Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
31/05/2024, 02:41
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c5185c224bb6856673f4c5b32ef3c9bdf3f6b1deab99ad93361dcf8b35e12f70.exe
Resource
win7-20231129-en
windows7-x64
6 signatures
150 seconds
General
-
Target
c5185c224bb6856673f4c5b32ef3c9bdf3f6b1deab99ad93361dcf8b35e12f70.exe
-
Size
330KB
-
MD5
d77be94cac6d99051f13e19aab3943ec
-
SHA1
7bdcddb54f342197effbde5ef7e3452d6f92df09
-
SHA256
c5185c224bb6856673f4c5b32ef3c9bdf3f6b1deab99ad93361dcf8b35e12f70
-
SHA512
2d63b0a658dc024c90fe89704982c642b8ce6c8ce095ff3e57ea5ba4de02a8d10335c17b3a93e8c22548478b193fadd9086f230be7adfa5a24ef280b338e8304
-
SSDEEP
6144:3cm7ImGddXsJdJIjaRleL42bL37BoTPkhu9gX5yGsTshQc8R0nxA5ij8+RC7tPhK:F7Tc8JdSjylh2b77BoTMA9gX59sTsuT6
Malware Config
Signatures
-
Detect Blackmoon payload 41 IoCs
resource yara_rule behavioral1/memory/2232-7-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2992-18-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2260-30-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2820-28-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2580-46-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2844-48-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2692-73-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2780-101-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2464-86-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2984-103-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/760-127-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2808-153-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1500-171-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/580-223-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2820-324-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2556-344-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2484-372-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1896-391-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1928-410-0x00000000003A0000-0x00000000003CA000-memory.dmp family_blackmoon behavioral1/memory/2828-351-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1788-325-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/872-292-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2032-275-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1300-213-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1876-189-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2300-187-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2624-82-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2184-436-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2408-462-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/956-476-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1044-501-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2848-526-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/544-591-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2636-656-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2448-669-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2428-707-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2184-720-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/1620-783-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2892-876-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1760-1024-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2656-1141-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral1/memory/2232-0-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2232-7-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2992-9-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2992-18-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2260-30-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2820-28-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2580-46-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2844-48-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2692-73-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2780-101-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2464-86-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2984-103-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/760-127-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2808-153-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1500-171-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/580-223-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2032-266-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2820-324-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2556-344-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2484-372-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1896-391-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1928-404-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2828-351-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1788-325-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1600-299-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/872-292-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2156-276-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2032-275-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1300-213-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1876-189-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2300-187-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1940-129-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2624-82-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2184-436-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2408-462-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/672-469-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/956-476-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1044-501-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1644-533-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2860-546-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/3056-553-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/544-584-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/544-591-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2704-610-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2072-617-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2552-624-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2488-637-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2636-656-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2448-669-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2520-688-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2428-707-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2248-733-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1880-746-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1620-783-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1196-856-0x0000000000220000-0x000000000024A000-memory.dmp UPX behavioral1/memory/1012-863-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2892-876-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/3036-926-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2616-945-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2144-958-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1640-991-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/2144-990-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1824-998-0x0000000000400000-0x000000000042A000-memory.dmp UPX behavioral1/memory/1688-1017-0x0000000000400000-0x000000000042A000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 2992 vvjpp.exe 2820 1thntn.exe 2260 dpdjj.exe 2580 frrlllx.exe 2844 rlxfrrx.exe 2720 5btbbt.exe 2692 jdjvj.exe 2624 3lxxxff.exe 2464 xrflxxf.exe 2780 nnhnnn.exe 2984 pdppp.exe 2908 ffrxlrx.exe 760 lxfflfl.exe 1940 5nbttn.exe 1516 pdjdj.exe 2808 lxfxfll.exe 1060 1nnnnh.exe 2920 5vdvv.exe 1500 djvpd.exe 2300 xrfffxf.exe 1876 9nbhhh.exe 796 nbnnnn.exe 1300 pvdpd.exe 580 xrfrxxx.exe 1900 9nttbt.exe 1616 jdjpj.exe 2276 tnbttb.exe 1152 tnthnb.exe 2272 pdpjp.exe 2032 xrllrxl.exe 2156 5nbhnt.exe 872 hhtnnh.exe 756 7vdpp.exe 1600 pdpjp.exe 3004 httbbb.exe 2388 tnnhbt.exe 2820 vjppp.exe 1788 vjjdd.exe 2292 frlrllx.exe 2556 xrxrxrr.exe 2828 btthnn.exe 2584 pppvp.exe 2008 lllfxlx.exe 2484 xxrxfrf.exe 2524 htbbhh.exe 2152 tbthnn.exe 1896 3jpdj.exe 1984 5pvjd.exe 2908 xrlrxxl.exe 1928 xrlrxfr.exe 2936 thhhnn.exe 2932 dvjjd.exe 2428 vvpjp.exe 2184 tthntb.exe 1188 pdppp.exe 1660 7vjjp.exe 2956 hthbbt.exe 2408 jdpvj.exe 788 btnnhb.exe 672 vjvdj.exe 956 frfxxlr.exe 2436 thtbhh.exe 1724 3pddj.exe 1044 fxrrfxl.exe -
resource yara_rule behavioral1/memory/2232-0-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2232-7-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2992-9-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2992-18-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2260-30-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2820-28-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2580-46-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2844-48-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2692-73-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2780-101-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2464-86-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2984-103-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/760-127-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2808-153-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1500-171-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/580-223-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2032-266-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2820-324-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2556-344-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2484-372-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1896-391-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1928-404-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2828-351-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1788-325-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1600-299-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/872-292-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2156-276-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2032-275-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1300-213-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1876-189-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2300-187-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1940-129-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2624-82-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2184-436-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1660-443-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2408-462-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/672-469-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/956-476-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1044-501-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1644-533-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2860-546-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/3056-553-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/544-584-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/544-591-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2072-617-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2552-624-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2488-637-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2636-656-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2448-669-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2520-688-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2428-707-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2248-733-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1880-746-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1620-783-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1196-856-0x0000000000220000-0x000000000024A000-memory.dmp upx behavioral1/memory/1012-863-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2892-876-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/3036-926-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2616-945-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2144-958-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1640-991-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2144-990-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1824-998-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1688-1017-0x0000000000400000-0x000000000042A000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2232 wrote to memory of 2992 2232 c5185c224bb6856673f4c5b32ef3c9bdf3f6b1deab99ad93361dcf8b35e12f70.exe 28 PID 2232 wrote to memory of 2992 2232 c5185c224bb6856673f4c5b32ef3c9bdf3f6b1deab99ad93361dcf8b35e12f70.exe 28 PID 2232 wrote to memory of 2992 2232 c5185c224bb6856673f4c5b32ef3c9bdf3f6b1deab99ad93361dcf8b35e12f70.exe 28 PID 2232 wrote to memory of 2992 2232 c5185c224bb6856673f4c5b32ef3c9bdf3f6b1deab99ad93361dcf8b35e12f70.exe 28 PID 2992 wrote to memory of 2820 2992 vvjpp.exe 29 PID 2992 wrote to memory of 2820 2992 vvjpp.exe 29 PID 2992 wrote to memory of 2820 2992 vvjpp.exe 29 PID 2992 wrote to memory of 2820 2992 vvjpp.exe 29 PID 2820 wrote to memory of 2260 2820 1thntn.exe 30 PID 2820 wrote to memory of 2260 2820 1thntn.exe 30 PID 2820 wrote to memory of 2260 2820 1thntn.exe 30 PID 2820 wrote to memory of 2260 2820 1thntn.exe 30 PID 2260 wrote to memory of 2580 2260 dpdjj.exe 31 PID 2260 wrote to memory of 2580 2260 dpdjj.exe 31 PID 2260 wrote to memory of 2580 2260 dpdjj.exe 31 PID 2260 wrote to memory of 2580 2260 dpdjj.exe 31 PID 2580 wrote to memory of 2844 2580 frrlllx.exe 32 PID 2580 wrote to memory of 2844 2580 frrlllx.exe 32 PID 2580 wrote to memory of 2844 2580 frrlllx.exe 32 PID 2580 wrote to memory of 2844 2580 frrlllx.exe 32 PID 2844 wrote to memory of 2720 2844 rlxfrrx.exe 33 PID 2844 wrote to memory of 2720 2844 rlxfrrx.exe 33 PID 2844 wrote to memory of 2720 2844 rlxfrrx.exe 33 PID 2844 wrote to memory of 2720 2844 rlxfrrx.exe 33 PID 2720 wrote to memory of 2692 2720 5btbbt.exe 34 PID 2720 wrote to memory of 2692 2720 5btbbt.exe 34 PID 2720 wrote to memory of 2692 2720 5btbbt.exe 34 PID 2720 wrote to memory of 2692 2720 5btbbt.exe 34 PID 2692 wrote to memory of 2624 2692 jdjvj.exe 35 PID 2692 wrote to memory of 2624 2692 jdjvj.exe 35 PID 2692 wrote to memory of 2624 2692 jdjvj.exe 35 PID 2692 wrote to memory of 2624 2692 jdjvj.exe 35 PID 2624 wrote to memory of 2464 2624 3lxxxff.exe 36 PID 2624 wrote to memory of 2464 2624 3lxxxff.exe 36 PID 2624 wrote to memory of 2464 2624 3lxxxff.exe 36 PID 2624 wrote to memory of 2464 2624 3lxxxff.exe 36 PID 2464 wrote to memory of 2780 2464 xrflxxf.exe 37 PID 2464 wrote to memory of 2780 2464 xrflxxf.exe 37 PID 2464 wrote to memory of 2780 2464 xrflxxf.exe 37 PID 2464 wrote to memory of 2780 2464 xrflxxf.exe 37 PID 2780 wrote to memory of 2984 2780 nnhnnn.exe 38 PID 2780 wrote to memory of 2984 2780 nnhnnn.exe 38 PID 2780 wrote to memory of 2984 2780 nnhnnn.exe 38 PID 2780 wrote to memory of 2984 2780 nnhnnn.exe 38 PID 2984 wrote to memory of 2908 2984 pdppp.exe 39 PID 2984 wrote to memory of 2908 2984 pdppp.exe 39 PID 2984 wrote to memory of 2908 2984 pdppp.exe 39 PID 2984 wrote to memory of 2908 2984 pdppp.exe 39 PID 2908 wrote to memory of 760 2908 ffrxlrx.exe 40 PID 2908 wrote to memory of 760 2908 ffrxlrx.exe 40 PID 2908 wrote to memory of 760 2908 ffrxlrx.exe 40 PID 2908 wrote to memory of 760 2908 ffrxlrx.exe 40 PID 760 wrote to memory of 1940 760 lxfflfl.exe 41 PID 760 wrote to memory of 1940 760 lxfflfl.exe 41 PID 760 wrote to memory of 1940 760 lxfflfl.exe 41 PID 760 wrote to memory of 1940 760 lxfflfl.exe 41 PID 1940 wrote to memory of 1516 1940 5nbttn.exe 42 PID 1940 wrote to memory of 1516 1940 5nbttn.exe 42 PID 1940 wrote to memory of 1516 1940 5nbttn.exe 42 PID 1940 wrote to memory of 1516 1940 5nbttn.exe 42 PID 1516 wrote to memory of 2808 1516 pdjdj.exe 43 PID 1516 wrote to memory of 2808 1516 pdjdj.exe 43 PID 1516 wrote to memory of 2808 1516 pdjdj.exe 43 PID 1516 wrote to memory of 2808 1516 pdjdj.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\c5185c224bb6856673f4c5b32ef3c9bdf3f6b1deab99ad93361dcf8b35e12f70.exe"C:\Users\Admin\AppData\Local\Temp\c5185c224bb6856673f4c5b32ef3c9bdf3f6b1deab99ad93361dcf8b35e12f70.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2232 -
\??\c:\vvjpp.exec:\vvjpp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2992 -
\??\c:\1thntn.exec:\1thntn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2820 -
\??\c:\dpdjj.exec:\dpdjj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2260 -
\??\c:\frrlllx.exec:\frrlllx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2580 -
\??\c:\rlxfrrx.exec:\rlxfrrx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2844 -
\??\c:\5btbbt.exec:\5btbbt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2720 -
\??\c:\jdjvj.exec:\jdjvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2692 -
\??\c:\3lxxxff.exec:\3lxxxff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2624 -
\??\c:\xrflxxf.exec:\xrflxxf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2464 -
\??\c:\nnhnnn.exec:\nnhnnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2780 -
\??\c:\pdppp.exec:\pdppp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2984 -
\??\c:\ffrxlrx.exec:\ffrxlrx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2908 -
\??\c:\lxfflfl.exec:\lxfflfl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:760 -
\??\c:\5nbttn.exec:\5nbttn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1940 -
\??\c:\pdjdj.exec:\pdjdj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1516 -
\??\c:\lxfxfll.exec:\lxfxfll.exe17⤵
- Executes dropped EXE
PID:2808 -
\??\c:\1nnnnh.exec:\1nnnnh.exe18⤵
- Executes dropped EXE
PID:1060 -
\??\c:\5vdvv.exec:\5vdvv.exe19⤵
- Executes dropped EXE
PID:2920 -
\??\c:\djvpd.exec:\djvpd.exe20⤵
- Executes dropped EXE
PID:1500 -
\??\c:\xrfffxf.exec:\xrfffxf.exe21⤵
- Executes dropped EXE
PID:2300 -
\??\c:\9nbhhh.exec:\9nbhhh.exe22⤵
- Executes dropped EXE
PID:1876 -
\??\c:\nbnnnn.exec:\nbnnnn.exe23⤵
- Executes dropped EXE
PID:796 -
\??\c:\pvdpd.exec:\pvdpd.exe24⤵
- Executes dropped EXE
PID:1300 -
\??\c:\xrfrxxx.exec:\xrfrxxx.exe25⤵
- Executes dropped EXE
PID:580 -
\??\c:\9nttbt.exec:\9nttbt.exe26⤵
- Executes dropped EXE
PID:1900 -
\??\c:\jdjpj.exec:\jdjpj.exe27⤵
- Executes dropped EXE
PID:1616 -
\??\c:\tnbttb.exec:\tnbttb.exe28⤵
- Executes dropped EXE
PID:2276 -
\??\c:\tnthnb.exec:\tnthnb.exe29⤵
- Executes dropped EXE
PID:1152 -
\??\c:\pdpjp.exec:\pdpjp.exe30⤵
- Executes dropped EXE
PID:2272 -
\??\c:\xrllrxl.exec:\xrllrxl.exe31⤵
- Executes dropped EXE
PID:2032 -
\??\c:\5nbhnt.exec:\5nbhnt.exe32⤵
- Executes dropped EXE
PID:2156 -
\??\c:\hhtnnh.exec:\hhtnnh.exe33⤵
- Executes dropped EXE
PID:872 -
\??\c:\7vdpp.exec:\7vdpp.exe34⤵
- Executes dropped EXE
PID:756 -
\??\c:\pdpjp.exec:\pdpjp.exe35⤵
- Executes dropped EXE
PID:1600 -
\??\c:\httbbb.exec:\httbbb.exe36⤵
- Executes dropped EXE
PID:3004 -
\??\c:\tnnhbt.exec:\tnnhbt.exe37⤵
- Executes dropped EXE
PID:2388 -
\??\c:\vjppp.exec:\vjppp.exe38⤵
- Executes dropped EXE
PID:2820 -
\??\c:\vjjdd.exec:\vjjdd.exe39⤵
- Executes dropped EXE
PID:1788 -
\??\c:\frlrllx.exec:\frlrllx.exe40⤵
- Executes dropped EXE
PID:2292 -
\??\c:\xrxrxrr.exec:\xrxrxrr.exe41⤵
- Executes dropped EXE
PID:2556 -
\??\c:\btthnn.exec:\btthnn.exe42⤵
- Executes dropped EXE
PID:2828 -
\??\c:\pppvp.exec:\pppvp.exe43⤵
- Executes dropped EXE
PID:2584 -
\??\c:\lllfxlx.exec:\lllfxlx.exe44⤵
- Executes dropped EXE
PID:2008 -
\??\c:\xxrxfrf.exec:\xxrxfrf.exe45⤵
- Executes dropped EXE
PID:2484 -
\??\c:\htbbhh.exec:\htbbhh.exe46⤵
- Executes dropped EXE
PID:2524 -
\??\c:\tbthnn.exec:\tbthnn.exe47⤵
- Executes dropped EXE
PID:2152 -
\??\c:\3jpdj.exec:\3jpdj.exe48⤵
- Executes dropped EXE
PID:1896 -
\??\c:\5pvjd.exec:\5pvjd.exe49⤵
- Executes dropped EXE
PID:1984 -
\??\c:\xrlrxxl.exec:\xrlrxxl.exe50⤵
- Executes dropped EXE
PID:2908 -
\??\c:\xrlrxfr.exec:\xrlrxfr.exe51⤵
- Executes dropped EXE
PID:1928 -
\??\c:\thhhnn.exec:\thhhnn.exe52⤵
- Executes dropped EXE
PID:2936 -
\??\c:\dvjjd.exec:\dvjjd.exe53⤵
- Executes dropped EXE
PID:2932 -
\??\c:\vvpjp.exec:\vvpjp.exe54⤵
- Executes dropped EXE
PID:2428 -
\??\c:\tthntb.exec:\tthntb.exe55⤵
- Executes dropped EXE
PID:2184 -
\??\c:\pdppp.exec:\pdppp.exe56⤵
- Executes dropped EXE
PID:1188 -
\??\c:\7vjjp.exec:\7vjjp.exe57⤵
- Executes dropped EXE
PID:1660 -
\??\c:\hthbbt.exec:\hthbbt.exe58⤵
- Executes dropped EXE
PID:2956 -
\??\c:\jdpvj.exec:\jdpvj.exe59⤵
- Executes dropped EXE
PID:2408 -
\??\c:\btnnhb.exec:\btnnhb.exe60⤵
- Executes dropped EXE
PID:788 -
\??\c:\vjvdj.exec:\vjvdj.exe61⤵
- Executes dropped EXE
PID:672 -
\??\c:\frfxxlr.exec:\frfxxlr.exe62⤵
- Executes dropped EXE
PID:956 -
\??\c:\thtbhh.exec:\thtbhh.exe63⤵
- Executes dropped EXE
PID:2436 -
\??\c:\3pddj.exec:\3pddj.exe64⤵
- Executes dropped EXE
PID:1724 -
\??\c:\fxrrfxl.exec:\fxrrfxl.exe65⤵
- Executes dropped EXE
PID:1044 -
\??\c:\hhbtbb.exec:\hhbtbb.exe66⤵PID:1776
-
\??\c:\jjdjp.exec:\jjdjp.exe67⤵PID:1124
-
\??\c:\rrxxlxr.exec:\rrxxlxr.exe68⤵PID:836
-
\??\c:\bnttbb.exec:\bnttbb.exe69⤵PID:2848
-
\??\c:\tnnbnb.exec:\tnnbnb.exe70⤵PID:1164
-
\??\c:\pjvpp.exec:\pjvpp.exe71⤵PID:1644
-
\??\c:\9jddj.exec:\9jddj.exe72⤵PID:3032
-
\??\c:\lflffff.exec:\lflffff.exe73⤵PID:2860
-
\??\c:\5tntht.exec:\5tntht.exe74⤵PID:3056
-
\??\c:\9thhnn.exec:\9thhnn.exe75⤵PID:872
-
\??\c:\jvdpj.exec:\jvdpj.exe76⤵PID:2052
-
\??\c:\1flrxxf.exec:\1flrxxf.exe77⤵PID:2996
-
\??\c:\rrlxffr.exec:\rrlxffr.exe78⤵PID:2348
-
\??\c:\btbbnn.exec:\btbbnn.exe79⤵PID:544
-
\??\c:\jdjpv.exec:\jdjpv.exe80⤵PID:1448
-
\??\c:\pddjj.exec:\pddjj.exe81⤵PID:1288
-
\??\c:\9fxlxxl.exec:\9fxlxxl.exe82⤵PID:1788
-
\??\c:\bthttt.exec:\bthttt.exe83⤵PID:2704
-
\??\c:\nhthbh.exec:\nhthbh.exe84⤵PID:2072
-
\??\c:\9jvvv.exec:\9jvvv.exe85⤵PID:2552
-
\??\c:\lfxflxl.exec:\lfxflxl.exe86⤵PID:2480
-
\??\c:\9rlrffr.exec:\9rlrffr.exe87⤵PID:2488
-
\??\c:\1nnntb.exec:\1nnntb.exe88⤵PID:2496
-
\??\c:\pjjjv.exec:\pjjjv.exe89⤵PID:2588
-
\??\c:\fxxxrxr.exec:\fxxxrxr.exe90⤵PID:2636
-
\??\c:\ffxflrx.exec:\ffxflrx.exe91⤵PID:2988
-
\??\c:\nhtnbb.exec:\nhtnbb.exe92⤵PID:2448
-
\??\c:\tnhthn.exec:\tnhthn.exe93⤵PID:1952
-
\??\c:\pjddp.exec:\pjddp.exe94⤵PID:2772
-
\??\c:\jjddp.exec:\jjddp.exe95⤵PID:2520
-
\??\c:\fxxxlrf.exec:\fxxxlrf.exe96⤵PID:2740
-
\??\c:\ffrfrxl.exec:\ffrfrxl.exe97⤵PID:2500
-
\??\c:\btnntt.exec:\btnntt.exe98⤵PID:2428
-
\??\c:\vdvdj.exec:\vdvdj.exe99⤵PID:2184
-
\??\c:\ppdjv.exec:\ppdjv.exe100⤵PID:1656
-
\??\c:\lfxfrxl.exec:\lfxfrxl.exe101⤵PID:2016
-
\??\c:\rrlxllr.exec:\rrlxllr.exe102⤵PID:2248
-
\??\c:\tnhntb.exec:\tnhntb.exe103⤵PID:2408
-
\??\c:\hbbtbt.exec:\hbbtbt.exe104⤵PID:1880
-
\??\c:\9dvvj.exec:\9dvvj.exe105⤵PID:676
-
\??\c:\vvjpv.exec:\vvjpv.exe106⤵PID:592
-
\??\c:\xfflxlx.exec:\xfflxlx.exe107⤵PID:1192
-
\??\c:\9rlxlxf.exec:\9rlxlxf.exe108⤵PID:1356
-
\??\c:\xrlrffr.exec:\xrlrffr.exe109⤵PID:1540
-
\??\c:\hbnnbb.exec:\hbnnbb.exe110⤵PID:1620
-
\??\c:\3ppdp.exec:\3ppdp.exe111⤵PID:1124
-
\??\c:\jjdjp.exec:\jjdjp.exe112⤵PID:1616
-
\??\c:\lllxlxl.exec:\lllxlxl.exe113⤵PID:2280
-
\??\c:\xrxxllx.exec:\xrxxllx.exe114⤵PID:1164
-
\??\c:\bbntht.exec:\bbntht.exe115⤵PID:1676
-
\??\c:\btnhnb.exec:\btnhnb.exe116⤵PID:608
-
\??\c:\vjvjd.exec:\vjvjd.exe117⤵PID:732
-
\??\c:\1rxlrfl.exec:\1rxlrfl.exe118⤵PID:2064
-
\??\c:\ttnbtb.exec:\ttnbtb.exe119⤵PID:2884
-
\??\c:\pvvjv.exec:\pvvjv.exe120⤵PID:1604
-
\??\c:\llxxrxx.exec:\llxxrxx.exe121⤵PID:1196
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-