Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
23/04/2024, 04:07
Behavioral task
behavioral1
Sample
cf5651b9d6ab4948a3835e79201a89c12a3c4e7498e7730fba302d9c5a3dc8bc.exe
Resource
win7-20231129-en
windows7-x64
6 signatures
150 seconds
General
-
Target
cf5651b9d6ab4948a3835e79201a89c12a3c4e7498e7730fba302d9c5a3dc8bc.exe
-
Size
537KB
-
MD5
efcb3864632d0799969138af2d06fcc9
-
SHA1
2fd3741dd2d285ba4f5f2f87f57b7808513666f5
-
SHA256
cf5651b9d6ab4948a3835e79201a89c12a3c4e7498e7730fba302d9c5a3dc8bc
-
SHA512
9eadc991732649ce4eb85e47d017fceb6ff9c02b33c3372289e9c32b3d069a5aff02770234ac4b606590f5c420c3a5253cc13fee5259e711d5a6dccd1b4b8628
-
SSDEEP
12288:y4wFHoS3eFp3IDvSbh5nP+UbGTHoSouKs8N0u/D6vIZj:HFp3lzZbGa5soj
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/3288-8-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/940-5-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4188-12-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3048-31-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/648-24-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3064-21-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2188-35-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/620-41-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5056-51-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2516-59-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4520-70-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2504-66-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/460-87-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/860-82-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1228-96-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2356-105-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/8-99-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4916-110-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1668-130-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4020-149-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2808-164-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2744-153-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/932-118-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2800-173-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3244-179-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3144-185-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4636-187-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2028-195-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2104-199-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1804-206-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1096-210-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4476-215-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2084-220-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3564-223-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/664-230-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3648-236-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5056-245-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4296-251-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2776-254-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4240-258-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3756-268-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5024-276-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4964-297-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2072-308-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3632-324-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1272-321-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1260-337-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3744-352-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5028-358-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/804-380-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4436-386-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3756-394-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4752-404-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/828-402-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4584-422-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3092-479-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1800-503-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/364-555-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4600-568-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2084-592-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5028-605-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4108-641-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4796-792-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4520-1029-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/940-0-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000300000001e97c-4.dat UPX behavioral2/memory/3288-8-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000c0000000233c3-10.dat UPX behavioral2/memory/940-5-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00080000000233ed-13.dat UPX behavioral2/memory/4188-12-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233f1-20.dat UPX behavioral2/memory/3048-31-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233f2-27.dat UPX behavioral2/memory/648-24-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3064-21-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2188-35-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233f4-37.dat UPX behavioral2/files/0x00070000000233f3-33.dat UPX behavioral2/memory/620-41-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233f5-44.dat UPX behavioral2/files/0x00070000000233f6-48.dat UPX behavioral2/files/0x00070000000233f7-54.dat UPX behavioral2/memory/5056-51-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2516-59-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233f8-61.dat UPX behavioral2/files/0x00070000000233f9-65.dat UPX behavioral2/files/0x00080000000233ee-72.dat UPX behavioral2/memory/4520-70-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2504-66-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233fb-76.dat UPX behavioral2/memory/860-78-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233fc-83.dat UPX behavioral2/memory/460-87-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/860-82-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233fd-88.dat UPX behavioral2/files/0x00070000000233fe-94.dat UPX behavioral2/memory/1228-91-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1228-96-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x00070000000233ff-100.dat UPX behavioral2/memory/2356-105-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/8-99-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4916-110-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023401-112.dat UPX behavioral2/files/0x0007000000023402-117.dat UPX behavioral2/files/0x0007000000023404-129.dat UPX behavioral2/files/0x0007000000023405-135.dat UPX behavioral2/files/0x0007000000023406-139.dat UPX behavioral2/memory/1668-130-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023408-144.dat UPX behavioral2/memory/4020-149-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023409-150.dat UPX behavioral2/files/0x000700000002340a-155.dat UPX behavioral2/files/0x000700000002340d-167.dat UPX behavioral2/memory/2808-164-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002340c-162.dat UPX behavioral2/memory/2744-153-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023403-124.dat UPX behavioral2/memory/932-118-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023400-107.dat UPX behavioral2/files/0x000700000002340e-172.dat UPX behavioral2/memory/2800-169-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2800-173-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002340f-176.dat UPX behavioral2/memory/3244-179-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3144-185-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4636-187-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2028-195-0x0000000000400000-0x0000000000427000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 3288 tbhbbt.exe 4188 vpvpv.exe 3064 hbbnnn.exe 648 frrrxxx.exe 3048 nbhhhh.exe 2188 7tbnht.exe 620 jvdpj.exe 2664 thnbtt.exe 5056 jdjdv.exe 2516 flxrxfx.exe 2504 7bttnt.exe 4520 lrllxxr.exe 804 lfllfff.exe 860 pddvv.exe 460 pjpjd.exe 1228 9btntn.exe 8 frfrxxf.exe 2356 tnnhhh.exe 4916 5rrlffx.exe 1352 jdppv.exe 932 flxrlff.exe 2780 nbbbtt.exe 1668 xlrlrxr.exe 364 hnnnhb.exe 3336 lfxrxrr.exe 4020 9ddvj.exe 2744 rlrlffx.exe 3772 vpjdv.exe 2808 3xflffx.exe 2800 vjvvj.exe 3244 hbttnt.exe 3528 lflfxxx.exe 3144 nbtbbt.exe 4636 djjvp.exe 5072 rxxxxlr.exe 2028 bhnnhh.exe 2104 pjpjj.exe 4308 nhnnbb.exe 1804 bntntt.exe 1096 dvpjj.exe 2384 htbnbb.exe 4476 7fffxxr.exe 2084 thnttt.exe 3564 pvddv.exe 3048 pjjdv.exe 664 vjppp.exe 2188 rfllllf.exe 3648 dvvpj.exe 3388 dpppp.exe 3832 xxfxxxx.exe 5056 htttnh.exe 4620 vdjdv.exe 4296 rxxfxxx.exe 2776 tbtbtt.exe 4240 jdvpj.exe 4828 lrxxlll.exe 2268 1ffxrrf.exe 3756 lrxxxlf.exe 1228 hhhbhh.exe 5024 pvddd.exe 3356 7flfrrl.exe 1288 vpjdp.exe 3776 vpvpj.exe 4060 fxxfxrf.exe -
resource yara_rule behavioral2/memory/940-0-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000300000001e97c-4.dat upx behavioral2/memory/3288-8-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000c0000000233c3-10.dat upx behavioral2/memory/940-5-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00080000000233ed-13.dat upx behavioral2/memory/4188-12-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233f1-20.dat upx behavioral2/memory/3048-31-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233f2-27.dat upx behavioral2/memory/648-24-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3064-21-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2188-35-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233f4-37.dat upx behavioral2/files/0x00070000000233f3-33.dat upx behavioral2/memory/620-41-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233f5-44.dat upx behavioral2/files/0x00070000000233f6-48.dat upx behavioral2/files/0x00070000000233f7-54.dat upx behavioral2/memory/5056-51-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2516-59-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233f8-61.dat upx behavioral2/files/0x00070000000233f9-65.dat upx behavioral2/files/0x00080000000233ee-72.dat upx behavioral2/memory/4520-70-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2504-66-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233fb-76.dat upx behavioral2/memory/860-78-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233fc-83.dat upx behavioral2/memory/460-87-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/860-82-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233fd-88.dat upx behavioral2/files/0x00070000000233fe-94.dat upx behavioral2/memory/1228-91-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1228-96-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000233ff-100.dat upx behavioral2/memory/2356-105-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/8-99-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4916-110-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023401-112.dat upx behavioral2/files/0x0007000000023402-117.dat upx behavioral2/files/0x0007000000023404-129.dat upx behavioral2/files/0x0007000000023405-135.dat upx behavioral2/files/0x0007000000023406-139.dat upx behavioral2/memory/1668-130-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023408-144.dat upx behavioral2/memory/4020-149-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023409-150.dat upx behavioral2/files/0x000700000002340a-155.dat upx behavioral2/files/0x000700000002340d-167.dat upx behavioral2/memory/2808-164-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002340c-162.dat upx behavioral2/memory/2744-153-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023403-124.dat upx behavioral2/memory/932-118-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023400-107.dat upx behavioral2/files/0x000700000002340e-172.dat upx behavioral2/memory/2800-169-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2800-173-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002340f-176.dat upx behavioral2/memory/3244-179-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3144-185-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4636-187-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2028-195-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 940 wrote to memory of 3288 940 cf5651b9d6ab4948a3835e79201a89c12a3c4e7498e7730fba302d9c5a3dc8bc.exe 86 PID 940 wrote to memory of 3288 940 cf5651b9d6ab4948a3835e79201a89c12a3c4e7498e7730fba302d9c5a3dc8bc.exe 86 PID 940 wrote to memory of 3288 940 cf5651b9d6ab4948a3835e79201a89c12a3c4e7498e7730fba302d9c5a3dc8bc.exe 86 PID 3288 wrote to memory of 4188 3288 tbhbbt.exe 87 PID 3288 wrote to memory of 4188 3288 tbhbbt.exe 87 PID 3288 wrote to memory of 4188 3288 tbhbbt.exe 87 PID 4188 wrote to memory of 3064 4188 vpvpv.exe 88 PID 4188 wrote to memory of 3064 4188 vpvpv.exe 88 PID 4188 wrote to memory of 3064 4188 vpvpv.exe 88 PID 3064 wrote to memory of 648 3064 hbbnnn.exe 89 PID 3064 wrote to memory of 648 3064 hbbnnn.exe 89 PID 3064 wrote to memory of 648 3064 hbbnnn.exe 89 PID 648 wrote to memory of 3048 648 frrrxxx.exe 90 PID 648 wrote to memory of 3048 648 frrrxxx.exe 90 PID 648 wrote to memory of 3048 648 frrrxxx.exe 90 PID 3048 wrote to memory of 2188 3048 nbhhhh.exe 91 PID 3048 wrote to memory of 2188 3048 nbhhhh.exe 91 PID 3048 wrote to memory of 2188 3048 nbhhhh.exe 91 PID 2188 wrote to memory of 620 2188 7tbnht.exe 92 PID 2188 wrote to memory of 620 2188 7tbnht.exe 92 PID 2188 wrote to memory of 620 2188 7tbnht.exe 92 PID 620 wrote to memory of 2664 620 jvdpj.exe 93 PID 620 wrote to memory of 2664 620 jvdpj.exe 93 PID 620 wrote to memory of 2664 620 jvdpj.exe 93 PID 2664 wrote to memory of 5056 2664 thnbtt.exe 94 PID 2664 wrote to memory of 5056 2664 thnbtt.exe 94 PID 2664 wrote to memory of 5056 2664 thnbtt.exe 94 PID 5056 wrote to memory of 2516 5056 jdjdv.exe 95 PID 5056 wrote to memory of 2516 5056 jdjdv.exe 95 PID 5056 wrote to memory of 2516 5056 jdjdv.exe 95 PID 2516 wrote to memory of 2504 2516 flxrxfx.exe 96 PID 2516 wrote to memory of 2504 2516 flxrxfx.exe 96 PID 2516 wrote to memory of 2504 2516 flxrxfx.exe 96 PID 2504 wrote to memory of 4520 2504 7bttnt.exe 97 PID 2504 wrote to memory of 4520 2504 7bttnt.exe 97 PID 2504 wrote to memory of 4520 2504 7bttnt.exe 97 PID 4520 wrote to memory of 804 4520 lrllxxr.exe 98 PID 4520 wrote to memory of 804 4520 lrllxxr.exe 98 PID 4520 wrote to memory of 804 4520 lrllxxr.exe 98 PID 804 wrote to memory of 860 804 lfllfff.exe 100 PID 804 wrote to memory of 860 804 lfllfff.exe 100 PID 804 wrote to memory of 860 804 lfllfff.exe 100 PID 860 wrote to memory of 460 860 pddvv.exe 101 PID 860 wrote to memory of 460 860 pddvv.exe 101 PID 860 wrote to memory of 460 860 pddvv.exe 101 PID 460 wrote to memory of 1228 460 pjpjd.exe 102 PID 460 wrote to memory of 1228 460 pjpjd.exe 102 PID 460 wrote to memory of 1228 460 pjpjd.exe 102 PID 1228 wrote to memory of 8 1228 9btntn.exe 103 PID 1228 wrote to memory of 8 1228 9btntn.exe 103 PID 1228 wrote to memory of 8 1228 9btntn.exe 103 PID 8 wrote to memory of 2356 8 frfrxxf.exe 104 PID 8 wrote to memory of 2356 8 frfrxxf.exe 104 PID 8 wrote to memory of 2356 8 frfrxxf.exe 104 PID 2356 wrote to memory of 4916 2356 tnnhhh.exe 105 PID 2356 wrote to memory of 4916 2356 tnnhhh.exe 105 PID 2356 wrote to memory of 4916 2356 tnnhhh.exe 105 PID 4916 wrote to memory of 1352 4916 5rrlffx.exe 106 PID 4916 wrote to memory of 1352 4916 5rrlffx.exe 106 PID 4916 wrote to memory of 1352 4916 5rrlffx.exe 106 PID 1352 wrote to memory of 932 1352 jdppv.exe 107 PID 1352 wrote to memory of 932 1352 jdppv.exe 107 PID 1352 wrote to memory of 932 1352 jdppv.exe 107 PID 932 wrote to memory of 2780 932 flxrlff.exe 108
Processes
-
C:\Users\Admin\AppData\Local\Temp\cf5651b9d6ab4948a3835e79201a89c12a3c4e7498e7730fba302d9c5a3dc8bc.exe"C:\Users\Admin\AppData\Local\Temp\cf5651b9d6ab4948a3835e79201a89c12a3c4e7498e7730fba302d9c5a3dc8bc.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:940 -
\??\c:\tbhbbt.exec:\tbhbbt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3288 -
\??\c:\vpvpv.exec:\vpvpv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4188 -
\??\c:\hbbnnn.exec:\hbbnnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3064 -
\??\c:\frrrxxx.exec:\frrrxxx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:648 -
\??\c:\nbhhhh.exec:\nbhhhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3048 -
\??\c:\7tbnht.exec:\7tbnht.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2188 -
\??\c:\jvdpj.exec:\jvdpj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:620 -
\??\c:\thnbtt.exec:\thnbtt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2664 -
\??\c:\jdjdv.exec:\jdjdv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5056 -
\??\c:\flxrxfx.exec:\flxrxfx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2516 -
\??\c:\7bttnt.exec:\7bttnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2504 -
\??\c:\lrllxxr.exec:\lrllxxr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4520 -
\??\c:\lfllfff.exec:\lfllfff.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:804 -
\??\c:\pddvv.exec:\pddvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:860 -
\??\c:\pjpjd.exec:\pjpjd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:460 -
\??\c:\9btntn.exec:\9btntn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1228 -
\??\c:\frfrxxf.exec:\frfrxxf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:8 -
\??\c:\tnnhhh.exec:\tnnhhh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2356 -
\??\c:\5rrlffx.exec:\5rrlffx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4916 -
\??\c:\jdppv.exec:\jdppv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1352 -
\??\c:\flxrlff.exec:\flxrlff.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:932 -
\??\c:\nbbbtt.exec:\nbbbtt.exe23⤵
- Executes dropped EXE
PID:2780 -
\??\c:\xlrlrxr.exec:\xlrlrxr.exe24⤵
- Executes dropped EXE
PID:1668 -
\??\c:\hnnnhb.exec:\hnnnhb.exe25⤵
- Executes dropped EXE
PID:364 -
\??\c:\lfxrxrr.exec:\lfxrxrr.exe26⤵
- Executes dropped EXE
PID:3336 -
\??\c:\9ddvj.exec:\9ddvj.exe27⤵
- Executes dropped EXE
PID:4020 -
\??\c:\rlrlffx.exec:\rlrlffx.exe28⤵
- Executes dropped EXE
PID:2744 -
\??\c:\vpjdv.exec:\vpjdv.exe29⤵
- Executes dropped EXE
PID:3772 -
\??\c:\3xflffx.exec:\3xflffx.exe30⤵
- Executes dropped EXE
PID:2808 -
\??\c:\vjvvj.exec:\vjvvj.exe31⤵
- Executes dropped EXE
PID:2800 -
\??\c:\hbttnt.exec:\hbttnt.exe32⤵
- Executes dropped EXE
PID:3244 -
\??\c:\lflfxxx.exec:\lflfxxx.exe33⤵
- Executes dropped EXE
PID:3528 -
\??\c:\nbtbbt.exec:\nbtbbt.exe34⤵
- Executes dropped EXE
PID:3144 -
\??\c:\djjvp.exec:\djjvp.exe35⤵
- Executes dropped EXE
PID:4636 -
\??\c:\rxxxxlr.exec:\rxxxxlr.exe36⤵
- Executes dropped EXE
PID:5072 -
\??\c:\bhnnhh.exec:\bhnnhh.exe37⤵
- Executes dropped EXE
PID:2028 -
\??\c:\pjpjj.exec:\pjpjj.exe38⤵
- Executes dropped EXE
PID:2104 -
\??\c:\nhnnbb.exec:\nhnnbb.exe39⤵
- Executes dropped EXE
PID:4308 -
\??\c:\bntntt.exec:\bntntt.exe40⤵
- Executes dropped EXE
PID:1804 -
\??\c:\dvpjj.exec:\dvpjj.exe41⤵
- Executes dropped EXE
PID:1096 -
\??\c:\htbnbb.exec:\htbnbb.exe42⤵
- Executes dropped EXE
PID:2384 -
\??\c:\7fffxxr.exec:\7fffxxr.exe43⤵
- Executes dropped EXE
PID:4476 -
\??\c:\thnttt.exec:\thnttt.exe44⤵
- Executes dropped EXE
PID:2084 -
\??\c:\pvddv.exec:\pvddv.exe45⤵
- Executes dropped EXE
PID:3564 -
\??\c:\pjjdv.exec:\pjjdv.exe46⤵
- Executes dropped EXE
PID:3048 -
\??\c:\vjppp.exec:\vjppp.exe47⤵
- Executes dropped EXE
PID:664 -
\??\c:\rfllllf.exec:\rfllllf.exe48⤵
- Executes dropped EXE
PID:2188 -
\??\c:\dvvpj.exec:\dvvpj.exe49⤵
- Executes dropped EXE
PID:3648 -
\??\c:\dpppp.exec:\dpppp.exe50⤵
- Executes dropped EXE
PID:3388 -
\??\c:\xxfxxxx.exec:\xxfxxxx.exe51⤵
- Executes dropped EXE
PID:3832 -
\??\c:\htttnh.exec:\htttnh.exe52⤵
- Executes dropped EXE
PID:5056 -
\??\c:\vdjdv.exec:\vdjdv.exe53⤵
- Executes dropped EXE
PID:4620 -
\??\c:\rxxfxxx.exec:\rxxfxxx.exe54⤵
- Executes dropped EXE
PID:4296 -
\??\c:\tbtbtt.exec:\tbtbtt.exe55⤵
- Executes dropped EXE
PID:2776 -
\??\c:\jdvpj.exec:\jdvpj.exe56⤵
- Executes dropped EXE
PID:4240 -
\??\c:\lrxxlll.exec:\lrxxlll.exe57⤵
- Executes dropped EXE
PID:4828 -
\??\c:\1ffxrrf.exec:\1ffxrrf.exe58⤵
- Executes dropped EXE
PID:2268 -
\??\c:\lrxxxlf.exec:\lrxxxlf.exe59⤵
- Executes dropped EXE
PID:3756 -
\??\c:\hhhbhh.exec:\hhhbhh.exe60⤵
- Executes dropped EXE
PID:1228 -
\??\c:\pvddd.exec:\pvddd.exe61⤵
- Executes dropped EXE
PID:5024 -
\??\c:\7flfrrl.exec:\7flfrrl.exe62⤵
- Executes dropped EXE
PID:3356 -
\??\c:\vpjdp.exec:\vpjdp.exe63⤵
- Executes dropped EXE
PID:1288 -
\??\c:\vpvpj.exec:\vpvpj.exe64⤵
- Executes dropped EXE
PID:3776 -
\??\c:\fxxfxrf.exec:\fxxfxrf.exe65⤵
- Executes dropped EXE
PID:4060 -
\??\c:\7ntnhh.exec:\7ntnhh.exe66⤵PID:376
-
\??\c:\ddvdd.exec:\ddvdd.exe67⤵PID:1620
-
\??\c:\jvjdv.exec:\jvjdv.exe68⤵PID:4964
-
\??\c:\fxxxffl.exec:\fxxxffl.exe69⤵PID:1936
-
\??\c:\xffrlxl.exec:\xffrlxl.exe70⤵PID:2072
-
\??\c:\nttnhb.exec:\nttnhb.exe71⤵PID:1340
-
\??\c:\dpjvp.exec:\dpjvp.exe72⤵PID:3936
-
\??\c:\tttntt.exec:\tttntt.exe73⤵PID:1364
-
\??\c:\jvpdp.exec:\jvpdp.exe74⤵PID:1272
-
\??\c:\dpjvj.exec:\dpjvj.exe75⤵PID:3632
-
\??\c:\flxlfxr.exec:\flxlfxr.exe76⤵PID:4180
-
\??\c:\tbbthb.exec:\tbbthb.exe77⤵PID:4300
-
\??\c:\xlrfrlx.exec:\xlrfrlx.exe78⤵PID:1260
-
\??\c:\llrfrlx.exec:\llrfrlx.exe79⤵PID:4336
-
\??\c:\btnhtn.exec:\btnhtn.exe80⤵PID:5072
-
\??\c:\dddvj.exec:\dddvj.exe81⤵PID:4588
-
\??\c:\lxrflfl.exec:\lxrflfl.exe82⤵PID:1120
-
\??\c:\tnbthb.exec:\tnbthb.exe83⤵PID:1172
-
\??\c:\9djvj.exec:\9djvj.exe84⤵PID:3744
-
\??\c:\xffrlfx.exec:\xffrlfx.exe85⤵PID:2064
-
\??\c:\dvdpd.exec:\dvdpd.exe86⤵PID:5028
-
\??\c:\dddvv.exec:\dddvv.exe87⤵PID:3932
-
\??\c:\3hnbbt.exec:\3hnbbt.exe88⤵PID:1768
-
\??\c:\pvvdd.exec:\pvvdd.exe89⤵PID:1020
-
\??\c:\jdjvj.exec:\jdjvj.exe90⤵PID:3228
-
\??\c:\7nhthb.exec:\7nhthb.exe91⤵PID:4480
-
\??\c:\btthtn.exec:\btthtn.exe92⤵PID:4520
-
\??\c:\vddpd.exec:\vddpd.exe93⤵PID:804
-
\??\c:\xlfrlrl.exec:\xlfrlrl.exe94⤵PID:4320
-
\??\c:\hthhbt.exec:\hthhbt.exe95⤵PID:4436
-
\??\c:\dvdvp.exec:\dvdvp.exe96⤵PID:1100
-
\??\c:\vvpdv.exec:\vvpdv.exe97⤵PID:3756
-
\??\c:\lfflxrl.exec:\lfflxrl.exe98⤵PID:4752
-
\??\c:\fxxrflr.exec:\fxxrflr.exe99⤵PID:828
-
\??\c:\ntbtnh.exec:\ntbtnh.exe100⤵PID:4288
-
\??\c:\fxxlfxl.exec:\fxxlfxl.exe101⤵PID:1128
-
\??\c:\bbthbn.exec:\bbthbn.exe102⤵PID:4764
-
\??\c:\vjdjp.exec:\vjdjp.exe103⤵PID:4944
-
\??\c:\7rrxrlf.exec:\7rrxrlf.exe104⤵PID:4584
-
\??\c:\hbthbt.exec:\hbthbt.exe105⤵PID:4312
-
\??\c:\jpvjv.exec:\jpvjv.exe106⤵PID:3908
-
\??\c:\rxfxrff.exec:\rxfxrff.exe107⤵PID:1164
-
\??\c:\bnhbtn.exec:\bnhbtn.exe108⤵PID:1976
-
\??\c:\vvvdp.exec:\vvvdp.exe109⤵PID:1816
-
\??\c:\vjjvd.exec:\vjjvd.exe110⤵PID:116
-
\??\c:\5fxxrrl.exec:\5fxxrrl.exe111⤵PID:528
-
\??\c:\jpjdp.exec:\jpjdp.exe112⤵PID:2808
-
\??\c:\fxfrlfr.exec:\fxfrlfr.exe113⤵PID:2360
-
\??\c:\xxrlffx.exec:\xxrlffx.exe114⤵PID:4068
-
\??\c:\bhhbnh.exec:\bhhbnh.exe115⤵PID:3244
-
\??\c:\5jdpj.exec:\5jdpj.exe116⤵PID:3212
-
\??\c:\xffrfxl.exec:\xffrfxl.exe117⤵PID:3084
-
\??\c:\nbbbtb.exec:\nbbbtb.exe118⤵PID:1260
-
\??\c:\pdjvj.exec:\pdjvj.exe119⤵PID:2620
-
\??\c:\rlxrrrx.exec:\rlxrrrx.exe120⤵PID:4308
-
\??\c:\7frrlll.exec:\7frrlll.exe121⤵PID:1256
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-