Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
29/05/2024, 04:29
Behavioral task
behavioral1
Sample
fe0043477de45213c730f0c39b5d2589a0c17d3fa0a08469282a09eac8ac16c6.exe
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
General
-
Target
fe0043477de45213c730f0c39b5d2589a0c17d3fa0a08469282a09eac8ac16c6.exe
-
Size
484KB
-
MD5
01d65cd7d4d41a9221c27ca5952e72c7
-
SHA1
2c78a641091b52bbfd388ce6849be923d5d07542
-
SHA256
fe0043477de45213c730f0c39b5d2589a0c17d3fa0a08469282a09eac8ac16c6
-
SHA512
3f185108978feb11c76c2cc26f336da1c67115c95642c6d1b0e942235fbfef439d0cb0701bcb7f575b88fb10cc12b60c62fd51efe11778505fff52373ae601af
-
SSDEEP
12288:N4wFHoSMu49P9mPh2kkkkK4kXkkkkkkkkl888888888888888888nv:Cu49lmPh2kkkkK4kXkkkkkkkkx
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/4932-0-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3836-12-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2108-20-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3972-27-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2456-21-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3760-32-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3028-38-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3160-55-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4256-67-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1908-68-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/404-75-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2148-81-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3652-114-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3956-205-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1456-213-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2420-243-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2864-249-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/5072-266-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1716-270-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2176-274-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4308-233-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4080-222-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1944-202-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3996-198-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3152-188-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4404-177-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4084-166-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4412-155-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2260-144-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/512-138-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4844-131-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2700-125-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1188-105-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3244-96-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2224-291-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/824-293-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3228-300-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2692-308-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/372-313-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/648-319-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1348-335-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2480-357-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1828-362-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2564-387-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4832-394-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4696-398-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4496-402-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/992-456-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4148-460-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1908-470-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3200-511-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2520-513-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4572-547-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4496-561-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3372-571-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3372-575-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4476-579-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4364-607-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2052-634-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2260-823-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4716-882-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/632-916-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2732-939-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2188-1032-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/4932-0-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x0007000000023305-3.dat UPX behavioral2/memory/3836-5-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x000700000002349d-9.dat UPX behavioral2/memory/2108-13-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/3836-12-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x000700000002349e-16.dat UPX behavioral2/memory/2108-20-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x000700000002349f-23.dat UPX behavioral2/memory/3972-27-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/2456-21-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x00070000000234a0-31.dat UPX behavioral2/memory/3760-32-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x00070000000234a1-36.dat UPX behavioral2/memory/3028-38-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x00070000000234a2-41.dat UPX behavioral2/memory/552-44-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x00070000000234a3-49.dat UPX behavioral2/files/0x00070000000234a4-52.dat UPX behavioral2/memory/3160-55-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x00070000000234a5-59.dat UPX behavioral2/memory/4256-61-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x00070000000234a6-65.dat UPX behavioral2/memory/4256-67-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/1908-68-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x000800000002349a-71.dat UPX behavioral2/memory/404-75-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x00070000000234a9-84.dat UPX behavioral2/files/0x00070000000234aa-90.dat UPX behavioral2/memory/2148-81-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x00070000000234a7-78.dat UPX behavioral2/files/0x00070000000234ab-94.dat UPX behavioral2/files/0x00070000000234ad-107.dat UPX behavioral2/memory/3652-114-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x00070000000234ae-112.dat UPX behavioral2/files/0x00070000000234af-117.dat UPX behavioral2/files/0x00070000000234b0-122.dat UPX behavioral2/files/0x00070000000234b2-134.dat UPX behavioral2/files/0x00070000000234b3-140.dat UPX behavioral2/files/0x00070000000234b4-146.dat UPX behavioral2/files/0x00070000000234b5-151.dat UPX behavioral2/files/0x00070000000234b6-157.dat UPX behavioral2/files/0x00070000000234b9-172.dat UPX behavioral2/files/0x00070000000234bb-184.dat UPX behavioral2/memory/3956-205-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/1456-213-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/2420-243-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/2864-249-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/5072-266-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/1716-270-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/2176-274-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/4064-275-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/4308-233-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/4080-222-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/1944-202-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/3996-198-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/3152-188-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x00070000000234ba-179.dat UPX behavioral2/memory/4404-177-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x00070000000234b8-168.dat UPX behavioral2/memory/4084-166-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/files/0x00070000000234b7-162.dat UPX behavioral2/memory/4412-155-0x0000000000400000-0x0000000000436000-memory.dmp UPX behavioral2/memory/2260-144-0x0000000000400000-0x0000000000436000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 3836 vdvvj.exe 2108 6408828.exe 2456 5bhthh.exe 3972 bhhbnh.exe 3760 jddvj.exe 3028 nbbtnn.exe 552 u004860.exe 3160 fxxxrll.exe 2744 68628.exe 4256 dvjvj.exe 1908 fllfrll.exe 404 c288828.exe 2148 084480.exe 4116 5tnhtn.exe 3992 q48484.exe 3244 lfxrxxf.exe 1188 jppjd.exe 3256 228628.exe 3652 0060608.exe 2700 jvvpv.exe 4844 64842.exe 512 bttbtn.exe 2260 884888.exe 1772 lxxllfx.exe 4412 frrfxrf.exe 3556 2064260.exe 4084 68664.exe 2320 6444062.exe 4404 66486.exe 3904 8204086.exe 3152 82482.exe 4168 frlfrlf.exe 3504 8846046.exe 3996 60422.exe 1944 428048.exe 3956 0426222.exe 820 a6826.exe 1456 xlrfxxx.exe 5104 bbnbbh.exe 1132 426088.exe 4080 6226040.exe 4696 jdvpj.exe 4888 i822402.exe 4308 xlxllff.exe 3624 80462.exe 1400 7fxlxrl.exe 2420 444260.exe 1404 s8444.exe 2864 28220.exe 2464 840040.exe 4732 200208.exe 3124 g0624.exe 4500 tnnhhb.exe 5072 488802.exe 1716 hhhhhn.exe 2176 82008.exe 1952 28044.exe 4064 ppvpd.exe 3052 086426.exe 3064 028260.exe 3164 lxrlxrl.exe 824 3hntth.exe 2224 668226.exe 3228 rrrxffr.exe -
resource yara_rule behavioral2/memory/4932-0-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023305-3.dat upx behavioral2/memory/3836-5-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x000700000002349d-9.dat upx behavioral2/memory/2108-13-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/3836-12-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x000700000002349e-16.dat upx behavioral2/memory/2108-20-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x000700000002349f-23.dat upx behavioral2/memory/3972-27-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/2456-21-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x00070000000234a0-31.dat upx behavioral2/memory/3760-32-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x00070000000234a1-36.dat upx behavioral2/memory/3028-38-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x00070000000234a2-41.dat upx behavioral2/memory/552-44-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x00070000000234a3-49.dat upx behavioral2/files/0x00070000000234a4-52.dat upx behavioral2/memory/3160-55-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x00070000000234a5-59.dat upx behavioral2/memory/4256-61-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x00070000000234a6-65.dat upx behavioral2/memory/4256-67-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/1908-68-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x000800000002349a-71.dat upx behavioral2/memory/404-75-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x00070000000234a9-84.dat upx behavioral2/files/0x00070000000234aa-90.dat upx behavioral2/memory/2148-81-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x00070000000234a7-78.dat upx behavioral2/files/0x00070000000234ab-94.dat upx behavioral2/files/0x00070000000234ad-107.dat upx behavioral2/memory/3652-114-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x00070000000234ae-112.dat upx behavioral2/files/0x00070000000234af-117.dat upx behavioral2/files/0x00070000000234b0-122.dat upx behavioral2/files/0x00070000000234b2-134.dat upx behavioral2/files/0x00070000000234b3-140.dat upx behavioral2/files/0x00070000000234b4-146.dat upx behavioral2/files/0x00070000000234b5-151.dat upx behavioral2/files/0x00070000000234b6-157.dat upx behavioral2/files/0x00070000000234b9-172.dat upx behavioral2/files/0x00070000000234bb-184.dat upx behavioral2/memory/3956-205-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/1456-213-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/2420-243-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/2864-249-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/5072-266-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/1716-270-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/2176-274-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/4064-275-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/4308-233-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/4080-222-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/1944-202-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/3996-198-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/3152-188-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x00070000000234ba-179.dat upx behavioral2/memory/4404-177-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x00070000000234b8-168.dat upx behavioral2/memory/4084-166-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x00070000000234b7-162.dat upx behavioral2/memory/4412-155-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/2260-144-0x0000000000400000-0x0000000000436000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4932 wrote to memory of 3836 4932 fe0043477de45213c730f0c39b5d2589a0c17d3fa0a08469282a09eac8ac16c6.exe 82 PID 4932 wrote to memory of 3836 4932 fe0043477de45213c730f0c39b5d2589a0c17d3fa0a08469282a09eac8ac16c6.exe 82 PID 4932 wrote to memory of 3836 4932 fe0043477de45213c730f0c39b5d2589a0c17d3fa0a08469282a09eac8ac16c6.exe 82 PID 3836 wrote to memory of 2108 3836 vdvvj.exe 83 PID 3836 wrote to memory of 2108 3836 vdvvj.exe 83 PID 3836 wrote to memory of 2108 3836 vdvvj.exe 83 PID 2108 wrote to memory of 2456 2108 6408828.exe 84 PID 2108 wrote to memory of 2456 2108 6408828.exe 84 PID 2108 wrote to memory of 2456 2108 6408828.exe 84 PID 2456 wrote to memory of 3972 2456 5bhthh.exe 85 PID 2456 wrote to memory of 3972 2456 5bhthh.exe 85 PID 2456 wrote to memory of 3972 2456 5bhthh.exe 85 PID 3972 wrote to memory of 3760 3972 bhhbnh.exe 86 PID 3972 wrote to memory of 3760 3972 bhhbnh.exe 86 PID 3972 wrote to memory of 3760 3972 bhhbnh.exe 86 PID 3760 wrote to memory of 3028 3760 jddvj.exe 87 PID 3760 wrote to memory of 3028 3760 jddvj.exe 87 PID 3760 wrote to memory of 3028 3760 jddvj.exe 87 PID 3028 wrote to memory of 552 3028 nbbtnn.exe 89 PID 3028 wrote to memory of 552 3028 nbbtnn.exe 89 PID 3028 wrote to memory of 552 3028 nbbtnn.exe 89 PID 552 wrote to memory of 3160 552 u004860.exe 91 PID 552 wrote to memory of 3160 552 u004860.exe 91 PID 552 wrote to memory of 3160 552 u004860.exe 91 PID 3160 wrote to memory of 2744 3160 fxxxrll.exe 92 PID 3160 wrote to memory of 2744 3160 fxxxrll.exe 92 PID 3160 wrote to memory of 2744 3160 fxxxrll.exe 92 PID 2744 wrote to memory of 4256 2744 68628.exe 93 PID 2744 wrote to memory of 4256 2744 68628.exe 93 PID 2744 wrote to memory of 4256 2744 68628.exe 93 PID 4256 wrote to memory of 1908 4256 dvjvj.exe 94 PID 4256 wrote to memory of 1908 4256 dvjvj.exe 94 PID 4256 wrote to memory of 1908 4256 dvjvj.exe 94 PID 1908 wrote to memory of 404 1908 fllfrll.exe 95 PID 1908 wrote to memory of 404 1908 fllfrll.exe 95 PID 1908 wrote to memory of 404 1908 fllfrll.exe 95 PID 404 wrote to memory of 2148 404 c288828.exe 96 PID 404 wrote to memory of 2148 404 c288828.exe 96 PID 404 wrote to memory of 2148 404 c288828.exe 96 PID 2148 wrote to memory of 4116 2148 084480.exe 98 PID 2148 wrote to memory of 4116 2148 084480.exe 98 PID 2148 wrote to memory of 4116 2148 084480.exe 98 PID 4116 wrote to memory of 3992 4116 5tnhtn.exe 99 PID 4116 wrote to memory of 3992 4116 5tnhtn.exe 99 PID 4116 wrote to memory of 3992 4116 5tnhtn.exe 99 PID 3992 wrote to memory of 3244 3992 q48484.exe 100 PID 3992 wrote to memory of 3244 3992 q48484.exe 100 PID 3992 wrote to memory of 3244 3992 q48484.exe 100 PID 3244 wrote to memory of 1188 3244 lfxrxxf.exe 101 PID 3244 wrote to memory of 1188 3244 lfxrxxf.exe 101 PID 3244 wrote to memory of 1188 3244 lfxrxxf.exe 101 PID 1188 wrote to memory of 3256 1188 jppjd.exe 102 PID 1188 wrote to memory of 3256 1188 jppjd.exe 102 PID 1188 wrote to memory of 3256 1188 jppjd.exe 102 PID 3256 wrote to memory of 3652 3256 228628.exe 103 PID 3256 wrote to memory of 3652 3256 228628.exe 103 PID 3256 wrote to memory of 3652 3256 228628.exe 103 PID 3652 wrote to memory of 2700 3652 0060608.exe 104 PID 3652 wrote to memory of 2700 3652 0060608.exe 104 PID 3652 wrote to memory of 2700 3652 0060608.exe 104 PID 2700 wrote to memory of 4844 2700 jvvpv.exe 105 PID 2700 wrote to memory of 4844 2700 jvvpv.exe 105 PID 2700 wrote to memory of 4844 2700 jvvpv.exe 105 PID 4844 wrote to memory of 512 4844 64842.exe 106
Processes
-
C:\Users\Admin\AppData\Local\Temp\fe0043477de45213c730f0c39b5d2589a0c17d3fa0a08469282a09eac8ac16c6.exe"C:\Users\Admin\AppData\Local\Temp\fe0043477de45213c730f0c39b5d2589a0c17d3fa0a08469282a09eac8ac16c6.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4932 -
\??\c:\vdvvj.exec:\vdvvj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3836 -
\??\c:\6408828.exec:\6408828.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2108 -
\??\c:\5bhthh.exec:\5bhthh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2456 -
\??\c:\bhhbnh.exec:\bhhbnh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3972 -
\??\c:\jddvj.exec:\jddvj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3760 -
\??\c:\nbbtnn.exec:\nbbtnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3028 -
\??\c:\u004860.exec:\u004860.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:552 -
\??\c:\fxxxrll.exec:\fxxxrll.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3160 -
\??\c:\68628.exec:\68628.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2744 -
\??\c:\dvjvj.exec:\dvjvj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4256 -
\??\c:\fllfrll.exec:\fllfrll.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1908 -
\??\c:\c288828.exec:\c288828.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:404 -
\??\c:\084480.exec:\084480.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2148 -
\??\c:\5tnhtn.exec:\5tnhtn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4116 -
\??\c:\q48484.exec:\q48484.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3992 -
\??\c:\lfxrxxf.exec:\lfxrxxf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3244 -
\??\c:\jppjd.exec:\jppjd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1188 -
\??\c:\228628.exec:\228628.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3256 -
\??\c:\0060608.exec:\0060608.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3652 -
\??\c:\jvvpv.exec:\jvvpv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2700 -
\??\c:\64842.exec:\64842.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4844 -
\??\c:\bttbtn.exec:\bttbtn.exe23⤵
- Executes dropped EXE
PID:512 -
\??\c:\884888.exec:\884888.exe24⤵
- Executes dropped EXE
PID:2260 -
\??\c:\lxxllfx.exec:\lxxllfx.exe25⤵
- Executes dropped EXE
PID:1772 -
\??\c:\frrfxrf.exec:\frrfxrf.exe26⤵
- Executes dropped EXE
PID:4412 -
\??\c:\2064260.exec:\2064260.exe27⤵
- Executes dropped EXE
PID:3556 -
\??\c:\68664.exec:\68664.exe28⤵
- Executes dropped EXE
PID:4084 -
\??\c:\6444062.exec:\6444062.exe29⤵
- Executes dropped EXE
PID:2320 -
\??\c:\66486.exec:\66486.exe30⤵
- Executes dropped EXE
PID:4404 -
\??\c:\8204086.exec:\8204086.exe31⤵
- Executes dropped EXE
PID:3904 -
\??\c:\82482.exec:\82482.exe32⤵
- Executes dropped EXE
PID:3152 -
\??\c:\frlfrlf.exec:\frlfrlf.exe33⤵
- Executes dropped EXE
PID:4168 -
\??\c:\8846046.exec:\8846046.exe34⤵
- Executes dropped EXE
PID:3504 -
\??\c:\60422.exec:\60422.exe35⤵
- Executes dropped EXE
PID:3996 -
\??\c:\428048.exec:\428048.exe36⤵
- Executes dropped EXE
PID:1944 -
\??\c:\0426222.exec:\0426222.exe37⤵
- Executes dropped EXE
PID:3956 -
\??\c:\a6826.exec:\a6826.exe38⤵
- Executes dropped EXE
PID:820 -
\??\c:\xlrfxxx.exec:\xlrfxxx.exe39⤵
- Executes dropped EXE
PID:1456 -
\??\c:\bbnbbh.exec:\bbnbbh.exe40⤵
- Executes dropped EXE
PID:5104 -
\??\c:\426088.exec:\426088.exe41⤵
- Executes dropped EXE
PID:1132 -
\??\c:\6226040.exec:\6226040.exe42⤵
- Executes dropped EXE
PID:4080 -
\??\c:\jdvpj.exec:\jdvpj.exe43⤵
- Executes dropped EXE
PID:4696 -
\??\c:\i822402.exec:\i822402.exe44⤵
- Executes dropped EXE
PID:4888 -
\??\c:\xlxllff.exec:\xlxllff.exe45⤵
- Executes dropped EXE
PID:4308 -
\??\c:\80462.exec:\80462.exe46⤵
- Executes dropped EXE
PID:3624 -
\??\c:\7fxlxrl.exec:\7fxlxrl.exe47⤵
- Executes dropped EXE
PID:1400 -
\??\c:\444260.exec:\444260.exe48⤵
- Executes dropped EXE
PID:2420 -
\??\c:\s8444.exec:\s8444.exe49⤵
- Executes dropped EXE
PID:1404 -
\??\c:\28220.exec:\28220.exe50⤵
- Executes dropped EXE
PID:2864 -
\??\c:\840040.exec:\840040.exe51⤵
- Executes dropped EXE
PID:2464 -
\??\c:\200208.exec:\200208.exe52⤵
- Executes dropped EXE
PID:4732 -
\??\c:\g0624.exec:\g0624.exe53⤵
- Executes dropped EXE
PID:3124 -
\??\c:\tnnhhb.exec:\tnnhhb.exe54⤵
- Executes dropped EXE
PID:4500 -
\??\c:\488802.exec:\488802.exe55⤵
- Executes dropped EXE
PID:5072 -
\??\c:\hhhhhn.exec:\hhhhhn.exe56⤵
- Executes dropped EXE
PID:1716 -
\??\c:\82008.exec:\82008.exe57⤵
- Executes dropped EXE
PID:2176 -
\??\c:\28044.exec:\28044.exe58⤵
- Executes dropped EXE
PID:1952 -
\??\c:\ppvpd.exec:\ppvpd.exe59⤵
- Executes dropped EXE
PID:4064 -
\??\c:\086426.exec:\086426.exe60⤵
- Executes dropped EXE
PID:3052 -
\??\c:\028260.exec:\028260.exe61⤵
- Executes dropped EXE
PID:3064 -
\??\c:\lxrlxrl.exec:\lxrlxrl.exe62⤵
- Executes dropped EXE
PID:3164 -
\??\c:\3hntth.exec:\3hntth.exe63⤵
- Executes dropped EXE
PID:824 -
\??\c:\668226.exec:\668226.exe64⤵
- Executes dropped EXE
PID:2224 -
\??\c:\rrrxffr.exec:\rrrxffr.exe65⤵
- Executes dropped EXE
PID:3228 -
\??\c:\ththth.exec:\ththth.exe66⤵PID:2120
-
\??\c:\nbbtnh.exec:\nbbtnh.exe67⤵PID:2692
-
\??\c:\42484.exec:\42484.exe68⤵PID:3300
-
\??\c:\862626.exec:\862626.exe69⤵PID:372
-
\??\c:\hnnbnh.exec:\hnnbnh.exe70⤵PID:648
-
\??\c:\828800.exec:\828800.exe71⤵PID:2232
-
\??\c:\thtnhh.exec:\thtnhh.exe72⤵PID:2508
-
\??\c:\828248.exec:\828248.exe73⤵PID:1728
-
\??\c:\ttttnh.exec:\ttttnh.exe74⤵PID:2256
-
\??\c:\9xfxllx.exec:\9xfxllx.exe75⤵PID:1348
-
\??\c:\pvdpj.exec:\pvdpj.exe76⤵PID:548
-
\??\c:\lxlfrll.exec:\lxlfrll.exe77⤵PID:3048
-
\??\c:\w80426.exec:\w80426.exe78⤵PID:1704
-
\??\c:\fxxrlfx.exec:\fxxrlfx.exe79⤵PID:3676
-
\??\c:\pppjj.exec:\pppjj.exe80⤵PID:4188
-
\??\c:\622488.exec:\622488.exe81⤵PID:3080
-
\??\c:\btnhbt.exec:\btnhbt.exe82⤵PID:2480
-
\??\c:\6442604.exec:\6442604.exe83⤵PID:3152
-
\??\c:\ddjdd.exec:\ddjdd.exe84⤵PID:1828
-
\??\c:\82640.exec:\82640.exe85⤵PID:1548
-
\??\c:\2682628.exec:\2682628.exe86⤵PID:3956
-
\??\c:\428642.exec:\428642.exe87⤵PID:4796
-
\??\c:\5jdvp.exec:\5jdvp.exe88⤵PID:1380
-
\??\c:\jppvd.exec:\jppvd.exe89⤵PID:1644
-
\??\c:\jdvvv.exec:\jdvvv.exe90⤵PID:4384
-
\??\c:\nttnbh.exec:\nttnbh.exe91⤵PID:2564
-
\??\c:\8442042.exec:\8442042.exe92⤵PID:4672
-
\??\c:\0806868.exec:\0806868.exe93⤵PID:4832
-
\??\c:\o626824.exec:\o626824.exe94⤵PID:4696
-
\??\c:\jdjvj.exec:\jdjvj.exe95⤵PID:4496
-
\??\c:\6822446.exec:\6822446.exe96⤵PID:1664
-
\??\c:\2800448.exec:\2800448.exe97⤵PID:4932
-
\??\c:\420648.exec:\420648.exe98⤵PID:2452
-
\??\c:\e62488.exec:\e62488.exe99⤵PID:3372
-
\??\c:\628822.exec:\628822.exe100⤵PID:5068
-
\??\c:\48484.exec:\48484.exe101⤵PID:2464
-
\??\c:\260826.exec:\260826.exe102⤵PID:4732
-
\??\c:\ddvdv.exec:\ddvdv.exe103⤵PID:3304
-
\??\c:\jvdvj.exec:\jvdvj.exe104⤵PID:2036
-
\??\c:\0486268.exec:\0486268.exe105⤵PID:4920
-
\??\c:\nbhthb.exec:\nbhthb.exe106⤵PID:4340
-
\??\c:\tntbnb.exec:\tntbnb.exe107⤵PID:896
-
\??\c:\ppdpj.exec:\ppdpj.exe108⤵PID:2340
-
\??\c:\088826.exec:\088826.exe109⤵PID:3780
-
\??\c:\nhnnhh.exec:\nhnnhh.exe110⤵PID:4336
-
\??\c:\6626004.exec:\6626004.exe111⤵PID:4688
-
\??\c:\ppvpj.exec:\ppvpj.exe112⤵PID:992
-
\??\c:\lfllfxr.exec:\lfllfxr.exe113⤵PID:4860
-
\??\c:\ppvpd.exec:\ppvpd.exe114⤵PID:4148
-
\??\c:\202004.exec:\202004.exe115⤵PID:1212
-
\??\c:\260240.exec:\260240.exe116⤵PID:940
-
\??\c:\88804.exec:\88804.exe117⤵PID:1908
-
\??\c:\nnbbnt.exec:\nnbbnt.exe118⤵PID:2052
-
\??\c:\vpdvp.exec:\vpdvp.exe119⤵PID:2548
-
\??\c:\9rllffx.exec:\9rllffx.exe120⤵PID:632
-
\??\c:\9vjvp.exec:\9vjvp.exe121⤵PID:604
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-