Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
20/04/2024, 02:36
Behavioral task
behavioral1
Sample
c511d0c0425c42a45d929c45b38a37ece992986e6430db5fe98fe84743e23604.exe
Resource
win7-20231129-en
windows7-x64
6 signatures
150 seconds
General
-
Target
c511d0c0425c42a45d929c45b38a37ece992986e6430db5fe98fe84743e23604.exe
-
Size
160KB
-
MD5
2d49d18f94b46100e57d82a5eda63d78
-
SHA1
d79faf8efc36d2249241a58138f9c9e142684cd9
-
SHA256
c511d0c0425c42a45d929c45b38a37ece992986e6430db5fe98fe84743e23604
-
SHA512
dc35adc61de1e0ea6e352ceae8564cf18894bccd77a483b1a5d0a894ffc6ccb81459becbe4c93498ea02980e9f8ab3c3006db1f289c91c0929ef8b208fffba71
-
SSDEEP
3072:xhOmTsF93UYfwC6GIout0fmCiiiXAQ5lpBoGYwNNhu0CzhKPDNuBZ:xcm4FmowdHoSgWrXF5lpKGYV0wh6Dk
Malware Config
Signatures
-
Detect Blackmoon payload 51 IoCs
resource yara_rule behavioral2/memory/4972-8-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1716-12-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1972-5-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1176-29-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1232-31-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1232-26-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4756-22-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1220-36-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/224-39-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1044-43-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2240-51-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3172-54-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3532-59-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2896-70-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3092-74-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3312-78-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3312-81-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4380-83-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2132-93-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4300-114-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3336-130-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/232-137-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/864-145-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1684-148-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3612-153-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4340-163-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4384-165-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4496-173-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2564-177-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3036-179-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2980-184-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/508-188-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3088-197-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4708-204-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2052-207-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4780-210-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1500-214-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3432-221-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1816-225-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3516-240-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4444-242-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5100-245-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3944-266-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2344-271-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4588-274-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2096-282-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1176-295-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3464-300-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3184-309-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1816-342-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2072-344-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/1972-0-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000300000001e97c-3.dat UPX behavioral2/memory/4972-8-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000800000002341b-10.dat UPX behavioral2/memory/1716-12-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000800000002341e-11.dat UPX behavioral2/memory/1972-5-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023422-18.dat UPX behavioral2/memory/1176-20-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1176-29-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1232-31-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023424-32.dat UPX behavioral2/memory/1232-26-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023423-25.dat UPX behavioral2/memory/4756-22-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023426-35.dat UPX behavioral2/memory/1220-36-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/224-39-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023427-41.dat UPX behavioral2/files/0x0007000000023428-46.dat UPX behavioral2/memory/1044-43-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023429-50.dat UPX behavioral2/memory/2240-51-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3172-54-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002342a-56.dat UPX behavioral2/files/0x000700000002342b-61.dat UPX behavioral2/memory/3532-59-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002342c-65.dat UPX behavioral2/files/0x000700000002342d-71.dat UPX behavioral2/memory/2896-70-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3092-74-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002342e-75.dat UPX behavioral2/memory/3312-78-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3312-81-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002342f-80.dat UPX behavioral2/memory/4380-83-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023430-86.dat UPX behavioral2/files/0x0007000000023431-90.dat UPX behavioral2/memory/2132-93-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023432-95.dat UPX behavioral2/files/0x0007000000023433-99.dat UPX behavioral2/files/0x0007000000023434-104.dat UPX behavioral2/files/0x0007000000023435-107.dat UPX behavioral2/files/0x000800000002341f-110.dat UPX behavioral2/memory/4300-114-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023436-116.dat UPX behavioral2/files/0x0007000000023437-121.dat UPX behavioral2/memory/2532-123-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023438-126.dat UPX behavioral2/memory/3336-130-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023439-131.dat UPX behavioral2/files/0x000700000002343a-136.dat UPX behavioral2/memory/232-137-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002343b-140.dat UPX behavioral2/files/0x000700000002343c-144.dat UPX behavioral2/memory/864-145-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1684-148-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002343e-155.dat UPX behavioral2/memory/3612-153-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002343d-151.dat UPX behavioral2/memory/4340-163-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4384-165-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4496-173-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2564-177-0x0000000000400000-0x0000000000427000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 4972 5ntnnn.exe 1716 htbhbb.exe 4756 lrfxlfr.exe 1176 hhnhbb.exe 1232 tbbtnh.exe 1220 llllllr.exe 224 3xxrllf.exe 1044 xfllflf.exe 2240 5btthh.exe 3172 dvpjd.exe 3532 dvpdj.exe 2476 frffxxx.exe 2896 ntbtnh.exe 3092 vjppp.exe 3312 5djdd.exe 4380 nnbtnt.exe 3528 xfffrrr.exe 2132 httnhh.exe 5060 3bbthh.exe 1060 jpvvd.exe 2584 xlrrlxr.exe 448 htbtnh.exe 4300 nhtnbb.exe 4696 jpvpj.exe 2532 fxxxrrf.exe 3336 bnnntn.exe 232 jdvdv.exe 1092 ffxrlll.exe 864 nhbtnb.exe 1684 5djdv.exe 3612 fllfxll.exe 5004 9rlfxxr.exe 4336 vpddd.exe 4340 3jppj.exe 4384 1lxxllf.exe 1716 lflrrrx.exe 2908 dvjdd.exe 4496 vjpjv.exe 2888 7rlfxrr.exe 2564 5frfxxr.exe 3036 1thhbb.exe 2980 dvjjp.exe 4104 dvjvv.exe 508 xxfxrrl.exe 804 nbhnhn.exe 3732 hhhbtt.exe 3088 pjjdd.exe 3536 lfxrrrx.exe 3532 nbbbtn.exe 4708 jpvpj.exe 2052 jdvvp.exe 4780 lfrfffl.exe 436 bbttnn.exe 1500 hbtnnh.exe 2832 5pjdp.exe 3432 dppjv.exe 1952 jpvpd.exe 1816 fflffxx.exe 8 5bbtnn.exe 4868 ddppv.exe 1844 1ddjd.exe 4136 5llffxx.exe 3752 nbhhtb.exe 3516 9bhbnn.exe -
resource yara_rule behavioral2/memory/1972-0-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000300000001e97c-3.dat upx behavioral2/memory/4972-8-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000800000002341b-10.dat upx behavioral2/memory/1716-12-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000800000002341e-11.dat upx behavioral2/memory/1972-5-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023422-18.dat upx behavioral2/memory/1176-20-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1176-29-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1232-31-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023424-32.dat upx behavioral2/memory/1232-26-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023423-25.dat upx behavioral2/memory/4756-22-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023426-35.dat upx behavioral2/memory/1220-36-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/224-39-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023427-41.dat upx behavioral2/files/0x0007000000023428-46.dat upx behavioral2/memory/1044-43-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023429-50.dat upx behavioral2/memory/2240-51-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3172-54-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002342a-56.dat upx behavioral2/files/0x000700000002342b-61.dat upx behavioral2/memory/3532-59-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002342c-65.dat upx behavioral2/files/0x000700000002342d-71.dat upx behavioral2/memory/2896-70-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3092-74-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002342e-75.dat upx behavioral2/memory/3312-78-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3312-81-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002342f-80.dat upx behavioral2/memory/4380-83-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023430-86.dat upx behavioral2/files/0x0007000000023431-90.dat upx behavioral2/memory/2132-93-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023432-95.dat upx behavioral2/files/0x0007000000023433-99.dat upx behavioral2/files/0x0007000000023434-104.dat upx behavioral2/files/0x0007000000023435-107.dat upx behavioral2/files/0x000800000002341f-110.dat upx behavioral2/memory/4300-114-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023436-116.dat upx behavioral2/files/0x0007000000023437-121.dat upx behavioral2/memory/2532-123-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023438-126.dat upx behavioral2/memory/3336-130-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023439-131.dat upx behavioral2/files/0x000700000002343a-136.dat upx behavioral2/memory/232-137-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002343b-140.dat upx behavioral2/files/0x000700000002343c-144.dat upx behavioral2/memory/864-145-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1684-148-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002343e-155.dat upx behavioral2/memory/3612-153-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002343d-151.dat upx behavioral2/memory/4340-163-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4384-165-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4496-173-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2564-177-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1972 wrote to memory of 4972 1972 c511d0c0425c42a45d929c45b38a37ece992986e6430db5fe98fe84743e23604.exe 89 PID 1972 wrote to memory of 4972 1972 c511d0c0425c42a45d929c45b38a37ece992986e6430db5fe98fe84743e23604.exe 89 PID 1972 wrote to memory of 4972 1972 c511d0c0425c42a45d929c45b38a37ece992986e6430db5fe98fe84743e23604.exe 89 PID 4972 wrote to memory of 1716 4972 5ntnnn.exe 90 PID 4972 wrote to memory of 1716 4972 5ntnnn.exe 90 PID 4972 wrote to memory of 1716 4972 5ntnnn.exe 90 PID 1716 wrote to memory of 4756 1716 htbhbb.exe 91 PID 1716 wrote to memory of 4756 1716 htbhbb.exe 91 PID 1716 wrote to memory of 4756 1716 htbhbb.exe 91 PID 4756 wrote to memory of 1176 4756 lrfxlfr.exe 92 PID 4756 wrote to memory of 1176 4756 lrfxlfr.exe 92 PID 4756 wrote to memory of 1176 4756 lrfxlfr.exe 92 PID 1176 wrote to memory of 1232 1176 hhnhbb.exe 93 PID 1176 wrote to memory of 1232 1176 hhnhbb.exe 93 PID 1176 wrote to memory of 1232 1176 hhnhbb.exe 93 PID 1232 wrote to memory of 1220 1232 tbbtnh.exe 94 PID 1232 wrote to memory of 1220 1232 tbbtnh.exe 94 PID 1232 wrote to memory of 1220 1232 tbbtnh.exe 94 PID 1220 wrote to memory of 224 1220 llllllr.exe 95 PID 1220 wrote to memory of 224 1220 llllllr.exe 95 PID 1220 wrote to memory of 224 1220 llllllr.exe 95 PID 224 wrote to memory of 1044 224 3xxrllf.exe 96 PID 224 wrote to memory of 1044 224 3xxrllf.exe 96 PID 224 wrote to memory of 1044 224 3xxrllf.exe 96 PID 1044 wrote to memory of 2240 1044 xfllflf.exe 97 PID 1044 wrote to memory of 2240 1044 xfllflf.exe 97 PID 1044 wrote to memory of 2240 1044 xfllflf.exe 97 PID 2240 wrote to memory of 3172 2240 5btthh.exe 98 PID 2240 wrote to memory of 3172 2240 5btthh.exe 98 PID 2240 wrote to memory of 3172 2240 5btthh.exe 98 PID 3172 wrote to memory of 3532 3172 dvpjd.exe 99 PID 3172 wrote to memory of 3532 3172 dvpjd.exe 99 PID 3172 wrote to memory of 3532 3172 dvpjd.exe 99 PID 3532 wrote to memory of 2476 3532 dvpdj.exe 100 PID 3532 wrote to memory of 2476 3532 dvpdj.exe 100 PID 3532 wrote to memory of 2476 3532 dvpdj.exe 100 PID 2476 wrote to memory of 2896 2476 frffxxx.exe 101 PID 2476 wrote to memory of 2896 2476 frffxxx.exe 101 PID 2476 wrote to memory of 2896 2476 frffxxx.exe 101 PID 2896 wrote to memory of 3092 2896 ntbtnh.exe 102 PID 2896 wrote to memory of 3092 2896 ntbtnh.exe 102 PID 2896 wrote to memory of 3092 2896 ntbtnh.exe 102 PID 3092 wrote to memory of 3312 3092 vjppp.exe 103 PID 3092 wrote to memory of 3312 3092 vjppp.exe 103 PID 3092 wrote to memory of 3312 3092 vjppp.exe 103 PID 3312 wrote to memory of 4380 3312 5djdd.exe 104 PID 3312 wrote to memory of 4380 3312 5djdd.exe 104 PID 3312 wrote to memory of 4380 3312 5djdd.exe 104 PID 4380 wrote to memory of 3528 4380 nnbtnt.exe 105 PID 4380 wrote to memory of 3528 4380 nnbtnt.exe 105 PID 4380 wrote to memory of 3528 4380 nnbtnt.exe 105 PID 3528 wrote to memory of 2132 3528 xfffrrr.exe 106 PID 3528 wrote to memory of 2132 3528 xfffrrr.exe 106 PID 3528 wrote to memory of 2132 3528 xfffrrr.exe 106 PID 2132 wrote to memory of 5060 2132 httnhh.exe 107 PID 2132 wrote to memory of 5060 2132 httnhh.exe 107 PID 2132 wrote to memory of 5060 2132 httnhh.exe 107 PID 5060 wrote to memory of 1060 5060 3bbthh.exe 108 PID 5060 wrote to memory of 1060 5060 3bbthh.exe 108 PID 5060 wrote to memory of 1060 5060 3bbthh.exe 108 PID 1060 wrote to memory of 2584 1060 jpvvd.exe 109 PID 1060 wrote to memory of 2584 1060 jpvvd.exe 109 PID 1060 wrote to memory of 2584 1060 jpvvd.exe 109 PID 2584 wrote to memory of 448 2584 xlrrlxr.exe 111
Processes
-
C:\Users\Admin\AppData\Local\Temp\c511d0c0425c42a45d929c45b38a37ece992986e6430db5fe98fe84743e23604.exe"C:\Users\Admin\AppData\Local\Temp\c511d0c0425c42a45d929c45b38a37ece992986e6430db5fe98fe84743e23604.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1972 -
\??\c:\5ntnnn.exec:\5ntnnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4972 -
\??\c:\htbhbb.exec:\htbhbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1716 -
\??\c:\lrfxlfr.exec:\lrfxlfr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4756 -
\??\c:\hhnhbb.exec:\hhnhbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1176 -
\??\c:\tbbtnh.exec:\tbbtnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1232 -
\??\c:\llllllr.exec:\llllllr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1220 -
\??\c:\3xxrllf.exec:\3xxrllf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:224 -
\??\c:\xfllflf.exec:\xfllflf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1044 -
\??\c:\5btthh.exec:\5btthh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2240 -
\??\c:\dvpjd.exec:\dvpjd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3172 -
\??\c:\dvpdj.exec:\dvpdj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3532 -
\??\c:\frffxxx.exec:\frffxxx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2476 -
\??\c:\ntbtnh.exec:\ntbtnh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2896 -
\??\c:\vjppp.exec:\vjppp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3092 -
\??\c:\5djdd.exec:\5djdd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3312 -
\??\c:\nnbtnt.exec:\nnbtnt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4380 -
\??\c:\xfffrrr.exec:\xfffrrr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3528 -
\??\c:\httnhh.exec:\httnhh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2132 -
\??\c:\3bbthh.exec:\3bbthh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5060 -
\??\c:\jpvvd.exec:\jpvvd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1060 -
\??\c:\xlrrlxr.exec:\xlrrlxr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2584 -
\??\c:\htbtnh.exec:\htbtnh.exe23⤵
- Executes dropped EXE
PID:448 -
\??\c:\nhtnbb.exec:\nhtnbb.exe24⤵
- Executes dropped EXE
PID:4300 -
\??\c:\jpvpj.exec:\jpvpj.exe25⤵
- Executes dropped EXE
PID:4696 -
\??\c:\fxxxrrf.exec:\fxxxrrf.exe26⤵
- Executes dropped EXE
PID:2532 -
\??\c:\bnnntn.exec:\bnnntn.exe27⤵
- Executes dropped EXE
PID:3336 -
\??\c:\jdvdv.exec:\jdvdv.exe28⤵
- Executes dropped EXE
PID:232 -
\??\c:\ffxrlll.exec:\ffxrlll.exe29⤵
- Executes dropped EXE
PID:1092 -
\??\c:\nhbtnb.exec:\nhbtnb.exe30⤵
- Executes dropped EXE
PID:864 -
\??\c:\5djdv.exec:\5djdv.exe31⤵
- Executes dropped EXE
PID:1684 -
\??\c:\fllfxll.exec:\fllfxll.exe32⤵
- Executes dropped EXE
PID:3612 -
\??\c:\9rlfxxr.exec:\9rlfxxr.exe33⤵
- Executes dropped EXE
PID:5004 -
\??\c:\vpddd.exec:\vpddd.exe34⤵
- Executes dropped EXE
PID:4336 -
\??\c:\3jppj.exec:\3jppj.exe35⤵
- Executes dropped EXE
PID:4340 -
\??\c:\1lxxllf.exec:\1lxxllf.exe36⤵
- Executes dropped EXE
PID:4384 -
\??\c:\lflrrrx.exec:\lflrrrx.exe37⤵
- Executes dropped EXE
PID:1716 -
\??\c:\dvjdd.exec:\dvjdd.exe38⤵
- Executes dropped EXE
PID:2908 -
\??\c:\vjpjv.exec:\vjpjv.exe39⤵
- Executes dropped EXE
PID:4496 -
\??\c:\7rlfxrr.exec:\7rlfxrr.exe40⤵
- Executes dropped EXE
PID:2888 -
\??\c:\5frfxxr.exec:\5frfxxr.exe41⤵
- Executes dropped EXE
PID:2564 -
\??\c:\1thhbb.exec:\1thhbb.exe42⤵
- Executes dropped EXE
PID:3036 -
\??\c:\dvjjp.exec:\dvjjp.exe43⤵
- Executes dropped EXE
PID:2980 -
\??\c:\dvjvv.exec:\dvjvv.exe44⤵
- Executes dropped EXE
PID:4104 -
\??\c:\xxfxrrl.exec:\xxfxrrl.exe45⤵
- Executes dropped EXE
PID:508 -
\??\c:\nbhnhn.exec:\nbhnhn.exe46⤵
- Executes dropped EXE
PID:804 -
\??\c:\hhhbtt.exec:\hhhbtt.exe47⤵
- Executes dropped EXE
PID:3732 -
\??\c:\pjjdd.exec:\pjjdd.exe48⤵
- Executes dropped EXE
PID:3088 -
\??\c:\lfxrrrx.exec:\lfxrrrx.exe49⤵
- Executes dropped EXE
PID:3536 -
\??\c:\nbbbtn.exec:\nbbbtn.exe50⤵
- Executes dropped EXE
PID:3532 -
\??\c:\jpvpj.exec:\jpvpj.exe51⤵
- Executes dropped EXE
PID:4708 -
\??\c:\jdvvp.exec:\jdvvp.exe52⤵
- Executes dropped EXE
PID:2052 -
\??\c:\lfrfffl.exec:\lfrfffl.exe53⤵
- Executes dropped EXE
PID:4780 -
\??\c:\bbttnn.exec:\bbttnn.exe54⤵
- Executes dropped EXE
PID:436 -
\??\c:\hbtnnh.exec:\hbtnnh.exe55⤵
- Executes dropped EXE
PID:1500 -
\??\c:\5pjdp.exec:\5pjdp.exe56⤵
- Executes dropped EXE
PID:2832 -
\??\c:\dppjv.exec:\dppjv.exe57⤵
- Executes dropped EXE
PID:3432 -
\??\c:\jpvpd.exec:\jpvpd.exe58⤵
- Executes dropped EXE
PID:1952 -
\??\c:\fflffxx.exec:\fflffxx.exe59⤵
- Executes dropped EXE
PID:1816 -
\??\c:\5bbtnn.exec:\5bbtnn.exe60⤵
- Executes dropped EXE
PID:8 -
\??\c:\ddppv.exec:\ddppv.exe61⤵
- Executes dropped EXE
PID:4868 -
\??\c:\1ddjd.exec:\1ddjd.exe62⤵
- Executes dropped EXE
PID:1844 -
\??\c:\5llffxx.exec:\5llffxx.exe63⤵
- Executes dropped EXE
PID:4136 -
\??\c:\nbhhtb.exec:\nbhhtb.exe64⤵
- Executes dropped EXE
PID:3752 -
\??\c:\9bhbnn.exec:\9bhbnn.exe65⤵
- Executes dropped EXE
PID:3516 -
\??\c:\pdddd.exec:\pdddd.exe66⤵PID:4444
-
\??\c:\1ffxrrl.exec:\1ffxrrl.exe67⤵PID:5100
-
\??\c:\1lrrxxl.exec:\1lrrxxl.exe68⤵PID:4788
-
\??\c:\ntbbtn.exec:\ntbbtn.exe69⤵PID:3216
-
\??\c:\jdjjd.exec:\jdjjd.exe70⤵PID:2532
-
\??\c:\7jdvj.exec:\7jdvj.exe71⤵PID:2640
-
\??\c:\rxrrlll.exec:\rxrrlll.exe72⤵PID:3104
-
\??\c:\bnttnh.exec:\bnttnh.exe73⤵PID:1444
-
\??\c:\bnnhbb.exec:\bnnhbb.exe74⤵PID:2812
-
\??\c:\jdvvj.exec:\jdvvj.exe75⤵PID:3944
-
\??\c:\3pjdd.exec:\3pjdd.exe76⤵PID:2528
-
\??\c:\rlxfxfl.exec:\rlxfxfl.exe77⤵PID:2344
-
\??\c:\7pjdv.exec:\7pjdv.exe78⤵PID:4588
-
\??\c:\dvppj.exec:\dvppj.exe79⤵PID:3728
-
\??\c:\xxfxlll.exec:\xxfxlll.exe80⤵PID:1924
-
\??\c:\htnttb.exec:\htnttb.exe81⤵PID:2096
-
\??\c:\jpjpv.exec:\jpjpv.exe82⤵PID:1072
-
\??\c:\jdjjd.exec:\jdjjd.exe83⤵PID:3960
-
\??\c:\rlxllfl.exec:\rlxllfl.exe84⤵PID:1620
-
\??\c:\rflfffx.exec:\rflfffx.exe85⤵PID:2792
-
\??\c:\bhnhbb.exec:\bhnhbb.exe86⤵PID:1096
-
\??\c:\nhntbb.exec:\nhntbb.exe87⤵PID:1176
-
\??\c:\jjpjj.exec:\jjpjj.exe88⤵PID:1860
-
\??\c:\vddjv.exec:\vddjv.exe89⤵PID:3464
-
\??\c:\fxrlffx.exec:\fxrlffx.exe90⤵PID:424
-
\??\c:\tbhbbb.exec:\tbhbbb.exe91⤵PID:4752
-
\??\c:\1bhthn.exec:\1bhthn.exe92⤵PID:1836
-
\??\c:\7jjjv.exec:\7jjjv.exe93⤵PID:3184
-
\??\c:\pjjdd.exec:\pjjdd.exe94⤵PID:4224
-
\??\c:\fffxlll.exec:\fffxlll.exe95⤵PID:3732
-
\??\c:\lrrrrrr.exec:\lrrrrrr.exe96⤵PID:2240
-
\??\c:\nbnbbt.exec:\nbnbbt.exe97⤵PID:5068
-
\??\c:\tbhhbb.exec:\tbhhbb.exe98⤵PID:4024
-
\??\c:\1vpdv.exec:\1vpdv.exe99⤵PID:2864
-
\??\c:\djpjd.exec:\djpjd.exe100⤵PID:4716
-
\??\c:\rlllfff.exec:\rlllfff.exe101⤵PID:1252
-
\??\c:\1flfxrr.exec:\1flfxrr.exe102⤵PID:1360
-
\??\c:\bttnhh.exec:\bttnhh.exe103⤵PID:3760
-
\??\c:\nnbtnn.exec:\nnbtnn.exe104⤵PID:4056
-
\??\c:\jvddp.exec:\jvddp.exe105⤵PID:3196
-
\??\c:\9dvvp.exec:\9dvvp.exe106⤵PID:4296
-
\??\c:\9rxrrrr.exec:\9rxrrrr.exe107⤵PID:1888
-
\??\c:\3rxxfxf.exec:\3rxxfxf.exe108⤵PID:1816
-
\??\c:\nhnhhh.exec:\nhnhhh.exe109⤵PID:2072
-
\??\c:\bthttn.exec:\bthttn.exe110⤵PID:2428
-
\??\c:\pvdvj.exec:\pvdvj.exe111⤵PID:4928
-
\??\c:\frlfrrl.exec:\frlfrrl.exe112⤵PID:1552
-
\??\c:\rflfxrl.exec:\rflfxrl.exe113⤵PID:4792
-
\??\c:\btnnhh.exec:\btnnhh.exe114⤵PID:3120
-
\??\c:\pjjvp.exec:\pjjvp.exe115⤵PID:2732
-
\??\c:\jjjjd.exec:\jjjjd.exe116⤵PID:3916
-
\??\c:\flrllll.exec:\flrllll.exe117⤵PID:4696
-
\??\c:\rflfxrl.exec:\rflfxrl.exe118⤵PID:1348
-
\??\c:\bbhbbh.exec:\bbhbbh.exe119⤵PID:2336
-
\??\c:\tntnbb.exec:\tntnbb.exe120⤵PID:1080
-
\??\c:\jppjd.exec:\jppjd.exe121⤵PID:1768
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-