Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
132s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
07/05/2024, 11:18
Behavioral task
behavioral1
Sample
55f561719d8c1c230446d304a8dc6cc0_NEAS.exe
Resource
win7-20231129-en
windows7-x64
6 signatures
150 seconds
General
-
Target
55f561719d8c1c230446d304a8dc6cc0_NEAS.exe
-
Size
463KB
-
MD5
55f561719d8c1c230446d304a8dc6cc0
-
SHA1
3acd91b33e23f8e46f8a52bc0192b16d402d9cb3
-
SHA256
b04619375c603a0087c03cfd14994081818487f7b1d685d18e68820da7b9d335
-
SHA512
b8750ca9980cc0750f9a724301b65955e958f5693310f2261dc3358efbd5b99d6b46927678c3c2725434ae9bfaf62c9b6a9027dda8d85f0d58240515cc10045a
-
SSDEEP
12288:J4wFHoSTeR0oQRkay+eFp3IDvSbh5nPVP+OKaf1V9:VeR0oykayRFp3lztP+OKaf1V9
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/4796-6-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3540-8-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4020-20-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4280-17-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3848-30-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4624-36-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3492-43-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2372-48-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3696-53-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1008-62-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1572-67-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/916-74-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2392-81-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1428-76-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4808-91-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2196-102-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4424-94-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4536-112-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3296-110-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4848-122-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2416-129-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1640-135-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4380-149-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3972-156-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3524-170-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3172-176-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4760-184-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2112-191-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4852-197-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/5032-204-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/632-211-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1256-215-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1904-229-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4508-238-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2728-245-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2760-249-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4420-259-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2704-266-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2812-273-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3420-280-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4532-284-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1828-288-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4884-310-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/780-314-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3688-318-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1468-363-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/868-374-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4624-381-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3980-392-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4684-406-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3140-405-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4928-413-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1268-427-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4888-452-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3264-456-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2672-476-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1892-508-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2268-527-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/5108-565-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3488-578-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1884-633-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4236-910-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2964-966-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2028-1037-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon -
Malware Dropper & Backdoor - Berbew 64 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
resource yara_rule behavioral2/memory/4796-0-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x000d000000023ade-3.dat family_berbew behavioral2/memory/4796-6-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/memory/3540-8-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x000e000000023b6d-11.dat family_berbew behavioral2/memory/4280-12-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x000a000000023b74-14.dat family_berbew behavioral2/memory/4020-20-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/memory/4280-17-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x000a000000023b75-23.dat family_berbew behavioral2/files/0x000a000000023b74-28.dat family_berbew behavioral2/memory/3848-30-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/memory/4624-36-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x000a000000023b76-34.dat family_berbew behavioral2/files/0x000a000000023b77-40.dat family_berbew behavioral2/memory/3492-43-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x000a000000023b78-46.dat family_berbew behavioral2/memory/2372-48-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/memory/3696-53-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x000a000000023b79-54.dat family_berbew behavioral2/memory/1572-60-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/memory/1008-62-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x000a000000023b7a-59.dat family_berbew behavioral2/files/0x000a000000023b7b-65.dat family_berbew behavioral2/memory/1572-67-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/memory/916-74-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/memory/2392-81-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x000a000000023b7c-79.dat family_berbew behavioral2/files/0x000e000000023b70-72.dat family_berbew behavioral2/memory/1428-76-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x000a000000023b7d-85.dat family_berbew behavioral2/files/0x000a000000023b7f-89.dat family_berbew behavioral2/memory/4808-91-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x000a000000023b80-96.dat family_berbew behavioral2/files/0x000a000000023b81-103.dat family_berbew behavioral2/memory/2196-102-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/memory/4424-94-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x000a000000023b82-107.dat family_berbew behavioral2/memory/4536-112-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/memory/3296-110-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x000a000000023b83-115.dat family_berbew behavioral2/files/0x000a000000023b84-120.dat family_berbew behavioral2/memory/4848-122-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x000a000000023b85-126.dat family_berbew behavioral2/memory/2416-129-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x000a000000023b86-131.dat family_berbew behavioral2/memory/1640-135-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x000a000000023b87-138.dat family_berbew behavioral2/files/0x000a000000023b88-143.dat family_berbew behavioral2/files/0x000a000000023b89-147.dat family_berbew behavioral2/memory/4380-149-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x000a000000023b8a-154.dat family_berbew behavioral2/memory/3972-156-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x000a000000023b8b-159.dat family_berbew behavioral2/files/0x000a000000023b8c-165.dat family_berbew behavioral2/memory/3524-170-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x000a000000023b8d-171.dat family_berbew behavioral2/memory/3172-176-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x000a000000023b77-177.dat family_berbew behavioral2/files/0x000a000000023b8e-181.dat family_berbew behavioral2/memory/4760-184-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x000a000000023b8f-188.dat family_berbew behavioral2/memory/2112-191-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/memory/4852-197-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew -
Executes dropped EXE 64 IoCs
pid Process 3540 jpppp.exe 4280 flrrlll.exe 4020 bhthbt.exe 3848 ppdvj.exe 4624 bhthbt.exe 3492 pppjv.exe 2372 bttnnn.exe 3696 llrrxrf.exe 1008 fxlfllr.exe 1572 bhnhbh.exe 916 vpppj.exe 1428 xlrlllf.exe 2392 7hnhbn.exe 4808 jjvpv.exe 4424 tnttnn.exe 2196 vpvvd.exe 3296 rrfxllr.exe 4536 vjppj.exe 2608 xfxlxrx.exe 4848 1hnhhn.exe 2416 lxllxxr.exe 1640 ppvvp.exe 5072 hbtnnt.exe 1084 lrxrrlr.exe 4380 thbthh.exe 3972 vjpjp.exe 3744 hhhbbb.exe 3524 ntbbbb.exe 3172 llfflll.exe 4760 bttnnn.exe 5044 hhnttb.exe 2112 fflfxxx.exe 4852 pvdvp.exe 3284 hhbthh.exe 5032 dvjpj.exe 3432 frxxxxx.exe 632 tnhbhh.exe 1256 rffrlfr.exe 1220 btbttt.exe 3904 xlrlffx.exe 3608 3hbttt.exe 4608 pjvpd.exe 1904 xlrlfff.exe 1096 nntttt.exe 4508 1vpjd.exe 4908 3rfxlfl.exe 2728 9tbbtb.exe 2760 dvdvv.exe 2536 fflrlll.exe 4100 tnbbbt.exe 4420 vjjjd.exe 4640 lxffxxx.exe 684 hntnnn.exe 2704 7jppj.exe 2812 1tbbtt.exe 2856 hhbthb.exe 3420 ppvpj.exe 4532 lflrllf.exe 1828 bbhhhn.exe 2344 vdpjv.exe 3056 rxllffr.exe 2700 7fxxrrl.exe 2216 httnnn.exe 4500 5pvvp.exe -
resource yara_rule behavioral2/memory/4796-0-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x000d000000023ade-3.dat upx behavioral2/memory/4796-6-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/3540-8-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x000e000000023b6d-11.dat upx behavioral2/memory/4280-12-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x000a000000023b74-14.dat upx behavioral2/memory/4020-20-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/4280-17-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x000a000000023b75-23.dat upx behavioral2/files/0x000a000000023b74-28.dat upx behavioral2/memory/3848-30-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/4624-36-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x000a000000023b76-34.dat upx behavioral2/files/0x000a000000023b77-40.dat upx behavioral2/memory/3492-43-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x000a000000023b78-46.dat upx behavioral2/memory/2372-48-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/3696-53-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x000a000000023b79-54.dat upx behavioral2/memory/1572-60-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/1008-62-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x000a000000023b7a-59.dat upx behavioral2/files/0x000a000000023b7b-65.dat upx behavioral2/memory/1572-67-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/916-74-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/2392-81-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x000a000000023b7c-79.dat upx behavioral2/files/0x000e000000023b70-72.dat upx behavioral2/memory/1428-76-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x000a000000023b7d-85.dat upx behavioral2/files/0x000a000000023b7f-89.dat upx behavioral2/memory/4808-91-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x000a000000023b80-96.dat upx behavioral2/files/0x000a000000023b81-103.dat upx behavioral2/memory/2196-102-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/4424-94-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x000a000000023b82-107.dat upx behavioral2/memory/4536-112-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/3296-110-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x000a000000023b83-115.dat upx behavioral2/files/0x000a000000023b84-120.dat upx behavioral2/memory/4848-122-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x000a000000023b85-126.dat upx behavioral2/memory/2416-129-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x000a000000023b86-131.dat upx behavioral2/memory/1640-135-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x000a000000023b87-138.dat upx behavioral2/files/0x000a000000023b88-143.dat upx behavioral2/files/0x000a000000023b89-147.dat upx behavioral2/memory/4380-149-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x000a000000023b8a-154.dat upx behavioral2/memory/3972-156-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x000a000000023b8b-159.dat upx behavioral2/files/0x000a000000023b8c-165.dat upx behavioral2/memory/3524-170-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x000a000000023b8d-171.dat upx behavioral2/memory/3172-176-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x000a000000023b77-177.dat upx behavioral2/files/0x000a000000023b8e-181.dat upx behavioral2/memory/4760-184-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x000a000000023b8f-188.dat upx behavioral2/memory/2112-191-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/4852-197-0x0000000000400000-0x000000000043A000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4796 wrote to memory of 3540 4796 55f561719d8c1c230446d304a8dc6cc0_NEAS.exe 84 PID 4796 wrote to memory of 3540 4796 55f561719d8c1c230446d304a8dc6cc0_NEAS.exe 84 PID 4796 wrote to memory of 3540 4796 55f561719d8c1c230446d304a8dc6cc0_NEAS.exe 84 PID 3540 wrote to memory of 4280 3540 jpppp.exe 85 PID 3540 wrote to memory of 4280 3540 jpppp.exe 85 PID 3540 wrote to memory of 4280 3540 jpppp.exe 85 PID 4280 wrote to memory of 4020 4280 flrrlll.exe 86 PID 4280 wrote to memory of 4020 4280 flrrlll.exe 86 PID 4280 wrote to memory of 4020 4280 flrrlll.exe 86 PID 4020 wrote to memory of 3848 4020 bhthbt.exe 87 PID 4020 wrote to memory of 3848 4020 bhthbt.exe 87 PID 4020 wrote to memory of 3848 4020 bhthbt.exe 87 PID 3848 wrote to memory of 4624 3848 ppdvj.exe 88 PID 3848 wrote to memory of 4624 3848 ppdvj.exe 88 PID 3848 wrote to memory of 4624 3848 ppdvj.exe 88 PID 4624 wrote to memory of 3492 4624 bhthbt.exe 89 PID 4624 wrote to memory of 3492 4624 bhthbt.exe 89 PID 4624 wrote to memory of 3492 4624 bhthbt.exe 89 PID 3492 wrote to memory of 2372 3492 pppjv.exe 90 PID 3492 wrote to memory of 2372 3492 pppjv.exe 90 PID 3492 wrote to memory of 2372 3492 pppjv.exe 90 PID 2372 wrote to memory of 3696 2372 bttnnn.exe 92 PID 2372 wrote to memory of 3696 2372 bttnnn.exe 92 PID 2372 wrote to memory of 3696 2372 bttnnn.exe 92 PID 3696 wrote to memory of 1008 3696 llrrxrf.exe 93 PID 3696 wrote to memory of 1008 3696 llrrxrf.exe 93 PID 3696 wrote to memory of 1008 3696 llrrxrf.exe 93 PID 1008 wrote to memory of 1572 1008 fxlfllr.exe 94 PID 1008 wrote to memory of 1572 1008 fxlfllr.exe 94 PID 1008 wrote to memory of 1572 1008 fxlfllr.exe 94 PID 1572 wrote to memory of 916 1572 bhnhbh.exe 95 PID 1572 wrote to memory of 916 1572 bhnhbh.exe 95 PID 1572 wrote to memory of 916 1572 bhnhbh.exe 95 PID 916 wrote to memory of 1428 916 vpppj.exe 96 PID 916 wrote to memory of 1428 916 vpppj.exe 96 PID 916 wrote to memory of 1428 916 vpppj.exe 96 PID 1428 wrote to memory of 2392 1428 xlrlllf.exe 97 PID 1428 wrote to memory of 2392 1428 xlrlllf.exe 97 PID 1428 wrote to memory of 2392 1428 xlrlllf.exe 97 PID 2392 wrote to memory of 4808 2392 7hnhbn.exe 99 PID 2392 wrote to memory of 4808 2392 7hnhbn.exe 99 PID 2392 wrote to memory of 4808 2392 7hnhbn.exe 99 PID 4808 wrote to memory of 4424 4808 jjvpv.exe 101 PID 4808 wrote to memory of 4424 4808 jjvpv.exe 101 PID 4808 wrote to memory of 4424 4808 jjvpv.exe 101 PID 4424 wrote to memory of 2196 4424 tnttnn.exe 102 PID 4424 wrote to memory of 2196 4424 tnttnn.exe 102 PID 4424 wrote to memory of 2196 4424 tnttnn.exe 102 PID 2196 wrote to memory of 3296 2196 vpvvd.exe 103 PID 2196 wrote to memory of 3296 2196 vpvvd.exe 103 PID 2196 wrote to memory of 3296 2196 vpvvd.exe 103 PID 3296 wrote to memory of 4536 3296 rrfxllr.exe 104 PID 3296 wrote to memory of 4536 3296 rrfxllr.exe 104 PID 3296 wrote to memory of 4536 3296 rrfxllr.exe 104 PID 4536 wrote to memory of 2608 4536 vjppj.exe 105 PID 4536 wrote to memory of 2608 4536 vjppj.exe 105 PID 4536 wrote to memory of 2608 4536 vjppj.exe 105 PID 2608 wrote to memory of 4848 2608 xfxlxrx.exe 106 PID 2608 wrote to memory of 4848 2608 xfxlxrx.exe 106 PID 2608 wrote to memory of 4848 2608 xfxlxrx.exe 106 PID 4848 wrote to memory of 2416 4848 1hnhhn.exe 107 PID 4848 wrote to memory of 2416 4848 1hnhhn.exe 107 PID 4848 wrote to memory of 2416 4848 1hnhhn.exe 107 PID 2416 wrote to memory of 1640 2416 lxllxxr.exe 108
Processes
-
C:\Users\Admin\AppData\Local\Temp\55f561719d8c1c230446d304a8dc6cc0_NEAS.exe"C:\Users\Admin\AppData\Local\Temp\55f561719d8c1c230446d304a8dc6cc0_NEAS.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4796 -
\??\c:\jpppp.exec:\jpppp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3540 -
\??\c:\flrrlll.exec:\flrrlll.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4280 -
\??\c:\bhthbt.exec:\bhthbt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4020 -
\??\c:\ppdvj.exec:\ppdvj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3848 -
\??\c:\bhthbt.exec:\bhthbt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4624 -
\??\c:\pppjv.exec:\pppjv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3492 -
\??\c:\bttnnn.exec:\bttnnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2372 -
\??\c:\llrrxrf.exec:\llrrxrf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3696 -
\??\c:\fxlfllr.exec:\fxlfllr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1008 -
\??\c:\bhnhbh.exec:\bhnhbh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1572 -
\??\c:\vpppj.exec:\vpppj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:916 -
\??\c:\xlrlllf.exec:\xlrlllf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1428 -
\??\c:\7hnhbn.exec:\7hnhbn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2392 -
\??\c:\jjvpv.exec:\jjvpv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4808 -
\??\c:\tnttnn.exec:\tnttnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4424 -
\??\c:\vpvvd.exec:\vpvvd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2196 -
\??\c:\rrfxllr.exec:\rrfxllr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3296 -
\??\c:\vjppj.exec:\vjppj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4536 -
\??\c:\xfxlxrx.exec:\xfxlxrx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2608 -
\??\c:\1hnhhn.exec:\1hnhhn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4848 -
\??\c:\lxllxxr.exec:\lxllxxr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2416 -
\??\c:\ppvvp.exec:\ppvvp.exe23⤵
- Executes dropped EXE
PID:1640 -
\??\c:\hbtnnt.exec:\hbtnnt.exe24⤵
- Executes dropped EXE
PID:5072 -
\??\c:\lrxrrlr.exec:\lrxrrlr.exe25⤵
- Executes dropped EXE
PID:1084 -
\??\c:\thbthh.exec:\thbthh.exe26⤵
- Executes dropped EXE
PID:4380 -
\??\c:\vjpjp.exec:\vjpjp.exe27⤵
- Executes dropped EXE
PID:3972 -
\??\c:\hhhbbb.exec:\hhhbbb.exe28⤵
- Executes dropped EXE
PID:3744 -
\??\c:\ntbbbb.exec:\ntbbbb.exe29⤵
- Executes dropped EXE
PID:3524 -
\??\c:\llfflll.exec:\llfflll.exe30⤵
- Executes dropped EXE
PID:3172 -
\??\c:\bttnnn.exec:\bttnnn.exe31⤵
- Executes dropped EXE
PID:4760 -
\??\c:\hhnttb.exec:\hhnttb.exe32⤵
- Executes dropped EXE
PID:5044 -
\??\c:\fflfxxx.exec:\fflfxxx.exe33⤵
- Executes dropped EXE
PID:2112 -
\??\c:\pvdvp.exec:\pvdvp.exe34⤵
- Executes dropped EXE
PID:4852 -
\??\c:\hhbthh.exec:\hhbthh.exe35⤵
- Executes dropped EXE
PID:3284 -
\??\c:\dvjpj.exec:\dvjpj.exe36⤵
- Executes dropped EXE
PID:5032 -
\??\c:\frxxxxx.exec:\frxxxxx.exe37⤵
- Executes dropped EXE
PID:3432 -
\??\c:\tnhbhh.exec:\tnhbhh.exe38⤵
- Executes dropped EXE
PID:632 -
\??\c:\rffrlfr.exec:\rffrlfr.exe39⤵
- Executes dropped EXE
PID:1256 -
\??\c:\btbttt.exec:\btbttt.exe40⤵
- Executes dropped EXE
PID:1220 -
\??\c:\xlrlffx.exec:\xlrlffx.exe41⤵
- Executes dropped EXE
PID:3904 -
\??\c:\3hbttt.exec:\3hbttt.exe42⤵
- Executes dropped EXE
PID:3608 -
\??\c:\pjvpd.exec:\pjvpd.exe43⤵
- Executes dropped EXE
PID:4608 -
\??\c:\xlrlfff.exec:\xlrlfff.exe44⤵
- Executes dropped EXE
PID:1904 -
\??\c:\nntttt.exec:\nntttt.exe45⤵
- Executes dropped EXE
PID:1096 -
\??\c:\1vpjd.exec:\1vpjd.exe46⤵
- Executes dropped EXE
PID:4508 -
\??\c:\3rfxlfl.exec:\3rfxlfl.exe47⤵
- Executes dropped EXE
PID:4908 -
\??\c:\9tbbtb.exec:\9tbbtb.exe48⤵
- Executes dropped EXE
PID:2728 -
\??\c:\dvdvv.exec:\dvdvv.exe49⤵
- Executes dropped EXE
PID:2760 -
\??\c:\fflrlll.exec:\fflrlll.exe50⤵
- Executes dropped EXE
PID:2536 -
\??\c:\tnbbbt.exec:\tnbbbt.exe51⤵
- Executes dropped EXE
PID:4100 -
\??\c:\vjjjd.exec:\vjjjd.exe52⤵
- Executes dropped EXE
PID:4420 -
\??\c:\lxffxxx.exec:\lxffxxx.exe53⤵
- Executes dropped EXE
PID:4640 -
\??\c:\hntnnn.exec:\hntnnn.exe54⤵
- Executes dropped EXE
PID:684 -
\??\c:\7jppj.exec:\7jppj.exe55⤵
- Executes dropped EXE
PID:2704 -
\??\c:\1tbbtt.exec:\1tbbtt.exe56⤵
- Executes dropped EXE
PID:2812 -
\??\c:\hhbthb.exec:\hhbthb.exe57⤵
- Executes dropped EXE
PID:2856 -
\??\c:\ppvpj.exec:\ppvpj.exe58⤵
- Executes dropped EXE
PID:3420 -
\??\c:\lflrllf.exec:\lflrllf.exe59⤵
- Executes dropped EXE
PID:4532 -
\??\c:\bbhhhn.exec:\bbhhhn.exe60⤵
- Executes dropped EXE
PID:1828 -
\??\c:\vdpjv.exec:\vdpjv.exe61⤵
- Executes dropped EXE
PID:2344 -
\??\c:\rxllffr.exec:\rxllffr.exe62⤵
- Executes dropped EXE
PID:3056 -
\??\c:\7fxxrrl.exec:\7fxxrrl.exe63⤵
- Executes dropped EXE
PID:2700 -
\??\c:\httnnn.exec:\httnnn.exe64⤵
- Executes dropped EXE
PID:2216 -
\??\c:\5pvvp.exec:\5pvvp.exe65⤵
- Executes dropped EXE
PID:4500 -
\??\c:\xrxlxlf.exec:\xrxlxlf.exe66⤵PID:3876
-
\??\c:\bhbthh.exec:\bhbthh.exe67⤵PID:4884
-
\??\c:\ppddp.exec:\ppddp.exe68⤵PID:780
-
\??\c:\pdvvd.exec:\pdvvd.exe69⤵PID:3688
-
\??\c:\tnnbth.exec:\tnnbth.exe70⤵PID:4564
-
\??\c:\7vvjd.exec:\7vvjd.exe71⤵PID:4088
-
\??\c:\ffxrrlf.exec:\ffxrrlf.exe72⤵PID:4776
-
\??\c:\tbnhbt.exec:\tbnhbt.exe73⤵PID:4188
-
\??\c:\nhhhhh.exec:\nhhhhh.exe74⤵PID:3972
-
\??\c:\jvvpj.exec:\jvvpj.exe75⤵PID:3744
-
\??\c:\lfrlrlf.exec:\lfrlrlf.exe76⤵PID:2948
-
\??\c:\bhtbnt.exec:\bhtbnt.exe77⤵PID:4120
-
\??\c:\vpdvv.exec:\vpdvv.exe78⤵PID:3088
-
\??\c:\9fxfxlf.exec:\9fxfxlf.exe79⤵PID:452
-
\??\c:\3tttnn.exec:\3tttnn.exe80⤵PID:2224
-
\??\c:\hbbttt.exec:\hbbttt.exe81⤵PID:4540
-
\??\c:\vpvpj.exec:\vpvpj.exe82⤵PID:3096
-
\??\c:\rfxrlll.exec:\rfxrlll.exe83⤵PID:1468
-
\??\c:\tnbnbt.exec:\tnbnbt.exe84⤵PID:632
-
\??\c:\jjdvd.exec:\jjdvd.exe85⤵PID:3080
-
\??\c:\3xrfrfr.exec:\3xrfrfr.exe86⤵PID:436
-
\??\c:\fxxrffx.exec:\fxxrffx.exe87⤵PID:868
-
\??\c:\ttbttn.exec:\ttbttn.exe88⤵PID:4624
-
\??\c:\lrxxrll.exec:\lrxxrll.exe89⤵PID:3988
-
\??\c:\hhnhhn.exec:\hhnhhn.exe90⤵PID:3584
-
\??\c:\hbhbnn.exec:\hbhbnn.exe91⤵PID:3980
-
\??\c:\fflrrrl.exec:\fflrrrl.exe92⤵PID:4780
-
\??\c:\ntnbth.exec:\ntnbth.exe93⤵PID:3188
-
\??\c:\tntnhn.exec:\tntnhn.exe94⤵PID:2260
-
\??\c:\5jddd.exec:\5jddd.exe95⤵PID:3140
-
\??\c:\lflffxx.exec:\lflffxx.exe96⤵PID:4684
-
\??\c:\7ddvp.exec:\7ddvp.exe97⤵PID:4928
-
\??\c:\lrrfxlf.exec:\lrrfxlf.exe98⤵PID:4996
-
\??\c:\xxflfrx.exec:\xxflfrx.exe99⤵PID:880
-
\??\c:\vpvjd.exec:\vpvjd.exe100⤵PID:4516
-
\??\c:\lxlffff.exec:\lxlffff.exe101⤵PID:1268
-
\??\c:\nnbbhh.exec:\nnbbhh.exe102⤵PID:4224
-
\??\c:\dvvvv.exec:\dvvvv.exe103⤵PID:3296
-
\??\c:\vpvpv.exec:\vpvpv.exe104⤵PID:540
-
\??\c:\7rlxlfx.exec:\7rlxlfx.exe105⤵PID:4536
-
\??\c:\nbthbn.exec:\nbthbn.exe106⤵PID:4488
-
\??\c:\vjppp.exec:\vjppp.exe107⤵PID:2984
-
\??\c:\fflfxxr.exec:\fflfxxr.exe108⤵PID:1644
-
\??\c:\1bnhbb.exec:\1bnhbb.exe109⤵PID:4888
-
\??\c:\bhhbtn.exec:\bhhbtn.exe110⤵PID:3264
-
\??\c:\vpvpj.exec:\vpvpj.exe111⤵PID:2460
-
\??\c:\fxrlffx.exec:\fxrlffx.exe112⤵PID:4064
-
\??\c:\9bnbhh.exec:\9bnbhh.exe113⤵PID:1084
-
\??\c:\vvvdj.exec:\vvvdj.exe114⤵PID:2620
-
\??\c:\rrxxffr.exec:\rrxxffr.exe115⤵PID:3012
-
\??\c:\hhhttn.exec:\hhhttn.exe116⤵PID:2672
-
\??\c:\xlrrllf.exec:\xlrrllf.exe117⤵PID:2476
-
\??\c:\tttnhh.exec:\tttnhh.exe118⤵PID:876
-
\??\c:\jpjjj.exec:\jpjjj.exe119⤵PID:3172
-
\??\c:\jjpvd.exec:\jjpvd.exe120⤵PID:5020
-
\??\c:\lfrlfrr.exec:\lfrlfrr.exe121⤵PID:2888
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-