Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
30/05/2024, 18:40
Behavioral task
behavioral1
Sample
0c9a957b19227b48aa802652461b525fb9dd7654a5d057cc390d3f560e150ea7.exe
Resource
win7-20240508-en
windows7-x64
6 signatures
150 seconds
General
-
Target
0c9a957b19227b48aa802652461b525fb9dd7654a5d057cc390d3f560e150ea7.exe
-
Size
540KB
-
MD5
19a082720cae7b5ea2832a528fb44686
-
SHA1
d06c5bec3e9615f7096eaf9ce2c5defe4ff1b35a
-
SHA256
0c9a957b19227b48aa802652461b525fb9dd7654a5d057cc390d3f560e150ea7
-
SHA512
70c4472ad11b372288660b79baeaa5efd83bc45ecec9972e80f49acd075b17d3b1a054536a654d9a5c73c31bf4b593bae490eda288c1806a518f0d8e5d4f366b
-
SSDEEP
6144:Ucm4FmowdHoSEsIR7DsFhraHcpOaKHpXfRo0V8JcgE+ezpg1xrloBNTNDoD7:i4wFHoSEsIR7seFaKHpv/VycgE81lg8
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/4940-7-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/2492-8-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/4432-18-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/2028-20-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/1160-26-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/1480-38-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/636-45-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/3552-37-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/2280-65-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/1196-71-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/4696-95-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/1792-102-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/1340-113-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/4400-125-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/1388-130-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/864-145-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/976-155-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/4468-173-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/2240-168-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/1240-179-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/944-185-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/4544-192-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/708-211-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/1972-206-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/4348-221-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/2776-228-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/2640-233-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/4296-240-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/2892-250-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/1060-260-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/2776-232-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/1132-269-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/2492-268-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/4984-264-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/2116-197-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/4124-292-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/3228-97-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/4948-84-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/4404-83-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/5008-56-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/5032-303-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/4732-316-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/4620-346-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/3372-384-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/4468-394-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/4576-428-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/4804-432-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/3868-451-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/5088-458-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/1768-514-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/3968-524-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/3456-534-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/896-544-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/5044-557-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/4412-567-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/2768-574-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/564-590-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/4352-606-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/944-607-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/2944-614-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/2968-681-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/3484-685-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/3404-743-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral2/memory/700-774-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/4940-0-0x0000000000400000-0x0000000000435000-memory.dmp UPX behavioral2/memory/4940-7-0x0000000000400000-0x0000000000435000-memory.dmp UPX behavioral2/memory/2492-8-0x0000000000400000-0x0000000000435000-memory.dmp UPX behavioral2/files/0x0007000000023296-4.dat UPX behavioral2/files/0x0008000000023433-11.dat UPX behavioral2/memory/4432-13-0x0000000000400000-0x0000000000435000-memory.dmp UPX behavioral2/files/0x0007000000023438-14.dat UPX behavioral2/memory/4432-18-0x0000000000400000-0x0000000000435000-memory.dmp UPX behavioral2/memory/2028-20-0x0000000000400000-0x0000000000435000-memory.dmp UPX behavioral2/files/0x0007000000023439-23.dat UPX behavioral2/memory/1160-26-0x0000000000400000-0x0000000000435000-memory.dmp UPX behavioral2/files/0x000700000002343a-29.dat UPX behavioral2/files/0x000700000002343b-34.dat UPX behavioral2/memory/1480-38-0x0000000000400000-0x0000000000435000-memory.dmp UPX behavioral2/files/0x000700000002343c-41.dat UPX behavioral2/memory/636-45-0x0000000000400000-0x0000000000435000-memory.dmp UPX behavioral2/files/0x000700000002343d-47.dat UPX behavioral2/memory/3552-37-0x0000000000400000-0x0000000000435000-memory.dmp UPX behavioral2/files/0x000700000002343e-52.dat UPX behavioral2/files/0x000700000002343f-60.dat UPX behavioral2/files/0x0007000000023440-66.dat UPX behavioral2/memory/2280-65-0x0000000000400000-0x0000000000435000-memory.dmp UPX behavioral2/files/0x0007000000023441-72.dat UPX behavioral2/memory/1196-71-0x0000000000400000-0x0000000000435000-memory.dmp UPX behavioral2/files/0x0007000000023442-77.dat UPX behavioral2/files/0x0007000000023443-80.dat UPX behavioral2/files/0x0007000000023444-87.dat UPX behavioral2/memory/4696-95-0x0000000000400000-0x0000000000435000-memory.dmp UPX behavioral2/files/0x0007000000023445-94.dat UPX behavioral2/memory/1792-102-0x0000000000400000-0x0000000000435000-memory.dmp UPX behavioral2/files/0x0007000000023446-101.dat UPX behavioral2/files/0x0007000000023447-107.dat UPX behavioral2/files/0x0008000000023434-110.dat UPX behavioral2/memory/1340-113-0x0000000000400000-0x0000000000435000-memory.dmp UPX behavioral2/files/0x0007000000023448-118.dat UPX behavioral2/files/0x0007000000023449-122.dat UPX behavioral2/memory/4400-125-0x0000000000400000-0x0000000000435000-memory.dmp UPX behavioral2/files/0x000700000002344a-128.dat UPX behavioral2/memory/1388-130-0x0000000000400000-0x0000000000435000-memory.dmp UPX behavioral2/files/0x000700000002344b-134.dat UPX behavioral2/files/0x000700000002344c-140.dat UPX behavioral2/files/0x000700000002344d-146.dat UPX behavioral2/memory/864-145-0x0000000000400000-0x0000000000435000-memory.dmp UPX behavioral2/files/0x0007000000023440-149.dat UPX behavioral2/files/0x000700000002344e-156.dat UPX behavioral2/memory/976-155-0x0000000000400000-0x0000000000435000-memory.dmp UPX behavioral2/files/0x000700000002344f-161.dat UPX behavioral2/memory/4468-173-0x0000000000400000-0x0000000000435000-memory.dmp UPX behavioral2/files/0x0007000000023451-172.dat UPX behavioral2/memory/2240-168-0x0000000000400000-0x0000000000435000-memory.dmp UPX behavioral2/memory/1240-179-0x0000000000400000-0x0000000000435000-memory.dmp UPX behavioral2/files/0x0007000000023452-177.dat UPX behavioral2/memory/944-185-0x0000000000400000-0x0000000000435000-memory.dmp UPX behavioral2/memory/4544-192-0x0000000000400000-0x0000000000435000-memory.dmp UPX behavioral2/memory/708-211-0x0000000000400000-0x0000000000435000-memory.dmp UPX behavioral2/memory/708-207-0x0000000000400000-0x0000000000435000-memory.dmp UPX behavioral2/memory/1972-206-0x0000000000400000-0x0000000000435000-memory.dmp UPX behavioral2/memory/4348-221-0x0000000000400000-0x0000000000435000-memory.dmp UPX behavioral2/memory/2776-228-0x0000000000400000-0x0000000000435000-memory.dmp UPX behavioral2/memory/2640-233-0x0000000000400000-0x0000000000435000-memory.dmp UPX behavioral2/memory/4296-240-0x0000000000400000-0x0000000000435000-memory.dmp UPX behavioral2/memory/2892-250-0x0000000000400000-0x0000000000435000-memory.dmp UPX behavioral2/memory/1060-260-0x0000000000400000-0x0000000000435000-memory.dmp UPX behavioral2/memory/2776-232-0x0000000000400000-0x0000000000435000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 2492 bbtbhh.exe 4432 dvpvj.exe 2028 xllfrlf.exe 1160 fxrflfl.exe 3552 bnnhtn.exe 1480 xlfxrxr.exe 636 xrfxlrl.exe 1676 bnbnnn.exe 5008 rllfxlf.exe 2280 jddvj.exe 1196 jvjvj.exe 1928 dvvpj.exe 4404 fxlrlll.exe 4948 nnttnt.exe 4696 jdvjd.exe 3228 rxrlfrr.exe 1792 hbnhhb.exe 1340 djppp.exe 1012 lfxlrlr.exe 4656 hhtttn.exe 4400 bhnhhh.exe 1388 dppdp.exe 2716 tthtbn.exe 864 dpppv.exe 2564 hththb.exe 976 jvjvj.exe 3372 7rlxrrr.exe 3880 pjjdp.exe 2240 frxlxrl.exe 4468 lffrlfx.exe 1240 hbnhbb.exe 944 lllfrlf.exe 4544 frxrlfx.exe 2448 ttbtbb.exe 2116 pjjvj.exe 5064 lrxrffx.exe 1972 hhhbtn.exe 708 5tbnbb.exe 4456 pvddj.exe 2332 pjjdp.exe 4348 lxfflrf.exe 3704 nhnhhb.exe 516 jpvjp.exe 2776 1ffrlff.exe 2640 xfxrlfx.exe 3016 bhntnh.exe 4296 djjjd.exe 4612 jddjd.exe 2904 3llfrrf.exe 2892 bnhhhb.exe 2684 pjvjp.exe 1060 ppdpd.exe 4984 lfxxrlf.exe 2492 btbbhb.exe 1132 xlxffrf.exe 2288 3bhbnh.exe 1880 dvpjp.exe 1916 dppvv.exe 1156 1xllxxx.exe 1088 hnnbth.exe 4124 3dvpj.exe 4616 rllxrlf.exe 1312 hbthbt.exe 5032 5hnhbb.exe -
resource yara_rule behavioral2/memory/4940-0-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral2/memory/4940-7-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral2/memory/2492-8-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral2/files/0x0007000000023296-4.dat upx behavioral2/files/0x0008000000023433-11.dat upx behavioral2/memory/4432-13-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral2/files/0x0007000000023438-14.dat upx behavioral2/memory/4432-18-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral2/memory/2028-20-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral2/files/0x0007000000023439-23.dat upx behavioral2/memory/1160-26-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral2/files/0x000700000002343a-29.dat upx behavioral2/files/0x000700000002343b-34.dat upx behavioral2/memory/1480-38-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral2/files/0x000700000002343c-41.dat upx behavioral2/memory/636-45-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral2/files/0x000700000002343d-47.dat upx behavioral2/memory/3552-37-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral2/files/0x000700000002343e-52.dat upx behavioral2/files/0x000700000002343f-60.dat upx behavioral2/files/0x0007000000023440-66.dat upx behavioral2/memory/2280-65-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral2/files/0x0007000000023441-72.dat upx behavioral2/memory/1196-71-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral2/files/0x0007000000023442-77.dat upx behavioral2/files/0x0007000000023443-80.dat upx behavioral2/files/0x0007000000023444-87.dat upx behavioral2/memory/4696-95-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral2/files/0x0007000000023445-94.dat upx behavioral2/memory/1792-102-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral2/files/0x0007000000023446-101.dat upx behavioral2/files/0x0007000000023447-107.dat upx behavioral2/files/0x0008000000023434-110.dat upx behavioral2/memory/1340-113-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral2/files/0x0007000000023448-118.dat upx behavioral2/files/0x0007000000023449-122.dat upx behavioral2/memory/4400-125-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral2/files/0x000700000002344a-128.dat upx behavioral2/memory/1388-130-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral2/files/0x000700000002344b-134.dat upx behavioral2/files/0x000700000002344c-140.dat upx behavioral2/files/0x000700000002344d-146.dat upx behavioral2/memory/864-145-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral2/files/0x0007000000023440-149.dat upx behavioral2/files/0x000700000002344e-156.dat upx behavioral2/memory/976-155-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral2/files/0x000700000002344f-161.dat upx behavioral2/memory/4468-173-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral2/files/0x0007000000023451-172.dat upx behavioral2/memory/2240-168-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral2/memory/1240-179-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral2/files/0x0007000000023452-177.dat upx behavioral2/memory/944-185-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral2/memory/4544-192-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral2/memory/708-211-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral2/memory/708-207-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral2/memory/1972-206-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral2/memory/4348-221-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral2/memory/2776-228-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral2/memory/2640-233-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral2/memory/4296-240-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral2/memory/2892-250-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral2/memory/1060-260-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral2/memory/2776-232-0x0000000000400000-0x0000000000435000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4940 wrote to memory of 2492 4940 0c9a957b19227b48aa802652461b525fb9dd7654a5d057cc390d3f560e150ea7.exe 81 PID 4940 wrote to memory of 2492 4940 0c9a957b19227b48aa802652461b525fb9dd7654a5d057cc390d3f560e150ea7.exe 81 PID 4940 wrote to memory of 2492 4940 0c9a957b19227b48aa802652461b525fb9dd7654a5d057cc390d3f560e150ea7.exe 81 PID 2492 wrote to memory of 4432 2492 bbtbhh.exe 82 PID 2492 wrote to memory of 4432 2492 bbtbhh.exe 82 PID 2492 wrote to memory of 4432 2492 bbtbhh.exe 82 PID 4432 wrote to memory of 2028 4432 dvpvj.exe 83 PID 4432 wrote to memory of 2028 4432 dvpvj.exe 83 PID 4432 wrote to memory of 2028 4432 dvpvj.exe 83 PID 2028 wrote to memory of 1160 2028 xllfrlf.exe 84 PID 2028 wrote to memory of 1160 2028 xllfrlf.exe 84 PID 2028 wrote to memory of 1160 2028 xllfrlf.exe 84 PID 1160 wrote to memory of 3552 1160 fxrflfl.exe 85 PID 1160 wrote to memory of 3552 1160 fxrflfl.exe 85 PID 1160 wrote to memory of 3552 1160 fxrflfl.exe 85 PID 3552 wrote to memory of 1480 3552 bnnhtn.exe 86 PID 3552 wrote to memory of 1480 3552 bnnhtn.exe 86 PID 3552 wrote to memory of 1480 3552 bnnhtn.exe 86 PID 1480 wrote to memory of 636 1480 xlfxrxr.exe 87 PID 1480 wrote to memory of 636 1480 xlfxrxr.exe 87 PID 1480 wrote to memory of 636 1480 xlfxrxr.exe 87 PID 636 wrote to memory of 1676 636 xrfxlrl.exe 88 PID 636 wrote to memory of 1676 636 xrfxlrl.exe 88 PID 636 wrote to memory of 1676 636 xrfxlrl.exe 88 PID 1676 wrote to memory of 5008 1676 bnbnnn.exe 89 PID 1676 wrote to memory of 5008 1676 bnbnnn.exe 89 PID 1676 wrote to memory of 5008 1676 bnbnnn.exe 89 PID 5008 wrote to memory of 2280 5008 rllfxlf.exe 147 PID 5008 wrote to memory of 2280 5008 rllfxlf.exe 147 PID 5008 wrote to memory of 2280 5008 rllfxlf.exe 147 PID 2280 wrote to memory of 1196 2280 jddvj.exe 91 PID 2280 wrote to memory of 1196 2280 jddvj.exe 91 PID 2280 wrote to memory of 1196 2280 jddvj.exe 91 PID 1196 wrote to memory of 1928 1196 jvjvj.exe 92 PID 1196 wrote to memory of 1928 1196 jvjvj.exe 92 PID 1196 wrote to memory of 1928 1196 jvjvj.exe 92 PID 1928 wrote to memory of 4404 1928 dvvpj.exe 151 PID 1928 wrote to memory of 4404 1928 dvvpj.exe 151 PID 1928 wrote to memory of 4404 1928 dvvpj.exe 151 PID 4404 wrote to memory of 4948 4404 fxlrlll.exe 94 PID 4404 wrote to memory of 4948 4404 fxlrlll.exe 94 PID 4404 wrote to memory of 4948 4404 fxlrlll.exe 94 PID 4948 wrote to memory of 4696 4948 nnttnt.exe 95 PID 4948 wrote to memory of 4696 4948 nnttnt.exe 95 PID 4948 wrote to memory of 4696 4948 nnttnt.exe 95 PID 4696 wrote to memory of 3228 4696 jdvjd.exe 96 PID 4696 wrote to memory of 3228 4696 jdvjd.exe 96 PID 4696 wrote to memory of 3228 4696 jdvjd.exe 96 PID 3228 wrote to memory of 1792 3228 rxrlfrr.exe 97 PID 3228 wrote to memory of 1792 3228 rxrlfrr.exe 97 PID 3228 wrote to memory of 1792 3228 rxrlfrr.exe 97 PID 1792 wrote to memory of 1340 1792 hbnhhb.exe 98 PID 1792 wrote to memory of 1340 1792 hbnhhb.exe 98 PID 1792 wrote to memory of 1340 1792 hbnhhb.exe 98 PID 1340 wrote to memory of 1012 1340 djppp.exe 99 PID 1340 wrote to memory of 1012 1340 djppp.exe 99 PID 1340 wrote to memory of 1012 1340 djppp.exe 99 PID 1012 wrote to memory of 4656 1012 lfxlrlr.exe 100 PID 1012 wrote to memory of 4656 1012 lfxlrlr.exe 100 PID 1012 wrote to memory of 4656 1012 lfxlrlr.exe 100 PID 4656 wrote to memory of 4400 4656 hhtttn.exe 161 PID 4656 wrote to memory of 4400 4656 hhtttn.exe 161 PID 4656 wrote to memory of 4400 4656 hhtttn.exe 161 PID 4400 wrote to memory of 1388 4400 bhnhhh.exe 102
Processes
-
C:\Users\Admin\AppData\Local\Temp\0c9a957b19227b48aa802652461b525fb9dd7654a5d057cc390d3f560e150ea7.exe"C:\Users\Admin\AppData\Local\Temp\0c9a957b19227b48aa802652461b525fb9dd7654a5d057cc390d3f560e150ea7.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4940 -
\??\c:\bbtbhh.exec:\bbtbhh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2492 -
\??\c:\dvpvj.exec:\dvpvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4432 -
\??\c:\xllfrlf.exec:\xllfrlf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2028 -
\??\c:\fxrflfl.exec:\fxrflfl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1160 -
\??\c:\bnnhtn.exec:\bnnhtn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3552 -
\??\c:\xlfxrxr.exec:\xlfxrxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1480 -
\??\c:\xrfxlrl.exec:\xrfxlrl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:636 -
\??\c:\bnbnnn.exec:\bnbnnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1676 -
\??\c:\rllfxlf.exec:\rllfxlf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5008 -
\??\c:\jddvj.exec:\jddvj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2280 -
\??\c:\jvjvj.exec:\jvjvj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1196 -
\??\c:\dvvpj.exec:\dvvpj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1928 -
\??\c:\fxlrlll.exec:\fxlrlll.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4404 -
\??\c:\nnttnt.exec:\nnttnt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4948 -
\??\c:\jdvjd.exec:\jdvjd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4696 -
\??\c:\rxrlfrr.exec:\rxrlfrr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3228 -
\??\c:\hbnhhb.exec:\hbnhhb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1792 -
\??\c:\djppp.exec:\djppp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1340 -
\??\c:\lfxlrlr.exec:\lfxlrlr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1012 -
\??\c:\hhtttn.exec:\hhtttn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4656 -
\??\c:\bhnhhh.exec:\bhnhhh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4400 -
\??\c:\dppdp.exec:\dppdp.exe23⤵
- Executes dropped EXE
PID:1388 -
\??\c:\tthtbn.exec:\tthtbn.exe24⤵
- Executes dropped EXE
PID:2716 -
\??\c:\dpppv.exec:\dpppv.exe25⤵
- Executes dropped EXE
PID:864 -
\??\c:\hththb.exec:\hththb.exe26⤵
- Executes dropped EXE
PID:2564 -
\??\c:\jvjvj.exec:\jvjvj.exe27⤵
- Executes dropped EXE
PID:976 -
\??\c:\7rlxrrr.exec:\7rlxrrr.exe28⤵
- Executes dropped EXE
PID:3372 -
\??\c:\pjjdp.exec:\pjjdp.exe29⤵
- Executes dropped EXE
PID:3880 -
\??\c:\frxlxrl.exec:\frxlxrl.exe30⤵
- Executes dropped EXE
PID:2240 -
\??\c:\lffrlfx.exec:\lffrlfx.exe31⤵
- Executes dropped EXE
PID:4468 -
\??\c:\hbnhbb.exec:\hbnhbb.exe32⤵
- Executes dropped EXE
PID:1240 -
\??\c:\lllfrlf.exec:\lllfrlf.exe33⤵
- Executes dropped EXE
PID:944 -
\??\c:\frxrlfx.exec:\frxrlfx.exe34⤵
- Executes dropped EXE
PID:4544 -
\??\c:\ttbtbb.exec:\ttbtbb.exe35⤵
- Executes dropped EXE
PID:2448 -
\??\c:\pjjvj.exec:\pjjvj.exe36⤵
- Executes dropped EXE
PID:2116 -
\??\c:\lrxrffx.exec:\lrxrffx.exe37⤵
- Executes dropped EXE
PID:5064 -
\??\c:\hhhbtn.exec:\hhhbtn.exe38⤵
- Executes dropped EXE
PID:1972 -
\??\c:\5tbnbb.exec:\5tbnbb.exe39⤵
- Executes dropped EXE
PID:708 -
\??\c:\pvddj.exec:\pvddj.exe40⤵
- Executes dropped EXE
PID:4456 -
\??\c:\pjjdp.exec:\pjjdp.exe41⤵
- Executes dropped EXE
PID:2332 -
\??\c:\lxfflrf.exec:\lxfflrf.exe42⤵
- Executes dropped EXE
PID:4348 -
\??\c:\nhnhhb.exec:\nhnhhb.exe43⤵
- Executes dropped EXE
PID:3704 -
\??\c:\jpvjp.exec:\jpvjp.exe44⤵
- Executes dropped EXE
PID:516 -
\??\c:\1ffrlff.exec:\1ffrlff.exe45⤵
- Executes dropped EXE
PID:2776 -
\??\c:\xfxrlfx.exec:\xfxrlfx.exe46⤵
- Executes dropped EXE
PID:2640 -
\??\c:\bhntnh.exec:\bhntnh.exe47⤵
- Executes dropped EXE
PID:3016 -
\??\c:\djjjd.exec:\djjjd.exe48⤵
- Executes dropped EXE
PID:4296 -
\??\c:\jddjd.exec:\jddjd.exe49⤵
- Executes dropped EXE
PID:4612 -
\??\c:\3llfrrf.exec:\3llfrrf.exe50⤵
- Executes dropped EXE
PID:2904 -
\??\c:\bnhhhb.exec:\bnhhhb.exe51⤵
- Executes dropped EXE
PID:2892 -
\??\c:\pjvjp.exec:\pjvjp.exe52⤵
- Executes dropped EXE
PID:2684 -
\??\c:\ppdpd.exec:\ppdpd.exe53⤵
- Executes dropped EXE
PID:1060 -
\??\c:\lfxxrlf.exec:\lfxxrlf.exe54⤵
- Executes dropped EXE
PID:4984 -
\??\c:\btbbhb.exec:\btbbhb.exe55⤵
- Executes dropped EXE
PID:2492 -
\??\c:\xlxffrf.exec:\xlxffrf.exe56⤵
- Executes dropped EXE
PID:1132 -
\??\c:\3bhbnh.exec:\3bhbnh.exe57⤵
- Executes dropped EXE
PID:2288 -
\??\c:\dvpjp.exec:\dvpjp.exe58⤵
- Executes dropped EXE
PID:1880 -
\??\c:\dppvv.exec:\dppvv.exe59⤵
- Executes dropped EXE
PID:1916 -
\??\c:\1xllxxx.exec:\1xllxxx.exe60⤵
- Executes dropped EXE
PID:1156 -
\??\c:\hnnbth.exec:\hnnbth.exe61⤵
- Executes dropped EXE
PID:1088 -
\??\c:\3dvpj.exec:\3dvpj.exe62⤵
- Executes dropped EXE
PID:4124 -
\??\c:\rllxrlf.exec:\rllxrlf.exe63⤵
- Executes dropped EXE
PID:4616 -
\??\c:\hbthbt.exec:\hbthbt.exe64⤵
- Executes dropped EXE
PID:1312 -
\??\c:\5hnhbb.exec:\5hnhbb.exe65⤵
- Executes dropped EXE
PID:5032 -
\??\c:\7jvpj.exec:\7jvpj.exe66⤵PID:224
-
\??\c:\7rlfxrr.exec:\7rlfxrr.exe67⤵PID:4844
-
\??\c:\bttnhh.exec:\bttnhh.exe68⤵PID:2280
-
\??\c:\dppjd.exec:\dppjd.exe69⤵PID:1464
-
\??\c:\vjdvv.exec:\vjdvv.exe70⤵PID:4732
-
\??\c:\5frflll.exec:\5frflll.exe71⤵PID:3872
-
\??\c:\tbbbtt.exec:\tbbbtt.exe72⤵PID:4404
-
\??\c:\dpppp.exec:\dpppp.exe73⤵PID:4084
-
\??\c:\dvdvp.exec:\dvdvp.exe74⤵PID:4716
-
\??\c:\3xxrlfx.exec:\3xxrlfx.exe75⤵PID:3640
-
\??\c:\tbtbnt.exec:\tbtbnt.exe76⤵PID:2924
-
\??\c:\pvvjp.exec:\pvvjp.exe77⤵PID:3200
-
\??\c:\xrxrfxf.exec:\xrxrfxf.exe78⤵PID:4620
-
\??\c:\tntnhb.exec:\tntnhb.exe79⤵PID:3216
-
\??\c:\jdvpd.exec:\jdvpd.exe80⤵PID:696
-
\??\c:\pjpjp.exec:\pjpjp.exe81⤵PID:1152
-
\??\c:\rrxxllf.exec:\rrxxllf.exe82⤵PID:4400
-
\??\c:\jdvvp.exec:\jdvvp.exe83⤵PID:556
-
\??\c:\jvvpd.exec:\jvvpd.exe84⤵PID:4820
-
\??\c:\vvpjv.exec:\vvpjv.exe85⤵PID:3396
-
\??\c:\bnnnnh.exec:\bnnnnh.exe86⤵PID:3304
-
\??\c:\pvdpj.exec:\pvdpj.exe87⤵PID:2316
-
\??\c:\7flfrlx.exec:\7flfrlx.exe88⤵PID:2296
-
\??\c:\nnttbb.exec:\nnttbb.exe89⤵PID:4512
-
\??\c:\5dppv.exec:\5dppv.exe90⤵PID:3372
-
\??\c:\ffffrll.exec:\ffffrll.exe91⤵PID:2964
-
\??\c:\9ttnhb.exec:\9ttnhb.exe92⤵PID:5112
-
\??\c:\pjjdv.exec:\pjjdv.exe93⤵PID:4548
-
\??\c:\ffrrrrl.exec:\ffrrrrl.exe94⤵PID:4468
-
\??\c:\htbnhh.exec:\htbnhh.exe95⤵PID:3244
-
\??\c:\ppvjd.exec:\ppvjd.exe96⤵PID:5072
-
\??\c:\9ppdv.exec:\9ppdv.exe97⤵PID:3416
-
\??\c:\flxrfxr.exec:\flxrfxr.exe98⤵PID:4660
-
\??\c:\1ttntt.exec:\1ttntt.exe99⤵PID:1784
-
\??\c:\pjdvp.exec:\pjdvp.exe100⤵PID:3112
-
\??\c:\llrlllf.exec:\llrlllf.exe101⤵PID:5064
-
\??\c:\hbtntn.exec:\hbtntn.exe102⤵PID:1972
-
\??\c:\tnhbbh.exec:\tnhbbh.exe103⤵PID:988
-
\??\c:\5jvpv.exec:\5jvpv.exe104⤵PID:4576
-
\??\c:\5rxxxxx.exec:\5rxxxxx.exe105⤵PID:4804
-
\??\c:\tnhbtn.exec:\tnhbtn.exe106⤵PID:876
-
\??\c:\vdvpj.exec:\vdvpj.exe107⤵PID:3648
-
\??\c:\frxrlxr.exec:\frxrlxr.exe108⤵PID:3008
-
\??\c:\fxxxrlf.exec:\fxxxrlf.exe109⤵PID:3644
-
\??\c:\thtbhn.exec:\thtbhn.exe110⤵PID:2776
-
\??\c:\vvjjd.exec:\vvjjd.exe111⤵PID:3868
-
\??\c:\xxxxxxr.exec:\xxxxxxr.exe112⤵PID:3016
-
\??\c:\bbhtht.exec:\bbhtht.exe113⤵PID:5088
-
\??\c:\dpjdv.exec:\dpjdv.exe114⤵PID:4612
-
\??\c:\xrlxfrx.exec:\xrlxfrx.exe115⤵PID:2188
-
\??\c:\rrrrlrl.exec:\rrrrlrl.exe116⤵PID:4472
-
\??\c:\nhnnhh.exec:\nhnnhh.exe117⤵PID:4808
-
\??\c:\jjvpv.exec:\jjvpv.exe118⤵PID:1060
-
\??\c:\xlrffxr.exec:\xlrffxr.exe119⤵PID:4984
-
\??\c:\xflllfx.exec:\xflllfx.exe120⤵PID:1092
-
\??\c:\bttttn.exec:\bttttn.exe121⤵PID:1344
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-