Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
25/04/2024, 00:22
Behavioral task
behavioral1
Sample
8e7ffd15f4fa0ce6eee30ee3785d6cd16dac80e2820338ff9af5e1bef25d13a4.exe
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
General
-
Target
8e7ffd15f4fa0ce6eee30ee3785d6cd16dac80e2820338ff9af5e1bef25d13a4.exe
-
Size
73KB
-
MD5
4af63e0bcfbb51c69c20e11badc12931
-
SHA1
f90c4bdb305146ddc1e264727b9fce64cf51a820
-
SHA256
8e7ffd15f4fa0ce6eee30ee3785d6cd16dac80e2820338ff9af5e1bef25d13a4
-
SHA512
911da05db59a0bcce3347e9add00ffc4fd81d2d2071cd237cae8b2a280b091b43d06963df1beb6f271359f721caa14161e2bf9714d010d6589e98bd3f3313f8f
-
SSDEEP
1536:xvQBeOGtrYS3srx93UBWfwC6Ggnouy80fg3Cn/uiYs6Ug:xhOmTsF93UYfwC6GIout0fmCnmiYJUg
Malware Config
Signatures
-
Detect Blackmoon payload 56 IoCs
resource yara_rule behavioral2/memory/5020-6-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2732-16-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2744-14-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4936-23-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5032-32-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3176-28-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1628-35-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2248-43-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4060-51-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3216-48-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/648-58-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1140-63-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4412-66-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2220-73-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/540-77-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4260-84-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4804-90-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/604-94-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3532-100-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2768-114-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4856-118-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/736-122-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1076-127-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/864-133-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3068-139-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2812-152-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4092-169-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1592-175-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4872-179-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2732-182-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4356-184-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4672-195-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1464-199-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4176-204-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4908-215-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2764-227-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4656-237-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2272-241-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4312-246-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1600-263-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1180-265-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1256-278-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5060-290-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1628-294-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4188-298-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4248-302-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4412-316-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1264-322-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4260-330-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3348-343-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/736-345-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4004-348-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/864-352-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3640-357-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3904-364-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/400-367-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/5020-0-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000a0000000233c1-3.dat UPX behavioral2/memory/5020-6-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000300000001e97c-8.dat UPX behavioral2/files/0x00090000000233f5-13.dat UPX behavioral2/files/0x0007000000023404-18.dat UPX behavioral2/memory/2732-16-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2744-14-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023405-22.dat UPX behavioral2/memory/4936-23-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/5032-32-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023406-29.dat UPX behavioral2/memory/3176-28-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023407-33.dat UPX behavioral2/memory/1628-35-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023408-38.dat UPX behavioral2/files/0x0007000000023409-42.dat UPX behavioral2/memory/2248-43-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002340a-49.dat UPX behavioral2/memory/4060-51-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002340b-53.dat UPX behavioral2/memory/3216-48-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/648-58-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002340c-57.dat UPX behavioral2/files/0x000700000002340d-62.dat UPX behavioral2/memory/1140-63-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4412-66-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002340e-68.dat UPX behavioral2/files/0x0007000000023410-72.dat UPX behavioral2/memory/2220-73-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023411-79.dat UPX behavioral2/memory/540-77-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4260-80-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023412-83.dat UPX behavioral2/memory/4260-84-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4804-86-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023413-89.dat UPX behavioral2/memory/4804-90-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/604-94-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023414-96.dat UPX behavioral2/files/0x0007000000023415-99.dat UPX behavioral2/memory/3532-100-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023416-105.dat UPX behavioral2/files/0x0007000000023417-110.dat UPX behavioral2/memory/2768-114-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023419-119.dat UPX behavioral2/memory/4856-118-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023418-115.dat UPX behavioral2/memory/736-122-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0009000000023401-124.dat UPX behavioral2/memory/1076-127-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002341a-129.dat UPX behavioral2/files/0x000700000002341b-134.dat UPX behavioral2/memory/864-133-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002341c-138.dat UPX behavioral2/memory/3068-139-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002341d-143.dat UPX behavioral2/files/0x000700000002341e-148.dat UPX behavioral2/files/0x000700000002341f-151.dat UPX behavioral2/memory/2812-152-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023420-156.dat UPX behavioral2/memory/4092-166-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4092-169-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1592-175-0x0000000000400000-0x0000000000427000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 232 1dvdd.exe 2744 ffrrffr.exe 2732 hhbhbn.exe 4936 bhhtbn.exe 3176 1rffxxr.exe 5032 rrlffff.exe 1628 htnhtn.exe 2248 pdpvp.exe 3216 fflllll.exe 4060 frlfxrf.exe 648 tttttt.exe 1140 rrrlxrr.exe 4412 hnntnt.exe 2220 nhbbtn.exe 540 llrfrfx.exe 4260 3rlrffx.exe 4804 bthbhh.exe 604 jvvjv.exe 3532 rxlrlll.exe 692 bbbnbb.exe 1808 5fffxfx.exe 2768 fxffxff.exe 4856 3ntttn.exe 736 vpdvp.exe 1076 vpvpj.exe 864 xxrlfff.exe 3068 bbtthn.exe 4008 pvdpj.exe 3992 lrlrlxx.exe 2812 5bthbb.exe 3604 nhnhhh.exe 1712 vpdvd.exe 872 fxflflx.exe 368 hbbbhh.exe 2616 7vjjj.exe 4092 jjjdp.exe 4404 xrrlllr.exe 5044 hbbthh.exe 1592 bhttnn.exe 4872 vppjd.exe 2732 7lfxlfr.exe 4356 nhbnhb.exe 1684 nttnbb.exe 1056 1jjjv.exe 3612 lfrlffx.exe 4588 hbhbbb.exe 4672 7hhbtt.exe 1464 jjvdp.exe 2792 jpvvp.exe 2848 fffflxl.exe 4176 rfxxrrl.exe 1140 9tbbbt.exe 2196 nntthh.exe 4948 dddvd.exe 4908 pjjjv.exe 4816 lrlxxxr.exe 4260 thbnbt.exe 3696 ppjdp.exe 3388 ddjvj.exe 2764 llxrxlr.exe 2408 nnhnhh.exe 4292 vjvdp.exe 2588 fxrlflr.exe 3348 xfxxfxl.exe -
resource yara_rule behavioral2/memory/5020-0-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a0000000233c1-3.dat upx behavioral2/memory/5020-6-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000300000001e97c-8.dat upx behavioral2/files/0x00090000000233f5-13.dat upx behavioral2/files/0x0007000000023404-18.dat upx behavioral2/memory/2732-16-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2744-14-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023405-22.dat upx behavioral2/memory/4936-23-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/5032-32-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023406-29.dat upx behavioral2/memory/3176-28-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023407-33.dat upx behavioral2/memory/1628-35-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023408-38.dat upx behavioral2/files/0x0007000000023409-42.dat upx behavioral2/memory/2248-43-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002340a-49.dat upx behavioral2/memory/4060-51-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002340b-53.dat upx behavioral2/memory/3216-48-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/648-58-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002340c-57.dat upx behavioral2/files/0x000700000002340d-62.dat upx behavioral2/memory/1140-63-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4412-66-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002340e-68.dat upx behavioral2/files/0x0007000000023410-72.dat upx behavioral2/memory/2220-73-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023411-79.dat upx behavioral2/memory/540-77-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4260-80-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023412-83.dat upx behavioral2/memory/4260-84-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4804-86-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023413-89.dat upx behavioral2/memory/4804-90-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/604-94-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023414-96.dat upx behavioral2/files/0x0007000000023415-99.dat upx behavioral2/memory/3532-100-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023416-105.dat upx behavioral2/files/0x0007000000023417-110.dat upx behavioral2/memory/2768-114-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023419-119.dat upx behavioral2/memory/4856-118-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023418-115.dat upx behavioral2/memory/736-122-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0009000000023401-124.dat upx behavioral2/memory/1076-127-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002341a-129.dat upx behavioral2/files/0x000700000002341b-134.dat upx behavioral2/memory/864-133-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002341c-138.dat upx behavioral2/memory/3068-139-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002341d-143.dat upx behavioral2/files/0x000700000002341e-148.dat upx behavioral2/files/0x000700000002341f-151.dat upx behavioral2/memory/2812-152-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023420-156.dat upx behavioral2/memory/4092-166-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4092-169-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1592-175-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5020 wrote to memory of 232 5020 8e7ffd15f4fa0ce6eee30ee3785d6cd16dac80e2820338ff9af5e1bef25d13a4.exe 87 PID 5020 wrote to memory of 232 5020 8e7ffd15f4fa0ce6eee30ee3785d6cd16dac80e2820338ff9af5e1bef25d13a4.exe 87 PID 5020 wrote to memory of 232 5020 8e7ffd15f4fa0ce6eee30ee3785d6cd16dac80e2820338ff9af5e1bef25d13a4.exe 87 PID 232 wrote to memory of 2744 232 1dvdd.exe 88 PID 232 wrote to memory of 2744 232 1dvdd.exe 88 PID 232 wrote to memory of 2744 232 1dvdd.exe 88 PID 2744 wrote to memory of 2732 2744 ffrrffr.exe 89 PID 2744 wrote to memory of 2732 2744 ffrrffr.exe 89 PID 2744 wrote to memory of 2732 2744 ffrrffr.exe 89 PID 2732 wrote to memory of 4936 2732 hhbhbn.exe 90 PID 2732 wrote to memory of 4936 2732 hhbhbn.exe 90 PID 2732 wrote to memory of 4936 2732 hhbhbn.exe 90 PID 4936 wrote to memory of 3176 4936 bhhtbn.exe 91 PID 4936 wrote to memory of 3176 4936 bhhtbn.exe 91 PID 4936 wrote to memory of 3176 4936 bhhtbn.exe 91 PID 3176 wrote to memory of 5032 3176 1rffxxr.exe 92 PID 3176 wrote to memory of 5032 3176 1rffxxr.exe 92 PID 3176 wrote to memory of 5032 3176 1rffxxr.exe 92 PID 5032 wrote to memory of 1628 5032 rrlffff.exe 93 PID 5032 wrote to memory of 1628 5032 rrlffff.exe 93 PID 5032 wrote to memory of 1628 5032 rrlffff.exe 93 PID 1628 wrote to memory of 2248 1628 htnhtn.exe 94 PID 1628 wrote to memory of 2248 1628 htnhtn.exe 94 PID 1628 wrote to memory of 2248 1628 htnhtn.exe 94 PID 2248 wrote to memory of 3216 2248 pdpvp.exe 95 PID 2248 wrote to memory of 3216 2248 pdpvp.exe 95 PID 2248 wrote to memory of 3216 2248 pdpvp.exe 95 PID 3216 wrote to memory of 4060 3216 fflllll.exe 96 PID 3216 wrote to memory of 4060 3216 fflllll.exe 96 PID 3216 wrote to memory of 4060 3216 fflllll.exe 96 PID 4060 wrote to memory of 648 4060 frlfxrf.exe 97 PID 4060 wrote to memory of 648 4060 frlfxrf.exe 97 PID 4060 wrote to memory of 648 4060 frlfxrf.exe 97 PID 648 wrote to memory of 1140 648 tttttt.exe 98 PID 648 wrote to memory of 1140 648 tttttt.exe 98 PID 648 wrote to memory of 1140 648 tttttt.exe 98 PID 1140 wrote to memory of 4412 1140 rrrlxrr.exe 99 PID 1140 wrote to memory of 4412 1140 rrrlxrr.exe 99 PID 1140 wrote to memory of 4412 1140 rrrlxrr.exe 99 PID 4412 wrote to memory of 2220 4412 hnntnt.exe 100 PID 4412 wrote to memory of 2220 4412 hnntnt.exe 100 PID 4412 wrote to memory of 2220 4412 hnntnt.exe 100 PID 2220 wrote to memory of 540 2220 nhbbtn.exe 101 PID 2220 wrote to memory of 540 2220 nhbbtn.exe 101 PID 2220 wrote to memory of 540 2220 nhbbtn.exe 101 PID 540 wrote to memory of 4260 540 llrfrfx.exe 102 PID 540 wrote to memory of 4260 540 llrfrfx.exe 102 PID 540 wrote to memory of 4260 540 llrfrfx.exe 102 PID 4260 wrote to memory of 4804 4260 3rlrffx.exe 103 PID 4260 wrote to memory of 4804 4260 3rlrffx.exe 103 PID 4260 wrote to memory of 4804 4260 3rlrffx.exe 103 PID 4804 wrote to memory of 604 4804 bthbhh.exe 104 PID 4804 wrote to memory of 604 4804 bthbhh.exe 104 PID 4804 wrote to memory of 604 4804 bthbhh.exe 104 PID 604 wrote to memory of 3532 604 jvvjv.exe 105 PID 604 wrote to memory of 3532 604 jvvjv.exe 105 PID 604 wrote to memory of 3532 604 jvvjv.exe 105 PID 3532 wrote to memory of 692 3532 rxlrlll.exe 106 PID 3532 wrote to memory of 692 3532 rxlrlll.exe 106 PID 3532 wrote to memory of 692 3532 rxlrlll.exe 106 PID 692 wrote to memory of 1808 692 bbbnbb.exe 107 PID 692 wrote to memory of 1808 692 bbbnbb.exe 107 PID 692 wrote to memory of 1808 692 bbbnbb.exe 107 PID 1808 wrote to memory of 2768 1808 5fffxfx.exe 108
Processes
-
C:\Users\Admin\AppData\Local\Temp\8e7ffd15f4fa0ce6eee30ee3785d6cd16dac80e2820338ff9af5e1bef25d13a4.exe"C:\Users\Admin\AppData\Local\Temp\8e7ffd15f4fa0ce6eee30ee3785d6cd16dac80e2820338ff9af5e1bef25d13a4.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:5020 -
\??\c:\1dvdd.exec:\1dvdd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:232 -
\??\c:\ffrrffr.exec:\ffrrffr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2744 -
\??\c:\hhbhbn.exec:\hhbhbn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2732 -
\??\c:\bhhtbn.exec:\bhhtbn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4936 -
\??\c:\1rffxxr.exec:\1rffxxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3176 -
\??\c:\rrlffff.exec:\rrlffff.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5032 -
\??\c:\htnhtn.exec:\htnhtn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1628 -
\??\c:\pdpvp.exec:\pdpvp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2248 -
\??\c:\fflllll.exec:\fflllll.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3216 -
\??\c:\frlfxrf.exec:\frlfxrf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4060 -
\??\c:\tttttt.exec:\tttttt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:648 -
\??\c:\rrrlxrr.exec:\rrrlxrr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1140 -
\??\c:\hnntnt.exec:\hnntnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4412 -
\??\c:\nhbbtn.exec:\nhbbtn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2220 -
\??\c:\llrfrfx.exec:\llrfrfx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:540 -
\??\c:\3rlrffx.exec:\3rlrffx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4260 -
\??\c:\bthbhh.exec:\bthbhh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4804 -
\??\c:\jvvjv.exec:\jvvjv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:604 -
\??\c:\rxlrlll.exec:\rxlrlll.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3532 -
\??\c:\bbbnbb.exec:\bbbnbb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:692 -
\??\c:\5fffxfx.exec:\5fffxfx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1808 -
\??\c:\fxffxff.exec:\fxffxff.exe23⤵
- Executes dropped EXE
PID:2768 -
\??\c:\3ntttn.exec:\3ntttn.exe24⤵
- Executes dropped EXE
PID:4856 -
\??\c:\vpdvp.exec:\vpdvp.exe25⤵
- Executes dropped EXE
PID:736 -
\??\c:\vpvpj.exec:\vpvpj.exe26⤵
- Executes dropped EXE
PID:1076 -
\??\c:\xxrlfff.exec:\xxrlfff.exe27⤵
- Executes dropped EXE
PID:864 -
\??\c:\bbtthn.exec:\bbtthn.exe28⤵
- Executes dropped EXE
PID:3068 -
\??\c:\pvdpj.exec:\pvdpj.exe29⤵
- Executes dropped EXE
PID:4008 -
\??\c:\lrlrlxx.exec:\lrlrlxx.exe30⤵
- Executes dropped EXE
PID:3992 -
\??\c:\5bthbb.exec:\5bthbb.exe31⤵
- Executes dropped EXE
PID:2812 -
\??\c:\nhnhhh.exec:\nhnhhh.exe32⤵
- Executes dropped EXE
PID:3604 -
\??\c:\vpdvd.exec:\vpdvd.exe33⤵
- Executes dropped EXE
PID:1712 -
\??\c:\fxflflx.exec:\fxflflx.exe34⤵
- Executes dropped EXE
PID:872 -
\??\c:\hbbbhh.exec:\hbbbhh.exe35⤵
- Executes dropped EXE
PID:368 -
\??\c:\7vjjj.exec:\7vjjj.exe36⤵
- Executes dropped EXE
PID:2616 -
\??\c:\jjjdp.exec:\jjjdp.exe37⤵
- Executes dropped EXE
PID:4092 -
\??\c:\xrrlllr.exec:\xrrlllr.exe38⤵
- Executes dropped EXE
PID:4404 -
\??\c:\hbbthh.exec:\hbbthh.exe39⤵
- Executes dropped EXE
PID:5044 -
\??\c:\bhttnn.exec:\bhttnn.exe40⤵
- Executes dropped EXE
PID:1592 -
\??\c:\vppjd.exec:\vppjd.exe41⤵
- Executes dropped EXE
PID:4872 -
\??\c:\7lfxlfr.exec:\7lfxlfr.exe42⤵
- Executes dropped EXE
PID:2732 -
\??\c:\nhbnhb.exec:\nhbnhb.exe43⤵
- Executes dropped EXE
PID:4356 -
\??\c:\nttnbb.exec:\nttnbb.exe44⤵
- Executes dropped EXE
PID:1684 -
\??\c:\1jjjv.exec:\1jjjv.exe45⤵
- Executes dropped EXE
PID:1056 -
\??\c:\lfrlffx.exec:\lfrlffx.exe46⤵
- Executes dropped EXE
PID:3612 -
\??\c:\hbhbbb.exec:\hbhbbb.exe47⤵
- Executes dropped EXE
PID:4588 -
\??\c:\7hhbtt.exec:\7hhbtt.exe48⤵
- Executes dropped EXE
PID:4672 -
\??\c:\jjvdp.exec:\jjvdp.exe49⤵
- Executes dropped EXE
PID:1464 -
\??\c:\jpvvp.exec:\jpvvp.exe50⤵
- Executes dropped EXE
PID:2792 -
\??\c:\fffflxl.exec:\fffflxl.exe51⤵
- Executes dropped EXE
PID:2848 -
\??\c:\rfxxrrl.exec:\rfxxrrl.exe52⤵
- Executes dropped EXE
PID:4176 -
\??\c:\9tbbbt.exec:\9tbbbt.exe53⤵
- Executes dropped EXE
PID:1140 -
\??\c:\nntthh.exec:\nntthh.exe54⤵
- Executes dropped EXE
PID:2196 -
\??\c:\dddvd.exec:\dddvd.exe55⤵
- Executes dropped EXE
PID:4948 -
\??\c:\pjjjv.exec:\pjjjv.exe56⤵
- Executes dropped EXE
PID:4908 -
\??\c:\lrlxxxr.exec:\lrlxxxr.exe57⤵
- Executes dropped EXE
PID:4816 -
\??\c:\thbnbt.exec:\thbnbt.exe58⤵
- Executes dropped EXE
PID:4260 -
\??\c:\ppjdp.exec:\ppjdp.exe59⤵
- Executes dropped EXE
PID:3696 -
\??\c:\ddjvj.exec:\ddjvj.exe60⤵
- Executes dropped EXE
PID:3388 -
\??\c:\llxrxlr.exec:\llxrxlr.exe61⤵
- Executes dropped EXE
PID:2764 -
\??\c:\nnhnhh.exec:\nnhnhh.exe62⤵
- Executes dropped EXE
PID:2408 -
\??\c:\vjvdp.exec:\vjvdp.exe63⤵
- Executes dropped EXE
PID:4292 -
\??\c:\fxrlflr.exec:\fxrlflr.exe64⤵
- Executes dropped EXE
PID:2588 -
\??\c:\xfxxfxl.exec:\xfxxfxl.exe65⤵
- Executes dropped EXE
PID:3348 -
\??\c:\7thhbb.exec:\7thhbb.exe66⤵PID:4656
-
\??\c:\3vjjd.exec:\3vjjd.exe67⤵PID:2272
-
\??\c:\lxfrlll.exec:\lxfrlll.exe68⤵PID:3932
-
\??\c:\nnbtbb.exec:\nnbtbb.exe69⤵PID:4312
-
\??\c:\bttbtb.exec:\bttbtb.exe70⤵PID:4844
-
\??\c:\9vdvv.exec:\9vdvv.exe71⤵PID:2960
-
\??\c:\xlrrlll.exec:\xlrrlll.exe72⤵PID:3616
-
\??\c:\5nhnhh.exec:\5nhnhh.exe73⤵PID:2924
-
\??\c:\5vvpj.exec:\5vvpj.exe74⤵PID:4912
-
\??\c:\lxlxffr.exec:\lxlxffr.exe75⤵PID:3992
-
\??\c:\lffxrrf.exec:\lffxrrf.exe76⤵PID:2788
-
\??\c:\7bbtnn.exec:\7bbtnn.exe77⤵PID:1600
-
\??\c:\7ntthh.exec:\7ntthh.exe78⤵PID:1180
-
\??\c:\3djdp.exec:\3djdp.exe79⤵PID:4700
-
\??\c:\fffrlff.exec:\fffrlff.exe80⤵PID:3812
-
\??\c:\1xlfllr.exec:\1xlfllr.exe81⤵PID:772
-
\??\c:\hbnhht.exec:\hbnhht.exe82⤵PID:3960
-
\??\c:\nhhhtn.exec:\nhhhtn.exe83⤵PID:4760
-
\??\c:\pvddv.exec:\pvddv.exe84⤵PID:1256
-
\??\c:\9vdpp.exec:\9vdpp.exe85⤵PID:3400
-
\??\c:\nhbtnh.exec:\nhbtnh.exe86⤵PID:3148
-
\??\c:\htbbbb.exec:\htbbbb.exe87⤵PID:4428
-
\??\c:\vpdvj.exec:\vpdvj.exe88⤵PID:2732
-
\??\c:\dvdvp.exec:\dvdvp.exe89⤵PID:5060
-
\??\c:\rrfxflr.exec:\rrfxflr.exe90⤵PID:512
-
\??\c:\bbttnb.exec:\bbttnb.exe91⤵PID:1628
-
\??\c:\btttbb.exec:\btttbb.exe92⤵PID:4188
-
\??\c:\pjddp.exec:\pjddp.exe93⤵PID:4588
-
\??\c:\jdpjj.exec:\jdpjj.exe94⤵PID:4248
-
\??\c:\1lfxlll.exec:\1lfxlll.exe95⤵PID:3216
-
\??\c:\nnnnhh.exec:\nnnnhh.exe96⤵PID:4604
-
\??\c:\tbbhtb.exec:\tbbhtb.exe97⤵PID:2792
-
\??\c:\pddvp.exec:\pddvp.exe98⤵PID:2784
-
\??\c:\jjpvv.exec:\jjpvv.exe99⤵PID:1604
-
\??\c:\xlllllf.exec:\xlllllf.exe100⤵PID:4412
-
\??\c:\xlflllr.exec:\xlflllr.exe101⤵PID:2368
-
\??\c:\5bnnth.exec:\5bnnth.exe102⤵PID:1264
-
\??\c:\nbhhbb.exec:\nbhhbb.exe103⤵PID:4948
-
\??\c:\vppjd.exec:\vppjd.exe104⤵PID:1736
-
\??\c:\jpvdp.exec:\jpvdp.exe105⤵PID:3376
-
\??\c:\rrrrrxr.exec:\rrrrrxr.exe106⤵PID:4260
-
\??\c:\frxxrrr.exec:\frxxrrr.exe107⤵PID:3100
-
\??\c:\btbbbb.exec:\btbbbb.exe108⤵PID:3532
-
\??\c:\nnnttt.exec:\nnnttt.exe109⤵PID:3968
-
\??\c:\nthhbb.exec:\nthhbb.exe110⤵PID:3500
-
\??\c:\jdppp.exec:\jdppp.exe111⤵PID:3348
-
\??\c:\vjdjv.exec:\vjdjv.exe112⤵PID:736
-
\??\c:\lrlrfrr.exec:\lrlrfrr.exe113⤵PID:4004
-
\??\c:\nhhbtt.exec:\nhhbtt.exe114⤵PID:864
-
\??\c:\vjdvv.exec:\vjdvv.exe115⤵PID:4036
-
\??\c:\hbtbbh.exec:\hbtbbh.exe116⤵PID:3640
-
\??\c:\jdvpd.exec:\jdvpd.exe117⤵PID:3616
-
\??\c:\rrffrrr.exec:\rrffrrr.exe118⤵PID:4000
-
\??\c:\3xfxrrl.exec:\3xfxrrl.exe119⤵PID:3904
-
\??\c:\thnhbt.exec:\thnhbt.exe120⤵PID:400
-
\??\c:\tnbnht.exec:\tnbnht.exe121⤵PID:3540
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-