropped EXE
PID:3652 -
\??\c:\hhhhbt.exec:\hhhhbt.exe54⤵
- Executes dropped EXE
PID:2312 -
\??\c:\dpvdp.exec:\dpvdp.exe55⤵PID:3320
-
\??\c:\xfxrxxr.exec:\xfxrxxr.exe56⤵
- Executes dropped EXE
PID:1604 -
\??\c:\nnbtbb.exec:\nnbtbb.exe57⤵
- Executes dropped EXE
PID:1928 -
\??\c:\jvjdp.exec:\jvjdp.exe58⤵
- Executes dropped EXE
PID:3496 -
\??\c:\pdjvj.exec:\pdjvj.exe59⤵
- Executes dropped EXE
PID:4528 -
\??\c:\9lrllfr.exec:\9lrllfr.exe60⤵
- Executes dropped EXE
PID:1904 -
\??\c:\nbnthh.exec:\nbnthh.exe61⤵
- Executes dropped EXE
PID:1440 -
\??\c:\bthttt.exec:\bthttt.exe62⤵
- Executes dropped EXE
PID:4000 -
\??\c:\dvdvj.exec:\dvdvj.exe63⤵
- Executes dropped EXE
PID:3692 -
\??\c:\rrrlfrl.exec:\rrrlfrl.exe64⤵
- Executes dropped EXE
PID:3364 -
\??\c:\httttn.exec:\httttn.exe65⤵
- Executes dropped EXE
PID:912 -
\??\c:\btnbtn.exec:\btnbtn.exe66⤵
- Executes dropped EXE
PID:1512 -
\??\c:\vppjj.exec:\vppjj.exe67⤵PID:508
-
\??\c:\7xfrlrl.exec:\7xfrlrl.exe68⤵PID:3332
-
\??\c:\llrfxxr.exec:\llrfxxr.exe69⤵PID:3700
-
\??\c:\nhhhhh.exec:\nhhhhh.exe70⤵PID:1352
-
\??\c:\3ntnhn.exec:\3ntnhn.exe71⤵PID:2572
-
\??\c:\jvvpd.exec:\jvvpd.exe72⤵PID:2884
-
\??\c:\1xllfll.exec:\1xllfll.exe73⤵PID:4692
-
\??\c:\rrlfllf.exec:\rrlfllf.exe74⤵PID:1880
-
\??\c:\hbhnnh.exec:\hbhnnh.exe75⤵PID:5052
-
\??\c:\bhhbtt.exec:\bhhbtt.exe76⤵PID:2700
-
\??\c:\pddvv.exec:\pddvv.exe77⤵PID:4944
-
\??\c:\pjdvp.exec:\pjdvp.exe78⤵PID:1584
-
\??\c:\lflfrrl.exec:\lflfrrl.exe79⤵PID:3276
-
\??\c:\xllflfl.exec:\xllflfl.exe80⤵PID:5076
-
\??\c:\5nttnh.exec:\5nttnh.exe81⤵PID:932
-
\??\c:\dppjd.exec:\dppjd.exe82⤵PID:5024
-
\??\c:\pddpd.exec:\pddpd.exe83⤵PID:2068
-
\??\c:\frxrffx.exec:\frxrffx.exe84⤵PID:3240
-
\??\c:\nttbnn.exec:\nttbnn.exe85⤵PID:4416
-
\??\c:\nnhbbb.exec:\nnhbbb.exe86⤵PID:3816
-
\??\c:\dvjjj.exec:\dvjjj.exe87⤵PID:3784
-
\??\c:\vdjdv.exec:\vdjdv.exe88⤵PID:3720
-
\??\c:\frlfrlf.exec:\frlfrlf.exe89⤵PID:1596
-
\??\c:\htbttn.exec:\htbttn.exe90⤵PID:5048
-
\??\c:\tnhbbb.exec:\tnhbbb.exe91⤵PID:3172
-
\??\c:\dppjp.exec:\dppjp.exe92⤵PID:2564
-
\??\c:\jddpj.exec:\jddpj.exe93⤵PID:1196
-
\??\c:\rxxrllf.exec:\rxxrllf.exe94⤵PID:760
-
\??\c:\tnttnh.exec:\tnttnh.exe95⤵PID:2528
-
\??\c:\bbnbnn.exec:\bbnbnn.exe96⤵PID:3152
-
\??\c:\vjdpj.exec:\vjdpj.exe97⤵PID:3464
-
\??\c:\rflrffr.exec:\rflrffr.exe98⤵PID:1084
-
\??\c:\fxxrlll.exec:\fxxrlll.exe99⤵PID:1004
-
\??\c:\1hnbhn.exec:\1hnbhn.exe100⤵PID:4860
-
\??\c:\hhnhbt.exec:\hhnhbt.exe101⤵PID:4132
-
\??\c:\5jvpj.exec:\5jvpj.exe102⤵PID:1212
-
\??\c:\lxfrlxr.exec:\lxfrlxr.exe103⤵PID:4952
-
\??\c:\fflfxrl.exec:\fflfxrl.exe104⤵PID:2164
-
\??\c:\tnbtnn.exec:\tnbtnn.exe105⤵PID:1044
-
\??\c:\jvjpj.exec:\jvjpj.exe106⤵PID:376
-
\??\c:\7ppvp.exec:\7ppvp.exe107⤵PID:1152
-
\??\c:\rrxflfx.exec:\rrxflfx.exe108⤵PID:4016
-
\??\c:\rxxrlfx.exec:\rxxrlfx.exe109⤵PID:4252
-
\??\c:\nntbbt.exec:\nntbbt.exe110⤵PID:2856
-
\??\c:\ddvvj.exec:\ddvvj.exe111⤵PID:4232
-
\??\c:\frlfrlx.exec:\frlfrlx.exe112⤵PID:1424
-
\??\c:\5lffrxx.exec:\5lffrxx.exe113⤵PID:3716
-
\??\c:\nbbnhb.exec:\nbbnhb.exe114⤵PID:4108
-
\??\c:\bhthtn.exec:\bhthtn.exe115⤵PID:3528
-
\??\c:\1vddj.exec:\1vddj.exe116⤵PID:3484
-
\??\c:\fffrffx.exec:\fffrffx.exe117⤵PID:1368
-
\??\c:\bttttn.exec:\bttttn.exe118⤵PID:2476
-
\??\c:\btbbhb.exec:\btbbhb.exe119⤵PID:2072
-
\??\c:\1jjvp.exec:\1jjvp.exe120⤵PID:3324
-
\??\c:\rxrlxlf.exec:\rxrlxlf.exe121⤵PID:780
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-