Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
71s -
max time network
52s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
28/04/2024, 19:44
Behavioral task
behavioral1
Sample
2caf7128f3e65a44e74237abbef7d05805d32bf776b032c3f25248eca0278178.exe
Resource
win7-20240419-en
windows7-x64
6 signatures
150 seconds
Errors
Reason
Machine shutdown
General
-
Target
2caf7128f3e65a44e74237abbef7d05805d32bf776b032c3f25248eca0278178.exe
-
Size
298KB
-
MD5
c53c80b9c606c7d4587cc44e843c5ac0
-
SHA1
0375b2311924d8c2cb1e34df585de1daa96ba9bc
-
SHA256
2caf7128f3e65a44e74237abbef7d05805d32bf776b032c3f25248eca0278178
-
SHA512
6ae713c22fa425af4583f3ecba319afb9eb826bd04d20bacd604f4bdbe419b692068b8e885f99e697b1f6ffefbe3b57f34dba3e1409c04e3237470ceda3425ee
-
SSDEEP
6144:ccm4FmowdHoSQkuObHq9ltAszBd+za/p1slTjZXvEQo9dftO+:K4wFHoSQkuUHk1zBR/pMT9XvEhdff
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/2028-5-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3616-14-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2220-43-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1768-42-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1668-31-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4204-25-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1956-19-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3732-11-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2584-50-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/664-55-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/364-66-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4904-77-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/548-82-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1488-87-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/804-93-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4772-96-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3260-106-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4584-115-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/5064-121-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3808-125-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4404-133-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3916-145-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3000-150-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4392-161-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3572-164-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4040-171-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2020-179-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1948-190-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2528-192-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4496-195-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3600-206-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3740-213-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1720-229-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3528-242-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4848-246-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1968-262-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4536-266-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1404-270-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4768-272-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4540-278-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1484-286-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1972-290-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2460-299-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1820-309-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2508-325-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4016-344-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/5076-354-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2440-368-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3732-379-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/3476-382-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4136-392-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1872-406-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2144-411-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4756-429-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1780-464-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1980-477-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2924-529-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2524-546-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2004-598-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/5076-682-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2992-718-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/1852-824-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/4880-863-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon behavioral2/memory/2916-1247-0x0000000000400000-0x0000000000434000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/2028-0-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x000c000000023b44-3.dat UPX behavioral2/memory/2028-5-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x000b000000023ba4-10.dat UPX behavioral2/memory/3616-14-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x000a000000023ba8-17.dat UPX behavioral2/files/0x000a000000023ba9-22.dat UPX behavioral2/files/0x000a000000023baa-29.dat UPX behavioral2/files/0x000a000000023bab-35.dat UPX behavioral2/files/0x000a000000023bac-40.dat UPX behavioral2/memory/2220-43-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/memory/1768-42-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/memory/1668-31-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/memory/4204-25-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/memory/1956-19-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/memory/3732-11-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x000a000000023bad-46.dat UPX behavioral2/memory/2584-50-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x000a000000023bae-53.dat UPX behavioral2/memory/664-55-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x000a000000023baf-58.dat UPX behavioral2/memory/364-66-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x000a000000023bb1-64.dat UPX behavioral2/files/0x000a000000023bb2-71.dat UPX behavioral2/files/0x000a000000023bb3-74.dat UPX behavioral2/memory/4904-77-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/memory/548-78-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x000a000000023bb4-81.dat UPX behavioral2/memory/548-82-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x0031000000023bb5-86.dat UPX behavioral2/memory/1488-87-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/memory/804-93-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x0031000000023bb6-91.dat UPX behavioral2/memory/4772-96-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x0031000000023bb7-99.dat UPX behavioral2/files/0x000a000000023bb8-104.dat UPX behavioral2/memory/3260-106-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x000a000000023bb9-109.dat UPX behavioral2/memory/4584-115-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x000b000000023ba5-116.dat UPX behavioral2/memory/5064-121-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x000a000000023bba-122.dat UPX behavioral2/memory/3808-125-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x000a000000023bbb-128.dat UPX behavioral2/files/0x000a000000023bbc-134.dat UPX behavioral2/memory/4404-133-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x000a000000023bbd-138.dat UPX behavioral2/files/0x000a000000023bbe-143.dat UPX behavioral2/memory/3916-145-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x000a000000023bbf-151.dat UPX behavioral2/memory/3000-150-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x000a000000023bc0-156.dat UPX behavioral2/memory/4392-161-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x000a000000023bc1-162.dat UPX behavioral2/memory/3572-164-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x000b000000023bc2-167.dat UPX behavioral2/files/0x000b000000023bc4-173.dat UPX behavioral2/memory/4040-171-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/memory/2020-179-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/files/0x0005000000022ab8-180.dat UPX behavioral2/files/0x000a000000023bc5-185.dat UPX behavioral2/memory/1948-190-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/memory/2528-192-0x0000000000400000-0x0000000000434000-memory.dmp UPX behavioral2/memory/4496-195-0x0000000000400000-0x0000000000434000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 3616 5jvjv.exe 3732 fxrrfxr.exe 1956 bnthbb.exe 4204 tnnntn.exe 1668 djvjp.exe 2220 5djvj.exe 1768 fffxlfr.exe 2584 htnhbt.exe 664 5ffrrlr.exe 364 3rxrlff.exe 4916 fxrlfxr.exe 4904 llllfxr.exe 548 jdvpd.exe 1488 nhbhtn.exe 804 pjpdd.exe 4772 frfxxrl.exe 3260 djvpd.exe 4948 rllfrlf.exe 4584 jvjvd.exe 5064 lrffxff.exe 3808 vppjd.exe 4404 1jpjv.exe 5072 xrrrfff.exe 3916 llxlffx.exe 3000 httnhb.exe 1264 jdvjp.exe 4392 ffllxlx.exe 3572 djpjd.exe 4040 flxrffr.exe 2020 btttnn.exe 1944 xflfxfx.exe 1948 9rxrxrx.exe 2528 bttnhh.exe 4496 3vvvp.exe 1084 rffrlfr.exe 4308 bbbhbn.exe 3600 hbhbtt.exe 3740 jvjjj.exe 1276 7vvpd.exe 3680 1lxllll.exe 3900 nnbtnn.exe 4944 btttnn.exe 1720 vpvpv.exe 5008 jdjdd.exe 3092 7lxfxxr.exe 1752 xrxlrrf.exe 3528 hbthbh.exe 4848 pjdpd.exe 4504 rflxxxx.exe 3024 xlffxxx.exe 1996 htnhbt.exe 4836 dvvjv.exe 1968 9fffxxx.exe 4536 7hbtnt.exe 1404 5nnhbb.exe 4768 lxffrrr.exe 4540 5fflllf.exe 3612 tbnnhh.exe 1096 jvdvp.exe 1484 1rffxxr.exe 1972 rflxrrl.exe 4948 nnbtnn.exe 2460 1dddv.exe 448 fllrrxf.exe -
resource yara_rule behavioral2/memory/2028-0-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x000c000000023b44-3.dat upx behavioral2/memory/2028-5-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x000b000000023ba4-10.dat upx behavioral2/memory/3616-14-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x000a000000023ba8-17.dat upx behavioral2/files/0x000a000000023ba9-22.dat upx behavioral2/files/0x000a000000023baa-29.dat upx behavioral2/files/0x000a000000023bab-35.dat upx behavioral2/files/0x000a000000023bac-40.dat upx behavioral2/memory/2220-43-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/memory/1768-42-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/memory/1668-31-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/memory/4204-25-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/memory/1956-19-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/memory/3732-11-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x000a000000023bad-46.dat upx behavioral2/memory/2584-50-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x000a000000023bae-53.dat upx behavioral2/memory/664-55-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x000a000000023baf-58.dat upx behavioral2/memory/364-66-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x000a000000023bb1-64.dat upx behavioral2/files/0x000a000000023bb2-71.dat upx behavioral2/files/0x000a000000023bb3-74.dat upx behavioral2/memory/4904-77-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/memory/548-78-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x000a000000023bb4-81.dat upx behavioral2/memory/548-82-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x0031000000023bb5-86.dat upx behavioral2/memory/1488-87-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/memory/804-93-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x0031000000023bb6-91.dat upx behavioral2/memory/4772-96-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x0031000000023bb7-99.dat upx behavioral2/files/0x000a000000023bb8-104.dat upx behavioral2/memory/3260-106-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x000a000000023bb9-109.dat upx behavioral2/memory/4584-115-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x000b000000023ba5-116.dat upx behavioral2/memory/5064-121-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x000a000000023bba-122.dat upx behavioral2/memory/3808-125-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x000a000000023bbb-128.dat upx behavioral2/files/0x000a000000023bbc-134.dat upx behavioral2/memory/4404-133-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x000a000000023bbd-138.dat upx behavioral2/files/0x000a000000023bbe-143.dat upx behavioral2/memory/3916-145-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x000a000000023bbf-151.dat upx behavioral2/memory/3000-150-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x000a000000023bc0-156.dat upx behavioral2/memory/4392-161-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x000a000000023bc1-162.dat upx behavioral2/memory/3572-164-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x000b000000023bc2-167.dat upx behavioral2/files/0x000b000000023bc4-173.dat upx behavioral2/memory/4040-171-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/memory/2020-179-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/files/0x0005000000022ab8-180.dat upx behavioral2/files/0x000a000000023bc5-185.dat upx behavioral2/memory/1948-190-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/memory/2528-192-0x0000000000400000-0x0000000000434000-memory.dmp upx behavioral2/memory/4496-195-0x0000000000400000-0x0000000000434000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2028 wrote to memory of 3616 2028 2caf7128f3e65a44e74237abbef7d05805d32bf776b032c3f25248eca0278178.exe 84 PID 2028 wrote to memory of 3616 2028 2caf7128f3e65a44e74237abbef7d05805d32bf776b032c3f25248eca0278178.exe 84 PID 2028 wrote to memory of 3616 2028 2caf7128f3e65a44e74237abbef7d05805d32bf776b032c3f25248eca0278178.exe 84 PID 3616 wrote to memory of 3732 3616 5jvjv.exe 85 PID 3616 wrote to memory of 3732 3616 5jvjv.exe 85 PID 3616 wrote to memory of 3732 3616 5jvjv.exe 85 PID 3732 wrote to memory of 1956 3732 fxrrfxr.exe 86 PID 3732 wrote to memory of 1956 3732 fxrrfxr.exe 86 PID 3732 wrote to memory of 1956 3732 fxrrfxr.exe 86 PID 1956 wrote to memory of 4204 1956 bnthbb.exe 87 PID 1956 wrote to memory of 4204 1956 bnthbb.exe 87 PID 1956 wrote to memory of 4204 1956 bnthbb.exe 87 PID 4204 wrote to memory of 1668 4204 tnnntn.exe 88 PID 4204 wrote to memory of 1668 4204 tnnntn.exe 88 PID 4204 wrote to memory of 1668 4204 tnnntn.exe 88 PID 1668 wrote to memory of 2220 1668 djvjp.exe 89 PID 1668 wrote to memory of 2220 1668 djvjp.exe 89 PID 1668 wrote to memory of 2220 1668 djvjp.exe 89 PID 2220 wrote to memory of 1768 2220 5djvj.exe 90 PID 2220 wrote to memory of 1768 2220 5djvj.exe 90 PID 2220 wrote to memory of 1768 2220 5djvj.exe 90 PID 1768 wrote to memory of 2584 1768 fffxlfr.exe 91 PID 1768 wrote to memory of 2584 1768 fffxlfr.exe 91 PID 1768 wrote to memory of 2584 1768 fffxlfr.exe 91 PID 2584 wrote to memory of 664 2584 htnhbt.exe 92 PID 2584 wrote to memory of 664 2584 htnhbt.exe 92 PID 2584 wrote to memory of 664 2584 htnhbt.exe 92 PID 664 wrote to memory of 364 664 5ffrrlr.exe 93 PID 664 wrote to memory of 364 664 5ffrrlr.exe 93 PID 664 wrote to memory of 364 664 5ffrrlr.exe 93 PID 364 wrote to memory of 4916 364 3rxrlff.exe 94 PID 364 wrote to memory of 4916 364 3rxrlff.exe 94 PID 364 wrote to memory of 4916 364 3rxrlff.exe 94 PID 4916 wrote to memory of 4904 4916 fxrlfxr.exe 95 PID 4916 wrote to memory of 4904 4916 fxrlfxr.exe 95 PID 4916 wrote to memory of 4904 4916 fxrlfxr.exe 95 PID 4904 wrote to memory of 548 4904 llllfxr.exe 96 PID 4904 wrote to memory of 548 4904 llllfxr.exe 96 PID 4904 wrote to memory of 548 4904 llllfxr.exe 96 PID 548 wrote to memory of 1488 548 jdvpd.exe 97 PID 548 wrote to memory of 1488 548 jdvpd.exe 97 PID 548 wrote to memory of 1488 548 jdvpd.exe 97 PID 1488 wrote to memory of 804 1488 nhbhtn.exe 99 PID 1488 wrote to memory of 804 1488 nhbhtn.exe 99 PID 1488 wrote to memory of 804 1488 nhbhtn.exe 99 PID 804 wrote to memory of 4772 804 pjpdd.exe 100 PID 804 wrote to memory of 4772 804 pjpdd.exe 100 PID 804 wrote to memory of 4772 804 pjpdd.exe 100 PID 4772 wrote to memory of 3260 4772 frfxxrl.exe 101 PID 4772 wrote to memory of 3260 4772 frfxxrl.exe 101 PID 4772 wrote to memory of 3260 4772 frfxxrl.exe 101 PID 3260 wrote to memory of 4948 3260 djvpd.exe 103 PID 3260 wrote to memory of 4948 3260 djvpd.exe 103 PID 3260 wrote to memory of 4948 3260 djvpd.exe 103 PID 4948 wrote to memory of 4584 4948 rllfrlf.exe 104 PID 4948 wrote to memory of 4584 4948 rllfrlf.exe 104 PID 4948 wrote to memory of 4584 4948 rllfrlf.exe 104 PID 4584 wrote to memory of 5064 4584 jvjvd.exe 105 PID 4584 wrote to memory of 5064 4584 jvjvd.exe 105 PID 4584 wrote to memory of 5064 4584 jvjvd.exe 105 PID 5064 wrote to memory of 3808 5064 lrffxff.exe 107 PID 5064 wrote to memory of 3808 5064 lrffxff.exe 107 PID 5064 wrote to memory of 3808 5064 lrffxff.exe 107 PID 3808 wrote to memory of 4404 3808 vppjd.exe 108
Processes
-
C:\Users\Admin\AppData\Local\Temp\2caf7128f3e65a44e74237abbef7d05805d32bf776b032c3f25248eca0278178.exe"C:\Users\Admin\AppData\Local\Temp\2caf7128f3e65a44e74237abbef7d05805d32bf776b032c3f25248eca0278178.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2028 -
\??\c:\5jvjv.exec:\5jvjv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3616 -
\??\c:\fxrrfxr.exec:\fxrrfxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3732 -
\??\c:\bnthbb.exec:\bnthbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1956 -
\??\c:\tnnntn.exec:\tnnntn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4204 -
\??\c:\djvjp.exec:\djvjp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1668 -
\??\c:\5djvj.exec:\5djvj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2220 -
\??\c:\fffxlfr.exec:\fffxlfr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1768 -
\??\c:\htnhbt.exec:\htnhbt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2584 -
\??\c:\5ffrrlr.exec:\5ffrrlr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:664 -
\??\c:\3rxrlff.exec:\3rxrlff.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:364 -
\??\c:\fxrlfxr.exec:\fxrlfxr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4916 -
\??\c:\llllfxr.exec:\llllfxr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4904 -
\??\c:\jdvpd.exec:\jdvpd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:548 -
\??\c:\nhbhtn.exec:\nhbhtn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1488 -
\??\c:\pjpdd.exec:\pjpdd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:804 -
\??\c:\frfxxrl.exec:\frfxxrl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4772 -
\??\c:\djvpd.exec:\djvpd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3260 -
\??\c:\rllfrlf.exec:\rllfrlf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4948 -
\??\c:\jvjvd.exec:\jvjvd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4584 -
\??\c:\lrffxff.exec:\lrffxff.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5064 -
\??\c:\vppjd.exec:\vppjd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3808 -
\??\c:\1jpjv.exec:\1jpjv.exe23⤵
- Executes dropped EXE
PID:4404 -
\??\c:\xrrrfff.exec:\xrrrfff.exe24⤵
- Executes dropped EXE
PID:5072 -
\??\c:\llxlffx.exec:\llxlffx.exe25⤵
- Executes dropped EXE
PID:3916 -
\??\c:\httnhb.exec:\httnhb.exe26⤵
- Executes dropped EXE
PID:3000 -
\??\c:\jdvjp.exec:\jdvjp.exe27⤵
- Executes dropped EXE
PID:1264 -
\??\c:\ffllxlx.exec:\ffllxlx.exe28⤵
- Executes dropped EXE
PID:4392 -
\??\c:\djpjd.exec:\djpjd.exe29⤵
- Executes dropped EXE
PID:3572 -
\??\c:\flxrffr.exec:\flxrffr.exe30⤵
- Executes dropped EXE
PID:4040 -
\??\c:\btttnn.exec:\btttnn.exe31⤵
- Executes dropped EXE
PID:2020 -
\??\c:\xflfxfx.exec:\xflfxfx.exe32⤵
- Executes dropped EXE
PID:1944 -
\??\c:\9rxrxrx.exec:\9rxrxrx.exe33⤵
- Executes dropped EXE
PID:1948 -
\??\c:\bttnhh.exec:\bttnhh.exe34⤵
- Executes dropped EXE
PID:2528 -
\??\c:\3vvvp.exec:\3vvvp.exe35⤵
- Executes dropped EXE
PID:4496 -
\??\c:\rffrlfr.exec:\rffrlfr.exe36⤵
- Executes dropped EXE
PID:1084 -
\??\c:\bbbhbn.exec:\bbbhbn.exe37⤵
- Executes dropped EXE
PID:4308 -
\??\c:\hbhbtt.exec:\hbhbtt.exe38⤵
- Executes dropped EXE
PID:3600 -
\??\c:\jvjjj.exec:\jvjjj.exe39⤵
- Executes dropped EXE
PID:3740 -
\??\c:\7vvpd.exec:\7vvpd.exe40⤵
- Executes dropped EXE
PID:1276 -
\??\c:\1lxllll.exec:\1lxllll.exe41⤵
- Executes dropped EXE
PID:3680 -
\??\c:\nnbtnn.exec:\nnbtnn.exe42⤵
- Executes dropped EXE
PID:3900 -
\??\c:\btttnn.exec:\btttnn.exe43⤵
- Executes dropped EXE
PID:4944 -
\??\c:\vpvpv.exec:\vpvpv.exe44⤵
- Executes dropped EXE
PID:1720 -
\??\c:\jdjdd.exec:\jdjdd.exe45⤵
- Executes dropped EXE
PID:5008 -
\??\c:\7lxfxxr.exec:\7lxfxxr.exe46⤵
- Executes dropped EXE
PID:3092 -
\??\c:\xrxlrrf.exec:\xrxlrrf.exe47⤵
- Executes dropped EXE
PID:1752 -
\??\c:\hbthbh.exec:\hbthbh.exe48⤵
- Executes dropped EXE
PID:3528 -
\??\c:\pjdpd.exec:\pjdpd.exe49⤵
- Executes dropped EXE
PID:4848 -
\??\c:\rflxxxx.exec:\rflxxxx.exe50⤵
- Executes dropped EXE
PID:4504 -
\??\c:\xlffxxx.exec:\xlffxxx.exe51⤵
- Executes dropped EXE
PID:3024 -
\??\c:\htnhbt.exec:\htnhbt.exe52⤵
- Executes dropped EXE
PID:1996 -
\??\c:\dvvjv.exec:\dvvjv.exe53⤵
- Executes dropped EXE
PID:4836 -
\??\c:\9fffxxx.exec:\9fffxxx.exe54⤵
- Executes dropped EXE
PID:1968 -
\??\c:\7hbtnt.exec:\7hbtnt.exe55⤵
- Executes dropped EXE
PID:4536 -
\??\c:\5nnhbb.exec:\5nnhbb.exe56⤵
- Executes dropped EXE
PID:1404 -
\??\c:\lxffrrr.exec:\lxffrrr.exe57⤵
- Executes dropped EXE
PID:4768 -
\??\c:\5fflllf.exec:\5fflllf.exe58⤵
- Executes dropped EXE
PID:4540 -
\??\c:\tbnnhh.exec:\tbnnhh.exe59⤵
- Executes dropped EXE
PID:3612 -
\??\c:\jvdvp.exec:\jvdvp.exe60⤵
- Executes dropped EXE
PID:1096 -
\??\c:\1rffxxr.exec:\1rffxxr.exe61⤵
- Executes dropped EXE
PID:1484 -
\??\c:\rflxrrl.exec:\rflxrrl.exe62⤵
- Executes dropped EXE
PID:1972 -
\??\c:\nnbtnn.exec:\nnbtnn.exe63⤵
- Executes dropped EXE
PID:4948 -
\??\c:\1dddv.exec:\1dddv.exe64⤵
- Executes dropped EXE
PID:2460 -
\??\c:\fllrrxf.exec:\fllrrxf.exe65⤵
- Executes dropped EXE
PID:448 -
\??\c:\rlxrrrl.exec:\rlxrrrl.exe66⤵PID:5060
-
\??\c:\btbbtt.exec:\btbbtt.exe67⤵PID:1820
-
\??\c:\7djdp.exec:\7djdp.exe68⤵PID:3704
-
\??\c:\pjjjd.exec:\pjjjd.exe69⤵PID:2064
-
\??\c:\lrrlxxr.exec:\lrrlxxr.exe70⤵PID:1812
-
\??\c:\rlfxxrr.exec:\rlfxxrr.exe71⤵PID:4236
-
\??\c:\1nnhbb.exec:\1nnhbb.exe72⤵PID:2508
-
\??\c:\pddvv.exec:\pddvv.exe73⤵PID:1760
-
\??\c:\rrllllf.exec:\rrllllf.exe74⤵PID:3904
-
\??\c:\lffxrrl.exec:\lffxrrl.exe75⤵PID:2716
-
\??\c:\nnthbb.exec:\nnthbb.exe76⤵PID:1120
-
\??\c:\djpdv.exec:\djpdv.exe77⤵PID:3940
-
\??\c:\rlxrrxx.exec:\rlxrrxx.exe78⤵PID:4016
-
\??\c:\1rfxffl.exec:\1rfxffl.exe79⤵PID:5020
-
\??\c:\frrxxrr.exec:\frrxxrr.exe80⤵PID:2056
-
\??\c:\9nhbtt.exec:\9nhbtt.exe81⤵PID:5076
-
\??\c:\pjdvp.exec:\pjdvp.exe82⤵PID:1944
-
\??\c:\1rlfrrl.exec:\1rlfrrl.exe83⤵PID:3660
-
\??\c:\ppdjj.exec:\ppdjj.exe84⤵PID:2924
-
\??\c:\dppjd.exec:\dppjd.exe85⤵PID:2840
-
\??\c:\ttbtbh.exec:\ttbtbh.exe86⤵PID:2440
-
\??\c:\rrfxxxf.exec:\rrfxxxf.exe87⤵PID:3724
-
\??\c:\xfllffx.exec:\xfllffx.exe88⤵PID:3060
-
\??\c:\hnhhbb.exec:\hnhhbb.exe89⤵PID:3616
-
\??\c:\vvdvp.exec:\vvdvp.exe90⤵PID:3732
-
\??\c:\djpjd.exec:\djpjd.exe91⤵PID:3476
-
\??\c:\fxffrrr.exec:\fxffrrr.exe92⤵PID:464
-
\??\c:\bttnnn.exec:\bttnnn.exe93⤵PID:4136
-
\??\c:\dvdjj.exec:\dvdjj.exe94⤵PID:3788
-
\??\c:\jvdvj.exec:\jvdvj.exe95⤵PID:4984
-
\??\c:\5rxrrrl.exec:\5rxrrrl.exe96⤵PID:4228
-
\??\c:\bhtnhh.exec:\bhtnhh.exe97⤵PID:1872
-
\??\c:\jjpjv.exec:\jjpjv.exe98⤵PID:3180
-
\??\c:\lflfrrl.exec:\lflfrrl.exe99⤵PID:2144
-
\??\c:\ffxrllf.exec:\ffxrllf.exe100⤵PID:3880
-
\??\c:\7ntbbb.exec:\7ntbbb.exe101⤵PID:3968
-
\??\c:\3ntnbb.exec:\3ntnbb.exe102⤵PID:4916
-
\??\c:\djjjj.exec:\djjjj.exe103⤵PID:4348
-
\??\c:\7xxrllf.exec:\7xxrllf.exe104⤵PID:4756
-
\??\c:\lfffxrl.exec:\lfffxrl.exe105⤵PID:1660
-
\??\c:\7bbbtt.exec:\7bbbtt.exe106⤵PID:3952
-
\??\c:\3ppjd.exec:\3ppjd.exe107⤵PID:712
-
\??\c:\jpvpj.exec:\jpvpj.exe108⤵PID:4488
-
\??\c:\9rrfrrr.exec:\9rrfrrr.exe109⤵PID:5068
-
\??\c:\hhbhhh.exec:\hhbhhh.exe110⤵PID:372
-
\??\c:\thtthh.exec:\thtthh.exe111⤵PID:3956
-
\??\c:\dvddd.exec:\dvddd.exe112⤵PID:4100
-
\??\c:\ffffxxx.exec:\ffffxxx.exe113⤵PID:4272
-
\??\c:\7hhtnn.exec:\7hhtnn.exe114⤵PID:3580
-
\??\c:\bbnhbn.exec:\bbnhbn.exe115⤵PID:1780
-
\??\c:\vjvpd.exec:\vjvpd.exe116⤵PID:4584
-
\??\c:\lrlfxrl.exec:\lrlfxrl.exe117⤵PID:5064
-
\??\c:\7hhnnn.exec:\7hhnnn.exe118⤵PID:2444
-
\??\c:\nbhhbt.exec:\nbhhbt.exe119⤵PID:2752
-
\??\c:\dvvjv.exec:\dvvjv.exe120⤵PID:1980
-
\??\c:\pvpjv.exec:\pvpjv.exe121⤵PID:2940
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-