Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
17/05/2024, 18:19
Behavioral task
behavioral1
Sample
066b78f4eec06b122105d7c8e4e5c9c8f650bebf1f32d17b012aa53ca80ad62e.exe
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
General
-
Target
066b78f4eec06b122105d7c8e4e5c9c8f650bebf1f32d17b012aa53ca80ad62e.exe
-
Size
441KB
-
MD5
4cd8b2f00eec519c8d6364011b9def9e
-
SHA1
6c3900ba49ed426ba2a6321858e1130284c649cd
-
SHA256
066b78f4eec06b122105d7c8e4e5c9c8f650bebf1f32d17b012aa53ca80ad62e
-
SHA512
09c43aaded984e69f8f75cd17eab64a3e9cb10a6ab72baf4c1da3e6dcc439d64ec4d4d26ad13a584cba4e40675b3a1de68c4b650c7116f72df7bc416be186e05
-
SSDEEP
12288:M4wFHoSpg4wFHonR/nPF2LnFL4wF04wFK4wFK4wlua:UrR/nPB
Malware Config
Signatures
-
Detect Blackmoon payload 49 IoCs
resource yara_rule behavioral1/memory/1584-7-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/1964-18-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/1964-19-0x0000000000490000-0x000000000051C000-memory.dmp family_blackmoon behavioral1/memory/2000-28-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2764-39-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2584-49-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2780-59-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2616-67-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2464-78-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/1688-96-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2660-107-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2820-116-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2832-125-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/1564-136-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/1568-153-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2656-163-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/648-173-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/1212-182-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2308-194-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2244-202-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/612-211-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2420-222-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2940-220-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/1860-238-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/1596-249-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/972-258-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/1252-268-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2920-278-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2920-277-0x0000000000490000-0x000000000051C000-memory.dmp family_blackmoon behavioral1/memory/1700-289-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2536-299-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2188-318-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/3044-326-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2752-347-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2764-355-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2508-395-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2812-421-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/1668-429-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/1124-445-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/292-460-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2656-468-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/1380-475-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2008-489-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2112-498-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/1856-505-0x0000000001D00000-0x0000000001D8C000-memory.dmp family_blackmoon behavioral1/memory/604-513-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2224-520-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2892-521-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon behavioral1/memory/2892-528-0x0000000000400000-0x000000000048C000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral1/memory/1584-7-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/1964-9-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/files/0x000b00000001444f-10.dat UPX behavioral1/files/0x0031000000014665-16.dat UPX behavioral1/memory/1964-18-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/2000-20-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/1964-19-0x0000000000490000-0x000000000051C000-memory.dmp UPX behavioral1/files/0x00070000000149ea-29.dat UPX behavioral1/memory/2764-30-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/2000-28-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/files/0x0007000000014b12-37.dat UPX behavioral1/memory/2584-41-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/2764-39-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/files/0x0007000000014c25-47.dat UPX behavioral1/memory/2584-49-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/2780-50-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/files/0x0007000000014e5a-57.dat UPX behavioral1/memory/2780-59-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/2464-69-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/files/0x0009000000015136-68.dat UPX behavioral1/memory/2616-67-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/files/0x0007000000015ca5-75.dat UPX behavioral1/memory/2464-78-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/files/0x0006000000015cad-86.dat UPX behavioral1/memory/1688-87-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/1688-96-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/1688-94-0x0000000001D40000-0x0000000001DCC000-memory.dmp UPX behavioral1/files/0x0006000000015cb9-99.dat UPX behavioral1/files/0x0006000000015cc1-109.dat UPX behavioral1/memory/2660-107-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/2820-116-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/files/0x0006000000015cca-118.dat UPX behavioral1/files/0x0006000000015cdb-126.dat UPX behavioral1/memory/2832-125-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/1564-134-0x0000000001E10000-0x0000000001E9C000-memory.dmp UPX behavioral1/files/0x0031000000014701-137.dat UPX behavioral1/memory/1564-136-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/files/0x0006000000015cec-145.dat UPX behavioral1/files/0x0006000000015cf7-156.dat UPX behavioral1/memory/1568-153-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/files/0x0006000000015d06-165.dat UPX behavioral1/memory/2656-163-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/files/0x0006000000015d5d-174.dat UPX behavioral1/memory/648-173-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/2308-183-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/1212-182-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/files/0x0006000000015d6e-181.dat UPX behavioral1/memory/2308-187-0x0000000000800000-0x000000000088C000-memory.dmp UPX behavioral1/memory/2308-192-0x0000000000800000-0x000000000088C000-memory.dmp UPX behavioral1/files/0x0006000000015f1b-195.dat UPX behavioral1/memory/2308-194-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/files/0x0006000000015f9e-204.dat UPX behavioral1/memory/2244-202-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/files/0x0006000000016056-213.dat UPX behavioral1/memory/612-211-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/2420-222-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/files/0x00060000000160f8-221.dat UPX behavioral1/memory/2940-220-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/files/0x0006000000016277-230.dat UPX behavioral1/files/0x0006000000016411-239.dat UPX behavioral1/memory/1860-238-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/memory/1596-240-0x0000000000400000-0x000000000048C000-memory.dmp UPX behavioral1/files/0x0006000000016525-250.dat UPX behavioral1/memory/972-251-0x0000000000400000-0x000000000048C000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 1964 9nnthn.exe 2000 dvjpj.exe 2764 rrlxfrf.exe 2584 fxrrflx.exe 2780 1lxxffx.exe 2616 rlffrrf.exe 2464 3btthh.exe 2972 1ntnnn.exe 1688 dvppp.exe 2660 vpvpp.exe 2820 1dpvj.exe 2832 5ffrffr.exe 1564 xlffllx.exe 2176 5nntth.exe 1568 rlrrxff.exe 2656 nhhhtt.exe 648 1llxflx.exe 1212 hbnnhb.exe 2308 1frrflr.exe 2244 xlrlrxf.exe 612 bthhhh.exe 2940 5dvvv.exe 2420 rflfffl.exe 1860 bnbbbb.exe 1596 jddvj.exe 972 9tnttt.exe 1252 dvppv.exe 2920 7vddv.exe 1700 lrlllll.exe 2536 9lrrxrx.exe 1448 1nbbnb.exe 2188 3vjjp.exe 3044 vvjpd.exe 2544 9vppv.exe 1996 vjvvv.exe 2752 5nhhnn.exe 2764 jvppv.exe 2844 1lllrrr.exe 3016 3btthn.exe 2724 pjddd.exe 2524 lxfllrx.exe 2964 btnntb.exe 2508 dvjdd.exe 2980 lfxfxxl.exe 2700 3thnnt.exe 2824 vpddj.exe 2812 rxflffx.exe 1668 hbhbtb.exe 1900 vppvp.exe 1124 btnbhh.exe 2856 vvpvd.exe 292 nnnntb.exe 2656 pjvdd.exe 1380 9htbbn.exe 2488 pjvvd.exe 2008 fxlrrrf.exe 2112 nbhnnn.exe 1856 xrflrlx.exe 604 nbttnh.exe 2224 3rllrxr.exe 2892 7tbbnt.exe 1928 ppjpd.exe 1496 xlrfllf.exe 1920 ttnhnh.exe -
resource yara_rule behavioral1/memory/1584-1-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/1584-7-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/1964-9-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/files/0x000b00000001444f-10.dat upx behavioral1/files/0x0031000000014665-16.dat upx behavioral1/memory/1964-18-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/2000-20-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/1964-19-0x0000000000490000-0x000000000051C000-memory.dmp upx behavioral1/files/0x00070000000149ea-29.dat upx behavioral1/memory/2764-30-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/2000-28-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/files/0x0007000000014b12-37.dat upx behavioral1/memory/2584-41-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/2764-39-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/files/0x0007000000014c25-47.dat upx behavioral1/memory/2584-49-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/2780-50-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/files/0x0007000000014e5a-57.dat upx behavioral1/memory/2780-59-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/2464-69-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/files/0x0009000000015136-68.dat upx behavioral1/memory/2616-67-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/files/0x0007000000015ca5-75.dat upx behavioral1/memory/2464-78-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/files/0x0006000000015cad-86.dat upx behavioral1/memory/1688-87-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/1688-96-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/1688-94-0x0000000001D40000-0x0000000001DCC000-memory.dmp upx behavioral1/memory/2660-101-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/files/0x0006000000015cb9-99.dat upx behavioral1/memory/1964-97-0x0000000000490000-0x000000000051C000-memory.dmp upx behavioral1/files/0x0006000000015cc1-109.dat upx behavioral1/memory/2660-107-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/2820-116-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/files/0x0006000000015cca-118.dat upx behavioral1/files/0x0006000000015cdb-126.dat upx behavioral1/memory/2832-125-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/1564-134-0x0000000001E10000-0x0000000001E9C000-memory.dmp upx behavioral1/files/0x0031000000014701-137.dat upx behavioral1/memory/1564-136-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/files/0x0006000000015cec-145.dat upx behavioral1/files/0x0006000000015cf7-156.dat upx behavioral1/memory/1568-153-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/files/0x0006000000015d06-165.dat upx behavioral1/memory/2656-163-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/files/0x0006000000015d5d-174.dat upx behavioral1/memory/648-173-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/2308-183-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/1212-182-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/files/0x0006000000015d6e-181.dat upx behavioral1/memory/2308-187-0x0000000000800000-0x000000000088C000-memory.dmp upx behavioral1/memory/2308-192-0x0000000000800000-0x000000000088C000-memory.dmp upx behavioral1/files/0x0006000000015f1b-195.dat upx behavioral1/memory/2308-194-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/2244-201-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/files/0x0006000000015f9e-204.dat upx behavioral1/memory/2244-202-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/files/0x0006000000016056-213.dat upx behavioral1/memory/612-211-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/memory/2420-222-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/files/0x00060000000160f8-221.dat upx behavioral1/memory/2940-220-0x0000000000400000-0x000000000048C000-memory.dmp upx behavioral1/files/0x0006000000016277-230.dat upx behavioral1/files/0x0006000000016411-239.dat upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1584 wrote to memory of 1964 1584 066b78f4eec06b122105d7c8e4e5c9c8f650bebf1f32d17b012aa53ca80ad62e.exe 28 PID 1584 wrote to memory of 1964 1584 066b78f4eec06b122105d7c8e4e5c9c8f650bebf1f32d17b012aa53ca80ad62e.exe 28 PID 1584 wrote to memory of 1964 1584 066b78f4eec06b122105d7c8e4e5c9c8f650bebf1f32d17b012aa53ca80ad62e.exe 28 PID 1584 wrote to memory of 1964 1584 066b78f4eec06b122105d7c8e4e5c9c8f650bebf1f32d17b012aa53ca80ad62e.exe 28 PID 1964 wrote to memory of 2000 1964 9nnthn.exe 29 PID 1964 wrote to memory of 2000 1964 9nnthn.exe 29 PID 1964 wrote to memory of 2000 1964 9nnthn.exe 29 PID 1964 wrote to memory of 2000 1964 9nnthn.exe 29 PID 2000 wrote to memory of 2764 2000 dvjpj.exe 30 PID 2000 wrote to memory of 2764 2000 dvjpj.exe 30 PID 2000 wrote to memory of 2764 2000 dvjpj.exe 30 PID 2000 wrote to memory of 2764 2000 dvjpj.exe 30 PID 2764 wrote to memory of 2584 2764 rrlxfrf.exe 31 PID 2764 wrote to memory of 2584 2764 rrlxfrf.exe 31 PID 2764 wrote to memory of 2584 2764 rrlxfrf.exe 31 PID 2764 wrote to memory of 2584 2764 rrlxfrf.exe 31 PID 2584 wrote to memory of 2780 2584 fxrrflx.exe 32 PID 2584 wrote to memory of 2780 2584 fxrrflx.exe 32 PID 2584 wrote to memory of 2780 2584 fxrrflx.exe 32 PID 2584 wrote to memory of 2780 2584 fxrrflx.exe 32 PID 2780 wrote to memory of 2616 2780 1lxxffx.exe 33 PID 2780 wrote to memory of 2616 2780 1lxxffx.exe 33 PID 2780 wrote to memory of 2616 2780 1lxxffx.exe 33 PID 2780 wrote to memory of 2616 2780 1lxxffx.exe 33 PID 2616 wrote to memory of 2464 2616 rlffrrf.exe 34 PID 2616 wrote to memory of 2464 2616 rlffrrf.exe 34 PID 2616 wrote to memory of 2464 2616 rlffrrf.exe 34 PID 2616 wrote to memory of 2464 2616 rlffrrf.exe 34 PID 2464 wrote to memory of 2972 2464 3btthh.exe 35 PID 2464 wrote to memory of 2972 2464 3btthh.exe 35 PID 2464 wrote to memory of 2972 2464 3btthh.exe 35 PID 2464 wrote to memory of 2972 2464 3btthh.exe 35 PID 2972 wrote to memory of 1688 2972 1ntnnn.exe 36 PID 2972 wrote to memory of 1688 2972 1ntnnn.exe 36 PID 2972 wrote to memory of 1688 2972 1ntnnn.exe 36 PID 2972 wrote to memory of 1688 2972 1ntnnn.exe 36 PID 1688 wrote to memory of 2660 1688 dvppp.exe 37 PID 1688 wrote to memory of 2660 1688 dvppp.exe 37 PID 1688 wrote to memory of 2660 1688 dvppp.exe 37 PID 1688 wrote to memory of 2660 1688 dvppp.exe 37 PID 2660 wrote to memory of 2820 2660 vpvpp.exe 38 PID 2660 wrote to memory of 2820 2660 vpvpp.exe 38 PID 2660 wrote to memory of 2820 2660 vpvpp.exe 38 PID 2660 wrote to memory of 2820 2660 vpvpp.exe 38 PID 2820 wrote to memory of 2832 2820 1dpvj.exe 39 PID 2820 wrote to memory of 2832 2820 1dpvj.exe 39 PID 2820 wrote to memory of 2832 2820 1dpvj.exe 39 PID 2820 wrote to memory of 2832 2820 1dpvj.exe 39 PID 2832 wrote to memory of 1564 2832 5ffrffr.exe 40 PID 2832 wrote to memory of 1564 2832 5ffrffr.exe 40 PID 2832 wrote to memory of 1564 2832 5ffrffr.exe 40 PID 2832 wrote to memory of 1564 2832 5ffrffr.exe 40 PID 1564 wrote to memory of 2176 1564 xlffllx.exe 41 PID 1564 wrote to memory of 2176 1564 xlffllx.exe 41 PID 1564 wrote to memory of 2176 1564 xlffllx.exe 41 PID 1564 wrote to memory of 2176 1564 xlffllx.exe 41 PID 2176 wrote to memory of 1568 2176 5nntth.exe 42 PID 2176 wrote to memory of 1568 2176 5nntth.exe 42 PID 2176 wrote to memory of 1568 2176 5nntth.exe 42 PID 2176 wrote to memory of 1568 2176 5nntth.exe 42 PID 1568 wrote to memory of 2656 1568 rlrrxff.exe 43 PID 1568 wrote to memory of 2656 1568 rlrrxff.exe 43 PID 1568 wrote to memory of 2656 1568 rlrrxff.exe 43 PID 1568 wrote to memory of 2656 1568 rlrrxff.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\066b78f4eec06b122105d7c8e4e5c9c8f650bebf1f32d17b012aa53ca80ad62e.exe"C:\Users\Admin\AppData\Local\Temp\066b78f4eec06b122105d7c8e4e5c9c8f650bebf1f32d17b012aa53ca80ad62e.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1584 -
\??\c:\9nnthn.exec:\9nnthn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1964 -
\??\c:\dvjpj.exec:\dvjpj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2000 -
\??\c:\rrlxfrf.exec:\rrlxfrf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2764 -
\??\c:\fxrrflx.exec:\fxrrflx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2584 -
\??\c:\1lxxffx.exec:\1lxxffx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2780 -
\??\c:\rlffrrf.exec:\rlffrrf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2616 -
\??\c:\3btthh.exec:\3btthh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2464 -
\??\c:\1ntnnn.exec:\1ntnnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2972 -
\??\c:\dvppp.exec:\dvppp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1688 -
\??\c:\vpvpp.exec:\vpvpp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2660 -
\??\c:\1dpvj.exec:\1dpvj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2820 -
\??\c:\5ffrffr.exec:\5ffrffr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2832 -
\??\c:\xlffllx.exec:\xlffllx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1564 -
\??\c:\5nntth.exec:\5nntth.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2176 -
\??\c:\rlrrxff.exec:\rlrrxff.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1568 -
\??\c:\nhhhtt.exec:\nhhhtt.exe17⤵
- Executes dropped EXE
PID:2656 -
\??\c:\1llxflx.exec:\1llxflx.exe18⤵
- Executes dropped EXE
PID:648 -
\??\c:\hbnnhb.exec:\hbnnhb.exe19⤵
- Executes dropped EXE
PID:1212 -
\??\c:\1frrflr.exec:\1frrflr.exe20⤵
- Executes dropped EXE
PID:2308 -
\??\c:\xlrlrxf.exec:\xlrlrxf.exe21⤵
- Executes dropped EXE
PID:2244 -
\??\c:\bthhhh.exec:\bthhhh.exe22⤵
- Executes dropped EXE
PID:612 -
\??\c:\5dvvv.exec:\5dvvv.exe23⤵
- Executes dropped EXE
PID:2940 -
\??\c:\rflfffl.exec:\rflfffl.exe24⤵
- Executes dropped EXE
PID:2420 -
\??\c:\bnbbbb.exec:\bnbbbb.exe25⤵
- Executes dropped EXE
PID:1860 -
\??\c:\jddvj.exec:\jddvj.exe26⤵
- Executes dropped EXE
PID:1596 -
\??\c:\9tnttt.exec:\9tnttt.exe27⤵
- Executes dropped EXE
PID:972 -
\??\c:\dvppv.exec:\dvppv.exe28⤵
- Executes dropped EXE
PID:1252 -
\??\c:\7vddv.exec:\7vddv.exe29⤵
- Executes dropped EXE
PID:2920 -
\??\c:\lrlllll.exec:\lrlllll.exe30⤵
- Executes dropped EXE
PID:1700 -
\??\c:\9lrrxrx.exec:\9lrrxrx.exe31⤵
- Executes dropped EXE
PID:2536 -
\??\c:\1nbbnb.exec:\1nbbnb.exe32⤵
- Executes dropped EXE
PID:1448 -
\??\c:\3vjjp.exec:\3vjjp.exe33⤵
- Executes dropped EXE
PID:2188 -
\??\c:\vvjpd.exec:\vvjpd.exe34⤵
- Executes dropped EXE
PID:3044 -
\??\c:\9vppv.exec:\9vppv.exe35⤵
- Executes dropped EXE
PID:2544 -
\??\c:\vjvvv.exec:\vjvvv.exe36⤵
- Executes dropped EXE
PID:1996 -
\??\c:\5nhhnn.exec:\5nhhnn.exe37⤵
- Executes dropped EXE
PID:2752 -
\??\c:\jvppv.exec:\jvppv.exe38⤵
- Executes dropped EXE
PID:2764 -
\??\c:\1lllrrr.exec:\1lllrrr.exe39⤵
- Executes dropped EXE
PID:2844 -
\??\c:\3btthn.exec:\3btthn.exe40⤵
- Executes dropped EXE
PID:3016 -
\??\c:\pjddd.exec:\pjddd.exe41⤵
- Executes dropped EXE
PID:2724 -
\??\c:\lxfllrx.exec:\lxfllrx.exe42⤵
- Executes dropped EXE
PID:2524 -
\??\c:\btnntb.exec:\btnntb.exe43⤵
- Executes dropped EXE
PID:2964 -
\??\c:\dvjdd.exec:\dvjdd.exe44⤵
- Executes dropped EXE
PID:2508 -
\??\c:\lfxfxxl.exec:\lfxfxxl.exe45⤵
- Executes dropped EXE
PID:2980 -
\??\c:\3thnnt.exec:\3thnnt.exe46⤵
- Executes dropped EXE
PID:2700 -
\??\c:\vpddj.exec:\vpddj.exe47⤵
- Executes dropped EXE
PID:2824 -
\??\c:\rxflffx.exec:\rxflffx.exe48⤵
- Executes dropped EXE
PID:2812 -
\??\c:\hbhbtb.exec:\hbhbtb.exe49⤵
- Executes dropped EXE
PID:1668 -
\??\c:\vppvp.exec:\vppvp.exe50⤵
- Executes dropped EXE
PID:1900 -
\??\c:\btnbhh.exec:\btnbhh.exe51⤵
- Executes dropped EXE
PID:1124 -
\??\c:\vvpvd.exec:\vvpvd.exe52⤵
- Executes dropped EXE
PID:2856 -
\??\c:\nnnntb.exec:\nnnntb.exe53⤵
- Executes dropped EXE
PID:292 -
\??\c:\pjvdd.exec:\pjvdd.exe54⤵
- Executes dropped EXE
PID:2656 -
\??\c:\9htbbn.exec:\9htbbn.exe55⤵
- Executes dropped EXE
PID:1380 -
\??\c:\pjvvd.exec:\pjvvd.exe56⤵
- Executes dropped EXE
PID:2488 -
\??\c:\fxlrrrf.exec:\fxlrrrf.exe57⤵
- Executes dropped EXE
PID:2008 -
\??\c:\nbhnnn.exec:\nbhnnn.exe58⤵
- Executes dropped EXE
PID:2112 -
\??\c:\xrflrlx.exec:\xrflrlx.exe59⤵
- Executes dropped EXE
PID:1856 -
\??\c:\nbttnh.exec:\nbttnh.exe60⤵
- Executes dropped EXE
PID:604 -
\??\c:\3rllrxr.exec:\3rllrxr.exe61⤵
- Executes dropped EXE
PID:2224 -
\??\c:\7tbbnt.exec:\7tbbnt.exe62⤵
- Executes dropped EXE
PID:2892 -
\??\c:\ppjpd.exec:\ppjpd.exe63⤵
- Executes dropped EXE
PID:1928 -
\??\c:\xlrfllf.exec:\xlrfllf.exe64⤵
- Executes dropped EXE
PID:1496 -
\??\c:\ttnhnh.exec:\ttnhnh.exe65⤵
- Executes dropped EXE
PID:1920 -
\??\c:\vpvvv.exec:\vpvvv.exe66⤵PID:1596
-
\??\c:\lfrxffx.exec:\lfrxffx.exe67⤵PID:1220
-
\??\c:\nbtttn.exec:\nbtttn.exe68⤵PID:332
-
\??\c:\vpddj.exec:\vpddj.exe69⤵PID:1252
-
\??\c:\jdvvv.exec:\jdvvv.exe70⤵PID:1952
-
\??\c:\rxlxflx.exec:\rxlxflx.exe71⤵PID:2784
-
\??\c:\9htbhh.exec:\9htbhh.exe72⤵PID:1700
-
\??\c:\ddvvp.exec:\ddvvp.exe73⤵PID:908
-
\??\c:\pvvjv.exec:\pvvjv.exe74⤵PID:1676
-
\??\c:\7xlrxfl.exec:\7xlrxfl.exe75⤵PID:1808
-
\??\c:\bbthth.exec:\bbthth.exe76⤵PID:2188
-
\??\c:\1btbhn.exec:\1btbhn.exe77⤵PID:1656
-
\??\c:\vjpvv.exec:\vjpvv.exe78⤵PID:2636
-
\??\c:\xlxrffl.exec:\xlxrffl.exe79⤵PID:2348
-
\??\c:\frllxxf.exec:\frllxxf.exe80⤵PID:2756
-
\??\c:\bhbhnn.exec:\bhbhnn.exe81⤵PID:2752
-
\??\c:\nhttbb.exec:\nhttbb.exe82⤵PID:2552
-
\??\c:\vdvjd.exec:\vdvjd.exe83⤵PID:1048
-
\??\c:\rrlflrf.exec:\rrlflrf.exe84⤵PID:2780
-
\??\c:\7bbttb.exec:\7bbttb.exe85⤵PID:2616
-
\??\c:\jdpvv.exec:\jdpvv.exe86⤵PID:2500
-
\??\c:\jvpjj.exec:\jvpjj.exe87⤵PID:3020
-
\??\c:\3fflllr.exec:\3fflllr.exe88⤵PID:1228
-
\??\c:\bnhbhb.exec:\bnhbhb.exe89⤵PID:2720
-
\??\c:\tnbhnn.exec:\tnbhnn.exe90⤵PID:2716
-
\??\c:\7vjdj.exec:\7vjdj.exe91⤵PID:2684
-
\??\c:\djdpp.exec:\djdpp.exe92⤵PID:2824
-
\??\c:\3lrllff.exec:\3lrllff.exe93⤵PID:312
-
\??\c:\btnhhh.exec:\btnhhh.exe94⤵PID:320
-
\??\c:\1nbbnh.exec:\1nbbnh.exe95⤵PID:2328
-
\??\c:\jvdpp.exec:\jvdpp.exe96⤵PID:824
-
\??\c:\pdppp.exec:\pdppp.exe97⤵PID:2336
-
\??\c:\lxfflff.exec:\lxfflff.exe98⤵PID:1508
-
\??\c:\tnbtnh.exec:\tnbtnh.exe99⤵PID:1376
-
\??\c:\hbnbbb.exec:\hbnbbb.exe100⤵PID:1296
-
\??\c:\jvppv.exec:\jvppv.exe101⤵PID:1148
-
\??\c:\jdpvd.exec:\jdpvd.exe102⤵PID:648
-
\??\c:\rfrllfl.exec:\rfrllfl.exe103⤵PID:2488
-
\??\c:\9frrrlr.exec:\9frrrlr.exe104⤵PID:2836
-
\??\c:\ntbtbn.exec:\ntbtbn.exe105⤵PID:2040
-
\??\c:\dvjjj.exec:\dvjjj.exe106⤵PID:788
-
\??\c:\7vdjd.exec:\7vdjd.exe107⤵PID:3008
-
\??\c:\lfxflll.exec:\lfxflll.exe108⤵PID:1120
-
\??\c:\tnhnbh.exec:\tnhnbh.exe109⤵PID:1940
-
\??\c:\nhtbhb.exec:\nhtbhb.exe110⤵PID:2892
-
\??\c:\jvjjp.exec:\jvjjp.exe111⤵PID:1860
-
\??\c:\7pdvv.exec:\7pdvv.exe112⤵PID:848
-
\??\c:\ffrrxrf.exec:\ffrrxrf.exe113⤵PID:1648
-
\??\c:\hthttt.exec:\hthttt.exe114⤵PID:1000
-
\??\c:\htnbhh.exec:\htnbhh.exe115⤵PID:856
-
\??\c:\jdvjj.exec:\jdvjj.exe116⤵PID:2056
-
\??\c:\ffrrxxl.exec:\ffrrxxl.exe117⤵PID:1252
-
\??\c:\rlxfllr.exec:\rlxfllr.exe118⤵PID:112
-
\??\c:\hhbhhh.exec:\hhbhhh.exe119⤵PID:2784
-
\??\c:\nbtnnn.exec:\nbtnnn.exe120⤵PID:2124
-
\??\c:\3pjpv.exec:\3pjpv.exe121⤵PID:2192
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-