Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
04/06/2024, 21:39
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
54233c003d3dd5039102695f390cbe3709e95e70deb1b91b47c97262e9da5b8f.exe
Resource
win7-20240220-en
windows7-x64
6 signatures
150 seconds
General
-
Target
54233c003d3dd5039102695f390cbe3709e95e70deb1b91b47c97262e9da5b8f.exe
-
Size
181KB
-
MD5
452cf8300072c684cf2ed8d5ac5e9a90
-
SHA1
9ec1a632371946ceaa96bc0686b3aad9934158d2
-
SHA256
54233c003d3dd5039102695f390cbe3709e95e70deb1b91b47c97262e9da5b8f
-
SHA512
eeabafa1af03ee1c8acc30f04e8864da9f8a844934ddbb1f28b68534f2ea82c841d894c8b26dda12c4b3d380755541875bbbf7fcb295229b0e81acdc210989c9
-
SSDEEP
1536:PvQBeOGtrYSSsrc93UBIfdC67m6AJiqgT4+IJPhbM/v:PhOm2sI93UufdC67ciJTm5hI/v
Malware Config
Signatures
-
Detect Blackmoon payload 46 IoCs
resource yara_rule behavioral1/memory/2848-8-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2644-37-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2508-48-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2764-57-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2572-117-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1876-136-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2156-153-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1988-314-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1796-437-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2528-620-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/1556-638-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2912-726-0x00000000002C0000-0x00000000002E9000-memory.dmp family_blackmoon behavioral1/memory/2912-725-0x00000000002C0000-0x00000000002E9000-memory.dmp family_blackmoon behavioral1/memory/2168-700-0x00000000003A0000-0x00000000003C9000-memory.dmp family_blackmoon behavioral1/memory/2168-693-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2532-610-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1676-567-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1260-480-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/2120-424-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2124-411-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2508-347-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2536-335-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/2252-313-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2816-268-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2816-260-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1700-258-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1700-251-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/832-232-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1412-223-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2488-205-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1692-180-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/640-164-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1608-162-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1876-128-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/328-126-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2452-108-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1552-92-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2720-85-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2456-81-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2648-46-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2484-22-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2920-18-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1488-776-0x00000000001B0000-0x00000000001D9000-memory.dmp family_blackmoon behavioral1/memory/2124-982-0x00000000001B0000-0x00000000001D9000-memory.dmp family_blackmoon behavioral1/memory/2888-1044-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2912-1292-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 61 IoCs
resource yara_rule behavioral1/memory/2848-8-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2920-10-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2644-37-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2508-48-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2764-57-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2572-117-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1876-136-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2156-153-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1988-314-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1796-437-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2560-631-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1556-638-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2168-693-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2528-617-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2532-610-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1676-567-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1740-554-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1624-529-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2120-424-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2124-411-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1196-404-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2592-397-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2508-347-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2252-313-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1184-278-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2816-268-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2816-260-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1700-258-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1700-251-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/832-232-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1412-223-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1412-222-0x0000000000220000-0x0000000000249000-memory.dmp UPX behavioral1/memory/1412-214-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2488-205-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1692-180-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/640-164-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1608-162-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1876-128-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/328-126-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2452-108-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1552-92-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2720-85-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2456-81-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2648-46-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2484-22-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2920-18-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1488-776-0x00000000001B0000-0x00000000001D9000-memory.dmp UPX behavioral1/memory/1216-783-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/352-797-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2184-823-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2232-995-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2888-1044-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1984-1081-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/916-1118-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2808-1167-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1564-1223-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2912-1292-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1692-1299-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/348-1348-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1216-1367-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2268-1386-0x0000000000400000-0x0000000000429000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 2920 nntbnb.exe 2484 5pjvv.exe 2644 rlfrffr.exe 2648 nbnntb.exe 2508 hbthtn.exe 2764 dvpdv.exe 2504 vvppj.exe 2456 xrffllr.exe 2720 9btbbh.exe 1552 3tntbb.exe 2452 hbnnbn.exe 2572 jjvvp.exe 328 9rxfxxx.exe 1876 xllfrlx.exe 2280 bthhhh.exe 2156 3vjpd.exe 1608 xrlrxfx.exe 640 nbnnnh.exe 1692 nnnhnt.exe 2092 ppjvj.exe 320 xrrxlrl.exe 2488 lxxxffx.exe 600 nbhnhn.exe 1412 nhttbh.exe 832 9dpvj.exe 1464 xrlfrrx.exe 1316 3btbhn.exe 1700 hbbtbb.exe 2816 5vppv.exe 2268 xrffrrx.exe 1184 ffrflxl.exe 2260 tnnhhb.exe 1728 1bnthh.exe 1676 vvdpp.exe 2252 vpjpd.exe 1988 lffflfl.exe 2520 rlxxffl.exe 2740 nhttbb.exe 2536 hbnnhn.exe 2708 pjjpd.exe 2508 vvdjd.exe 2764 pjpvd.exe 2712 lfrrxfx.exe 2876 1flfrlx.exe 1548 bnttbh.exe 2412 nhbhnt.exe 2624 dppjv.exe 2452 3jdjp.exe 2592 lrrfrrf.exe 1196 btntnb.exe 2124 hbhtbh.exe 1632 jjdjv.exe 2120 jdppd.exe 1796 jpjvp.exe 1612 rlxflrf.exe 640 rrflxxl.exe 2868 thhbhn.exe 1924 jvjdv.exe 1944 pdddj.exe 2032 3llrxfr.exe 1260 1lfxxrr.exe 1572 hbtbbb.exe 1780 tnbhtb.exe 2628 vdvdd.exe -
resource yara_rule behavioral1/memory/2848-8-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2920-10-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2644-37-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2508-48-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2764-57-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2572-117-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1876-136-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2156-153-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1988-314-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1796-437-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2560-631-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1556-638-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2168-693-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2528-617-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2532-610-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1676-567-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1740-554-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1624-529-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2120-424-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2124-411-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1196-404-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2592-397-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2508-347-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1728-336-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2252-313-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1184-278-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2816-268-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2816-260-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1700-258-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1700-251-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/832-232-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1412-223-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1412-214-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2488-205-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1692-180-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/640-164-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1608-162-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1876-128-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/328-126-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2452-108-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1552-92-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2720-85-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2456-81-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2648-46-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2484-22-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2920-18-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1488-776-0x00000000001B0000-0x00000000001D9000-memory.dmp upx behavioral1/memory/1216-783-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/352-797-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2184-823-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2232-995-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2888-1044-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1984-1081-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/916-1118-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2808-1167-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1564-1223-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2912-1292-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1692-1299-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/348-1348-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1216-1367-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2268-1386-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2848 wrote to memory of 2920 2848 54233c003d3dd5039102695f390cbe3709e95e70deb1b91b47c97262e9da5b8f.exe 28 PID 2848 wrote to memory of 2920 2848 54233c003d3dd5039102695f390cbe3709e95e70deb1b91b47c97262e9da5b8f.exe 28 PID 2848 wrote to memory of 2920 2848 54233c003d3dd5039102695f390cbe3709e95e70deb1b91b47c97262e9da5b8f.exe 28 PID 2848 wrote to memory of 2920 2848 54233c003d3dd5039102695f390cbe3709e95e70deb1b91b47c97262e9da5b8f.exe 28 PID 2920 wrote to memory of 2484 2920 nntbnb.exe 29 PID 2920 wrote to memory of 2484 2920 nntbnb.exe 29 PID 2920 wrote to memory of 2484 2920 nntbnb.exe 29 PID 2920 wrote to memory of 2484 2920 nntbnb.exe 29 PID 2484 wrote to memory of 2644 2484 5pjvv.exe 30 PID 2484 wrote to memory of 2644 2484 5pjvv.exe 30 PID 2484 wrote to memory of 2644 2484 5pjvv.exe 30 PID 2484 wrote to memory of 2644 2484 5pjvv.exe 30 PID 2644 wrote to memory of 2648 2644 rlfrffr.exe 31 PID 2644 wrote to memory of 2648 2644 rlfrffr.exe 31 PID 2644 wrote to memory of 2648 2644 rlfrffr.exe 31 PID 2644 wrote to memory of 2648 2644 rlfrffr.exe 31 PID 2648 wrote to memory of 2508 2648 nbnntb.exe 32 PID 2648 wrote to memory of 2508 2648 nbnntb.exe 32 PID 2648 wrote to memory of 2508 2648 nbnntb.exe 32 PID 2648 wrote to memory of 2508 2648 nbnntb.exe 32 PID 2508 wrote to memory of 2764 2508 hbthtn.exe 33 PID 2508 wrote to memory of 2764 2508 hbthtn.exe 33 PID 2508 wrote to memory of 2764 2508 hbthtn.exe 33 PID 2508 wrote to memory of 2764 2508 hbthtn.exe 33 PID 2764 wrote to memory of 2504 2764 dvpdv.exe 34 PID 2764 wrote to memory of 2504 2764 dvpdv.exe 34 PID 2764 wrote to memory of 2504 2764 dvpdv.exe 34 PID 2764 wrote to memory of 2504 2764 dvpdv.exe 34 PID 2504 wrote to memory of 2456 2504 vvppj.exe 35 PID 2504 wrote to memory of 2456 2504 vvppj.exe 35 PID 2504 wrote to memory of 2456 2504 vvppj.exe 35 PID 2504 wrote to memory of 2456 2504 vvppj.exe 35 PID 2456 wrote to memory of 2720 2456 xrffllr.exe 36 PID 2456 wrote to memory of 2720 2456 xrffllr.exe 36 PID 2456 wrote to memory of 2720 2456 xrffllr.exe 36 PID 2456 wrote to memory of 2720 2456 xrffllr.exe 36 PID 2720 wrote to memory of 1552 2720 9btbbh.exe 37 PID 2720 wrote to memory of 1552 2720 9btbbh.exe 37 PID 2720 wrote to memory of 1552 2720 9btbbh.exe 37 PID 2720 wrote to memory of 1552 2720 9btbbh.exe 37 PID 1552 wrote to memory of 2452 1552 3tntbb.exe 38 PID 1552 wrote to memory of 2452 1552 3tntbb.exe 38 PID 1552 wrote to memory of 2452 1552 3tntbb.exe 38 PID 1552 wrote to memory of 2452 1552 3tntbb.exe 38 PID 2452 wrote to memory of 2572 2452 hbnnbn.exe 39 PID 2452 wrote to memory of 2572 2452 hbnnbn.exe 39 PID 2452 wrote to memory of 2572 2452 hbnnbn.exe 39 PID 2452 wrote to memory of 2572 2452 hbnnbn.exe 39 PID 2572 wrote to memory of 328 2572 jjvvp.exe 40 PID 2572 wrote to memory of 328 2572 jjvvp.exe 40 PID 2572 wrote to memory of 328 2572 jjvvp.exe 40 PID 2572 wrote to memory of 328 2572 jjvvp.exe 40 PID 328 wrote to memory of 1876 328 9rxfxxx.exe 41 PID 328 wrote to memory of 1876 328 9rxfxxx.exe 41 PID 328 wrote to memory of 1876 328 9rxfxxx.exe 41 PID 328 wrote to memory of 1876 328 9rxfxxx.exe 41 PID 1876 wrote to memory of 2280 1876 xllfrlx.exe 42 PID 1876 wrote to memory of 2280 1876 xllfrlx.exe 42 PID 1876 wrote to memory of 2280 1876 xllfrlx.exe 42 PID 1876 wrote to memory of 2280 1876 xllfrlx.exe 42 PID 2280 wrote to memory of 2156 2280 bthhhh.exe 43 PID 2280 wrote to memory of 2156 2280 bthhhh.exe 43 PID 2280 wrote to memory of 2156 2280 bthhhh.exe 43 PID 2280 wrote to memory of 2156 2280 bthhhh.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\54233c003d3dd5039102695f390cbe3709e95e70deb1b91b47c97262e9da5b8f.exe"C:\Users\Admin\AppData\Local\Temp\54233c003d3dd5039102695f390cbe3709e95e70deb1b91b47c97262e9da5b8f.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2848 -
\??\c:\nntbnb.exec:\nntbnb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2920 -
\??\c:\5pjvv.exec:\5pjvv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2484 -
\??\c:\rlfrffr.exec:\rlfrffr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2644 -
\??\c:\nbnntb.exec:\nbnntb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2648 -
\??\c:\hbthtn.exec:\hbthtn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2508 -
\??\c:\dvpdv.exec:\dvpdv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2764 -
\??\c:\vvppj.exec:\vvppj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2504 -
\??\c:\xrffllr.exec:\xrffllr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2456 -
\??\c:\9btbbh.exec:\9btbbh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2720 -
\??\c:\3tntbb.exec:\3tntbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1552 -
\??\c:\hbnnbn.exec:\hbnnbn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2452 -
\??\c:\jjvvp.exec:\jjvvp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2572 -
\??\c:\9rxfxxx.exec:\9rxfxxx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:328 -
\??\c:\xllfrlx.exec:\xllfrlx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1876 -
\??\c:\bthhhh.exec:\bthhhh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2280 -
\??\c:\3vjpd.exec:\3vjpd.exe17⤵
- Executes dropped EXE
PID:2156 -
\??\c:\xrlrxfx.exec:\xrlrxfx.exe18⤵
- Executes dropped EXE
PID:1608 -
\??\c:\nbnnnh.exec:\nbnnnh.exe19⤵
- Executes dropped EXE
PID:640 -
\??\c:\nnnhnt.exec:\nnnhnt.exe20⤵
- Executes dropped EXE
PID:1692 -
\??\c:\ppjvj.exec:\ppjvj.exe21⤵
- Executes dropped EXE
PID:2092 -
\??\c:\xrrxlrl.exec:\xrrxlrl.exe22⤵
- Executes dropped EXE
PID:320 -
\??\c:\lxxxffx.exec:\lxxxffx.exe23⤵
- Executes dropped EXE
PID:2488 -
\??\c:\nbhnhn.exec:\nbhnhn.exe24⤵
- Executes dropped EXE
PID:600 -
\??\c:\nhttbh.exec:\nhttbh.exe25⤵
- Executes dropped EXE
PID:1412 -
\??\c:\9dpvj.exec:\9dpvj.exe26⤵
- Executes dropped EXE
PID:832 -
\??\c:\xrlfrrx.exec:\xrlfrrx.exe27⤵
- Executes dropped EXE
PID:1464 -
\??\c:\3btbhn.exec:\3btbhn.exe28⤵
- Executes dropped EXE
PID:1316 -
\??\c:\hbbtbb.exec:\hbbtbb.exe29⤵
- Executes dropped EXE
PID:1700 -
\??\c:\5vppv.exec:\5vppv.exe30⤵
- Executes dropped EXE
PID:2816 -
\??\c:\xrffrrx.exec:\xrffrrx.exe31⤵
- Executes dropped EXE
PID:2268 -
\??\c:\ffrflxl.exec:\ffrflxl.exe32⤵
- Executes dropped EXE
PID:1184 -
\??\c:\tnnhhb.exec:\tnnhhb.exe33⤵
- Executes dropped EXE
PID:2260 -
\??\c:\1bnthh.exec:\1bnthh.exe34⤵
- Executes dropped EXE
PID:1728 -
\??\c:\vvdpp.exec:\vvdpp.exe35⤵
- Executes dropped EXE
PID:1676 -
\??\c:\vpjpd.exec:\vpjpd.exe36⤵
- Executes dropped EXE
PID:2252 -
\??\c:\lffflfl.exec:\lffflfl.exe37⤵
- Executes dropped EXE
PID:1988 -
\??\c:\rlxxffl.exec:\rlxxffl.exe38⤵
- Executes dropped EXE
PID:2520 -
\??\c:\nhttbb.exec:\nhttbb.exe39⤵
- Executes dropped EXE
PID:2740 -
\??\c:\hbnnhn.exec:\hbnnhn.exe40⤵
- Executes dropped EXE
PID:2536 -
\??\c:\pjjpd.exec:\pjjpd.exe41⤵
- Executes dropped EXE
PID:2708 -
\??\c:\vvdjd.exec:\vvdjd.exe42⤵
- Executes dropped EXE
PID:2508 -
\??\c:\pjpvd.exec:\pjpvd.exe43⤵
- Executes dropped EXE
PID:2764 -
\??\c:\lfrrxfx.exec:\lfrrxfx.exe44⤵
- Executes dropped EXE
PID:2712 -
\??\c:\1flfrlx.exec:\1flfrlx.exe45⤵
- Executes dropped EXE
PID:2876 -
\??\c:\bnttbh.exec:\bnttbh.exe46⤵
- Executes dropped EXE
PID:1548 -
\??\c:\nhbhnt.exec:\nhbhnt.exe47⤵
- Executes dropped EXE
PID:2412 -
\??\c:\dppjv.exec:\dppjv.exe48⤵
- Executes dropped EXE
PID:2624 -
\??\c:\3jdjp.exec:\3jdjp.exe49⤵
- Executes dropped EXE
PID:2452 -
\??\c:\lrrfrrf.exec:\lrrfrrf.exe50⤵
- Executes dropped EXE
PID:2592 -
\??\c:\btntnb.exec:\btntnb.exe51⤵
- Executes dropped EXE
PID:1196 -
\??\c:\hbhtbh.exec:\hbhtbh.exe52⤵
- Executes dropped EXE
PID:2124 -
\??\c:\jjdjv.exec:\jjdjv.exe53⤵
- Executes dropped EXE
PID:1632 -
\??\c:\jdppd.exec:\jdppd.exe54⤵
- Executes dropped EXE
PID:2120 -
\??\c:\jpjvp.exec:\jpjvp.exe55⤵
- Executes dropped EXE
PID:1796 -
\??\c:\rlxflrf.exec:\rlxflrf.exe56⤵
- Executes dropped EXE
PID:1612 -
\??\c:\rrflxxl.exec:\rrflxxl.exe57⤵
- Executes dropped EXE
PID:640 -
\??\c:\thhbhn.exec:\thhbhn.exe58⤵
- Executes dropped EXE
PID:2868 -
\??\c:\jvjdv.exec:\jvjdv.exe59⤵
- Executes dropped EXE
PID:1924 -
\??\c:\pdddj.exec:\pdddj.exe60⤵
- Executes dropped EXE
PID:1944 -
\??\c:\3llrxfr.exec:\3llrxfr.exe61⤵
- Executes dropped EXE
PID:2032 -
\??\c:\1lfxxrr.exec:\1lfxxrr.exe62⤵
- Executes dropped EXE
PID:1260 -
\??\c:\hbtbbb.exec:\hbtbbb.exe63⤵
- Executes dropped EXE
PID:1572 -
\??\c:\tnbhtb.exec:\tnbhtb.exe64⤵
- Executes dropped EXE
PID:1780 -
\??\c:\vdvdd.exec:\vdvdd.exe65⤵
- Executes dropped EXE
PID:2628 -
\??\c:\jjdpj.exec:\jjdpj.exe66⤵PID:2428
-
\??\c:\dvjjd.exec:\dvjjd.exe67⤵PID:860
-
\??\c:\ffxlfrx.exec:\ffxlfrx.exe68⤵PID:1012
-
\??\c:\hbtnbb.exec:\hbtnbb.exe69⤵PID:1752
-
\??\c:\tttbbt.exec:\tttbbt.exe70⤵PID:3044
-
\??\c:\tttnbb.exec:\tttnbb.exe71⤵PID:1624
-
\??\c:\ddpvp.exec:\ddpvp.exe72⤵PID:1180
-
\??\c:\dvjjv.exec:\dvjjv.exe73⤵PID:916
-
\??\c:\xlxxlrf.exec:\xlxxlrf.exe74⤵PID:1628
-
\??\c:\llflxfr.exec:\llflxfr.exe75⤵PID:1740
-
\??\c:\nnhthh.exec:\nnhthh.exe76⤵PID:1424
-
\??\c:\5nbhhn.exec:\5nbhhn.exe77⤵PID:1676
-
\??\c:\jdpvv.exec:\jdpvv.exe78⤵PID:2252
-
\??\c:\5pppd.exec:\5pppd.exe79⤵PID:2976
-
\??\c:\vvvdj.exec:\vvvdj.exe80⤵PID:2680
-
\??\c:\rlxrfff.exec:\rlxrfff.exe81⤵PID:2228
-
\??\c:\fxllxlf.exec:\fxllxlf.exe82⤵PID:2400
-
\??\c:\7tnnbb.exec:\7tnnbb.exe83⤵PID:2536
-
\??\c:\7nntht.exec:\7nntht.exe84⤵PID:2532
-
\??\c:\ppvjj.exec:\ppvjj.exe85⤵PID:2528
-
\??\c:\ddpdj.exec:\ddpdj.exe86⤵PID:2404
-
\??\c:\rrfrlrl.exec:\rrfrlrl.exe87⤵PID:2560
-
\??\c:\hhtbnn.exec:\hhtbnn.exe88⤵PID:1556
-
\??\c:\bhbnnb.exec:\bhbnnb.exe89⤵PID:1564
-
\??\c:\ppdpv.exec:\ppdpv.exe90⤵PID:108
-
\??\c:\7pdpp.exec:\7pdpp.exe91⤵PID:2412
-
\??\c:\5vpdv.exec:\5vpdv.exe92⤵PID:2380
-
\??\c:\rrflxlx.exec:\rrflxlx.exe93⤵PID:1616
-
\??\c:\ffxlxrr.exec:\ffxlxrr.exe94⤵PID:2452
-
\??\c:\nhnbnn.exec:\nhnbnn.exe95⤵PID:356
-
\??\c:\3hbhbn.exec:\3hbhbn.exe96⤵PID:2440
-
\??\c:\ppvvd.exec:\ppvvd.exe97⤵PID:2168
-
\??\c:\jdddv.exec:\jdddv.exe98⤵PID:2152
-
\??\c:\xrfrxxf.exec:\xrfrxxf.exe99⤵PID:2752
-
\??\c:\9llxrxl.exec:\9llxrxl.exe100⤵PID:2136
-
\??\c:\nnnbnt.exec:\nnnbnt.exe101⤵PID:2912
-
\??\c:\nnnhhb.exec:\nnnhhb.exe102⤵PID:2884
-
\??\c:\pjvvj.exec:\pjvvj.exe103⤵PID:2092
-
\??\c:\pjdpj.exec:\pjdpj.exe104⤵PID:3040
-
\??\c:\rxxrrfl.exec:\rxxrrfl.exe105⤵PID:1944
-
\??\c:\rrlrfrl.exec:\rrlrfrl.exe106⤵PID:2648
-
\??\c:\bbthtt.exec:\bbthtt.exe107⤵PID:1840
-
\??\c:\9dpvj.exec:\9dpvj.exe108⤵PID:268
-
\??\c:\1xxrfrr.exec:\1xxrfrr.exe109⤵PID:1488
-
\??\c:\nnhtbn.exec:\nnhtbn.exe110⤵PID:348
-
\??\c:\5jdvv.exec:\5jdvv.exe111⤵PID:1216
-
\??\c:\llxfrxl.exec:\llxfrxl.exe112⤵PID:2060
-
\??\c:\tnhbnh.exec:\tnhbnh.exe113⤵PID:352
-
\??\c:\pjpvj.exec:\pjpvj.exe114⤵PID:1928
-
\??\c:\xrlrxxr.exec:\xrlrxxr.exe115⤵PID:1996
-
\??\c:\hhtttb.exec:\hhtttb.exe116⤵PID:1656
-
\??\c:\pvpdv.exec:\pvpdv.exe117⤵PID:2184
-
\??\c:\xxlfxfx.exec:\xxlfxfx.exe118⤵PID:2668
-
\??\c:\bbhtbn.exec:\bbhtbn.exe119⤵PID:2812
-
\??\c:\5xxxrxr.exec:\5xxxrxr.exe120⤵PID:2248
-
\??\c:\rrlxlrl.exec:\rrlxlrl.exe121⤵PID:1728
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-