Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
09/05/2024, 23:13
Behavioral task
behavioral1
Sample
7a072a4df9ecca6f7e3d4952cab616dd745601fcf4098aa04acf8f90e76de3c0.exe
Resource
win7-20240220-en
windows7-x64
6 signatures
150 seconds
General
-
Target
7a072a4df9ecca6f7e3d4952cab616dd745601fcf4098aa04acf8f90e76de3c0.exe
-
Size
441KB
-
MD5
f02f73a168e46e1199b9a90d10aafd42
-
SHA1
7fe494d271a5f482c5e4c7c2073d9a489ab0c2ce
-
SHA256
7a072a4df9ecca6f7e3d4952cab616dd745601fcf4098aa04acf8f90e76de3c0
-
SHA512
82a470adc968adf8c4c1da8e04c8b764b8a7cd2590ac8fbee45ec65ef167314179593b887a00b058f419da5baac17df3db95613031369a18e5f32652c9a15d89
-
SSDEEP
12288:M4wFHoSpg4wFHonR/nPF2LnFL4wF04wFK4wFK4wluy:UrR/nPp
Malware Config
Signatures
-
Detect Blackmoon payload 54 IoCs
resource yara_rule behavioral1/memory/1628-105-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/1600-155-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2492-183-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/1540-320-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2484-335-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2684-422-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2624-533-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2776-514-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2444-471-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/1744-463-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/608-455-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/336-447-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2120-439-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2768-431-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2768-425-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/776-424-0x0000000000220000-0x00000000002AC000-memory.dmp family_blackmoon behavioral1/memory/2684-419-0x0000000000230000-0x00000000002BC000-memory.dmp family_blackmoon behavioral1/memory/344-412-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/344-407-0x0000000001CC0000-0x0000000001D4C000-memory.dmp family_blackmoon behavioral1/memory/344-406-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/276-403-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2300-394-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/776-384-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/1468-375-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/1664-367-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/1664-366-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/1736-359-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/1736-358-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2160-351-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2508-343-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2540-327-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2000-287-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2820-276-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2820-275-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2276-268-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/820-257-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/1804-246-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/1848-200-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2908-181-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2040-172-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/1576-145-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/1152-114-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/1628-96-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/1536-94-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2456-86-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/1736-76-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2160-66-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2696-56-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2648-47-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2600-30-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2544-28-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2856-17-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2856-10-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/1640-8-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral1/memory/2544-20-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/files/0x0007000000015d85-36.dat UPX behavioral1/files/0x0007000000015d9c-48.dat UPX behavioral1/files/0x0007000000016122-68.dat UPX behavioral1/files/0x0007000000016ce0-78.dat UPX behavioral1/files/0x0006000000016ced-87.dat UPX behavioral1/files/0x0006000000016cf3-97.dat UPX behavioral1/files/0x0006000000016cfd-106.dat UPX behavioral1/memory/1628-105-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/files/0x0006000000016d18-134.dat UPX behavioral1/memory/1600-155-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/files/0x0006000000016d31-163.dat UPX behavioral1/memory/2492-183-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/files/0x0006000000016da9-192.dat UPX behavioral1/files/0x0006000000016e56-201.dat UPX behavioral1/files/0x0006000000016f7e-209.dat UPX behavioral1/files/0x000600000001738c-238.dat UPX behavioral1/files/0x0030000000015d21-259.dat UPX behavioral1/files/0x00060000000173df-279.dat UPX behavioral1/memory/1540-320-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/2484-335-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/2160-344-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/776-377-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/2300-386-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/2684-422-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/2120-432-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/336-440-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/2444-471-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/1744-463-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/1744-456-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/608-455-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/336-447-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/2120-439-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/2768-431-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/2768-425-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/344-412-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/344-407-0x0000000001CC0000-0x0000000001D4C000-memory.dmp UPX behavioral1/memory/344-406-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/276-403-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/2300-394-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/776-384-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/1468-375-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/1664-367-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/1736-359-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/2160-351-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/2508-343-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/2508-336-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/2484-328-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/2540-327-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/files/0x0006000000017472-304.dat UPX behavioral1/files/0x000600000001745d-297.dat UPX behavioral1/memory/1948-296-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/files/0x00060000000173e7-288.dat UPX behavioral1/memory/2000-287-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/2000-278-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/2820-276-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/files/0x00060000000173dc-269.dat UPX behavioral1/memory/2276-268-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/2276-258-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/820-257-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/files/0x00060000000173c5-248.dat UPX behavioral1/memory/1804-246-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/files/0x000600000001737e-228.dat UPX behavioral1/memory/704-227-0x0000000000400000-0x000000000048C000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 2856 vpvdj.exe 2544 5xrxrxl.exe 2600 bbhbbb.exe 2648 nbnhhn.exe 2696 jvvdj.exe 2160 rlfflrf.exe 1736 5tbbbh.exe 2456 vpdpd.exe 1536 7xllllr.exe 1628 xlxlffx.exe 1152 9ppdd.exe 1360 1xfxxxx.exe 2140 tnhbhn.exe 1692 tnhnbb.exe 1576 vpvdj.exe 1600 djjdd.exe 1608 1rxlrff.exe 2040 bthhnn.exe 2908 htbttn.exe 2492 jdjpp.exe 1848 1xrlrxx.exe 608 7bnntt.exe 1592 1dvdj.exe 2384 vvppv.exe 704 rlllrlx.exe 1804 tbnhnh.exe 820 9fxfffl.exe 2276 btntbb.exe 2820 9vjpv.exe 2000 9xxxfrf.exe 912 bbhttt.exe 1948 djpdp.exe 2856 lfrxxrr.exe 1540 9thnbb.exe 2540 jvdjp.exe 2484 9ffrffx.exe 2508 rlfrxlf.exe 2160 3nhnnn.exe 1736 pdpjj.exe 1664 fxrxlxl.exe 1468 3hbbhh.exe 776 jdpdd.exe 2300 fxxxfxr.exe 276 1lfflxl.exe 344 vdppv.exe 2684 7lflrxl.exe 2768 nnhhbb.exe 2120 dvddj.exe 336 nththn.exe 608 1hhhnt.exe 1744 3ppjp.exe 2444 xlxxxxf.exe 556 htnntt.exe 1160 vvjpv.exe 2244 lxfxffx.exe 2916 xffrffr.exe 1960 nnhthn.exe 2776 3tnthh.exe 2624 frllllr.exe 2600 bbbbtt.exe 2592 vpjpj.exe 2448 jvjpv.exe 2796 lllxrlx.exe 2236 7bnntt.exe -
resource yara_rule behavioral1/memory/1640-0-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/2544-20-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/files/0x0007000000015d85-36.dat upx behavioral1/files/0x0007000000015d9c-48.dat upx behavioral1/files/0x0007000000016122-68.dat upx behavioral1/memory/1736-67-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/files/0x0007000000016ce0-78.dat upx behavioral1/files/0x0006000000016ced-87.dat upx behavioral1/files/0x0006000000016cf3-97.dat upx behavioral1/files/0x0006000000016cfd-106.dat upx behavioral1/memory/1628-105-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/files/0x0006000000016d18-134.dat upx behavioral1/memory/1600-155-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/files/0x0006000000016d31-163.dat upx behavioral1/memory/2492-183-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/files/0x0006000000016da9-192.dat upx behavioral1/files/0x0006000000016e56-201.dat upx behavioral1/files/0x0006000000016f7e-209.dat upx behavioral1/memory/608-207-0x0000000001D40000-0x0000000001DCC000-memory.dmp upx behavioral1/files/0x000600000001738c-238.dat upx behavioral1/files/0x0030000000015d21-259.dat upx behavioral1/files/0x00060000000173df-279.dat upx behavioral1/memory/1540-320-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/2484-335-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/2160-344-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/1736-352-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/1664-360-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/1468-368-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/776-377-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/2300-386-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/276-395-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/2684-413-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/2684-422-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/2120-432-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/336-440-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/556-472-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/2444-471-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/2444-464-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/1744-463-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/1744-456-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/608-455-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/608-448-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/336-447-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/2120-439-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/2768-431-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/2768-425-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/344-412-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/344-407-0x0000000001CC0000-0x0000000001D4C000-memory.dmp upx behavioral1/memory/344-406-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/276-403-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/276-398-0x0000000000220000-0x00000000002AC000-memory.dmp upx behavioral1/memory/2300-394-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/776-384-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/1468-375-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/1664-367-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/1736-359-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/2160-351-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/2160-350-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/2508-343-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/2508-336-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/2484-328-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/2540-327-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/2856-306-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/files/0x0006000000017472-304.dat upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1640 wrote to memory of 2856 1640 7a072a4df9ecca6f7e3d4952cab616dd745601fcf4098aa04acf8f90e76de3c0.exe 28 PID 1640 wrote to memory of 2856 1640 7a072a4df9ecca6f7e3d4952cab616dd745601fcf4098aa04acf8f90e76de3c0.exe 28 PID 1640 wrote to memory of 2856 1640 7a072a4df9ecca6f7e3d4952cab616dd745601fcf4098aa04acf8f90e76de3c0.exe 28 PID 1640 wrote to memory of 2856 1640 7a072a4df9ecca6f7e3d4952cab616dd745601fcf4098aa04acf8f90e76de3c0.exe 28 PID 2856 wrote to memory of 2544 2856 vpvdj.exe 29 PID 2856 wrote to memory of 2544 2856 vpvdj.exe 29 PID 2856 wrote to memory of 2544 2856 vpvdj.exe 29 PID 2856 wrote to memory of 2544 2856 vpvdj.exe 29 PID 2544 wrote to memory of 2600 2544 5xrxrxl.exe 30 PID 2544 wrote to memory of 2600 2544 5xrxrxl.exe 30 PID 2544 wrote to memory of 2600 2544 5xrxrxl.exe 30 PID 2544 wrote to memory of 2600 2544 5xrxrxl.exe 30 PID 2600 wrote to memory of 2648 2600 bbhbbb.exe 31 PID 2600 wrote to memory of 2648 2600 bbhbbb.exe 31 PID 2600 wrote to memory of 2648 2600 bbhbbb.exe 31 PID 2600 wrote to memory of 2648 2600 bbhbbb.exe 31 PID 2648 wrote to memory of 2696 2648 nbnhhn.exe 32 PID 2648 wrote to memory of 2696 2648 nbnhhn.exe 32 PID 2648 wrote to memory of 2696 2648 nbnhhn.exe 32 PID 2648 wrote to memory of 2696 2648 nbnhhn.exe 32 PID 2696 wrote to memory of 2160 2696 jvvdj.exe 33 PID 2696 wrote to memory of 2160 2696 jvvdj.exe 33 PID 2696 wrote to memory of 2160 2696 jvvdj.exe 33 PID 2696 wrote to memory of 2160 2696 jvvdj.exe 33 PID 2160 wrote to memory of 1736 2160 rlfflrf.exe 34 PID 2160 wrote to memory of 1736 2160 rlfflrf.exe 34 PID 2160 wrote to memory of 1736 2160 rlfflrf.exe 34 PID 2160 wrote to memory of 1736 2160 rlfflrf.exe 34 PID 1736 wrote to memory of 2456 1736 5tbbbh.exe 35 PID 1736 wrote to memory of 2456 1736 5tbbbh.exe 35 PID 1736 wrote to memory of 2456 1736 5tbbbh.exe 35 PID 1736 wrote to memory of 2456 1736 5tbbbh.exe 35 PID 2456 wrote to memory of 1536 2456 vpdpd.exe 36 PID 2456 wrote to memory of 1536 2456 vpdpd.exe 36 PID 2456 wrote to memory of 1536 2456 vpdpd.exe 36 PID 2456 wrote to memory of 1536 2456 vpdpd.exe 36 PID 1536 wrote to memory of 1628 1536 7xllllr.exe 330 PID 1536 wrote to memory of 1628 1536 7xllllr.exe 330 PID 1536 wrote to memory of 1628 1536 7xllllr.exe 330 PID 1536 wrote to memory of 1628 1536 7xllllr.exe 330 PID 1628 wrote to memory of 1152 1628 xlxlffx.exe 38 PID 1628 wrote to memory of 1152 1628 xlxlffx.exe 38 PID 1628 wrote to memory of 1152 1628 xlxlffx.exe 38 PID 1628 wrote to memory of 1152 1628 xlxlffx.exe 38 PID 1152 wrote to memory of 1360 1152 9ppdd.exe 39 PID 1152 wrote to memory of 1360 1152 9ppdd.exe 39 PID 1152 wrote to memory of 1360 1152 9ppdd.exe 39 PID 1152 wrote to memory of 1360 1152 9ppdd.exe 39 PID 1360 wrote to memory of 2140 1360 1xfxxxx.exe 40 PID 1360 wrote to memory of 2140 1360 1xfxxxx.exe 40 PID 1360 wrote to memory of 2140 1360 1xfxxxx.exe 40 PID 1360 wrote to memory of 2140 1360 1xfxxxx.exe 40 PID 2140 wrote to memory of 1692 2140 tnhbhn.exe 41 PID 2140 wrote to memory of 1692 2140 tnhbhn.exe 41 PID 2140 wrote to memory of 1692 2140 tnhbhn.exe 41 PID 2140 wrote to memory of 1692 2140 tnhbhn.exe 41 PID 1692 wrote to memory of 1576 1692 tnhnbb.exe 42 PID 1692 wrote to memory of 1576 1692 tnhnbb.exe 42 PID 1692 wrote to memory of 1576 1692 tnhnbb.exe 42 PID 1692 wrote to memory of 1576 1692 tnhnbb.exe 42 PID 1576 wrote to memory of 1600 1576 vpvdj.exe 43 PID 1576 wrote to memory of 1600 1576 vpvdj.exe 43 PID 1576 wrote to memory of 1600 1576 vpvdj.exe 43 PID 1576 wrote to memory of 1600 1576 vpvdj.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\7a072a4df9ecca6f7e3d4952cab616dd745601fcf4098aa04acf8f90e76de3c0.exe"C:\Users\Admin\AppData\Local\Temp\7a072a4df9ecca6f7e3d4952cab616dd745601fcf4098aa04acf8f90e76de3c0.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1640 -
\??\c:\vpvdj.exec:\vpvdj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2856 -
\??\c:\5xrxrxl.exec:\5xrxrxl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2544 -
\??\c:\bbhbbb.exec:\bbhbbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2600 -
\??\c:\nbnhhn.exec:\nbnhhn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2648 -
\??\c:\jvvdj.exec:\jvvdj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2696 -
\??\c:\rlfflrf.exec:\rlfflrf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2160 -
\??\c:\5tbbbh.exec:\5tbbbh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1736 -
\??\c:\vpdpd.exec:\vpdpd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2456 -
\??\c:\7xllllr.exec:\7xllllr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1536 -
\??\c:\xlxlffx.exec:\xlxlffx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1628 -
\??\c:\9ppdd.exec:\9ppdd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1152 -
\??\c:\1xfxxxx.exec:\1xfxxxx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1360 -
\??\c:\tnhbhn.exec:\tnhbhn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2140 -
\??\c:\tnhnbb.exec:\tnhnbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1692 -
\??\c:\vpvdj.exec:\vpvdj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1576 -
\??\c:\djjdd.exec:\djjdd.exe17⤵
- Executes dropped EXE
PID:1600 -
\??\c:\1rxlrff.exec:\1rxlrff.exe18⤵
- Executes dropped EXE
PID:1608 -
\??\c:\bthhnn.exec:\bthhnn.exe19⤵
- Executes dropped EXE
PID:2040 -
\??\c:\htbttn.exec:\htbttn.exe20⤵
- Executes dropped EXE
PID:2908 -
\??\c:\jdjpp.exec:\jdjpp.exe21⤵
- Executes dropped EXE
PID:2492 -
\??\c:\1xrlrxx.exec:\1xrlrxx.exe22⤵
- Executes dropped EXE
PID:1848 -
\??\c:\7bnntt.exec:\7bnntt.exe23⤵
- Executes dropped EXE
PID:608 -
\??\c:\1dvdj.exec:\1dvdj.exe24⤵
- Executes dropped EXE
PID:1592 -
\??\c:\vvppv.exec:\vvppv.exe25⤵
- Executes dropped EXE
PID:2384 -
\??\c:\rlllrlx.exec:\rlllrlx.exe26⤵
- Executes dropped EXE
PID:704 -
\??\c:\tbnhnh.exec:\tbnhnh.exe27⤵
- Executes dropped EXE
PID:1804 -
\??\c:\9fxfffl.exec:\9fxfffl.exe28⤵
- Executes dropped EXE
PID:820 -
\??\c:\btntbb.exec:\btntbb.exe29⤵
- Executes dropped EXE
PID:2276 -
\??\c:\9vjpv.exec:\9vjpv.exe30⤵
- Executes dropped EXE
PID:2820 -
\??\c:\9xxxfrf.exec:\9xxxfrf.exe31⤵
- Executes dropped EXE
PID:2000 -
\??\c:\bbhttt.exec:\bbhttt.exe32⤵
- Executes dropped EXE
PID:912 -
\??\c:\djpdp.exec:\djpdp.exe33⤵
- Executes dropped EXE
PID:1948 -
\??\c:\lfrxxrr.exec:\lfrxxrr.exe34⤵
- Executes dropped EXE
PID:2856 -
\??\c:\9thnbb.exec:\9thnbb.exe35⤵
- Executes dropped EXE
PID:1540 -
\??\c:\jvdjp.exec:\jvdjp.exe36⤵
- Executes dropped EXE
PID:2540 -
\??\c:\9ffrffx.exec:\9ffrffx.exe37⤵
- Executes dropped EXE
PID:2484 -
\??\c:\rlfrxlf.exec:\rlfrxlf.exe38⤵
- Executes dropped EXE
PID:2508 -
\??\c:\3nhnnn.exec:\3nhnnn.exe39⤵
- Executes dropped EXE
PID:2160 -
\??\c:\pdpjj.exec:\pdpjj.exe40⤵
- Executes dropped EXE
PID:1736 -
\??\c:\fxrxlxl.exec:\fxrxlxl.exe41⤵
- Executes dropped EXE
PID:1664 -
\??\c:\3hbbhh.exec:\3hbbhh.exe42⤵
- Executes dropped EXE
PID:1468 -
\??\c:\jdpdd.exec:\jdpdd.exe43⤵
- Executes dropped EXE
PID:776 -
\??\c:\fxxxfxr.exec:\fxxxfxr.exe44⤵
- Executes dropped EXE
PID:2300 -
\??\c:\1lfflxl.exec:\1lfflxl.exe45⤵
- Executes dropped EXE
PID:276 -
\??\c:\vdppv.exec:\vdppv.exe46⤵
- Executes dropped EXE
PID:344 -
\??\c:\7lflrxl.exec:\7lflrxl.exe47⤵
- Executes dropped EXE
PID:2684 -
\??\c:\nnhhbb.exec:\nnhhbb.exe48⤵
- Executes dropped EXE
PID:2768 -
\??\c:\dvddj.exec:\dvddj.exe49⤵
- Executes dropped EXE
PID:2120 -
\??\c:\nththn.exec:\nththn.exe50⤵
- Executes dropped EXE
PID:336 -
\??\c:\1hhhnt.exec:\1hhhnt.exe51⤵
- Executes dropped EXE
PID:608 -
\??\c:\3ppjp.exec:\3ppjp.exe52⤵
- Executes dropped EXE
PID:1744 -
\??\c:\xlxxxxf.exec:\xlxxxxf.exe53⤵
- Executes dropped EXE
PID:2444 -
\??\c:\htnntt.exec:\htnntt.exe54⤵
- Executes dropped EXE
PID:556 -
\??\c:\vvjpv.exec:\vvjpv.exe55⤵
- Executes dropped EXE
PID:1160 -
\??\c:\lxfxffx.exec:\lxfxffx.exe56⤵
- Executes dropped EXE
PID:2244 -
\??\c:\xffrffr.exec:\xffrffr.exe57⤵
- Executes dropped EXE
PID:2916 -
\??\c:\nnhthn.exec:\nnhthn.exe58⤵
- Executes dropped EXE
PID:1960 -
\??\c:\3tnthh.exec:\3tnthh.exe59⤵
- Executes dropped EXE
PID:2776 -
\??\c:\vvvdv.exec:\vvvdv.exe60⤵PID:2608
-
\??\c:\frllllr.exec:\frllllr.exe61⤵
- Executes dropped EXE
PID:2624 -
\??\c:\bbbbtt.exec:\bbbbtt.exe62⤵
- Executes dropped EXE
PID:2600 -
\??\c:\vpjpj.exec:\vpjpj.exe63⤵
- Executes dropped EXE
PID:2592 -
\??\c:\jvjpv.exec:\jvjpv.exe64⤵
- Executes dropped EXE
PID:2448 -
\??\c:\lllxrlx.exec:\lllxrlx.exe65⤵
- Executes dropped EXE
PID:2796 -
\??\c:\7bnntt.exec:\7bnntt.exe66⤵
- Executes dropped EXE
PID:2236 -
\??\c:\bnntbn.exec:\bnntbn.exe67⤵PID:2292
-
\??\c:\5jjdv.exec:\5jjdv.exe68⤵PID:1376
-
\??\c:\flfrflr.exec:\flfrflr.exe69⤵PID:2432
-
\??\c:\bntbbb.exec:\bntbbb.exe70⤵PID:272
-
\??\c:\vppvd.exec:\vppvd.exe71⤵PID:1604
-
\??\c:\jppvp.exec:\jppvp.exe72⤵PID:1284
-
\??\c:\xffrrrl.exec:\xffrrrl.exe73⤵PID:1608
-
\??\c:\9nbhnt.exec:\9nbhnt.exe74⤵PID:1224
-
\??\c:\bhtntb.exec:\bhtntb.exe75⤵PID:1656
-
\??\c:\dvdjd.exec:\dvdjd.exe76⤵PID:796
-
\??\c:\rlffrrf.exec:\rlffrrf.exe77⤵PID:700
-
\??\c:\fxrxlrr.exec:\fxrxlrr.exe78⤵PID:1796
-
\??\c:\5bnhht.exec:\5bnhht.exe79⤵PID:2968
-
\??\c:\tttntb.exec:\tttntb.exe80⤵PID:1260
-
\??\c:\vpddv.exec:\vpddv.exe81⤵PID:2232
-
\??\c:\xrrfflx.exec:\xrrfflx.exe82⤵PID:2680
-
\??\c:\1bttht.exec:\1bttht.exe83⤵PID:2256
-
\??\c:\hnhtbb.exec:\hnhtbb.exe84⤵PID:2720
-
\??\c:\ppjdp.exec:\ppjdp.exe85⤵PID:920
-
\??\c:\xxffxxf.exec:\xxffxxf.exe86⤵PID:2032
-
\??\c:\llxlrrx.exec:\llxlrrx.exe87⤵PID:1984
-
\??\c:\1ntthn.exec:\1ntthn.exe88⤵PID:2616
-
\??\c:\hnhtbb.exec:\hnhtbb.exe89⤵PID:2552
-
\??\c:\9jjpj.exec:\9jjpj.exe90⤵PID:2548
-
\??\c:\ddvpp.exec:\ddvpp.exe91⤵PID:2672
-
\??\c:\fxxflrf.exec:\fxxflrf.exe92⤵PID:2696
-
\??\c:\5bnttb.exec:\5bnttb.exe93⤵PID:2880
-
\??\c:\bhtnbh.exec:\bhtnbh.exe94⤵PID:2428
-
\??\c:\vpjpd.exec:\vpjpd.exe95⤵PID:2412
-
\??\c:\pdppv.exec:\pdppv.exe96⤵PID:2532
-
\??\c:\1ffxfrf.exec:\1ffxfrf.exe97⤵PID:312
-
\??\c:\xlfrfll.exec:\xlfrfll.exe98⤵PID:1620
-
\??\c:\7hhnbh.exec:\7hhnbh.exe99⤵PID:1376
-
\??\c:\nnhbnt.exec:\nnhbnt.exe100⤵PID:2180
-
\??\c:\3llrlrx.exec:\3llrlrx.exe101⤵PID:2632
-
\??\c:\1lxxffl.exec:\1lxxffl.exe102⤵PID:2516
-
\??\c:\3hbbht.exec:\3hbbht.exe103⤵PID:1252
-
\??\c:\hbbhnt.exec:\hbbhnt.exe104⤵PID:2044
-
\??\c:\vdvpd.exec:\vdvpd.exe105⤵PID:2768
-
\??\c:\1rlfxlx.exec:\1rlfxlx.exe106⤵PID:1460
-
\??\c:\hbthnt.exec:\hbthnt.exe107⤵PID:2120
-
\??\c:\hbtbtt.exec:\hbtbtt.exe108⤵PID:2564
-
\??\c:\vvvdp.exec:\vvvdp.exe109⤵PID:1792
-
\??\c:\9rlrffl.exec:\9rlrffl.exe110⤵PID:400
-
\??\c:\7frxlrx.exec:\7frxlrx.exe111⤵PID:1688
-
\??\c:\ttthnn.exec:\ttthnn.exe112⤵PID:924
-
\??\c:\3thtnn.exec:\3thtnn.exe113⤵PID:284
-
\??\c:\pjpjd.exec:\pjpjd.exe114⤵PID:2800
-
\??\c:\fxllxxl.exec:\fxllxxl.exe115⤵PID:2748
-
\??\c:\xxrfxlx.exec:\xxrfxlx.exe116⤵PID:1756
-
\??\c:\nbnthh.exec:\nbnthh.exe117⤵PID:2332
-
\??\c:\5jppv.exec:\5jppv.exe118⤵PID:2756
-
\??\c:\5vdvd.exec:\5vdvd.exe119⤵PID:1960
-
\??\c:\ffxrfxl.exec:\ffxrfxl.exe120⤵PID:1332
-
\??\c:\nbhhhh.exec:\nbhhhh.exe121⤵PID:1868
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-