Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
143s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
20/03/2024, 02:15
Behavioral task
behavioral1
Sample
f87b81b42e24ed78cfb379a2d24d4a30b3c4357eab0d333d549b86ddfbeee2f1.exe
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
General
-
Target
f87b81b42e24ed78cfb379a2d24d4a30b3c4357eab0d333d549b86ddfbeee2f1.exe
-
Size
81KB
-
MD5
a12a12aca94ab5a3e2d627b04d2b4ceb
-
SHA1
2f96486a235e39a4fc3fd6be23fe6c3aa9c8f822
-
SHA256
f87b81b42e24ed78cfb379a2d24d4a30b3c4357eab0d333d549b86ddfbeee2f1
-
SHA512
ac223d8a38abb683aacf9a767be955a6e98ba2c0e2a9cc1ae2ae23fa685d4def471b37a17c86b6edbdbc7d1db277aaeeb1bf22d358d4707d8be09bc47b6e1c48
-
SSDEEP
1536:CvQBeOGtrYS3srx93UBWfwC6Ggnouy8AelS7/7VIQY:ChOmTsF93UYfwC6GIoutAe07zVIZ
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/5416-5-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1964-10-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5348-14-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5324-17-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3272-23-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4168-31-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5996-39-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3176-36-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5488-45-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3576-53-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5524-56-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3216-66-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1800-68-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5296-80-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5876-76-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5808-87-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5400-90-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3964-102-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3076-113-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2560-120-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3848-123-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1852-131-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1608-136-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1540-141-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/496-159-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3396-173-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2200-176-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5096-185-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1704-192-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5084-198-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1648-211-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3800-210-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5448-221-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5396-230-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4408-238-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4544-245-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4956-256-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/6020-259-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5504-262-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5504-289-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/340-300-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/6024-313-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4868-314-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3792-320-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1164-328-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4248-338-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1720-346-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2912-351-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2204-369-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5144-375-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5608-422-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5468-446-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/464-447-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1016-462-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5804-466-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3964-488-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3748-520-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1864-540-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5380-610-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3080-616-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/712-649-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3392-725-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5276-759-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2208-868-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/5416-0-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x0008000000023263-3.dat UPX behavioral2/memory/5416-5-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1964-10-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x0008000000023265-9.dat UPX behavioral2/files/0x0008000000023266-13.dat UPX behavioral2/memory/5348-14-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/5324-17-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x0008000000023269-19.dat UPX behavioral2/memory/3272-23-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000800000002326a-26.dat UPX behavioral2/memory/4168-31-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000700000002326b-30.dat UPX behavioral2/files/0x000700000002326d-35.dat UPX behavioral2/memory/5996-39-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3176-36-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000a00000001ea83-43.dat UPX behavioral2/memory/5488-45-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000700000002326e-47.dat UPX behavioral2/files/0x000700000002326f-52.dat UPX behavioral2/memory/3576-53-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/5524-56-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x0007000000023270-58.dat UPX behavioral2/memory/3216-61-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x0007000000023273-64.dat UPX behavioral2/memory/3216-66-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1800-68-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x0007000000023275-71.dat UPX behavioral2/files/0x0004000000022ea3-77.dat UPX behavioral2/files/0x0007000000023276-82.dat UPX behavioral2/memory/5296-80-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/5876-76-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x0007000000023277-86.dat UPX behavioral2/memory/5808-87-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/5400-90-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x0007000000023278-92.dat UPX behavioral2/files/0x0007000000023279-97.dat UPX behavioral2/files/0x0008000000023271-104.dat UPX behavioral2/memory/3964-102-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3076-113-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000800000002327a-110.dat UPX behavioral2/files/0x000700000002327b-115.dat UPX behavioral2/memory/2560-120-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3848-123-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x000700000002327e-121.dat UPX behavioral2/files/0x000700000002327f-126.dat UPX behavioral2/memory/1852-131-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x0007000000023280-132.dat UPX behavioral2/files/0x0007000000023281-135.dat UPX behavioral2/memory/1608-136-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1540-141-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x0007000000023282-142.dat UPX behavioral2/files/0x0007000000023283-145.dat UPX behavioral2/files/0x00030000000227e7-151.dat UPX behavioral2/files/0x0007000000023285-155.dat UPX behavioral2/memory/496-159-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/files/0x0007000000023286-163.dat UPX behavioral2/files/0x0007000000023287-166.dat UPX behavioral2/files/0x0007000000023289-171.dat UPX behavioral2/memory/3396-173-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2200-176-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/5096-185-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1704-192-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/5084-198-0x0000000000400000-0x0000000000429000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 1964 94npxd.exe 5348 7e204a.exe 5324 fr953.exe 3272 2dd45h.exe 4168 ugvjhc.exe 3176 dwh15p.exe 5996 01151.exe 5488 18m04t.exe 3576 bfu35.exe 5524 t5557.exe 3216 37qwll3.exe 1800 kp8sf.exe 5876 5wka3e.exe 5296 2d364.exe 5808 rrq7l.exe 5400 09dup4.exe 3884 33as83x.exe 3964 u1lj5c6.exe 116 9sw15e.exe 3076 q93ew5.exe 2560 55f1597.exe 3848 n11776.exe 1852 4b442.exe 1608 543ckq.exe 1540 d6n89.exe 5008 230gc3.exe 2472 2f4x5.exe 3604 173s3.exe 496 0pm16tj.exe 3404 83qeh88.exe 3396 vmo0513.exe 2200 h0hli0.exe 5360 m3786.exe 2040 8iuip.exe 5096 bp176t9.exe 3728 8o693i.exe 1704 7p35m4.exe 5040 gdnh84.exe 5084 9j9jgjp.exe 1820 3pa5spk.exe 3556 5r9sj04.exe 1936 fc7e7r6.exe 3800 t6kuam.exe 1648 ggp4wka.exe 5428 0xughig.exe 5780 v61c70g.exe 5448 fnnjnf.exe 5364 5h102rs.exe 5396 4b1hqtc.exe 5444 90b0ap.exe 4476 5g430.exe 4408 ap6041.exe 1716 104w47.exe 4544 l7aex.exe 4416 bxjt8jh.exe 464 x92l177.exe 4956 6m31r.exe 6020 1ol19k.exe 5504 c63nd4.exe 5488 w1rl681.exe 5528 1c138.exe 5492 jmg19j9.exe 712 33t41d.exe 5792 853c3.exe -
resource yara_rule behavioral2/memory/5416-0-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x0008000000023263-3.dat upx behavioral2/memory/5416-5-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1964-10-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x0008000000023265-9.dat upx behavioral2/files/0x0008000000023266-13.dat upx behavioral2/memory/5348-14-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5324-17-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x0008000000023269-19.dat upx behavioral2/memory/3272-23-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000800000002326a-26.dat upx behavioral2/memory/4168-31-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000700000002326b-30.dat upx behavioral2/files/0x000700000002326d-35.dat upx behavioral2/memory/5996-39-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3176-36-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000a00000001ea83-43.dat upx behavioral2/memory/5488-45-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000700000002326e-47.dat upx behavioral2/files/0x000700000002326f-52.dat upx behavioral2/memory/3576-53-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5524-56-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x0007000000023270-58.dat upx behavioral2/memory/3216-61-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x0007000000023273-64.dat upx behavioral2/memory/3216-66-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1800-68-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x0007000000023275-71.dat upx behavioral2/files/0x0004000000022ea3-77.dat upx behavioral2/files/0x0007000000023276-82.dat upx behavioral2/memory/5296-80-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5876-76-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x0007000000023277-86.dat upx behavioral2/memory/5808-87-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5400-90-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x0007000000023278-92.dat upx behavioral2/files/0x0007000000023279-97.dat upx behavioral2/files/0x0008000000023271-104.dat upx behavioral2/memory/3964-102-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3076-113-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000800000002327a-110.dat upx behavioral2/files/0x000700000002327b-115.dat upx behavioral2/memory/2560-120-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3848-123-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x000700000002327e-121.dat upx behavioral2/files/0x000700000002327f-126.dat upx behavioral2/memory/1852-131-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x0007000000023280-132.dat upx behavioral2/files/0x0007000000023281-135.dat upx behavioral2/memory/1608-136-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1540-141-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x0007000000023282-142.dat upx behavioral2/files/0x0007000000023283-145.dat upx behavioral2/files/0x00030000000227e7-151.dat upx behavioral2/files/0x0007000000023285-155.dat upx behavioral2/memory/496-159-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/files/0x0007000000023286-163.dat upx behavioral2/files/0x0007000000023287-166.dat upx behavioral2/files/0x0007000000023289-171.dat upx behavioral2/memory/3396-173-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2200-176-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5096-185-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1704-192-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5084-198-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5416 wrote to memory of 1964 5416 f87b81b42e24ed78cfb379a2d24d4a30b3c4357eab0d333d549b86ddfbeee2f1.exe 98 PID 5416 wrote to memory of 1964 5416 f87b81b42e24ed78cfb379a2d24d4a30b3c4357eab0d333d549b86ddfbeee2f1.exe 98 PID 5416 wrote to memory of 1964 5416 f87b81b42e24ed78cfb379a2d24d4a30b3c4357eab0d333d549b86ddfbeee2f1.exe 98 PID 1964 wrote to memory of 5348 1964 94npxd.exe 99 PID 1964 wrote to memory of 5348 1964 94npxd.exe 99 PID 1964 wrote to memory of 5348 1964 94npxd.exe 99 PID 5348 wrote to memory of 5324 5348 7e204a.exe 100 PID 5348 wrote to memory of 5324 5348 7e204a.exe 100 PID 5348 wrote to memory of 5324 5348 7e204a.exe 100 PID 5324 wrote to memory of 3272 5324 fr953.exe 101 PID 5324 wrote to memory of 3272 5324 fr953.exe 101 PID 5324 wrote to memory of 3272 5324 fr953.exe 101 PID 3272 wrote to memory of 4168 3272 2dd45h.exe 102 PID 3272 wrote to memory of 4168 3272 2dd45h.exe 102 PID 3272 wrote to memory of 4168 3272 2dd45h.exe 102 PID 4168 wrote to memory of 3176 4168 ugvjhc.exe 104 PID 4168 wrote to memory of 3176 4168 ugvjhc.exe 104 PID 4168 wrote to memory of 3176 4168 ugvjhc.exe 104 PID 3176 wrote to memory of 5996 3176 dwh15p.exe 105 PID 3176 wrote to memory of 5996 3176 dwh15p.exe 105 PID 3176 wrote to memory of 5996 3176 dwh15p.exe 105 PID 5996 wrote to memory of 5488 5996 01151.exe 106 PID 5996 wrote to memory of 5488 5996 01151.exe 106 PID 5996 wrote to memory of 5488 5996 01151.exe 106 PID 5488 wrote to memory of 3576 5488 18m04t.exe 107 PID 5488 wrote to memory of 3576 5488 18m04t.exe 107 PID 5488 wrote to memory of 3576 5488 18m04t.exe 107 PID 3576 wrote to memory of 5524 3576 bfu35.exe 108 PID 3576 wrote to memory of 5524 3576 bfu35.exe 108 PID 3576 wrote to memory of 5524 3576 bfu35.exe 108 PID 5524 wrote to memory of 3216 5524 t5557.exe 109 PID 5524 wrote to memory of 3216 5524 t5557.exe 109 PID 5524 wrote to memory of 3216 5524 t5557.exe 109 PID 3216 wrote to memory of 1800 3216 37qwll3.exe 110 PID 3216 wrote to memory of 1800 3216 37qwll3.exe 110 PID 3216 wrote to memory of 1800 3216 37qwll3.exe 110 PID 1800 wrote to memory of 5876 1800 kp8sf.exe 111 PID 1800 wrote to memory of 5876 1800 kp8sf.exe 111 PID 1800 wrote to memory of 5876 1800 kp8sf.exe 111 PID 5876 wrote to memory of 5296 5876 5wka3e.exe 112 PID 5876 wrote to memory of 5296 5876 5wka3e.exe 112 PID 5876 wrote to memory of 5296 5876 5wka3e.exe 112 PID 5296 wrote to memory of 5808 5296 2d364.exe 113 PID 5296 wrote to memory of 5808 5296 2d364.exe 113 PID 5296 wrote to memory of 5808 5296 2d364.exe 113 PID 5808 wrote to memory of 5400 5808 rrq7l.exe 114 PID 5808 wrote to memory of 5400 5808 rrq7l.exe 114 PID 5808 wrote to memory of 5400 5808 rrq7l.exe 114 PID 5400 wrote to memory of 3884 5400 09dup4.exe 115 PID 5400 wrote to memory of 3884 5400 09dup4.exe 115 PID 5400 wrote to memory of 3884 5400 09dup4.exe 115 PID 3884 wrote to memory of 3964 3884 33as83x.exe 116 PID 3884 wrote to memory of 3964 3884 33as83x.exe 116 PID 3884 wrote to memory of 3964 3884 33as83x.exe 116 PID 3964 wrote to memory of 116 3964 u1lj5c6.exe 117 PID 3964 wrote to memory of 116 3964 u1lj5c6.exe 117 PID 3964 wrote to memory of 116 3964 u1lj5c6.exe 117 PID 116 wrote to memory of 3076 116 9sw15e.exe 118 PID 116 wrote to memory of 3076 116 9sw15e.exe 118 PID 116 wrote to memory of 3076 116 9sw15e.exe 118 PID 3076 wrote to memory of 2560 3076 q93ew5.exe 119 PID 3076 wrote to memory of 2560 3076 q93ew5.exe 119 PID 3076 wrote to memory of 2560 3076 q93ew5.exe 119 PID 2560 wrote to memory of 3848 2560 55f1597.exe 120
Processes
-
C:\Users\Admin\AppData\Local\Temp\f87b81b42e24ed78cfb379a2d24d4a30b3c4357eab0d333d549b86ddfbeee2f1.exe"C:\Users\Admin\AppData\Local\Temp\f87b81b42e24ed78cfb379a2d24d4a30b3c4357eab0d333d549b86ddfbeee2f1.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:5416 -
\??\c:\94npxd.exec:\94npxd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1964 -
\??\c:\7e204a.exec:\7e204a.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5348 -
\??\c:\fr953.exec:\fr953.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5324 -
\??\c:\2dd45h.exec:\2dd45h.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3272 -
\??\c:\ugvjhc.exec:\ugvjhc.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4168 -
\??\c:\dwh15p.exec:\dwh15p.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3176 -
\??\c:\01151.exec:\01151.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5996 -
\??\c:\18m04t.exec:\18m04t.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5488 -
\??\c:\bfu35.exec:\bfu35.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3576 -
\??\c:\t5557.exec:\t5557.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5524 -
\??\c:\37qwll3.exec:\37qwll3.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3216 -
\??\c:\kp8sf.exec:\kp8sf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1800 -
\??\c:\5wka3e.exec:\5wka3e.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5876 -
\??\c:\2d364.exec:\2d364.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5296 -
\??\c:\rrq7l.exec:\rrq7l.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5808 -
\??\c:\09dup4.exec:\09dup4.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5400 -
\??\c:\33as83x.exec:\33as83x.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3884 -
\??\c:\u1lj5c6.exec:\u1lj5c6.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3964 -
\??\c:\9sw15e.exec:\9sw15e.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:116 -
\??\c:\q93ew5.exec:\q93ew5.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3076 -
\??\c:\55f1597.exec:\55f1597.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2560 -
\??\c:\n11776.exec:\n11776.exe23⤵
- Executes dropped EXE
PID:3848 -
\??\c:\4b442.exec:\4b442.exe24⤵
- Executes dropped EXE
PID:1852 -
\??\c:\543ckq.exec:\543ckq.exe25⤵
- Executes dropped EXE
PID:1608 -
\??\c:\d6n89.exec:\d6n89.exe26⤵
- Executes dropped EXE
PID:1540 -
\??\c:\230gc3.exec:\230gc3.exe27⤵
- Executes dropped EXE
PID:5008 -
\??\c:\2f4x5.exec:\2f4x5.exe28⤵
- Executes dropped EXE
PID:2472 -
\??\c:\173s3.exec:\173s3.exe29⤵
- Executes dropped EXE
PID:3604 -
\??\c:\0pm16tj.exec:\0pm16tj.exe30⤵
- Executes dropped EXE
PID:496 -
\??\c:\83qeh88.exec:\83qeh88.exe31⤵
- Executes dropped EXE
PID:3404 -
\??\c:\vmo0513.exec:\vmo0513.exe32⤵
- Executes dropped EXE
PID:3396 -
\??\c:\h0hli0.exec:\h0hli0.exe33⤵
- Executes dropped EXE
PID:2200 -
\??\c:\m3786.exec:\m3786.exe34⤵
- Executes dropped EXE
PID:5360 -
\??\c:\8iuip.exec:\8iuip.exe35⤵
- Executes dropped EXE
PID:2040 -
\??\c:\bp176t9.exec:\bp176t9.exe36⤵
- Executes dropped EXE
PID:5096 -
\??\c:\8o693i.exec:\8o693i.exe37⤵
- Executes dropped EXE
PID:3728 -
\??\c:\7p35m4.exec:\7p35m4.exe38⤵
- Executes dropped EXE
PID:1704 -
\??\c:\gdnh84.exec:\gdnh84.exe39⤵
- Executes dropped EXE
PID:5040 -
\??\c:\9j9jgjp.exec:\9j9jgjp.exe40⤵
- Executes dropped EXE
PID:5084 -
\??\c:\3pa5spk.exec:\3pa5spk.exe41⤵
- Executes dropped EXE
PID:1820 -
\??\c:\5r9sj04.exec:\5r9sj04.exe42⤵
- Executes dropped EXE
PID:3556 -
\??\c:\fc7e7r6.exec:\fc7e7r6.exe43⤵
- Executes dropped EXE
PID:1936 -
\??\c:\t6kuam.exec:\t6kuam.exe44⤵
- Executes dropped EXE
PID:3800 -
\??\c:\ggp4wka.exec:\ggp4wka.exe45⤵
- Executes dropped EXE
PID:1648 -
\??\c:\0xughig.exec:\0xughig.exe46⤵
- Executes dropped EXE
PID:5428 -
\??\c:\v61c70g.exec:\v61c70g.exe47⤵
- Executes dropped EXE
PID:5780 -
\??\c:\fnnjnf.exec:\fnnjnf.exe48⤵
- Executes dropped EXE
PID:5448 -
\??\c:\5h102rs.exec:\5h102rs.exe49⤵
- Executes dropped EXE
PID:5364 -
\??\c:\4b1hqtc.exec:\4b1hqtc.exe50⤵
- Executes dropped EXE
PID:5396 -
\??\c:\90b0ap.exec:\90b0ap.exe51⤵
- Executes dropped EXE
PID:5444 -
\??\c:\5g430.exec:\5g430.exe52⤵
- Executes dropped EXE
PID:4476 -
\??\c:\ap6041.exec:\ap6041.exe53⤵
- Executes dropped EXE
PID:4408 -
\??\c:\104w47.exec:\104w47.exe54⤵
- Executes dropped EXE
PID:1716 -
\??\c:\l7aex.exec:\l7aex.exe55⤵
- Executes dropped EXE
PID:4544 -
\??\c:\bxjt8jh.exec:\bxjt8jh.exe56⤵
- Executes dropped EXE
PID:4416 -
\??\c:\x92l177.exec:\x92l177.exe57⤵
- Executes dropped EXE
PID:464 -
\??\c:\6m31r.exec:\6m31r.exe58⤵
- Executes dropped EXE
PID:4956 -
\??\c:\1ol19k.exec:\1ol19k.exe59⤵
- Executes dropped EXE
PID:6020 -
\??\c:\c63nd4.exec:\c63nd4.exe60⤵
- Executes dropped EXE
PID:5504 -
\??\c:\w1rl681.exec:\w1rl681.exe61⤵
- Executes dropped EXE
PID:5488 -
\??\c:\1c138.exec:\1c138.exe62⤵
- Executes dropped EXE
PID:5528 -
\??\c:\jmg19j9.exec:\jmg19j9.exe63⤵
- Executes dropped EXE
PID:5492 -
\??\c:\33t41d.exec:\33t41d.exe64⤵
- Executes dropped EXE
PID:712 -
\??\c:\853c3.exec:\853c3.exe65⤵
- Executes dropped EXE
PID:5792 -
\??\c:\9vt064c.exec:\9vt064c.exe66⤵PID:5116
-
\??\c:\4s2s2.exec:\4s2s2.exe67⤵PID:5256
-
\??\c:\695g8x.exec:\695g8x.exe68⤵PID:1620
-
\??\c:\f82xdk.exec:\f82xdk.exe69⤵PID:4036
-
\??\c:\elr3x0r.exec:\elr3x0r.exe70⤵PID:1768
-
\??\c:\weq5oc0.exec:\weq5oc0.exe71⤵PID:5840
-
\??\c:\07800f.exec:\07800f.exe72⤵PID:340
-
\??\c:\t99j15.exec:\t99j15.exe73⤵PID:2168
-
\??\c:\n3115jg.exec:\n3115jg.exe74⤵PID:4352
-
\??\c:\1lgqi11.exec:\1lgqi11.exe75⤵PID:4868
-
\??\c:\2eu2ga.exec:\2eu2ga.exe76⤵PID:6024
-
\??\c:\4631nc.exec:\4631nc.exe77⤵PID:3792
-
\??\c:\7d8k3.exec:\7d8k3.exe78⤵PID:1996
-
\??\c:\b3r13eu.exec:\b3r13eu.exe79⤵PID:4716
-
\??\c:\54j33.exec:\54j33.exe80⤵PID:1164
-
\??\c:\hem0x.exec:\hem0x.exe81⤵PID:4636
-
\??\c:\ujs99m4.exec:\ujs99m4.exe82⤵PID:5052
-
\??\c:\7ki65k8.exec:\7ki65k8.exe83⤵PID:4248
-
\??\c:\u99j33.exec:\u99j33.exe84⤵PID:1720
-
\??\c:\kwu5u22.exec:\kwu5u22.exe85⤵PID:2776
-
\??\c:\558uo6.exec:\558uo6.exe86⤵PID:2912
-
\??\c:\09l35.exec:\09l35.exe87⤵PID:1492
-
\??\c:\33027.exec:\33027.exe88⤵PID:3120
-
\??\c:\k6jdqt.exec:\k6jdqt.exe89⤵PID:4952
-
\??\c:\aelerm.exec:\aelerm.exe90⤵PID:3516
-
\??\c:\llc3o.exec:\llc3o.exe91⤵PID:2204
-
\??\c:\wcf9fl0.exec:\wcf9fl0.exe92⤵PID:1416
-
\??\c:\09u3u.exec:\09u3u.exe93⤵PID:5144
-
\??\c:\kb488k3.exec:\kb488k3.exe94⤵PID:5096
-
\??\c:\er9ql.exec:\er9ql.exe95⤵PID:6056
-
\??\c:\x5s0s3t.exec:\x5s0s3t.exe96⤵PID:1704
-
\??\c:\a5kqaki.exec:\a5kqaki.exe97⤵PID:3020
-
\??\c:\760lkm.exec:\760lkm.exe98⤵PID:2760
-
\??\c:\kg5071.exec:\kg5071.exe99⤵PID:1400
-
\??\c:\vq571d.exec:\vq571d.exe100⤵PID:3556
-
\??\c:\152882.exec:\152882.exe101⤵PID:2720
-
\??\c:\89578.exec:\89578.exe102⤵PID:3800
-
\??\c:\ma8a75.exec:\ma8a75.exe103⤵PID:4372
-
\??\c:\3nh59o.exec:\3nh59o.exe104⤵PID:5428
-
\??\c:\o5719nc.exec:\o5719nc.exe105⤵PID:5612
-
\??\c:\x0hsn.exec:\x0hsn.exe106⤵PID:5568
-
\??\c:\40txrd.exec:\40txrd.exe107⤵PID:5380
-
\??\c:\o00tr7.exec:\o00tr7.exe108⤵PID:1860
-
\??\c:\1p079.exec:\1p079.exe109⤵PID:5608
-
\??\c:\g1d9d.exec:\g1d9d.exe110⤵PID:3080
-
\??\c:\6b8t0x.exec:\6b8t0x.exe111⤵PID:4168
-
\??\c:\xf6b0vn.exec:\xf6b0vn.exe112⤵PID:5980
-
\??\c:\mka81el.exec:\mka81el.exe113⤵PID:4884
-
\??\c:\81nus.exec:\81nus.exe114⤵PID:5924
-
\??\c:\dq1iv1.exec:\dq1iv1.exe115⤵PID:464
-
\??\c:\x8d5ir.exec:\x8d5ir.exe116⤵PID:5468
-
\??\c:\ph8fjk.exec:\ph8fjk.exe117⤵PID:3576
-
\??\c:\pjm81r.exec:\pjm81r.exe118⤵PID:5524
-
\??\c:\ro2662.exec:\ro2662.exe119⤵PID:5204
-
\??\c:\2775ee.exec:\2775ee.exe120⤵PID:1660
-
\??\c:\w7ke91.exec:\w7ke91.exe121⤵PID:1016
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-