Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
16/04/2024, 20:08
Behavioral task
behavioral1
Sample
26531d9dee28705cfbd7f6c6402f9dba424e75f7bc4b23ea5c15b99be4aaefb1.exe
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
General
-
Target
26531d9dee28705cfbd7f6c6402f9dba424e75f7bc4b23ea5c15b99be4aaefb1.exe
-
Size
114KB
-
MD5
31d40253f4f1a1b63235f95174b0b5c5
-
SHA1
5adae62596d834eea6a3f99d7f46dc476bf0b7ee
-
SHA256
26531d9dee28705cfbd7f6c6402f9dba424e75f7bc4b23ea5c15b99be4aaefb1
-
SHA512
f25e2718341079c5110d96583c612f61489a3feae27ad9f2e0145d2c83d2a716dd7bf5d587a3a8c70aeb701c734b99a14e9657f991cc6962a2a2396d86778b46
-
SSDEEP
3072:xhOmTsF93UYfwC6GIout03Fv9KdYGUgeLR:xcm4FmowdHoS03F2Y9FR
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/4028-4-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4956-10-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4452-21-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1916-12-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1776-23-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1004-34-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4664-31-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4848-42-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1892-47-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3228-51-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2128-55-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4372-63-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3056-67-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2400-73-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3180-86-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3252-92-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3488-102-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4736-107-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1516-122-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4364-132-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2464-142-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5068-149-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2628-167-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1976-177-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4080-182-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/540-189-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2204-192-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3948-197-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4064-202-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5032-216-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2108-226-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3988-234-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4876-266-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4212-268-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3704-273-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4532-275-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1588-282-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3280-289-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3424-299-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3464-311-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4676-333-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3796-343-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4664-363-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2184-367-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2792-371-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4688-396-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4668-399-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3144-413-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3764-481-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2240-494-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1828-511-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5072-513-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/612-589-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3552-599-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2516-645-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/364-658-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2032-835-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2600-872-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4960-880-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1548-891-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1456-969-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4676-1032-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2856-1045-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4756-1169-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/4028-0-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000300000001e9b1-3.dat UPX behavioral2/memory/4028-4-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0006000000023277-9.dat UPX behavioral2/memory/4956-10-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00080000000233fb-15.dat UPX behavioral2/files/0x00080000000233fe-20.dat UPX behavioral2/memory/4452-21-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1916-12-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1776-23-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233ff-25.dat UPX behavioral2/files/0x0007000000023400-30.dat UPX behavioral2/files/0x0007000000023401-37.dat UPX behavioral2/memory/1004-34-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4664-31-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023402-41.dat UPX behavioral2/memory/4848-42-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023404-46.dat UPX behavioral2/memory/1892-47-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3228-51-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2128-55-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023405-53.dat UPX behavioral2/files/0x0007000000023406-59.dat UPX behavioral2/memory/4372-60-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4372-63-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3056-67-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023407-65.dat UPX behavioral2/files/0x0007000000023408-70.dat UPX behavioral2/files/0x0007000000023409-77.dat UPX behavioral2/memory/2400-73-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002340a-82.dat UPX behavioral2/memory/3180-86-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002340b-87.dat UPX behavioral2/files/0x000700000002340c-93.dat UPX behavioral2/memory/3252-92-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002340d-97.dat UPX behavioral2/memory/3488-102-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002340e-101.dat UPX behavioral2/files/0x00080000000233fc-106.dat UPX behavioral2/memory/4736-107-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002340f-111.dat UPX behavioral2/files/0x0007000000023410-118.dat UPX behavioral2/files/0x0007000000023411-123.dat UPX behavioral2/memory/1516-122-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023412-128.dat UPX behavioral2/files/0x0007000000023413-133.dat UPX behavioral2/files/0x0007000000023414-138.dat UPX behavioral2/memory/4364-132-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2464-142-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023415-144.dat UPX behavioral2/memory/5068-149-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023416-147.dat UPX behavioral2/files/0x0007000000023418-155.dat UPX behavioral2/files/0x000700000002341a-165.dat UPX behavioral2/files/0x0007000000023419-160.dat UPX behavioral2/memory/2628-167-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002341b-169.dat UPX behavioral2/memory/1976-177-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4080-182-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/540-189-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2204-192-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3948-197-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4064-202-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/5032-216-0x0000000000400000-0x0000000000427000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 4956 1dvjd.exe 1916 3xlxxlf.exe 4452 lrrxrlx.exe 1776 dpdpj.exe 4664 vjpjd.exe 1004 nhbtth.exe 4848 3vdvp.exe 1892 hnbnhb.exe 3228 7fxlxll.exe 2128 djpjj.exe 4372 vpvpv.exe 3056 3rrlffx.exe 2400 bhhthb.exe 848 pdjdd.exe 3180 lrrlxxr.exe 3252 7hbnhb.exe 4212 rlrlrrx.exe 3488 thnhtn.exe 4736 3dpdd.exe 2900 1lrrxfl.exe 3192 7flfxxr.exe 1516 nbbtnh.exe 4868 pjppv.exe 4364 hhbtbt.exe 3424 bntnnn.exe 2464 jjdvj.exe 3552 lffxlll.exe 5068 lfffllr.exe 2336 nnnhht.exe 1664 xxlllrr.exe 2628 3fllxxl.exe 1816 1htnhh.exe 1976 7ffrllf.exe 4080 lllrxrx.exe 2820 httbtt.exe 540 lflflfx.exe 2204 rlrfrlr.exe 2960 1hbhbt.exe 3948 lflflfx.exe 4064 thntnn.exe 504 5jpjv.exe 4412 xfxrlxr.exe 4452 xfxrflx.exe 1080 bttbbh.exe 5032 djdvj.exe 364 xlxrlff.exe 2324 9thbtn.exe 2108 jvvdd.exe 4476 pvpdp.exe 3988 lxlfrlx.exe 2816 hnbnnt.exe 1684 jjjdp.exe 2832 frlxlxr.exe 2896 3lflfxl.exe 3868 7llflff.exe 848 nnhhtb.exe 368 hbbnbt.exe 2668 pppjv.exe 3592 rrfxlfx.exe 4876 thhtth.exe 4212 vjvjv.exe 3704 lffrfxx.exe 4532 7nhbnh.exe 4736 tnhnhb.exe -
resource yara_rule behavioral2/memory/4028-0-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000300000001e9b1-3.dat upx behavioral2/memory/4028-4-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0006000000023277-9.dat upx behavioral2/memory/4956-10-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00080000000233fb-15.dat upx behavioral2/files/0x00080000000233fe-20.dat upx behavioral2/memory/4452-21-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1916-12-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1776-23-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233ff-25.dat upx behavioral2/files/0x0007000000023400-30.dat upx behavioral2/files/0x0007000000023401-37.dat upx behavioral2/memory/1004-34-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4664-31-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023402-41.dat upx behavioral2/memory/4848-42-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023404-46.dat upx behavioral2/memory/1892-47-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3228-51-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2128-55-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023405-53.dat upx behavioral2/files/0x0007000000023406-59.dat upx behavioral2/memory/4372-60-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4372-63-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3056-67-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023407-65.dat upx behavioral2/files/0x0007000000023408-70.dat upx behavioral2/files/0x0007000000023409-77.dat upx behavioral2/memory/2400-73-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002340a-82.dat upx behavioral2/memory/3180-86-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002340b-87.dat upx behavioral2/files/0x000700000002340c-93.dat upx behavioral2/memory/3252-92-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002340d-97.dat upx behavioral2/memory/3488-102-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002340e-101.dat upx behavioral2/files/0x00080000000233fc-106.dat upx behavioral2/memory/4736-107-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002340f-111.dat upx behavioral2/files/0x0007000000023410-118.dat upx behavioral2/files/0x0007000000023411-123.dat upx behavioral2/memory/1516-122-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023412-128.dat upx behavioral2/files/0x0007000000023413-133.dat upx behavioral2/files/0x0007000000023414-138.dat upx behavioral2/memory/4364-132-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2464-142-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023415-144.dat upx behavioral2/memory/5068-149-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023416-147.dat upx behavioral2/files/0x0007000000023418-155.dat upx behavioral2/files/0x000700000002341a-165.dat upx behavioral2/files/0x0007000000023419-160.dat upx behavioral2/memory/2628-167-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002341b-169.dat upx behavioral2/memory/1976-177-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4080-182-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/540-189-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2204-192-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3948-197-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4064-202-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/5032-216-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4028 wrote to memory of 4956 4028 26531d9dee28705cfbd7f6c6402f9dba424e75f7bc4b23ea5c15b99be4aaefb1.exe 86 PID 4028 wrote to memory of 4956 4028 26531d9dee28705cfbd7f6c6402f9dba424e75f7bc4b23ea5c15b99be4aaefb1.exe 86 PID 4028 wrote to memory of 4956 4028 26531d9dee28705cfbd7f6c6402f9dba424e75f7bc4b23ea5c15b99be4aaefb1.exe 86 PID 4956 wrote to memory of 1916 4956 1dvjd.exe 87 PID 4956 wrote to memory of 1916 4956 1dvjd.exe 87 PID 4956 wrote to memory of 1916 4956 1dvjd.exe 87 PID 1916 wrote to memory of 4452 1916 3xlxxlf.exe 88 PID 1916 wrote to memory of 4452 1916 3xlxxlf.exe 88 PID 1916 wrote to memory of 4452 1916 3xlxxlf.exe 88 PID 4452 wrote to memory of 1776 4452 lrrxrlx.exe 89 PID 4452 wrote to memory of 1776 4452 lrrxrlx.exe 89 PID 4452 wrote to memory of 1776 4452 lrrxrlx.exe 89 PID 1776 wrote to memory of 4664 1776 dpdpj.exe 90 PID 1776 wrote to memory of 4664 1776 dpdpj.exe 90 PID 1776 wrote to memory of 4664 1776 dpdpj.exe 90 PID 4664 wrote to memory of 1004 4664 vjpjd.exe 91 PID 4664 wrote to memory of 1004 4664 vjpjd.exe 91 PID 4664 wrote to memory of 1004 4664 vjpjd.exe 91 PID 1004 wrote to memory of 4848 1004 nhbtth.exe 92 PID 1004 wrote to memory of 4848 1004 nhbtth.exe 92 PID 1004 wrote to memory of 4848 1004 nhbtth.exe 92 PID 4848 wrote to memory of 1892 4848 3vdvp.exe 93 PID 4848 wrote to memory of 1892 4848 3vdvp.exe 93 PID 4848 wrote to memory of 1892 4848 3vdvp.exe 93 PID 1892 wrote to memory of 3228 1892 hnbnhb.exe 94 PID 1892 wrote to memory of 3228 1892 hnbnhb.exe 94 PID 1892 wrote to memory of 3228 1892 hnbnhb.exe 94 PID 3228 wrote to memory of 2128 3228 7fxlxll.exe 95 PID 3228 wrote to memory of 2128 3228 7fxlxll.exe 95 PID 3228 wrote to memory of 2128 3228 7fxlxll.exe 95 PID 2128 wrote to memory of 4372 2128 djpjj.exe 96 PID 2128 wrote to memory of 4372 2128 djpjj.exe 96 PID 2128 wrote to memory of 4372 2128 djpjj.exe 96 PID 4372 wrote to memory of 3056 4372 vpvpv.exe 97 PID 4372 wrote to memory of 3056 4372 vpvpv.exe 97 PID 4372 wrote to memory of 3056 4372 vpvpv.exe 97 PID 3056 wrote to memory of 2400 3056 3rrlffx.exe 98 PID 3056 wrote to memory of 2400 3056 3rrlffx.exe 98 PID 3056 wrote to memory of 2400 3056 3rrlffx.exe 98 PID 2400 wrote to memory of 848 2400 bhhthb.exe 99 PID 2400 wrote to memory of 848 2400 bhhthb.exe 99 PID 2400 wrote to memory of 848 2400 bhhthb.exe 99 PID 848 wrote to memory of 3180 848 pdjdd.exe 100 PID 848 wrote to memory of 3180 848 pdjdd.exe 100 PID 848 wrote to memory of 3180 848 pdjdd.exe 100 PID 3180 wrote to memory of 3252 3180 lrrlxxr.exe 101 PID 3180 wrote to memory of 3252 3180 lrrlxxr.exe 101 PID 3180 wrote to memory of 3252 3180 lrrlxxr.exe 101 PID 3252 wrote to memory of 4212 3252 7hbnhb.exe 102 PID 3252 wrote to memory of 4212 3252 7hbnhb.exe 102 PID 3252 wrote to memory of 4212 3252 7hbnhb.exe 102 PID 4212 wrote to memory of 3488 4212 rlrlrrx.exe 103 PID 4212 wrote to memory of 3488 4212 rlrlrrx.exe 103 PID 4212 wrote to memory of 3488 4212 rlrlrrx.exe 103 PID 3488 wrote to memory of 4736 3488 thnhtn.exe 104 PID 3488 wrote to memory of 4736 3488 thnhtn.exe 104 PID 3488 wrote to memory of 4736 3488 thnhtn.exe 104 PID 4736 wrote to memory of 2900 4736 3dpdd.exe 105 PID 4736 wrote to memory of 2900 4736 3dpdd.exe 105 PID 4736 wrote to memory of 2900 4736 3dpdd.exe 105 PID 2900 wrote to memory of 3192 2900 1lrrxfl.exe 106 PID 2900 wrote to memory of 3192 2900 1lrrxfl.exe 106 PID 2900 wrote to memory of 3192 2900 1lrrxfl.exe 106 PID 3192 wrote to memory of 1516 3192 7flfxxr.exe 107
Processes
-
C:\Users\Admin\AppData\Local\Temp\26531d9dee28705cfbd7f6c6402f9dba424e75f7bc4b23ea5c15b99be4aaefb1.exe"C:\Users\Admin\AppData\Local\Temp\26531d9dee28705cfbd7f6c6402f9dba424e75f7bc4b23ea5c15b99be4aaefb1.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4028 -
\??\c:\1dvjd.exec:\1dvjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4956 -
\??\c:\3xlxxlf.exec:\3xlxxlf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1916 -
\??\c:\lrrxrlx.exec:\lrrxrlx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4452 -
\??\c:\dpdpj.exec:\dpdpj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1776 -
\??\c:\vjpjd.exec:\vjpjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4664 -
\??\c:\nhbtth.exec:\nhbtth.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1004 -
\??\c:\3vdvp.exec:\3vdvp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4848 -
\??\c:\hnbnhb.exec:\hnbnhb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1892 -
\??\c:\7fxlxll.exec:\7fxlxll.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3228 -
\??\c:\djpjj.exec:\djpjj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2128 -
\??\c:\vpvpv.exec:\vpvpv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4372 -
\??\c:\3rrlffx.exec:\3rrlffx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3056 -
\??\c:\bhhthb.exec:\bhhthb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2400 -
\??\c:\pdjdd.exec:\pdjdd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:848 -
\??\c:\lrrlxxr.exec:\lrrlxxr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3180 -
\??\c:\7hbnhb.exec:\7hbnhb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3252 -
\??\c:\rlrlrrx.exec:\rlrlrrx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4212 -
\??\c:\thnhtn.exec:\thnhtn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3488 -
\??\c:\3dpdd.exec:\3dpdd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4736 -
\??\c:\1lrrxfl.exec:\1lrrxfl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2900 -
\??\c:\7flfxxr.exec:\7flfxxr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3192 -
\??\c:\nbbtnh.exec:\nbbtnh.exe23⤵
- Executes dropped EXE
PID:1516 -
\??\c:\pjppv.exec:\pjppv.exe24⤵
- Executes dropped EXE
PID:4868 -
\??\c:\hhbtbt.exec:\hhbtbt.exe25⤵
- Executes dropped EXE
PID:4364 -
\??\c:\bntnnn.exec:\bntnnn.exe26⤵
- Executes dropped EXE
PID:3424 -
\??\c:\jjdvj.exec:\jjdvj.exe27⤵
- Executes dropped EXE
PID:2464 -
\??\c:\lffxlll.exec:\lffxlll.exe28⤵
- Executes dropped EXE
PID:3552 -
\??\c:\lfffllr.exec:\lfffllr.exe29⤵
- Executes dropped EXE
PID:5068 -
\??\c:\nnnhht.exec:\nnnhht.exe30⤵
- Executes dropped EXE
PID:2336 -
\??\c:\xxlllrr.exec:\xxlllrr.exe31⤵
- Executes dropped EXE
PID:1664 -
\??\c:\3fllxxl.exec:\3fllxxl.exe32⤵
- Executes dropped EXE
PID:2628 -
\??\c:\1htnhh.exec:\1htnhh.exe33⤵
- Executes dropped EXE
PID:1816 -
\??\c:\7ffrllf.exec:\7ffrllf.exe34⤵
- Executes dropped EXE
PID:1976 -
\??\c:\lllrxrx.exec:\lllrxrx.exe35⤵
- Executes dropped EXE
PID:4080 -
\??\c:\httbtt.exec:\httbtt.exe36⤵
- Executes dropped EXE
PID:2820 -
\??\c:\lflflfx.exec:\lflflfx.exe37⤵
- Executes dropped EXE
PID:540 -
\??\c:\rlrfrlr.exec:\rlrfrlr.exe38⤵
- Executes dropped EXE
PID:2204 -
\??\c:\1hbhbt.exec:\1hbhbt.exe39⤵
- Executes dropped EXE
PID:2960 -
\??\c:\lflflfx.exec:\lflflfx.exe40⤵
- Executes dropped EXE
PID:3948 -
\??\c:\thntnn.exec:\thntnn.exe41⤵
- Executes dropped EXE
PID:4064 -
\??\c:\5jpjv.exec:\5jpjv.exe42⤵
- Executes dropped EXE
PID:504 -
\??\c:\xfxrlxr.exec:\xfxrlxr.exe43⤵
- Executes dropped EXE
PID:4412 -
\??\c:\xfxrflx.exec:\xfxrflx.exe44⤵
- Executes dropped EXE
PID:4452 -
\??\c:\bttbbh.exec:\bttbbh.exe45⤵
- Executes dropped EXE
PID:1080 -
\??\c:\djdvj.exec:\djdvj.exe46⤵
- Executes dropped EXE
PID:5032 -
\??\c:\xlxrlff.exec:\xlxrlff.exe47⤵
- Executes dropped EXE
PID:364 -
\??\c:\9thbtn.exec:\9thbtn.exe48⤵
- Executes dropped EXE
PID:2324 -
\??\c:\jvvdd.exec:\jvvdd.exe49⤵
- Executes dropped EXE
PID:2108 -
\??\c:\pvpdp.exec:\pvpdp.exe50⤵
- Executes dropped EXE
PID:4476 -
\??\c:\lxlfrlx.exec:\lxlfrlx.exe51⤵
- Executes dropped EXE
PID:3988 -
\??\c:\hnbnnt.exec:\hnbnnt.exe52⤵
- Executes dropped EXE
PID:2816 -
\??\c:\jjjdp.exec:\jjjdp.exe53⤵
- Executes dropped EXE
PID:1684 -
\??\c:\frlxlxr.exec:\frlxlxr.exe54⤵
- Executes dropped EXE
PID:2832 -
\??\c:\3lflfxl.exec:\3lflfxl.exe55⤵
- Executes dropped EXE
PID:2896 -
\??\c:\7llflff.exec:\7llflff.exe56⤵
- Executes dropped EXE
PID:3868 -
\??\c:\nnhhtb.exec:\nnhhtb.exe57⤵
- Executes dropped EXE
PID:848 -
\??\c:\hbbnbt.exec:\hbbnbt.exe58⤵
- Executes dropped EXE
PID:368 -
\??\c:\pppjv.exec:\pppjv.exe59⤵
- Executes dropped EXE
PID:2668 -
\??\c:\rrfxlfx.exec:\rrfxlfx.exe60⤵
- Executes dropped EXE
PID:3592 -
\??\c:\thhtth.exec:\thhtth.exe61⤵
- Executes dropped EXE
PID:4876 -
\??\c:\vjvjv.exec:\vjvjv.exe62⤵
- Executes dropped EXE
PID:4212 -
\??\c:\lffrfxx.exec:\lffrfxx.exe63⤵
- Executes dropped EXE
PID:3704 -
\??\c:\7nhbnh.exec:\7nhbnh.exe64⤵
- Executes dropped EXE
PID:4532 -
\??\c:\tnhnhb.exec:\tnhnhb.exe65⤵
- Executes dropped EXE
PID:4736 -
\??\c:\dpjdv.exec:\dpjdv.exe66⤵PID:1588
-
\??\c:\7rrflfr.exec:\7rrflfr.exe67⤵PID:4232
-
\??\c:\xlrlfxx.exec:\xlrlfxx.exe68⤵PID:3280
-
\??\c:\bnbnbb.exec:\bnbnbb.exe69⤵PID:968
-
\??\c:\3jjjv.exec:\3jjjv.exe70⤵PID:1804
-
\??\c:\5jdvd.exec:\5jdvd.exe71⤵PID:3424
-
\??\c:\lrrffxr.exec:\lrrffxr.exe72⤵PID:5004
-
\??\c:\9ffxrlf.exec:\9ffxrlf.exe73⤵PID:3464
-
\??\c:\bhhbtn.exec:\bhhbtn.exe74⤵PID:4284
-
\??\c:\vjjvd.exec:\vjjvd.exe75⤵PID:3236
-
\??\c:\3xxrlfr.exec:\3xxrlfr.exe76⤵PID:2336
-
\??\c:\7fffxxr.exec:\7fffxxr.exe77⤵PID:1756
-
\??\c:\htbtnh.exec:\htbtnh.exe78⤵PID:4756
-
\??\c:\5nbbht.exec:\5nbbht.exe79⤵PID:1600
-
\??\c:\9ddvp.exec:\9ddvp.exe80⤵PID:2856
-
\??\c:\djdpd.exec:\djdpd.exe81⤵PID:4676
-
\??\c:\rxrxrlf.exec:\rxrxrlf.exe82⤵PID:1396
-
\??\c:\9ntnbt.exec:\9ntnbt.exe83⤵PID:308
-
\??\c:\dpjjv.exec:\dpjjv.exe84⤵PID:3796
-
\??\c:\5xxxrlx.exec:\5xxxrlx.exe85⤵PID:5012
-
\??\c:\nhthnb.exec:\nhthnb.exe86⤵PID:4540
-
\??\c:\djpjv.exec:\djpjv.exe87⤵PID:3948
-
\??\c:\dvjdd.exec:\dvjdd.exe88⤵PID:5076
-
\??\c:\pdpjv.exec:\pdpjv.exe89⤵PID:3924
-
\??\c:\htnntt.exec:\htnntt.exe90⤵PID:4192
-
\??\c:\jdjdp.exec:\jdjdp.exe91⤵PID:4664
-
\??\c:\djjdp.exec:\djjdp.exe92⤵PID:2184
-
\??\c:\nhthbt.exec:\nhthbt.exe93⤵PID:2792
-
\??\c:\btnhhh.exec:\btnhhh.exe94⤵PID:4816
-
\??\c:\jppdv.exec:\jppdv.exe95⤵PID:2148
-
\??\c:\5llfxxx.exec:\5llfxxx.exe96⤵PID:3228
-
\??\c:\rrrrlff.exec:\rrrrlff.exe97⤵PID:2176
-
\??\c:\bhntnn.exec:\bhntnn.exe98⤵PID:3532
-
\??\c:\nththb.exec:\nththb.exe99⤵PID:1684
-
\??\c:\pvpjd.exec:\pvpjd.exe100⤵PID:2076
-
\??\c:\frfflfx.exec:\frfflfx.exe101⤵PID:4688
-
\??\c:\lllfxxl.exec:\lllfxxl.exe102⤵PID:4668
-
\??\c:\nbhbth.exec:\nbhbth.exe103⤵PID:368
-
\??\c:\3vdpj.exec:\3vdpj.exe104⤵PID:3100
-
\??\c:\7rllxxr.exec:\7rllxxr.exe105⤵PID:3144
-
\??\c:\fxxxrrr.exec:\fxxxrrr.exe106⤵PID:5048
-
\??\c:\1jjvp.exec:\1jjvp.exe107⤵PID:4420
-
\??\c:\pvvvj.exec:\pvvvj.exe108⤵PID:1876
-
\??\c:\lrrfrxf.exec:\lrrfrxf.exe109⤵PID:1512
-
\??\c:\htttnn.exec:\htttnn.exe110⤵PID:996
-
\??\c:\7vvpj.exec:\7vvpj.exe111⤵PID:2096
-
\??\c:\djpjv.exec:\djpjv.exe112⤵PID:3372
-
\??\c:\7fffrrr.exec:\7fffrrr.exe113⤵PID:4488
-
\??\c:\fxlfffx.exec:\fxlfffx.exe114⤵PID:4232
-
\??\c:\tnhhnh.exec:\tnhhnh.exe115⤵PID:3720
-
\??\c:\pjdvp.exec:\pjdvp.exe116⤵PID:3636
-
\??\c:\3jppj.exec:\3jppj.exe117⤵PID:3456
-
\??\c:\rrrrfff.exec:\rrrrfff.exe118⤵PID:2464
-
\??\c:\7lrrllf.exec:\7lrrllf.exe119⤵PID:3584
-
\??\c:\9tbbtt.exec:\9tbbtt.exe120⤵PID:2256
-
\??\c:\jjdvv.exec:\jjdvv.exe121⤵PID:3284
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-