Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
28/03/2024, 18:25
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
20f796d65887cd3eeccb0180b7cccc938020fa27578228fdf937a208a2016be6.exe
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
General
-
Target
20f796d65887cd3eeccb0180b7cccc938020fa27578228fdf937a208a2016be6.exe
-
Size
196KB
-
MD5
5fa9d68e0b398f51445a04150f6b22f2
-
SHA1
8498cce6c28d2a89d6d18558ba1f1d24703f3e3f
-
SHA256
20f796d65887cd3eeccb0180b7cccc938020fa27578228fdf937a208a2016be6
-
SHA512
aa9e01cd155233a57d249c9467ac95eacc252d39d5b49f9d00cab7e9a6de1caa2fedc35eebab7effc410f3ce1330340d3a423a32562f180b69d4ce718d365eca
-
SSDEEP
1536:1vQBeOGtrYSSsrc93UBIfdC67m6AJiqpfg3Cn/uiYs6UE:1hOm2sI93UufdC67ciifmCnmiYJUE
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/3552-4-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4108-21-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1280-31-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2908-42-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1576-52-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4324-48-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3692-40-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1344-24-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2380-14-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2272-6-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/5096-63-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1476-73-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/5104-68-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4224-81-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2500-90-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1532-92-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2504-99-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/616-105-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1572-110-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/640-114-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/724-124-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1872-136-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2860-161-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4444-157-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3596-186-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3996-189-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2436-207-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3724-209-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4524-221-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3056-227-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4076-231-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4832-236-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2268-240-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/756-254-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4876-260-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4648-268-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4700-274-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4112-290-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2324-301-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2760-314-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1220-318-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/316-330-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1064-335-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2724-339-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4220-347-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2860-346-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1364-358-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4940-367-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1592-370-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/5092-382-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4528-389-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4412-398-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4412-402-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4832-421-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2908-431-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2292-462-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4924-496-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3984-566-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4488-571-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4596-581-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1044-636-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3636-668-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4972-699-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2292-762-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/3552-4-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4108-21-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1280-31-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2908-42-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1576-52-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4324-48-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3692-40-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1344-24-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4108-17-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2380-14-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2272-6-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/5096-63-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1476-73-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/5104-68-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4224-81-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2500-90-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1532-92-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2504-99-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/616-105-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1572-110-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/640-114-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/724-124-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1872-136-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2860-161-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4444-157-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3596-186-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3996-189-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2436-207-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3724-209-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4524-221-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3056-227-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4076-231-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4832-236-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2268-240-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/756-254-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4876-260-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4648-268-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4700-274-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4112-290-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2324-301-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1572-303-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2760-314-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1220-318-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/316-330-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1064-335-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2724-339-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4220-347-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2860-346-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1364-358-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4940-367-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1592-370-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/5092-377-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/5092-382-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4528-389-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4412-398-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4412-402-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4832-421-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2908-431-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/856-438-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4664-454-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2292-458-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2292-462-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4924-496-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3984-566-0x0000000000400000-0x000000000042A000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 2272 82260.exe 2380 20424.exe 4108 frrllff.exe 1344 000648.exe 1280 dvpdv.exe 2908 666426.exe 3692 rrrfrxl.exe 4324 282608.exe 1576 xrlxrlr.exe 5096 64048.exe 5104 60006.exe 5084 28266.exe 1476 xlrllfr.exe 4224 820644.exe 2500 82882.exe 1532 tbthth.exe 2504 tnhtnh.exe 616 84880.exe 1572 frlxflf.exe 640 04820.exe 4552 w44426.exe 724 0008266.exe 2936 42822.exe 1872 rfflfxl.exe 1064 rffrlfr.exe 3380 ntbbtb.exe 2000 vpdpv.exe 4444 nnnhbn.exe 2860 jjdvp.exe 3776 lxxlrlx.exe 4800 rfxrfxr.exe 5028 60608.exe 4828 062644.exe 3596 lrrrrxl.exe 3996 tnhnhb.exe 3856 1lrlxxf.exe 524 266048.exe 332 hnhbtt.exe 2104 flrxrrr.exe 1232 xlxlxrf.exe 2436 vppjj.exe 3724 688648.exe 1052 rflfllr.exe 3368 rlllllx.exe 4524 9lrxrxr.exe 3600 228626.exe 3056 nnnhnh.exe 4076 0026482.exe 4840 pdjvv.exe 4832 e88822.exe 2268 pjdpv.exe 1280 84086.exe 4824 86484.exe 988 4848260.exe 756 844820.exe 1472 dvpjv.exe 4876 6608604.exe 824 g2260.exe 4648 pvjpp.exe 3300 ffllrxr.exe 4700 6226486.exe 3684 60626.exe 2372 9jpjv.exe 3680 20046.exe -
resource yara_rule behavioral2/memory/3552-4-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4108-21-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1280-31-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2908-42-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1576-52-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4324-48-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3692-40-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1344-24-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4108-17-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2380-14-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2272-6-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/5096-63-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1476-73-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/5104-68-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4224-81-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2500-90-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1532-92-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2504-99-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/616-105-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1572-110-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/640-114-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/724-124-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1872-136-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2860-161-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4444-157-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3596-186-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3996-189-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2436-207-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3724-209-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4524-221-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3056-227-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4076-231-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4832-236-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2268-240-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/756-254-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4876-260-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4648-268-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4700-274-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4112-290-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2324-301-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1572-303-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2760-314-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1220-318-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/316-330-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1064-335-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2724-339-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4220-347-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2860-346-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1364-358-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4940-367-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1592-370-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/5092-377-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/5092-382-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4528-389-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4412-398-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4412-402-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4832-421-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2908-431-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4664-454-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2292-458-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2292-462-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4924-496-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3984-566-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4488-571-0x0000000000400000-0x000000000042A000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3552 wrote to memory of 2272 3552 20f796d65887cd3eeccb0180b7cccc938020fa27578228fdf937a208a2016be6.exe 85 PID 3552 wrote to memory of 2272 3552 20f796d65887cd3eeccb0180b7cccc938020fa27578228fdf937a208a2016be6.exe 85 PID 3552 wrote to memory of 2272 3552 20f796d65887cd3eeccb0180b7cccc938020fa27578228fdf937a208a2016be6.exe 85 PID 2272 wrote to memory of 2380 2272 82260.exe 86 PID 2272 wrote to memory of 2380 2272 82260.exe 86 PID 2272 wrote to memory of 2380 2272 82260.exe 86 PID 2380 wrote to memory of 4108 2380 20424.exe 87 PID 2380 wrote to memory of 4108 2380 20424.exe 87 PID 2380 wrote to memory of 4108 2380 20424.exe 87 PID 4108 wrote to memory of 1344 4108 frrllff.exe 88 PID 4108 wrote to memory of 1344 4108 frrllff.exe 88 PID 4108 wrote to memory of 1344 4108 frrllff.exe 88 PID 1344 wrote to memory of 1280 1344 000648.exe 89 PID 1344 wrote to memory of 1280 1344 000648.exe 89 PID 1344 wrote to memory of 1280 1344 000648.exe 89 PID 1280 wrote to memory of 2908 1280 dvpdv.exe 90 PID 1280 wrote to memory of 2908 1280 dvpdv.exe 90 PID 1280 wrote to memory of 2908 1280 dvpdv.exe 90 PID 2908 wrote to memory of 3692 2908 666426.exe 91 PID 2908 wrote to memory of 3692 2908 666426.exe 91 PID 2908 wrote to memory of 3692 2908 666426.exe 91 PID 3692 wrote to memory of 4324 3692 rrrfrxl.exe 92 PID 3692 wrote to memory of 4324 3692 rrrfrxl.exe 92 PID 3692 wrote to memory of 4324 3692 rrrfrxl.exe 92 PID 4324 wrote to memory of 1576 4324 282608.exe 93 PID 4324 wrote to memory of 1576 4324 282608.exe 93 PID 4324 wrote to memory of 1576 4324 282608.exe 93 PID 1576 wrote to memory of 5096 1576 xrlxrlr.exe 94 PID 1576 wrote to memory of 5096 1576 xrlxrlr.exe 94 PID 1576 wrote to memory of 5096 1576 xrlxrlr.exe 94 PID 5096 wrote to memory of 5104 5096 64048.exe 95 PID 5096 wrote to memory of 5104 5096 64048.exe 95 PID 5096 wrote to memory of 5104 5096 64048.exe 95 PID 5104 wrote to memory of 5084 5104 60006.exe 96 PID 5104 wrote to memory of 5084 5104 60006.exe 96 PID 5104 wrote to memory of 5084 5104 60006.exe 96 PID 5084 wrote to memory of 1476 5084 28266.exe 98 PID 5084 wrote to memory of 1476 5084 28266.exe 98 PID 5084 wrote to memory of 1476 5084 28266.exe 98 PID 1476 wrote to memory of 4224 1476 xlrllfr.exe 99 PID 1476 wrote to memory of 4224 1476 xlrllfr.exe 99 PID 1476 wrote to memory of 4224 1476 xlrllfr.exe 99 PID 4224 wrote to memory of 2500 4224 820644.exe 100 PID 4224 wrote to memory of 2500 4224 820644.exe 100 PID 4224 wrote to memory of 2500 4224 820644.exe 100 PID 2500 wrote to memory of 1532 2500 82882.exe 101 PID 2500 wrote to memory of 1532 2500 82882.exe 101 PID 2500 wrote to memory of 1532 2500 82882.exe 101 PID 1532 wrote to memory of 2504 1532 tbthth.exe 102 PID 1532 wrote to memory of 2504 1532 tbthth.exe 102 PID 1532 wrote to memory of 2504 1532 tbthth.exe 102 PID 2504 wrote to memory of 616 2504 tnhtnh.exe 103 PID 2504 wrote to memory of 616 2504 tnhtnh.exe 103 PID 2504 wrote to memory of 616 2504 tnhtnh.exe 103 PID 616 wrote to memory of 1572 616 84880.exe 104 PID 616 wrote to memory of 1572 616 84880.exe 104 PID 616 wrote to memory of 1572 616 84880.exe 104 PID 1572 wrote to memory of 640 1572 frlxflf.exe 105 PID 1572 wrote to memory of 640 1572 frlxflf.exe 105 PID 1572 wrote to memory of 640 1572 frlxflf.exe 105 PID 640 wrote to memory of 4552 640 04820.exe 106 PID 640 wrote to memory of 4552 640 04820.exe 106 PID 640 wrote to memory of 4552 640 04820.exe 106 PID 4552 wrote to memory of 724 4552 w44426.exe 107
Processes
-
C:\Users\Admin\AppData\Local\Temp\20f796d65887cd3eeccb0180b7cccc938020fa27578228fdf937a208a2016be6.exe"C:\Users\Admin\AppData\Local\Temp\20f796d65887cd3eeccb0180b7cccc938020fa27578228fdf937a208a2016be6.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3552 -
\??\c:\82260.exec:\82260.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2272 -
\??\c:\20424.exec:\20424.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2380 -
\??\c:\frrllff.exec:\frrllff.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4108 -
\??\c:\000648.exec:\000648.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1344 -
\??\c:\dvpdv.exec:\dvpdv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1280 -
\??\c:\666426.exec:\666426.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2908 -
\??\c:\rrrfrxl.exec:\rrrfrxl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3692 -
\??\c:\282608.exec:\282608.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4324 -
\??\c:\xrlxrlr.exec:\xrlxrlr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1576 -
\??\c:\64048.exec:\64048.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5096 -
\??\c:\60006.exec:\60006.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5104 -
\??\c:\28266.exec:\28266.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5084 -
\??\c:\xlrllfr.exec:\xlrllfr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1476 -
\??\c:\820644.exec:\820644.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4224 -
\??\c:\82882.exec:\82882.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2500 -
\??\c:\tbthth.exec:\tbthth.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1532 -
\??\c:\tnhtnh.exec:\tnhtnh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2504 -
\??\c:\84880.exec:\84880.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:616 -
\??\c:\frlxflf.exec:\frlxflf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1572 -
\??\c:\04820.exec:\04820.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:640 -
\??\c:\w44426.exec:\w44426.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4552 -
\??\c:\0008266.exec:\0008266.exe23⤵
- Executes dropped EXE
PID:724 -
\??\c:\42822.exec:\42822.exe24⤵
- Executes dropped EXE
PID:2936 -
\??\c:\rfflfxl.exec:\rfflfxl.exe25⤵
- Executes dropped EXE
PID:1872 -
\??\c:\rffrlfr.exec:\rffrlfr.exe26⤵
- Executes dropped EXE
PID:1064 -
\??\c:\ntbbtb.exec:\ntbbtb.exe27⤵
- Executes dropped EXE
PID:3380 -
\??\c:\vpdpv.exec:\vpdpv.exe28⤵
- Executes dropped EXE
PID:2000 -
\??\c:\nnnhbn.exec:\nnnhbn.exe29⤵
- Executes dropped EXE
PID:4444 -
\??\c:\jjdvp.exec:\jjdvp.exe30⤵
- Executes dropped EXE
PID:2860 -
\??\c:\lxxlrlx.exec:\lxxlrlx.exe31⤵
- Executes dropped EXE
PID:3776 -
\??\c:\rfxrfxr.exec:\rfxrfxr.exe32⤵
- Executes dropped EXE
PID:4800 -
\??\c:\60608.exec:\60608.exe33⤵
- Executes dropped EXE
PID:5028 -
\??\c:\062644.exec:\062644.exe34⤵
- Executes dropped EXE
PID:4828 -
\??\c:\lrrrrxl.exec:\lrrrrxl.exe35⤵
- Executes dropped EXE
PID:3596 -
\??\c:\tnhnhb.exec:\tnhnhb.exe36⤵
- Executes dropped EXE
PID:3996 -
\??\c:\1lrlxxf.exec:\1lrlxxf.exe37⤵
- Executes dropped EXE
PID:3856 -
\??\c:\266048.exec:\266048.exe38⤵
- Executes dropped EXE
PID:524 -
\??\c:\hnhbtt.exec:\hnhbtt.exe39⤵
- Executes dropped EXE
PID:332 -
\??\c:\flrxrrr.exec:\flrxrrr.exe40⤵
- Executes dropped EXE
PID:2104 -
\??\c:\xlxlxrf.exec:\xlxlxrf.exe41⤵
- Executes dropped EXE
PID:1232 -
\??\c:\vppjj.exec:\vppjj.exe42⤵
- Executes dropped EXE
PID:2436 -
\??\c:\688648.exec:\688648.exe43⤵
- Executes dropped EXE
PID:3724 -
\??\c:\rflfllr.exec:\rflfllr.exe44⤵
- Executes dropped EXE
PID:1052 -
\??\c:\rlllllx.exec:\rlllllx.exe45⤵
- Executes dropped EXE
PID:3368 -
\??\c:\9lrxrxr.exec:\9lrxrxr.exe46⤵
- Executes dropped EXE
PID:4524 -
\??\c:\228626.exec:\228626.exe47⤵
- Executes dropped EXE
PID:3600 -
\??\c:\nnnhnh.exec:\nnnhnh.exe48⤵
- Executes dropped EXE
PID:3056 -
\??\c:\0026482.exec:\0026482.exe49⤵
- Executes dropped EXE
PID:4076 -
\??\c:\pdjvv.exec:\pdjvv.exe50⤵
- Executes dropped EXE
PID:4840 -
\??\c:\e88822.exec:\e88822.exe51⤵
- Executes dropped EXE
PID:4832 -
\??\c:\pjdpv.exec:\pjdpv.exe52⤵
- Executes dropped EXE
PID:2268 -
\??\c:\84086.exec:\84086.exe53⤵
- Executes dropped EXE
PID:1280 -
\??\c:\86484.exec:\86484.exe54⤵
- Executes dropped EXE
PID:4824 -
\??\c:\4848260.exec:\4848260.exe55⤵
- Executes dropped EXE
PID:988 -
\??\c:\844820.exec:\844820.exe56⤵
- Executes dropped EXE
PID:756 -
\??\c:\dvpjv.exec:\dvpjv.exe57⤵
- Executes dropped EXE
PID:1472 -
\??\c:\6608604.exec:\6608604.exe58⤵
- Executes dropped EXE
PID:4876 -
\??\c:\g2260.exec:\g2260.exe59⤵
- Executes dropped EXE
PID:824 -
\??\c:\pvjpp.exec:\pvjpp.exe60⤵
- Executes dropped EXE
PID:4648 -
\??\c:\ffllrxr.exec:\ffllrxr.exe61⤵
- Executes dropped EXE
PID:3300 -
\??\c:\6226486.exec:\6226486.exe62⤵
- Executes dropped EXE
PID:4700 -
\??\c:\60626.exec:\60626.exe63⤵
- Executes dropped EXE
PID:3684 -
\??\c:\9jpjv.exec:\9jpjv.exe64⤵
- Executes dropped EXE
PID:2372 -
\??\c:\20046.exec:\20046.exe65⤵
- Executes dropped EXE
PID:3680 -
\??\c:\002640.exec:\002640.exe66⤵PID:2352
-
\??\c:\3tbthb.exec:\3tbthb.exe67⤵PID:4112
-
\??\c:\820848.exec:\820848.exe68⤵PID:2504
-
\??\c:\pvpdd.exec:\pvpdd.exe69⤵PID:2324
-
\??\c:\48804.exec:\48804.exe70⤵PID:4364
-
\??\c:\1flfrll.exec:\1flfrll.exe71⤵PID:1572
-
\??\c:\6848260.exec:\6848260.exe72⤵PID:1452
-
\??\c:\fxrlxrl.exec:\fxrlxrl.exe73⤵PID:4500
-
\??\c:\1vddv.exec:\1vddv.exe74⤵PID:2760
-
\??\c:\7ttnnh.exec:\7ttnnh.exe75⤵PID:1220
-
\??\c:\426420.exec:\426420.exe76⤵PID:2364
-
\??\c:\pvpdp.exec:\pvpdp.exe77⤵PID:1244
-
\??\c:\xxxrfrf.exec:\xxxrfrf.exe78⤵PID:316
-
\??\c:\a0844.exec:\a0844.exe79⤵PID:1064
-
\??\c:\rlfrlfx.exec:\rlfrlfx.exe80⤵PID:2264
-
\??\c:\02820.exec:\02820.exe81⤵PID:2724
-
\??\c:\bntbhb.exec:\bntbhb.exe82⤵PID:4220
-
\??\c:\frlxxrf.exec:\frlxxrf.exe83⤵PID:2860
-
\??\c:\484882.exec:\484882.exe84⤵PID:1036
-
\??\c:\6282660.exec:\6282660.exe85⤵PID:1364
-
\??\c:\jpppj.exec:\jpppj.exe86⤵PID:4684
-
\??\c:\6282282.exec:\6282282.exe87⤵PID:4940
-
\??\c:\dddvj.exec:\dddvj.exe88⤵PID:1584
-
\??\c:\jvvdp.exec:\jvvdp.exe89⤵PID:1592
-
\??\c:\xlfrfxl.exec:\xlfrfxl.exe90⤵PID:4704
-
\??\c:\jjdpj.exec:\jjdpj.exe91⤵PID:3996
-
\??\c:\20426.exec:\20426.exe92⤵PID:5092
-
\??\c:\3xfffxx.exec:\3xfffxx.exe93⤵PID:1376
-
\??\c:\8882604.exec:\8882604.exe94⤵PID:4528
-
\??\c:\2068226.exec:\2068226.exe95⤵PID:4532
-
\??\c:\ttnhbb.exec:\ttnhbb.exe96⤵PID:4972
-
\??\c:\ffxrxrl.exec:\ffxrxrl.exe97⤵PID:4388
-
\??\c:\dpjdp.exec:\dpjdp.exe98⤵PID:4412
-
\??\c:\c620606.exec:\c620606.exe99⤵PID:4524
-
\??\c:\0462200.exec:\0462200.exe100⤵PID:3288
-
\??\c:\htbntn.exec:\htbntn.exe101⤵PID:2704
-
\??\c:\3lfxfxr.exec:\3lfxfxr.exe102⤵PID:4644
-
\??\c:\q66200.exec:\q66200.exe103⤵PID:3492
-
\??\c:\44666.exec:\44666.exe104⤵PID:4832
-
\??\c:\c600886.exec:\c600886.exe105⤵PID:2184
-
\??\c:\hbtntn.exec:\hbtntn.exe106⤵PID:4596
-
\??\c:\thhthb.exec:\thhthb.exe107⤵PID:2908
-
\??\c:\822266.exec:\822266.exe108⤵PID:3956
-
\??\c:\5hhtbt.exec:\5hhtbt.exe109⤵PID:3332
-
\??\c:\3vpdj.exec:\3vpdj.exe110⤵PID:856
-
\??\c:\hbbnbb.exec:\hbbnbb.exe111⤵PID:1472
-
\??\c:\08486.exec:\08486.exe112⤵PID:1616
-
\??\c:\c666444.exec:\c666444.exe113⤵PID:2536
-
\??\c:\4488664.exec:\4488664.exe114⤵PID:5104
-
\??\c:\rxxxrrl.exec:\rxxxrrl.exe115⤵PID:4664
-
\??\c:\dvpjd.exec:\dvpjd.exe116⤵PID:2292
-
\??\c:\frrllfl.exec:\frrllfl.exe117⤵PID:2896
-
\??\c:\vdjvj.exec:\vdjvj.exe118⤵PID:1512
-
\??\c:\66822.exec:\66822.exe119⤵PID:2504
-
\??\c:\0448222.exec:\0448222.exe120⤵PID:2324
-
\??\c:\jvdpv.exec:\jvdpv.exe121⤵PID:4712
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-