Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
08/05/2024, 04:12
Behavioral task
behavioral1
Sample
eca27f580042b0bc46e1398089fadba984c5da2405c0a0106f12d8288f17bd2c.exe
Resource
win7-20240419-en
windows7-x64
6 signatures
150 seconds
General
-
Target
eca27f580042b0bc46e1398089fadba984c5da2405c0a0106f12d8288f17bd2c.exe
-
Size
186KB
-
MD5
79e29dd7c8731d199c8d6ab066fccbe2
-
SHA1
b8ff002065cee959e09ce6a79a560af82c7cd980
-
SHA256
eca27f580042b0bc46e1398089fadba984c5da2405c0a0106f12d8288f17bd2c
-
SHA512
4854b66065aa5f693c64a985ea2aba18f6e40b965c435b3fcebf48a8e3375702954e04bb1d83bc2c015f12c644719e0cfa87d6850ad1d8d7280fde8575e2ab26
-
SSDEEP
3072:3hOmTsF93UYfwC6GIoutw8YcvrqrE66kropO6BWlPFH4tw1D43eMRcm:3cm4FmowdHoSzhraHcpOFltH4twl43vf
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/3100-1-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3100-6-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4252-13-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3372-15-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/1736-20-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/1208-27-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/748-41-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/1676-49-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/5024-55-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4404-63-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2652-62-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3956-69-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4680-83-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3184-85-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4392-105-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3076-112-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/1520-118-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/1920-124-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4092-140-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2148-142-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3600-151-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2132-158-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/676-165-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2548-160-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2764-184-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4836-180-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4740-193-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3784-172-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3744-197-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/1708-210-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3964-213-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3732-220-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2980-224-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4812-229-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4604-238-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/1428-243-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3972-249-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3096-257-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4268-273-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4304-274-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/680-282-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/384-295-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3324-301-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3488-311-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3600-330-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/1500-367-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4328-380-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2772-411-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3104-416-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4556-425-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2580-435-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/1224-442-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4292-446-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3368-472-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4964-490-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/676-511-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4476-543-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4932-574-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/1480-593-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2428-597-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/708-631-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/3372-669-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/4080-770-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon behavioral2/memory/2088-779-0x0000000000400000-0x0000000000432000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/3100-1-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x000c000000023b52-2.dat UPX behavioral2/memory/3100-6-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/memory/4252-7-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x000b000000023bae-10.dat UPX behavioral2/memory/4252-13-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/memory/3372-15-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x000a000000023baf-14.dat UPX behavioral2/memory/1736-20-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x000a000000023bb0-24.dat UPX behavioral2/memory/1208-27-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x000a000000023bb1-29.dat UPX behavioral2/files/0x000a000000023bb2-34.dat UPX behavioral2/memory/748-41-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x000a000000023bb4-39.dat UPX behavioral2/memory/1676-43-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x0031000000023bb5-47.dat UPX behavioral2/memory/1676-49-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/memory/5024-50-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/memory/5024-55-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x0031000000023bb6-56.dat UPX behavioral2/files/0x0031000000023bb7-59.dat UPX behavioral2/memory/4404-63-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/memory/2652-62-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x000a000000023bb8-67.dat UPX behavioral2/memory/3956-69-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x000a000000023bb9-72.dat UPX behavioral2/files/0x000a000000023bba-78.dat UPX behavioral2/files/0x000a000000023bbb-81.dat UPX behavioral2/memory/4680-83-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/memory/3184-85-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x000a000000023bbc-88.dat UPX behavioral2/files/0x000a000000023bbd-95.dat UPX behavioral2/files/0x000a000000023bbe-98.dat UPX behavioral2/files/0x000a000000023bbf-103.dat UPX behavioral2/memory/4392-105-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x000a000000023bc0-109.dat UPX behavioral2/memory/3076-112-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x000a000000023bc1-115.dat UPX behavioral2/memory/1520-118-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x000a000000023bc2-121.dat UPX behavioral2/memory/1920-124-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x000c000000023bac-128.dat UPX behavioral2/files/0x000a000000023bc3-132.dat UPX behavioral2/memory/4092-140-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x000a000000023bc5-137.dat UPX behavioral2/files/0x000a000000023bc6-144.dat UPX behavioral2/memory/2148-142-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x000a000000023bc7-149.dat UPX behavioral2/memory/3600-151-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/memory/2132-158-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x000a000000023bc9-164.dat UPX behavioral2/files/0x000a000000023bc8-157.dat UPX behavioral2/memory/676-165-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/memory/2548-160-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x000a000000023bcc-182.dat UPX behavioral2/memory/2764-184-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/memory/4836-180-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x000a000000023bcb-175.dat UPX behavioral2/files/0x000a000000023bcd-187.dat UPX behavioral2/memory/4740-193-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/files/0x000a000000023bca-169.dat UPX behavioral2/memory/3784-172-0x0000000000400000-0x0000000000432000-memory.dmp UPX behavioral2/memory/3744-197-0x0000000000400000-0x0000000000432000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 4252 httbnn.exe 3372 5lrrllx.exe 1736 ttnnhn.exe 1208 pjdvp.exe 3284 5hnhbb.exe 748 5jpjd.exe 1676 rrlfxfx.exe 5024 thbbbt.exe 2652 rrfxxxr.exe 4404 tttttt.exe 3956 ttbhnn.exe 4556 xffxrxr.exe 4680 9hhbtt.exe 3184 9vdvd.exe 5072 pjpvv.exe 4160 frfxrll.exe 4392 tnnhbb.exe 3076 vjvpj.exe 1520 fflxrrl.exe 3488 thtnnn.exe 1920 vdjjv.exe 1700 3flfxxr.exe 4092 1bnnnt.exe 2148 rrrfxrl.exe 3600 xllrxff.exe 2132 vvdvv.exe 2548 xrxffff.exe 676 lfrrlrr.exe 3784 bnbbtb.exe 4836 rlrlfff.exe 2764 llllfrr.exe 4636 3ntttb.exe 4740 fxxrflf.exe 3744 lflffxx.exe 4676 nnbtbb.exe 4588 pppvp.exe 4332 5lxxlll.exe 1708 fflffxr.exe 3964 hhtbth.exe 3732 7bhbbb.exe 2980 7vvpj.exe 3084 xlrrrrr.exe 4812 xrrrflf.exe 4820 ttbhhn.exe 1444 tttbhh.exe 4604 jvjdj.exe 1428 7vddd.exe 3972 xrlffxx.exe 5036 hbnttt.exe 1484 tthbtt.exe 3096 ppvpp.exe 1628 vjjjd.exe 3956 vdpjj.exe 3832 xlrfxfx.exe 4268 htbbbb.exe 4304 bthbnn.exe 3184 1ddvp.exe 680 llfrrrr.exe 1304 xlflllf.exe 4788 thnnnh.exe 2428 nbbttn.exe 384 5pvvp.exe 3324 5jddv.exe 900 fxlfffr.exe -
resource yara_rule behavioral2/memory/3100-1-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x000c000000023b52-2.dat upx behavioral2/memory/3100-6-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/memory/4252-7-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x000b000000023bae-10.dat upx behavioral2/memory/4252-13-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/memory/3372-15-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x000a000000023baf-14.dat upx behavioral2/memory/1736-20-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x000a000000023bb0-24.dat upx behavioral2/memory/1208-27-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x000a000000023bb1-29.dat upx behavioral2/files/0x000a000000023bb2-34.dat upx behavioral2/memory/748-41-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x000a000000023bb4-39.dat upx behavioral2/memory/1676-43-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x0031000000023bb5-47.dat upx behavioral2/memory/1676-49-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/memory/5024-50-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/memory/5024-55-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x0031000000023bb6-56.dat upx behavioral2/files/0x0031000000023bb7-59.dat upx behavioral2/memory/4404-63-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/memory/2652-62-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x000a000000023bb8-67.dat upx behavioral2/memory/3956-69-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x000a000000023bb9-72.dat upx behavioral2/files/0x000a000000023bba-78.dat upx behavioral2/files/0x000a000000023bbb-81.dat upx behavioral2/memory/4680-83-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/memory/3184-85-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x000a000000023bbc-88.dat upx behavioral2/files/0x000a000000023bbd-95.dat upx behavioral2/files/0x000a000000023bbe-98.dat upx behavioral2/files/0x000a000000023bbf-103.dat upx behavioral2/memory/4392-105-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x000a000000023bc0-109.dat upx behavioral2/memory/3076-112-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x000a000000023bc1-115.dat upx behavioral2/memory/1520-118-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x000a000000023bc2-121.dat upx behavioral2/memory/1920-124-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x000c000000023bac-128.dat upx behavioral2/files/0x000a000000023bc3-132.dat upx behavioral2/memory/4092-140-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x000a000000023bc5-137.dat upx behavioral2/files/0x000a000000023bc6-144.dat upx behavioral2/memory/2148-142-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x000a000000023bc7-149.dat upx behavioral2/memory/3600-151-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/memory/2132-158-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x000a000000023bc9-164.dat upx behavioral2/files/0x000a000000023bc8-157.dat upx behavioral2/memory/676-165-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/memory/2548-160-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x000a000000023bcc-182.dat upx behavioral2/memory/2764-184-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/memory/4836-180-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x000a000000023bcb-175.dat upx behavioral2/files/0x000a000000023bcd-187.dat upx behavioral2/memory/4740-193-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/files/0x000a000000023bca-169.dat upx behavioral2/memory/3784-172-0x0000000000400000-0x0000000000432000-memory.dmp upx behavioral2/memory/3744-197-0x0000000000400000-0x0000000000432000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3100 wrote to memory of 4252 3100 eca27f580042b0bc46e1398089fadba984c5da2405c0a0106f12d8288f17bd2c.exe 84 PID 3100 wrote to memory of 4252 3100 eca27f580042b0bc46e1398089fadba984c5da2405c0a0106f12d8288f17bd2c.exe 84 PID 3100 wrote to memory of 4252 3100 eca27f580042b0bc46e1398089fadba984c5da2405c0a0106f12d8288f17bd2c.exe 84 PID 4252 wrote to memory of 3372 4252 httbnn.exe 85 PID 4252 wrote to memory of 3372 4252 httbnn.exe 85 PID 4252 wrote to memory of 3372 4252 httbnn.exe 85 PID 3372 wrote to memory of 1736 3372 5lrrllx.exe 86 PID 3372 wrote to memory of 1736 3372 5lrrllx.exe 86 PID 3372 wrote to memory of 1736 3372 5lrrllx.exe 86 PID 1736 wrote to memory of 1208 1736 ttnnhn.exe 87 PID 1736 wrote to memory of 1208 1736 ttnnhn.exe 87 PID 1736 wrote to memory of 1208 1736 ttnnhn.exe 87 PID 1208 wrote to memory of 3284 1208 pjdvp.exe 88 PID 1208 wrote to memory of 3284 1208 pjdvp.exe 88 PID 1208 wrote to memory of 3284 1208 pjdvp.exe 88 PID 3284 wrote to memory of 748 3284 5hnhbb.exe 89 PID 3284 wrote to memory of 748 3284 5hnhbb.exe 89 PID 3284 wrote to memory of 748 3284 5hnhbb.exe 89 PID 748 wrote to memory of 1676 748 5jpjd.exe 90 PID 748 wrote to memory of 1676 748 5jpjd.exe 90 PID 748 wrote to memory of 1676 748 5jpjd.exe 90 PID 1676 wrote to memory of 5024 1676 rrlfxfx.exe 91 PID 1676 wrote to memory of 5024 1676 rrlfxfx.exe 91 PID 1676 wrote to memory of 5024 1676 rrlfxfx.exe 91 PID 5024 wrote to memory of 2652 5024 thbbbt.exe 92 PID 5024 wrote to memory of 2652 5024 thbbbt.exe 92 PID 5024 wrote to memory of 2652 5024 thbbbt.exe 92 PID 2652 wrote to memory of 4404 2652 rrfxxxr.exe 93 PID 2652 wrote to memory of 4404 2652 rrfxxxr.exe 93 PID 2652 wrote to memory of 4404 2652 rrfxxxr.exe 93 PID 4404 wrote to memory of 3956 4404 tttttt.exe 94 PID 4404 wrote to memory of 3956 4404 tttttt.exe 94 PID 4404 wrote to memory of 3956 4404 tttttt.exe 94 PID 3956 wrote to memory of 4556 3956 ttbhnn.exe 96 PID 3956 wrote to memory of 4556 3956 ttbhnn.exe 96 PID 3956 wrote to memory of 4556 3956 ttbhnn.exe 96 PID 4556 wrote to memory of 4680 4556 xffxrxr.exe 97 PID 4556 wrote to memory of 4680 4556 xffxrxr.exe 97 PID 4556 wrote to memory of 4680 4556 xffxrxr.exe 97 PID 4680 wrote to memory of 3184 4680 9hhbtt.exe 98 PID 4680 wrote to memory of 3184 4680 9hhbtt.exe 98 PID 4680 wrote to memory of 3184 4680 9hhbtt.exe 98 PID 3184 wrote to memory of 5072 3184 9vdvd.exe 99 PID 3184 wrote to memory of 5072 3184 9vdvd.exe 99 PID 3184 wrote to memory of 5072 3184 9vdvd.exe 99 PID 5072 wrote to memory of 4160 5072 pjpvv.exe 100 PID 5072 wrote to memory of 4160 5072 pjpvv.exe 100 PID 5072 wrote to memory of 4160 5072 pjpvv.exe 100 PID 4160 wrote to memory of 4392 4160 frfxrll.exe 101 PID 4160 wrote to memory of 4392 4160 frfxrll.exe 101 PID 4160 wrote to memory of 4392 4160 frfxrll.exe 101 PID 4392 wrote to memory of 3076 4392 tnnhbb.exe 102 PID 4392 wrote to memory of 3076 4392 tnnhbb.exe 102 PID 4392 wrote to memory of 3076 4392 tnnhbb.exe 102 PID 3076 wrote to memory of 1520 3076 vjvpj.exe 104 PID 3076 wrote to memory of 1520 3076 vjvpj.exe 104 PID 3076 wrote to memory of 1520 3076 vjvpj.exe 104 PID 1520 wrote to memory of 3488 1520 fflxrrl.exe 105 PID 1520 wrote to memory of 3488 1520 fflxrrl.exe 105 PID 1520 wrote to memory of 3488 1520 fflxrrl.exe 105 PID 3488 wrote to memory of 1920 3488 thtnnn.exe 106 PID 3488 wrote to memory of 1920 3488 thtnnn.exe 106 PID 3488 wrote to memory of 1920 3488 thtnnn.exe 106 PID 1920 wrote to memory of 1700 1920 vdjjv.exe 107
Processes
-
C:\Users\Admin\AppData\Local\Temp\eca27f580042b0bc46e1398089fadba984c5da2405c0a0106f12d8288f17bd2c.exe"C:\Users\Admin\AppData\Local\Temp\eca27f580042b0bc46e1398089fadba984c5da2405c0a0106f12d8288f17bd2c.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3100 -
\??\c:\httbnn.exec:\httbnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4252 -
\??\c:\5lrrllx.exec:\5lrrllx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3372 -
\??\c:\ttnnhn.exec:\ttnnhn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1736 -
\??\c:\pjdvp.exec:\pjdvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1208 -
\??\c:\5hnhbb.exec:\5hnhbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3284 -
\??\c:\5jpjd.exec:\5jpjd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:748 -
\??\c:\rrlfxfx.exec:\rrlfxfx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1676 -
\??\c:\thbbbt.exec:\thbbbt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5024 -
\??\c:\rrfxxxr.exec:\rrfxxxr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2652 -
\??\c:\tttttt.exec:\tttttt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4404 -
\??\c:\ttbhnn.exec:\ttbhnn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3956 -
\??\c:\xffxrxr.exec:\xffxrxr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4556 -
\??\c:\9hhbtt.exec:\9hhbtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4680 -
\??\c:\9vdvd.exec:\9vdvd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3184 -
\??\c:\pjpvv.exec:\pjpvv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5072 -
\??\c:\frfxrll.exec:\frfxrll.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4160 -
\??\c:\tnnhbb.exec:\tnnhbb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4392 -
\??\c:\vjvpj.exec:\vjvpj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3076 -
\??\c:\fflxrrl.exec:\fflxrrl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1520 -
\??\c:\thtnnn.exec:\thtnnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3488 -
\??\c:\vdjjv.exec:\vdjjv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1920 -
\??\c:\3flfxxr.exec:\3flfxxr.exe23⤵
- Executes dropped EXE
PID:1700 -
\??\c:\1bnnnt.exec:\1bnnnt.exe24⤵
- Executes dropped EXE
PID:4092 -
\??\c:\rrrfxrl.exec:\rrrfxrl.exe25⤵
- Executes dropped EXE
PID:2148 -
\??\c:\xllrxff.exec:\xllrxff.exe26⤵
- Executes dropped EXE
PID:3600 -
\??\c:\vvdvv.exec:\vvdvv.exe27⤵
- Executes dropped EXE
PID:2132 -
\??\c:\xrxffff.exec:\xrxffff.exe28⤵
- Executes dropped EXE
PID:2548 -
\??\c:\lfrrlrr.exec:\lfrrlrr.exe29⤵
- Executes dropped EXE
PID:676 -
\??\c:\bnbbtb.exec:\bnbbtb.exe30⤵
- Executes dropped EXE
PID:3784 -
\??\c:\rlrlfff.exec:\rlrlfff.exe31⤵
- Executes dropped EXE
PID:4836 -
\??\c:\llllfrr.exec:\llllfrr.exe32⤵
- Executes dropped EXE
PID:2764 -
\??\c:\3ntttb.exec:\3ntttb.exe33⤵
- Executes dropped EXE
PID:4636 -
\??\c:\fxxrflf.exec:\fxxrflf.exe34⤵
- Executes dropped EXE
PID:4740 -
\??\c:\lflffxx.exec:\lflffxx.exe35⤵
- Executes dropped EXE
PID:3744 -
\??\c:\nnbtbb.exec:\nnbtbb.exe36⤵
- Executes dropped EXE
PID:4676 -
\??\c:\pppvp.exec:\pppvp.exe37⤵
- Executes dropped EXE
PID:4588 -
\??\c:\5lxxlll.exec:\5lxxlll.exe38⤵
- Executes dropped EXE
PID:4332 -
\??\c:\fflffxr.exec:\fflffxr.exe39⤵
- Executes dropped EXE
PID:1708 -
\??\c:\hhtbth.exec:\hhtbth.exe40⤵
- Executes dropped EXE
PID:3964 -
\??\c:\7bhbbb.exec:\7bhbbb.exe41⤵
- Executes dropped EXE
PID:3732 -
\??\c:\7vvpj.exec:\7vvpj.exe42⤵
- Executes dropped EXE
PID:2980 -
\??\c:\xlrrrrr.exec:\xlrrrrr.exe43⤵
- Executes dropped EXE
PID:3084 -
\??\c:\xrrrflf.exec:\xrrrflf.exe44⤵
- Executes dropped EXE
PID:4812 -
\??\c:\ttbhhn.exec:\ttbhhn.exe45⤵
- Executes dropped EXE
PID:4820 -
\??\c:\tttbhh.exec:\tttbhh.exe46⤵
- Executes dropped EXE
PID:1444 -
\??\c:\jvjdj.exec:\jvjdj.exe47⤵
- Executes dropped EXE
PID:4604 -
\??\c:\7vddd.exec:\7vddd.exe48⤵
- Executes dropped EXE
PID:1428 -
\??\c:\xrlffxx.exec:\xrlffxx.exe49⤵
- Executes dropped EXE
PID:3972 -
\??\c:\hbnttt.exec:\hbnttt.exe50⤵
- Executes dropped EXE
PID:5036 -
\??\c:\tthbtt.exec:\tthbtt.exe51⤵
- Executes dropped EXE
PID:1484 -
\??\c:\ppvpp.exec:\ppvpp.exe52⤵
- Executes dropped EXE
PID:3096 -
\??\c:\vjjjd.exec:\vjjjd.exe53⤵
- Executes dropped EXE
PID:1628 -
\??\c:\vdpjj.exec:\vdpjj.exe54⤵
- Executes dropped EXE
PID:3956 -
\??\c:\xlrfxfx.exec:\xlrfxfx.exe55⤵
- Executes dropped EXE
PID:3832 -
\??\c:\htbbbb.exec:\htbbbb.exe56⤵
- Executes dropped EXE
PID:4268 -
\??\c:\bthbnn.exec:\bthbnn.exe57⤵
- Executes dropped EXE
PID:4304 -
\??\c:\1ddvp.exec:\1ddvp.exe58⤵
- Executes dropped EXE
PID:3184 -
\??\c:\llfrrrr.exec:\llfrrrr.exe59⤵
- Executes dropped EXE
PID:680 -
\??\c:\xlflllf.exec:\xlflllf.exe60⤵
- Executes dropped EXE
PID:1304 -
\??\c:\thnnnh.exec:\thnnnh.exe61⤵
- Executes dropped EXE
PID:4788 -
\??\c:\nbbttn.exec:\nbbttn.exe62⤵
- Executes dropped EXE
PID:2428 -
\??\c:\5pvvp.exec:\5pvvp.exe63⤵
- Executes dropped EXE
PID:384 -
\??\c:\5jddv.exec:\5jddv.exe64⤵
- Executes dropped EXE
PID:3324 -
\??\c:\fxlfffr.exec:\fxlfffr.exe65⤵
- Executes dropped EXE
PID:900 -
\??\c:\xxfrlxr.exec:\xxfrlxr.exe66⤵PID:944
-
\??\c:\hbhhhh.exec:\hbhhhh.exe67⤵PID:3488
-
\??\c:\tthhhb.exec:\tthhhb.exe68⤵PID:2752
-
\??\c:\dpddj.exec:\dpddj.exe69⤵PID:1344
-
\??\c:\pjddv.exec:\pjddv.exe70⤵PID:3476
-
\??\c:\xxxxflr.exec:\xxxxflr.exe71⤵PID:5068
-
\??\c:\fxrlllf.exec:\fxrlllf.exe72⤵PID:4964
-
\??\c:\ttnnnn.exec:\ttnnnn.exe73⤵PID:3600
-
\??\c:\hhbhnt.exec:\hhbhnt.exe74⤵PID:208
-
\??\c:\vpvpp.exec:\vpvpp.exe75⤵PID:3440
-
\??\c:\dvddd.exec:\dvddd.exe76⤵PID:4984
-
\??\c:\3lllfff.exec:\3lllfff.exe77⤵PID:2572
-
\??\c:\frrlffx.exec:\frrlffx.exe78⤵PID:4484
-
\??\c:\ttbbnb.exec:\ttbbnb.exe79⤵PID:3652
-
\??\c:\thbbhh.exec:\thbbhh.exe80⤵PID:2480
-
\??\c:\jpvvp.exec:\jpvvp.exe81⤵PID:3860
-
\??\c:\9lrlrxf.exec:\9lrlrxf.exe82⤵PID:768
-
\??\c:\xrxrlrx.exec:\xrxrlrx.exe83⤵PID:3220
-
\??\c:\bhtbhn.exec:\bhtbhn.exe84⤵PID:3132
-
\??\c:\flffllx.exec:\flffllx.exe85⤵PID:1500
-
\??\c:\bbnbtt.exec:\bbnbtt.exe86⤵PID:2744
-
\??\c:\pjdjj.exec:\pjdjj.exe87⤵PID:4768
-
\??\c:\vpvvv.exec:\vpvvv.exe88⤵PID:4316
-
\??\c:\lffxlrr.exec:\lffxlrr.exe89⤵PID:4328
-
\??\c:\7nnnnn.exec:\7nnnnn.exe90⤵PID:1560
-
\??\c:\3vddv.exec:\3vddv.exe91⤵PID:3468
-
\??\c:\ddjjj.exec:\ddjjj.exe92⤵PID:2992
-
\??\c:\rlrlllf.exec:\rlrlllf.exe93⤵PID:4236
-
\??\c:\1hbbhh.exec:\1hbbhh.exe94⤵PID:3608
-
\??\c:\1tnhbb.exec:\1tnhbb.exe95⤵PID:396
-
\??\c:\pdjdv.exec:\pdjdv.exe96⤵PID:2576
-
\??\c:\pdjdd.exec:\pdjdd.exe97⤵PID:452
-
\??\c:\5xffrfx.exec:\5xffrfx.exe98⤵PID:2552
-
\??\c:\fxxrrlf.exec:\fxxrrlf.exe99⤵PID:2772
-
\??\c:\bnnhtn.exec:\bnnhtn.exe100⤵PID:1876
-
\??\c:\vpjvv.exec:\vpjvv.exe101⤵PID:3104
-
\??\c:\dvvpj.exec:\dvvpj.exe102⤵PID:4928
-
\??\c:\rlfxrrl.exec:\rlfxrrl.exe103⤵PID:2888
-
\??\c:\bhnhbb.exec:\bhnhbb.exe104⤵PID:4556
-
\??\c:\5ttnbb.exec:\5ttnbb.exe105⤵PID:2444
-
\??\c:\vddvv.exec:\vddvv.exe106⤵PID:2580
-
\??\c:\vjppj.exec:\vjppj.exe107⤵PID:4672
-
\??\c:\lrrlxxr.exec:\lrrlxxr.exe108⤵PID:1224
-
\??\c:\llrlxxl.exec:\llrlxxl.exe109⤵PID:4292
-
\??\c:\btttbh.exec:\btttbh.exe110⤵PID:2496
-
\??\c:\vpjjd.exec:\vpjjd.exe111⤵PID:4908
-
\??\c:\vvvpp.exec:\vvvpp.exe112⤵PID:1544
-
\??\c:\ffllxxl.exec:\ffllxxl.exe113⤵PID:4944
-
\??\c:\fflfxfx.exec:\fflfxfx.exe114⤵PID:4848
-
\??\c:\tntntb.exec:\tntntb.exe115⤵PID:1288
-
\??\c:\htnnhb.exec:\htnnhb.exe116⤵PID:392
-
\??\c:\jvvpj.exec:\jvvpj.exe117⤵PID:3368
-
\??\c:\ffxrllf.exec:\ffxrllf.exe118⤵PID:1700
-
\??\c:\bthbtt.exec:\bthbtt.exe119⤵PID:3916
-
\??\c:\jvvvp.exec:\jvvvp.exe120⤵PID:4092
-
\??\c:\jvjdv.exec:\jvjdv.exe121⤵PID:4272
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-