Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
04/06/2024, 21:39
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
54233c003d3dd5039102695f390cbe3709e95e70deb1b91b47c97262e9da5b8f.exe
Resource
win7-20240220-en
windows7-x64
6 signatures
150 seconds
General
-
Target
54233c003d3dd5039102695f390cbe3709e95e70deb1b91b47c97262e9da5b8f.exe
-
Size
181KB
-
MD5
452cf8300072c684cf2ed8d5ac5e9a90
-
SHA1
9ec1a632371946ceaa96bc0686b3aad9934158d2
-
SHA256
54233c003d3dd5039102695f390cbe3709e95e70deb1b91b47c97262e9da5b8f
-
SHA512
eeabafa1af03ee1c8acc30f04e8864da9f8a844934ddbb1f28b68534f2ea82c841d894c8b26dda12c4b3d380755541875bbbf7fcb295229b0e81acdc210989c9
-
SSDEEP
1536:PvQBeOGtrYSSsrc93UBIfdC67m6AJiqgT4+IJPhbM/v:PhOm2sI93UufdC67ciJTm5hI/v
Malware Config
Signatures
-
Detect Blackmoon payload 63 IoCs
resource yara_rule behavioral2/memory/2664-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3220-11-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1016-17-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4360-22-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3312-42-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2600-54-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4216-106-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4292-201-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2944-208-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1020-230-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/516-241-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/772-249-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3380-257-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3000-291-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2720-308-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2700-312-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2800-363-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/636-374-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1156-392-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3996-406-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/736-351-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4528-333-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4272-304-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3700-284-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4576-248-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4896-234-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4812-223-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2468-212-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3740-199-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4608-191-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2632-185-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3600-184-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4944-178-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2948-162-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4456-149-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3180-144-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1536-140-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1428-119-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3696-117-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4516-95-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4772-91-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1116-89-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4528-79-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4524-76-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1576-65-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1064-55-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4416-47-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2680-35-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4072-28-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5080-431-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2008-438-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1808-449-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3220-485-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2448-495-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3560-530-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2420-551-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2236-585-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2056-620-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1660-636-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4364-658-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3280-726-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1964-912-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4716-1089-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/2664-4-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3220-11-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1016-17-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4360-22-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3312-42-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2600-54-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4216-106-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4292-201-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2944-208-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1020-230-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/516-241-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/772-249-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3380-257-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3000-291-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2720-308-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2700-312-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3584-316-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2800-363-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/636-374-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1156-392-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3204-396-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3996-406-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/736-351-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4528-333-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4528-329-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4272-304-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3700-284-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2304-274-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4476-267-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3380-253-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4576-248-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4896-234-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4812-223-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2712-213-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2468-212-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2944-204-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3740-199-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4608-191-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2632-185-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3600-184-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4944-178-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2948-162-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4456-149-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3180-144-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1536-140-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2352-131-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3904-125-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1428-119-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3696-117-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4516-95-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4772-91-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1116-89-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4528-79-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4524-76-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1576-65-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1064-55-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4416-47-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2680-35-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2680-30-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4072-28-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/5080-431-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2008-438-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1808-449-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4504-456-0x0000000000400000-0x0000000000429000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 3220 bbbnnh.exe 1016 fffxrlx.exe 4360 bthhbb.exe 4072 lrlrxfl.exe 2680 bnttbb.exe 3312 dpdpj.exe 4416 jjpvd.exe 2600 rlxxrxx.exe 1064 nbhhtt.exe 1576 3ppjj.exe 2200 pvvjd.exe 4524 xxrrlrl.exe 4528 httntn.exe 4772 pjdvd.exe 1116 flrrlrl.exe 4516 xlxfffl.exe 4216 bbtttt.exe 736 dpdjp.exe 3696 fflxffl.exe 1428 hnnnnh.exe 3904 ntthnh.exe 2352 pjjjd.exe 1536 lflfflf.exe 3180 bhbtth.exe 4456 pvddj.exe 4116 rlffxxx.exe 2948 bhbhtt.exe 2104 hbthhb.exe 4944 jjddv.exe 2632 xrfrxrf.exe 3600 xxlfxxr.exe 4608 ttbnbh.exe 4260 pdvjd.exe 3740 xrlfrrf.exe 4292 thnbhh.exe 2944 bthntb.exe 2468 vdddv.exe 2712 lllrrll.exe 2056 lffxlxf.exe 2496 ttnhtn.exe 4812 ntttnn.exe 1020 pvddv.exe 1936 vpvvv.exe 4896 lxrrfrx.exe 1808 btbbhn.exe 516 3ddpv.exe 4576 pjjvv.exe 772 xxfxrrr.exe 3380 xlxrrxr.exe 404 bbhthn.exe 1336 tntnhn.exe 1320 jjjjj.exe 4476 3jjjv.exe 2664 rlrrrxx.exe 2304 xxxxxxx.exe 1016 bbtttt.exe 1464 nbbbhn.exe 3700 vjjvj.exe 2856 vpppv.exe 3000 rrrrlxl.exe 3276 httnhh.exe 3312 nnhbbh.exe 4272 vdjjj.exe 2720 flxxllx.exe -
resource yara_rule behavioral2/memory/2664-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3220-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1016-17-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4360-22-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3312-42-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2600-54-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4216-106-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4292-201-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2944-208-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1020-230-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/516-241-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/772-249-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3380-257-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3000-291-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2720-308-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2700-312-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3584-316-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2800-363-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/636-374-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1156-392-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3204-396-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3996-406-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/736-351-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4528-333-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4528-329-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4272-304-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3700-284-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2304-274-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4476-267-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3380-253-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4576-248-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4896-234-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4812-223-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2712-213-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2468-212-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3740-199-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4608-191-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2632-185-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3600-184-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4944-178-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2948-162-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4456-149-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3180-144-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1536-140-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2352-131-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3904-125-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1428-119-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3696-117-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4516-95-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4772-91-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1116-89-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4528-79-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4524-76-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1576-65-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1064-55-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4416-47-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2680-35-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2680-30-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4072-28-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5080-431-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2008-438-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1808-449-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4504-456-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4600-475-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2664 wrote to memory of 3220 2664 54233c003d3dd5039102695f390cbe3709e95e70deb1b91b47c97262e9da5b8f.exe 81 PID 2664 wrote to memory of 3220 2664 54233c003d3dd5039102695f390cbe3709e95e70deb1b91b47c97262e9da5b8f.exe 81 PID 2664 wrote to memory of 3220 2664 54233c003d3dd5039102695f390cbe3709e95e70deb1b91b47c97262e9da5b8f.exe 81 PID 3220 wrote to memory of 1016 3220 bbbnnh.exe 82 PID 3220 wrote to memory of 1016 3220 bbbnnh.exe 82 PID 3220 wrote to memory of 1016 3220 bbbnnh.exe 82 PID 1016 wrote to memory of 4360 1016 fffxrlx.exe 83 PID 1016 wrote to memory of 4360 1016 fffxrlx.exe 83 PID 1016 wrote to memory of 4360 1016 fffxrlx.exe 83 PID 4360 wrote to memory of 4072 4360 bthhbb.exe 84 PID 4360 wrote to memory of 4072 4360 bthhbb.exe 84 PID 4360 wrote to memory of 4072 4360 bthhbb.exe 84 PID 4072 wrote to memory of 2680 4072 lrlrxfl.exe 85 PID 4072 wrote to memory of 2680 4072 lrlrxfl.exe 85 PID 4072 wrote to memory of 2680 4072 lrlrxfl.exe 85 PID 2680 wrote to memory of 3312 2680 bnttbb.exe 86 PID 2680 wrote to memory of 3312 2680 bnttbb.exe 86 PID 2680 wrote to memory of 3312 2680 bnttbb.exe 86 PID 3312 wrote to memory of 4416 3312 dpdpj.exe 87 PID 3312 wrote to memory of 4416 3312 dpdpj.exe 87 PID 3312 wrote to memory of 4416 3312 dpdpj.exe 87 PID 4416 wrote to memory of 2600 4416 jjpvd.exe 88 PID 4416 wrote to memory of 2600 4416 jjpvd.exe 88 PID 4416 wrote to memory of 2600 4416 jjpvd.exe 88 PID 2600 wrote to memory of 1064 2600 rlxxrxx.exe 89 PID 2600 wrote to memory of 1064 2600 rlxxrxx.exe 89 PID 2600 wrote to memory of 1064 2600 rlxxrxx.exe 89 PID 1064 wrote to memory of 1576 1064 nbhhtt.exe 214 PID 1064 wrote to memory of 1576 1064 nbhhtt.exe 214 PID 1064 wrote to memory of 1576 1064 nbhhtt.exe 214 PID 1576 wrote to memory of 2200 1576 3ppjj.exe 91 PID 1576 wrote to memory of 2200 1576 3ppjj.exe 91 PID 1576 wrote to memory of 2200 1576 3ppjj.exe 91 PID 2200 wrote to memory of 4524 2200 pvvjd.exe 213 PID 2200 wrote to memory of 4524 2200 pvvjd.exe 213 PID 2200 wrote to memory of 4524 2200 pvvjd.exe 213 PID 4524 wrote to memory of 4528 4524 xxrrlrl.exe 93 PID 4524 wrote to memory of 4528 4524 xxrrlrl.exe 93 PID 4524 wrote to memory of 4528 4524 xxrrlrl.exe 93 PID 4528 wrote to memory of 4772 4528 httntn.exe 94 PID 4528 wrote to memory of 4772 4528 httntn.exe 94 PID 4528 wrote to memory of 4772 4528 httntn.exe 94 PID 4772 wrote to memory of 1116 4772 pjdvd.exe 95 PID 4772 wrote to memory of 1116 4772 pjdvd.exe 95 PID 4772 wrote to memory of 1116 4772 pjdvd.exe 95 PID 1116 wrote to memory of 4516 1116 flrrlrl.exe 216 PID 1116 wrote to memory of 4516 1116 flrrlrl.exe 216 PID 1116 wrote to memory of 4516 1116 flrrlrl.exe 216 PID 4516 wrote to memory of 4216 4516 xlxfffl.exe 97 PID 4516 wrote to memory of 4216 4516 xlxfffl.exe 97 PID 4516 wrote to memory of 4216 4516 xlxfffl.exe 97 PID 4216 wrote to memory of 736 4216 bbtttt.exe 98 PID 4216 wrote to memory of 736 4216 bbtttt.exe 98 PID 4216 wrote to memory of 736 4216 bbtttt.exe 98 PID 736 wrote to memory of 3696 736 dpdjp.exe 99 PID 736 wrote to memory of 3696 736 dpdjp.exe 99 PID 736 wrote to memory of 3696 736 dpdjp.exe 99 PID 3696 wrote to memory of 1428 3696 fflxffl.exe 100 PID 3696 wrote to memory of 1428 3696 fflxffl.exe 100 PID 3696 wrote to memory of 1428 3696 fflxffl.exe 100 PID 1428 wrote to memory of 3904 1428 hnnnnh.exe 101 PID 1428 wrote to memory of 3904 1428 hnnnnh.exe 101 PID 1428 wrote to memory of 3904 1428 hnnnnh.exe 101 PID 3904 wrote to memory of 2352 3904 ntthnh.exe 162
Processes
-
C:\Users\Admin\AppData\Local\Temp\54233c003d3dd5039102695f390cbe3709e95e70deb1b91b47c97262e9da5b8f.exe"C:\Users\Admin\AppData\Local\Temp\54233c003d3dd5039102695f390cbe3709e95e70deb1b91b47c97262e9da5b8f.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2664 -
\??\c:\bbbnnh.exec:\bbbnnh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3220 -
\??\c:\fffxrlx.exec:\fffxrlx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1016 -
\??\c:\bthhbb.exec:\bthhbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4360 -
\??\c:\lrlrxfl.exec:\lrlrxfl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4072 -
\??\c:\bnttbb.exec:\bnttbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2680 -
\??\c:\dpdpj.exec:\dpdpj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3312 -
\??\c:\jjpvd.exec:\jjpvd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4416 -
\??\c:\rlxxrxx.exec:\rlxxrxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2600 -
\??\c:\nbhhtt.exec:\nbhhtt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1064 -
\??\c:\3ppjj.exec:\3ppjj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1576 -
\??\c:\pvvjd.exec:\pvvjd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2200 -
\??\c:\xxrrlrl.exec:\xxrrlrl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4524 -
\??\c:\httntn.exec:\httntn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4528 -
\??\c:\pjdvd.exec:\pjdvd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4772 -
\??\c:\flrrlrl.exec:\flrrlrl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1116 -
\??\c:\xlxfffl.exec:\xlxfffl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4516 -
\??\c:\bbtttt.exec:\bbtttt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4216 -
\??\c:\dpdjp.exec:\dpdjp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:736 -
\??\c:\fflxffl.exec:\fflxffl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3696 -
\??\c:\hnnnnh.exec:\hnnnnh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1428 -
\??\c:\ntthnh.exec:\ntthnh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3904 -
\??\c:\pjjjd.exec:\pjjjd.exe23⤵
- Executes dropped EXE
PID:2352 -
\??\c:\lflfflf.exec:\lflfflf.exe24⤵
- Executes dropped EXE
PID:1536 -
\??\c:\bhbtth.exec:\bhbtth.exe25⤵
- Executes dropped EXE
PID:3180 -
\??\c:\pvddj.exec:\pvddj.exe26⤵
- Executes dropped EXE
PID:4456 -
\??\c:\rlffxxx.exec:\rlffxxx.exe27⤵
- Executes dropped EXE
PID:4116 -
\??\c:\bhbhtt.exec:\bhbhtt.exe28⤵
- Executes dropped EXE
PID:2948 -
\??\c:\hbthhb.exec:\hbthhb.exe29⤵
- Executes dropped EXE
PID:2104 -
\??\c:\jjddv.exec:\jjddv.exe30⤵
- Executes dropped EXE
PID:4944 -
\??\c:\xrfrxrf.exec:\xrfrxrf.exe31⤵
- Executes dropped EXE
PID:2632 -
\??\c:\xxlfxxr.exec:\xxlfxxr.exe32⤵
- Executes dropped EXE
PID:3600 -
\??\c:\ttbnbh.exec:\ttbnbh.exe33⤵
- Executes dropped EXE
PID:4608 -
\??\c:\pdvjd.exec:\pdvjd.exe34⤵
- Executes dropped EXE
PID:4260 -
\??\c:\xrlfrrf.exec:\xrlfrrf.exe35⤵
- Executes dropped EXE
PID:3740 -
\??\c:\thnbhh.exec:\thnbhh.exe36⤵
- Executes dropped EXE
PID:4292 -
\??\c:\bthntb.exec:\bthntb.exe37⤵
- Executes dropped EXE
PID:2944 -
\??\c:\vdddv.exec:\vdddv.exe38⤵
- Executes dropped EXE
PID:2468 -
\??\c:\lllrrll.exec:\lllrrll.exe39⤵
- Executes dropped EXE
PID:2712 -
\??\c:\lffxlxf.exec:\lffxlxf.exe40⤵
- Executes dropped EXE
PID:2056 -
\??\c:\ttnhtn.exec:\ttnhtn.exe41⤵
- Executes dropped EXE
PID:2496 -
\??\c:\ntttnn.exec:\ntttnn.exe42⤵
- Executes dropped EXE
PID:4812 -
\??\c:\pvddv.exec:\pvddv.exe43⤵
- Executes dropped EXE
PID:1020 -
\??\c:\vpvvv.exec:\vpvvv.exe44⤵
- Executes dropped EXE
PID:1936 -
\??\c:\lxrrfrx.exec:\lxrrfrx.exe45⤵
- Executes dropped EXE
PID:4896 -
\??\c:\btbbhn.exec:\btbbhn.exe46⤵
- Executes dropped EXE
PID:1808 -
\??\c:\3ddpv.exec:\3ddpv.exe47⤵
- Executes dropped EXE
PID:516 -
\??\c:\pjjvv.exec:\pjjvv.exe48⤵
- Executes dropped EXE
PID:4576 -
\??\c:\xxfxrrr.exec:\xxfxrrr.exe49⤵
- Executes dropped EXE
PID:772 -
\??\c:\xlxrrxr.exec:\xlxrrxr.exe50⤵
- Executes dropped EXE
PID:3380 -
\??\c:\bbhthn.exec:\bbhthn.exe51⤵
- Executes dropped EXE
PID:404 -
\??\c:\tntnhn.exec:\tntnhn.exe52⤵
- Executes dropped EXE
PID:1336 -
\??\c:\jjjjj.exec:\jjjjj.exe53⤵
- Executes dropped EXE
PID:1320 -
\??\c:\3jjjv.exec:\3jjjv.exe54⤵
- Executes dropped EXE
PID:4476 -
\??\c:\rlrrrxx.exec:\rlrrrxx.exe55⤵
- Executes dropped EXE
PID:2664 -
\??\c:\xxxxxxx.exec:\xxxxxxx.exe56⤵
- Executes dropped EXE
PID:2304 -
\??\c:\bbtttt.exec:\bbtttt.exe57⤵
- Executes dropped EXE
PID:1016 -
\??\c:\nbbbhn.exec:\nbbbhn.exe58⤵
- Executes dropped EXE
PID:1464 -
\??\c:\vjjvj.exec:\vjjvj.exe59⤵
- Executes dropped EXE
PID:3700 -
\??\c:\vpppv.exec:\vpppv.exe60⤵
- Executes dropped EXE
PID:2856 -
\??\c:\rrrrlxl.exec:\rrrrlxl.exe61⤵
- Executes dropped EXE
PID:3000 -
\??\c:\httnhh.exec:\httnhh.exe62⤵
- Executes dropped EXE
PID:3276 -
\??\c:\nnhbbh.exec:\nnhbbh.exe63⤵
- Executes dropped EXE
PID:3312 -
\??\c:\vdjjj.exec:\vdjjj.exe64⤵
- Executes dropped EXE
PID:4272 -
\??\c:\flxxllx.exec:\flxxllx.exe65⤵
- Executes dropped EXE
PID:2720 -
\??\c:\rxfxffx.exec:\rxfxffx.exe66⤵PID:2700
-
\??\c:\bnbthn.exec:\bnbthn.exe67⤵PID:5056
-
\??\c:\pvvvv.exec:\pvvvv.exe68⤵PID:3584
-
\??\c:\1dppd.exec:\1dppd.exe69⤵PID:2060
-
\??\c:\xfrrlll.exec:\xfrrlll.exe70⤵PID:4492
-
\??\c:\pjppp.exec:\pjppp.exe71⤵PID:4524
-
\??\c:\rxrllff.exec:\rxrllff.exe72⤵PID:4528
-
\??\c:\lfrrxfx.exec:\lfrrxfx.exe73⤵PID:3160
-
\??\c:\1nbtbb.exec:\1nbtbb.exe74⤵PID:2364
-
\??\c:\jpdjd.exec:\jpdjd.exe75⤵PID:740
-
\??\c:\lrfxxll.exec:\lrfxxll.exe76⤵PID:5112
-
\??\c:\htthtn.exec:\htthtn.exe77⤵PID:3280
-
\??\c:\5jvvv.exec:\5jvvv.exe78⤵PID:736
-
\??\c:\dvjjv.exec:\dvjjv.exe79⤵PID:5036
-
\??\c:\xxfffff.exec:\xxfffff.exe80⤵PID:4708
-
\??\c:\tbbbbh.exec:\tbbbbh.exe81⤵PID:1444
-
\??\c:\jdjjj.exec:\jdjjj.exe82⤵PID:2800
-
\??\c:\jvdvd.exec:\jvdvd.exe83⤵PID:2352
-
\??\c:\xlffxlx.exec:\xlffxlx.exe84⤵PID:1964
-
\??\c:\tnbttt.exec:\tnbttt.exe85⤵PID:636
-
\??\c:\vdpjd.exec:\vdpjd.exe86⤵PID:2336
-
\??\c:\xxfxrff.exec:\xxfxrff.exe87⤵PID:3468
-
\??\c:\lxlrxll.exec:\lxlrxll.exe88⤵PID:3504
-
\??\c:\5hnhhh.exec:\5hnhhh.exe89⤵PID:4032
-
\??\c:\nnnnnb.exec:\nnnnnb.exe90⤵PID:1156
-
\??\c:\jvdvj.exec:\jvdvj.exe91⤵PID:3600
-
\??\c:\xrfflrx.exec:\xrfflrx.exe92⤵PID:3204
-
\??\c:\ffxrrxx.exec:\ffxrrxx.exe93⤵PID:4448
-
\??\c:\hbtttt.exec:\hbtttt.exe94⤵PID:3996
-
\??\c:\tbthth.exec:\tbthth.exe95⤵PID:4076
-
\??\c:\vjddd.exec:\vjddd.exe96⤵PID:2224
-
\??\c:\fxfxlll.exec:\fxfxlll.exe97⤵PID:4460
-
\??\c:\llxrrrx.exec:\llxrrrx.exe98⤵PID:2012
-
\??\c:\thhnhb.exec:\thhnhb.exe99⤵PID:1672
-
\??\c:\jjvvd.exec:\jjvvd.exe100⤵PID:2296
-
\??\c:\rffxfxx.exec:\rffxfxx.exe101⤵PID:4396
-
\??\c:\7rxxxff.exec:\7rxxxff.exe102⤵PID:5080
-
\??\c:\jjdjp.exec:\jjdjp.exe103⤵PID:2736
-
\??\c:\vdddv.exec:\vdddv.exe104⤵PID:2008
-
\??\c:\rfrffll.exec:\rfrffll.exe105⤵PID:1020
-
\??\c:\bnnhbh.exec:\bnnhbh.exe106⤵PID:1832
-
\??\c:\pdpdj.exec:\pdpdj.exe107⤵PID:3752
-
\??\c:\7xxxrxr.exec:\7xxxrxr.exe108⤵PID:1808
-
\??\c:\rxffxrx.exec:\rxffxrx.exe109⤵PID:3100
-
\??\c:\bbbnbt.exec:\bbbnbt.exe110⤵PID:4504
-
\??\c:\hbhhnn.exec:\hbhhnn.exe111⤵PID:2708
-
\??\c:\jjjjd.exec:\jjjjd.exe112⤵PID:4636
-
\??\c:\rlxrfxf.exec:\rlxrfxf.exe113⤵PID:3108
-
\??\c:\lrxxfrx.exec:\lrxxfrx.exe114⤵PID:1624
-
\??\c:\thbnbt.exec:\thbnbt.exe115⤵PID:4336
-
\??\c:\ttbtth.exec:\ttbtth.exe116⤵PID:4600
-
\??\c:\ppvpp.exec:\ppvpp.exe117⤵PID:2872
-
\??\c:\pjppj.exec:\pjppj.exe118⤵PID:3220
-
\??\c:\fllffxl.exec:\fllffxl.exe119⤵PID:2892
-
\??\c:\rflfffx.exec:\rflfffx.exe120⤵PID:3624
-
\??\c:\3ntnhh.exec:\3ntnhh.exe121⤵PID:2448
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-