Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
02/05/2024, 02:09
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
b5b10cc4720053b0bf389dffa7f59757e3a110709d65a22a963e29e7af4ee650.exe
Resource
win7-20240419-en
windows7-x64
6 signatures
150 seconds
General
-
Target
b5b10cc4720053b0bf389dffa7f59757e3a110709d65a22a963e29e7af4ee650.exe
-
Size
392KB
-
MD5
33ddceb8081a60ebdee2acc80ab13965
-
SHA1
622c62e729deeeb4fc77b1c598054ca2d7b326b7
-
SHA256
b5b10cc4720053b0bf389dffa7f59757e3a110709d65a22a963e29e7af4ee650
-
SHA512
464da3d999df2b38ae0066e2c796039d8fb28a5a40b96a510607d2f23ceeccee44628805d0dcf2a49253f68ecd82bbe198fb9d8a466006ecfa4816c06fd923c5
-
SSDEEP
6144:Acm7ImGddX5WrXF5lpKGYV0aTk/BO0XJm4UEPOshN/xdKnvP48bmRo:m7TcJWjdpKGATTk/jYIOWN/KnnPF
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/988-4-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1208-10-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4160-23-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4948-19-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4156-37-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3648-35-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3756-42-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3824-49-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2236-54-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4808-62-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3444-73-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3716-71-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3976-81-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2220-85-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2996-96-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4528-102-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4896-111-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3836-91-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1444-132-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4868-129-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4448-147-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4224-138-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1020-162-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/432-167-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4572-157-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2200-154-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4884-189-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3424-201-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4408-205-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4412-209-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4320-216-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4328-230-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1640-226-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3104-234-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2856-249-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4404-258-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3764-269-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3108-275-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3836-285-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2700-290-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1944-296-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4240-304-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3576-323-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3512-338-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2080-342-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3280-346-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/216-393-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/716-403-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3456-410-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3716-420-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4336-481-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2520-492-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3460-501-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1408-516-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2164-554-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4868-586-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/2708-671-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3828-817-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/1964-879-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/3604-985-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4788-1079-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4320-1149-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4528-1153-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral2/memory/4964-1327-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/988-4-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1208-10-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4160-23-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4948-19-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3648-29-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4156-37-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3648-35-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3756-42-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3824-49-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2236-54-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4808-62-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3444-65-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3444-73-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3716-71-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3976-81-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2220-85-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2996-96-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4528-102-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4896-111-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3836-91-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1444-132-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4868-129-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4448-147-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2200-146-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4224-138-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1020-162-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/432-167-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4572-157-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2200-154-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4884-189-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3424-201-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4408-205-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4412-209-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4320-216-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4328-230-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1640-226-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3104-234-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1192-238-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2856-249-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4404-258-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3764-269-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3108-272-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3108-275-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3836-285-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2700-290-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/1944-296-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4240-304-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2888-313-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3576-323-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3512-334-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3512-338-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2080-342-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3280-346-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2644-363-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4348-370-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4368-374-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/216-393-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/716-403-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3456-410-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3716-420-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/3900-427-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2556-459-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/4336-481-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral2/memory/2520-492-0x0000000000400000-0x000000000042A000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 1208 rllfxrl.exe 4840 9vvpp.exe 4948 frllfff.exe 4160 fxxrllf.exe 3648 nhbtnb.exe 4156 ffllflf.exe 3756 hhbtnn.exe 3824 1vjjv.exe 2236 xrxllfr.exe 4808 rfxrrrr.exe 3444 dpdvv.exe 3716 rrrllll.exe 3976 7nbbtb.exe 2220 vvjdv.exe 3836 rfrrlfx.exe 2996 9vvjp.exe 4528 thhbtt.exe 4896 1tnhhb.exe 5108 jjjvp.exe 2724 rrrrffx.exe 4868 nbntht.exe 1444 vddvp.exe 4224 flrffxx.exe 4448 bnnhbb.exe 2200 vpvpp.exe 4572 rllfffl.exe 1020 lfflfxf.exe 432 nttnhb.exe 3280 9bhbnh.exe 1844 frxxlfl.exe 780 nttttt.exe 4884 tbbtnh.exe 4380 1pjvv.exe 2848 rxxxrlf.exe 3424 tnhhnn.exe 4408 hbbbtt.exe 4412 dppjp.exe 4128 flfrxrx.exe 1408 hhbthh.exe 4320 vdvjv.exe 1100 ffxrffx.exe 1640 tbnhhh.exe 4328 tbtnhb.exe 1112 pvdvv.exe 3104 fxlfxfx.exe 1192 ffxrrrr.exe 3756 btbtnn.exe 4612 pjpjv.exe 2856 lfrrffr.exe 2884 5lffrrl.exe 3060 thtttt.exe 4404 vjpjd.exe 3444 xxfxrrl.exe 4844 thnnnh.exe 3764 ppppp.exe 3108 xxlxlxx.exe 3900 bhttnn.exe 1596 ppdvp.exe 3836 jjpjj.exe 2032 ffxrrxx.exe 2700 hbtnhh.exe 1944 3pvvp.exe 4420 lrlffxx.exe 2272 bbhhnt.exe -
resource yara_rule behavioral2/memory/988-4-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1208-10-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4160-23-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4948-19-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3648-29-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4156-37-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3648-35-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3756-42-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3824-49-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2236-54-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4808-62-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3444-65-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3444-73-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3716-71-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3976-81-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2220-85-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2996-96-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4528-102-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4896-111-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3836-91-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1444-132-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4868-129-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4448-147-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2200-146-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4224-138-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1020-162-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/432-167-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4572-157-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2200-154-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4884-189-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3424-201-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4408-205-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4412-209-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4320-216-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4328-230-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1640-226-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3104-234-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1192-238-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2856-249-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4404-258-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3764-269-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3108-275-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3836-285-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2700-290-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/1944-296-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4240-304-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3576-323-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3512-334-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3512-338-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2080-342-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3280-346-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2644-363-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4348-370-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4368-374-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/216-393-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/716-403-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3456-410-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3716-420-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3900-427-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2556-459-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4336-481-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/2520-492-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/3460-501-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral2/memory/4532-505-0x0000000000400000-0x000000000042A000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 988 wrote to memory of 1208 988 b5b10cc4720053b0bf389dffa7f59757e3a110709d65a22a963e29e7af4ee650.exe 85 PID 988 wrote to memory of 1208 988 b5b10cc4720053b0bf389dffa7f59757e3a110709d65a22a963e29e7af4ee650.exe 85 PID 988 wrote to memory of 1208 988 b5b10cc4720053b0bf389dffa7f59757e3a110709d65a22a963e29e7af4ee650.exe 85 PID 1208 wrote to memory of 4840 1208 rllfxrl.exe 86 PID 1208 wrote to memory of 4840 1208 rllfxrl.exe 86 PID 1208 wrote to memory of 4840 1208 rllfxrl.exe 86 PID 4840 wrote to memory of 4948 4840 9vvpp.exe 87 PID 4840 wrote to memory of 4948 4840 9vvpp.exe 87 PID 4840 wrote to memory of 4948 4840 9vvpp.exe 87 PID 4948 wrote to memory of 4160 4948 frllfff.exe 88 PID 4948 wrote to memory of 4160 4948 frllfff.exe 88 PID 4948 wrote to memory of 4160 4948 frllfff.exe 88 PID 4160 wrote to memory of 3648 4160 fxxrllf.exe 89 PID 4160 wrote to memory of 3648 4160 fxxrllf.exe 89 PID 4160 wrote to memory of 3648 4160 fxxrllf.exe 89 PID 3648 wrote to memory of 4156 3648 nhbtnb.exe 90 PID 3648 wrote to memory of 4156 3648 nhbtnb.exe 90 PID 3648 wrote to memory of 4156 3648 nhbtnb.exe 90 PID 4156 wrote to memory of 3756 4156 ffllflf.exe 91 PID 4156 wrote to memory of 3756 4156 ffllflf.exe 91 PID 4156 wrote to memory of 3756 4156 ffllflf.exe 91 PID 3756 wrote to memory of 3824 3756 hhbtnn.exe 92 PID 3756 wrote to memory of 3824 3756 hhbtnn.exe 92 PID 3756 wrote to memory of 3824 3756 hhbtnn.exe 92 PID 3824 wrote to memory of 2236 3824 1vjjv.exe 93 PID 3824 wrote to memory of 2236 3824 1vjjv.exe 93 PID 3824 wrote to memory of 2236 3824 1vjjv.exe 93 PID 2236 wrote to memory of 4808 2236 xrxllfr.exe 96 PID 2236 wrote to memory of 4808 2236 xrxllfr.exe 96 PID 2236 wrote to memory of 4808 2236 xrxllfr.exe 96 PID 4808 wrote to memory of 3444 4808 rfxrrrr.exe 97 PID 4808 wrote to memory of 3444 4808 rfxrrrr.exe 97 PID 4808 wrote to memory of 3444 4808 rfxrrrr.exe 97 PID 3444 wrote to memory of 3716 3444 dpdvv.exe 98 PID 3444 wrote to memory of 3716 3444 dpdvv.exe 98 PID 3444 wrote to memory of 3716 3444 dpdvv.exe 98 PID 3716 wrote to memory of 3976 3716 rrrllll.exe 99 PID 3716 wrote to memory of 3976 3716 rrrllll.exe 99 PID 3716 wrote to memory of 3976 3716 rrrllll.exe 99 PID 3976 wrote to memory of 2220 3976 7nbbtb.exe 100 PID 3976 wrote to memory of 2220 3976 7nbbtb.exe 100 PID 3976 wrote to memory of 2220 3976 7nbbtb.exe 100 PID 2220 wrote to memory of 3836 2220 vvjdv.exe 101 PID 2220 wrote to memory of 3836 2220 vvjdv.exe 101 PID 2220 wrote to memory of 3836 2220 vvjdv.exe 101 PID 3836 wrote to memory of 2996 3836 rfrrlfx.exe 102 PID 3836 wrote to memory of 2996 3836 rfrrlfx.exe 102 PID 3836 wrote to memory of 2996 3836 rfrrlfx.exe 102 PID 2996 wrote to memory of 4528 2996 9vvjp.exe 104 PID 2996 wrote to memory of 4528 2996 9vvjp.exe 104 PID 2996 wrote to memory of 4528 2996 9vvjp.exe 104 PID 4528 wrote to memory of 4896 4528 thhbtt.exe 105 PID 4528 wrote to memory of 4896 4528 thhbtt.exe 105 PID 4528 wrote to memory of 4896 4528 thhbtt.exe 105 PID 4896 wrote to memory of 5108 4896 1tnhhb.exe 106 PID 4896 wrote to memory of 5108 4896 1tnhhb.exe 106 PID 4896 wrote to memory of 5108 4896 1tnhhb.exe 106 PID 5108 wrote to memory of 2724 5108 jjjvp.exe 107 PID 5108 wrote to memory of 2724 5108 jjjvp.exe 107 PID 5108 wrote to memory of 2724 5108 jjjvp.exe 107 PID 2724 wrote to memory of 4868 2724 rrrrffx.exe 108 PID 2724 wrote to memory of 4868 2724 rrrrffx.exe 108 PID 2724 wrote to memory of 4868 2724 rrrrffx.exe 108 PID 4868 wrote to memory of 1444 4868 nbntht.exe 109
Processes
-
C:\Users\Admin\AppData\Local\Temp\b5b10cc4720053b0bf389dffa7f59757e3a110709d65a22a963e29e7af4ee650.exe"C:\Users\Admin\AppData\Local\Temp\b5b10cc4720053b0bf389dffa7f59757e3a110709d65a22a963e29e7af4ee650.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:988 -
\??\c:\rllfxrl.exec:\rllfxrl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1208 -
\??\c:\9vvpp.exec:\9vvpp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4840 -
\??\c:\frllfff.exec:\frllfff.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4948 -
\??\c:\fxxrllf.exec:\fxxrllf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4160 -
\??\c:\nhbtnb.exec:\nhbtnb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3648 -
\??\c:\ffllflf.exec:\ffllflf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4156 -
\??\c:\hhbtnn.exec:\hhbtnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3756 -
\??\c:\1vjjv.exec:\1vjjv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3824 -
\??\c:\xrxllfr.exec:\xrxllfr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2236 -
\??\c:\rfxrrrr.exec:\rfxrrrr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4808 -
\??\c:\dpdvv.exec:\dpdvv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3444 -
\??\c:\rrrllll.exec:\rrrllll.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3716 -
\??\c:\7nbbtb.exec:\7nbbtb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3976 -
\??\c:\vvjdv.exec:\vvjdv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2220 -
\??\c:\rfrrlfx.exec:\rfrrlfx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3836 -
\??\c:\9vvjp.exec:\9vvjp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2996 -
\??\c:\thhbtt.exec:\thhbtt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4528 -
\??\c:\1tnhhb.exec:\1tnhhb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4896 -
\??\c:\jjjvp.exec:\jjjvp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5108 -
\??\c:\rrrrffx.exec:\rrrrffx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2724 -
\??\c:\nbntht.exec:\nbntht.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4868 -
\??\c:\vddvp.exec:\vddvp.exe23⤵
- Executes dropped EXE
PID:1444 -
\??\c:\flrffxx.exec:\flrffxx.exe24⤵
- Executes dropped EXE
PID:4224 -
\??\c:\bnnhbb.exec:\bnnhbb.exe25⤵
- Executes dropped EXE
PID:4448 -
\??\c:\vpvpp.exec:\vpvpp.exe26⤵
- Executes dropped EXE
PID:2200 -
\??\c:\rllfffl.exec:\rllfffl.exe27⤵
- Executes dropped EXE
PID:4572 -
\??\c:\lfflfxf.exec:\lfflfxf.exe28⤵
- Executes dropped EXE
PID:1020 -
\??\c:\nttnhb.exec:\nttnhb.exe29⤵
- Executes dropped EXE
PID:432 -
\??\c:\9bhbnh.exec:\9bhbnh.exe30⤵
- Executes dropped EXE
PID:3280 -
\??\c:\frxxlfl.exec:\frxxlfl.exe31⤵
- Executes dropped EXE
PID:1844 -
\??\c:\nttttt.exec:\nttttt.exe32⤵
- Executes dropped EXE
PID:780 -
\??\c:\tbbtnh.exec:\tbbtnh.exe33⤵
- Executes dropped EXE
PID:4884 -
\??\c:\1pjvv.exec:\1pjvv.exe34⤵
- Executes dropped EXE
PID:4380 -
\??\c:\rxxxrlf.exec:\rxxxrlf.exe35⤵
- Executes dropped EXE
PID:2848 -
\??\c:\tnhhnn.exec:\tnhhnn.exe36⤵
- Executes dropped EXE
PID:3424 -
\??\c:\hbbbtt.exec:\hbbbtt.exe37⤵
- Executes dropped EXE
PID:4408 -
\??\c:\dppjp.exec:\dppjp.exe38⤵
- Executes dropped EXE
PID:4412 -
\??\c:\flfrxrx.exec:\flfrxrx.exe39⤵
- Executes dropped EXE
PID:4128 -
\??\c:\hhbthh.exec:\hhbthh.exe40⤵
- Executes dropped EXE
PID:1408 -
\??\c:\vdvjv.exec:\vdvjv.exe41⤵
- Executes dropped EXE
PID:4320 -
\??\c:\ffxrffx.exec:\ffxrffx.exe42⤵
- Executes dropped EXE
PID:1100 -
\??\c:\tbnhhh.exec:\tbnhhh.exe43⤵
- Executes dropped EXE
PID:1640 -
\??\c:\tbtnhb.exec:\tbtnhb.exe44⤵
- Executes dropped EXE
PID:4328 -
\??\c:\pvdvv.exec:\pvdvv.exe45⤵
- Executes dropped EXE
PID:1112 -
\??\c:\fxlfxfx.exec:\fxlfxfx.exe46⤵
- Executes dropped EXE
PID:3104 -
\??\c:\ffxrrrr.exec:\ffxrrrr.exe47⤵
- Executes dropped EXE
PID:1192 -
\??\c:\btbtnn.exec:\btbtnn.exe48⤵
- Executes dropped EXE
PID:3756 -
\??\c:\pjpjv.exec:\pjpjv.exe49⤵
- Executes dropped EXE
PID:4612 -
\??\c:\lfrrffr.exec:\lfrrffr.exe50⤵
- Executes dropped EXE
PID:2856 -
\??\c:\5lffrrl.exec:\5lffrrl.exe51⤵
- Executes dropped EXE
PID:2884 -
\??\c:\thtttt.exec:\thtttt.exe52⤵
- Executes dropped EXE
PID:3060 -
\??\c:\vjpjd.exec:\vjpjd.exe53⤵
- Executes dropped EXE
PID:4404 -
\??\c:\xxfxrrl.exec:\xxfxrrl.exe54⤵
- Executes dropped EXE
PID:3444 -
\??\c:\thnnnh.exec:\thnnnh.exe55⤵
- Executes dropped EXE
PID:4844 -
\??\c:\ppppp.exec:\ppppp.exe56⤵
- Executes dropped EXE
PID:3764 -
\??\c:\xxlxlxx.exec:\xxlxlxx.exe57⤵
- Executes dropped EXE
PID:3108 -
\??\c:\bhttnn.exec:\bhttnn.exe58⤵
- Executes dropped EXE
PID:3900 -
\??\c:\ppdvp.exec:\ppdvp.exe59⤵
- Executes dropped EXE
PID:1596 -
\??\c:\jjpjj.exec:\jjpjj.exe60⤵
- Executes dropped EXE
PID:3836 -
\??\c:\ffxrrxx.exec:\ffxrrxx.exe61⤵
- Executes dropped EXE
PID:2032 -
\??\c:\hbtnhh.exec:\hbtnhh.exe62⤵
- Executes dropped EXE
PID:2700 -
\??\c:\3pvvp.exec:\3pvvp.exe63⤵
- Executes dropped EXE
PID:1944 -
\??\c:\lrlffxx.exec:\lrlffxx.exe64⤵
- Executes dropped EXE
PID:4420 -
\??\c:\bbhhnt.exec:\bbhhnt.exe65⤵
- Executes dropped EXE
PID:2272 -
\??\c:\5pdvv.exec:\5pdvv.exe66⤵PID:4240
-
\??\c:\xxrrlfx.exec:\xxrrlfx.exe67⤵PID:4484
-
\??\c:\rlrrlll.exec:\rlrrlll.exe68⤵PID:4964
-
\??\c:\hhnnbb.exec:\hhnnbb.exe69⤵PID:2888
-
\??\c:\vddvp.exec:\vddvp.exe70⤵PID:4900
-
\??\c:\7ffxrll.exec:\7ffxrll.exe71⤵PID:3576
-
\??\c:\lfxxffl.exec:\lfxxffl.exe72⤵PID:5004
-
\??\c:\7tbtbb.exec:\7tbtbb.exe73⤵PID:4400
-
\??\c:\jjvvp.exec:\jjvvp.exe74⤵PID:2844
-
\??\c:\xxrrxxf.exec:\xxrrxxf.exe75⤵PID:3512
-
\??\c:\nhhbnn.exec:\nhhbnn.exe76⤵PID:2080
-
\??\c:\xrlfxxx.exec:\xrlfxxx.exe77⤵PID:3280
-
\??\c:\tnnnnn.exec:\tnnnnn.exe78⤵PID:2492
-
\??\c:\pjpjj.exec:\pjpjj.exe79⤵PID:2520
-
\??\c:\frxrrrl.exec:\frxrrrl.exe80⤵PID:4888
-
\??\c:\hnttnn.exec:\hnttnn.exe81⤵PID:3460
-
\??\c:\dddvv.exec:\dddvv.exe82⤵PID:3196
-
\??\c:\rrlfxxx.exec:\rrlfxxx.exe83⤵PID:2644
-
\??\c:\5xfxrrl.exec:\5xfxrrl.exe84⤵PID:2580
-
\??\c:\dpdvv.exec:\dpdvv.exe85⤵PID:4348
-
\??\c:\ffxxxxx.exec:\ffxxxxx.exe86⤵PID:4368
-
\??\c:\bnnbth.exec:\bnnbth.exe87⤵PID:112
-
\??\c:\bhtnnt.exec:\bhtnnt.exe88⤵PID:1964
-
\??\c:\vjddd.exec:\vjddd.exe89⤵PID:4320
-
\??\c:\7lxrrrr.exec:\7lxrrrr.exe90⤵PID:1680
-
\??\c:\bbnnht.exec:\bbnnht.exe91⤵PID:216
-
\??\c:\pddvv.exec:\pddvv.exe92⤵PID:1364
-
\??\c:\dvddv.exec:\dvddv.exe93⤵PID:4000
-
\??\c:\7lxrllf.exec:\7lxrllf.exe94⤵PID:716
-
\??\c:\htnhhh.exec:\htnhhh.exe95⤵PID:1552
-
\??\c:\dvjdd.exec:\dvjdd.exe96⤵PID:3456
-
\??\c:\dpvvv.exec:\dpvvv.exe97⤵PID:972
-
\??\c:\rlxxllr.exec:\rlxxllr.exe98⤵PID:3264
-
\??\c:\nhbtbb.exec:\nhbtbb.exe99⤵PID:760
-
\??\c:\7vdvp.exec:\7vdvp.exe100⤵PID:3716
-
\??\c:\djpdv.exec:\djpdv.exe101⤵PID:5112
-
\??\c:\xrlxxxr.exec:\xrlxxxr.exe102⤵PID:3900
-
\??\c:\thnnhh.exec:\thnnhh.exe103⤵PID:4936
-
\??\c:\pjjdv.exec:\pjjdv.exe104⤵PID:3464
-
\??\c:\pjjdv.exec:\pjjdv.exe105⤵PID:4388
-
\??\c:\rrfrxfr.exec:\rrfrxfr.exe106⤵PID:4392
-
\??\c:\nntnnn.exec:\nntnnn.exe107⤵PID:2484
-
\??\c:\hbthth.exec:\hbthth.exe108⤵PID:1460
-
\??\c:\llrrrrf.exec:\llrrrrf.exe109⤵PID:3320
-
\??\c:\3pppj.exec:\3pppj.exe110⤵PID:2592
-
\??\c:\xxlflfx.exec:\xxlflfx.exe111⤵PID:4964
-
\??\c:\nbttnn.exec:\nbttnn.exe112⤵PID:3348
-
\??\c:\jdppp.exec:\jdppp.exe113⤵PID:2556
-
\??\c:\5rrlffx.exec:\5rrlffx.exe114⤵PID:2540
-
\??\c:\dvdvv.exec:\dvdvv.exe115⤵PID:4944
-
\??\c:\rfrrxxx.exec:\rfrrxxx.exe116⤵PID:2868
-
\??\c:\bnhbbn.exec:\bnhbbn.exe117⤵PID:1848
-
\??\c:\jpvjp.exec:\jpvjp.exe118⤵PID:432
-
\??\c:\bhtthn.exec:\bhtthn.exe119⤵PID:4336
-
\??\c:\bntnbh.exec:\bntnbh.exe120⤵PID:2560
-
\??\c:\jvddp.exec:\jvddp.exe121⤵PID:4636
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-