Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
08/06/2024, 18:11
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
01f9ff4207fa3a65e36e4ea2b0f6373284a57d9e2a8e931e662ef2a730827cb7.exe
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
General
-
Target
01f9ff4207fa3a65e36e4ea2b0f6373284a57d9e2a8e931e662ef2a730827cb7.exe
-
Size
184KB
-
MD5
c534d14730cd3314dbd6d9093fda3117
-
SHA1
7285b7d03ef472d9021efaa7d0fce4968d041fde
-
SHA256
01f9ff4207fa3a65e36e4ea2b0f6373284a57d9e2a8e931e662ef2a730827cb7
-
SHA512
ad70de55126f768de8cba15769be869c686dba1efd63530e993bc6d81b1524f00cf9cc34e7d7aec79d07000b0b18db2d927adfe4e093f24bbb15807639f33af9
-
SSDEEP
1536:PvQBeOGtrYSSsrc93UBIfdC67m6AJiqgT4+EMdb4SY:PhOm2sI93UufdC67ciJTWMdbHY
Malware Config
Signatures
-
Detect Blackmoon payload 47 IoCs
resource yara_rule behavioral1/memory/1184-8-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2032-20-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2252-28-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2804-38-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2400-64-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2632-73-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2416-77-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2816-91-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/940-122-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1036-173-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2132-216-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/436-228-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1468-243-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2880-304-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1696-337-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2596-365-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1996-450-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1040-463-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2944-526-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/1004-408-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2804-357-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2800-278-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1780-199-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/284-183-0x00000000002A0000-0x00000000002C9000-memory.dmp family_blackmoon behavioral1/memory/796-181-0x00000000002A0000-0x00000000002C9000-memory.dmp family_blackmoon behavioral1/memory/2144-163-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2008-154-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1816-138-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/1816-137-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2820-100-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2620-55-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2100-47-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1952-552-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2944-553-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/2736-585-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/872-598-0x0000000000250000-0x0000000000279000-memory.dmp family_blackmoon behavioral1/memory/1276-605-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1508-613-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/1508-645-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/2612-643-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/1528-707-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/684-828-0x0000000000230000-0x0000000000259000-memory.dmp family_blackmoon behavioral1/memory/684-867-0x0000000000230000-0x0000000000259000-memory.dmp family_blackmoon behavioral1/memory/676-881-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/528-992-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/684-1132-0x00000000001B0000-0x00000000001D9000-memory.dmp family_blackmoon behavioral1/memory/2064-1172-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 59 IoCs
resource yara_rule behavioral1/memory/1184-0-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1184-8-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2032-20-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2252-28-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2804-38-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2400-64-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2632-73-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2416-77-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2816-91-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/940-122-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1036-173-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2132-216-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/436-228-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1468-243-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1664-245-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2880-304-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2768-312-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1696-337-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2596-358-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2596-365-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1996-450-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1040-463-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2452-482-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/560-437-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1004-408-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2376-399-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1964-386-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2804-357-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2800-278-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2096-218-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1780-199-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2144-163-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2008-154-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1816-137-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2820-100-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2620-55-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2100-47-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1952-552-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2736-578-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2736-585-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1276-605-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2508-670-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1528-707-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1808-732-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2308-745-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1932-795-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/684-821-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2124-829-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/676-874-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/676-881-0x0000000000220000-0x0000000000249000-memory.dmp UPX behavioral1/memory/2536-962-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/528-992-0x0000000000220000-0x0000000000249000-memory.dmp UPX behavioral1/memory/1652-1023-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1328-1030-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2308-1050-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2452-1076-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2756-1089-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/684-1132-0x00000000001B0000-0x00000000001D9000-memory.dmp UPX behavioral1/memory/2924-1133-0x0000000000400000-0x0000000000429000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 2032 lxrrv.exe 2252 vhbxh.exe 2804 xlprtv.exe 2100 pddbp.exe 2620 txxpvlh.exe 2400 dljvfr.exe 2632 nldhrd.exe 2416 hpffpxf.exe 2816 tlvtv.exe 2820 vphxd.exe 2372 dxpjnf.exe 1540 hvjvhbf.exe 940 jfldpt.exe 1816 pdnvxxh.exe 284 drtrnn.exe 2008 hbvvh.exe 2144 fxdvh.exe 1036 fbnnnj.exe 796 hhbtltf.exe 752 lrppd.exe 1780 bntvxb.exe 1908 vhjjthb.exe 2132 tflhtb.exe 2096 xbpttvx.exe 436 dthhxrl.exe 1468 tlfbb.exe 1664 njnxrr.exe 1748 vtbpdnv.exe 1968 hjhdl.exe 2800 hdbtnd.exe 2904 lljbxxv.exe 1736 nbxhpfn.exe 2880 rnrvrj.exe 872 lxlhr.exe 2768 ntbnbj.exe 1272 nrvblpv.exe 2200 llldn.exe 1696 xhfrb.exe 1292 lhdtbbj.exe 840 nlttdrx.exe 2804 fpbfljd.exe 2596 tbbnh.exe 2616 nplfpbd.exe 2420 djpdlph.exe 2632 txvll.exe 1964 pbttvrt.exe 372 lxnft.exe 2376 xfhpjr.exe 1004 hbftnfv.exe 2348 thrhpph.exe 1792 nxfxbfp.exe 1120 jdlhvr.exe 2344 hplxdvn.exe 560 rbxbt.exe 1996 xlxxvfd.exe 1268 ddlhp.exe 1040 nlprtr.exe 2332 dhbbvr.exe 1596 hvhtvjt.exe 796 rfphp.exe 2452 hxjjlbl.exe 1992 jtrhhl.exe 2136 lnvxtvf.exe 856 btlxdhj.exe -
resource yara_rule behavioral1/memory/1184-0-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1184-8-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2032-20-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2252-28-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2804-38-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2400-64-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2632-73-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2416-77-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2816-91-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/940-122-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1036-173-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2132-216-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/436-228-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1468-243-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1664-245-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1736-289-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2880-304-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2768-312-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1696-337-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2596-358-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2616-366-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2596-365-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1996-450-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1040-463-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2452-482-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/560-437-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1004-408-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2376-399-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1964-386-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2804-357-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2800-278-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2096-218-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1780-199-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2144-163-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2008-154-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1816-137-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2820-100-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2620-55-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2100-47-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1952-552-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2736-578-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2736-585-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1276-605-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2508-670-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1528-707-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1808-732-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2308-745-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2788-764-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1932-795-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1920-808-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/684-821-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2124-829-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2692-832-0x0000000000220000-0x0000000000249000-memory.dmp upx behavioral1/memory/676-874-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/676-881-0x0000000000220000-0x0000000000249000-memory.dmp upx behavioral1/memory/2536-962-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2496-967-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/528-992-0x0000000000220000-0x0000000000249000-memory.dmp upx behavioral1/memory/1652-1023-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1328-1030-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1808-1037-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2308-1050-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2452-1076-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2756-1089-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1184 wrote to memory of 2032 1184 01f9ff4207fa3a65e36e4ea2b0f6373284a57d9e2a8e931e662ef2a730827cb7.exe 28 PID 1184 wrote to memory of 2032 1184 01f9ff4207fa3a65e36e4ea2b0f6373284a57d9e2a8e931e662ef2a730827cb7.exe 28 PID 1184 wrote to memory of 2032 1184 01f9ff4207fa3a65e36e4ea2b0f6373284a57d9e2a8e931e662ef2a730827cb7.exe 28 PID 1184 wrote to memory of 2032 1184 01f9ff4207fa3a65e36e4ea2b0f6373284a57d9e2a8e931e662ef2a730827cb7.exe 28 PID 2032 wrote to memory of 2252 2032 lxrrv.exe 29 PID 2032 wrote to memory of 2252 2032 lxrrv.exe 29 PID 2032 wrote to memory of 2252 2032 lxrrv.exe 29 PID 2032 wrote to memory of 2252 2032 lxrrv.exe 29 PID 2252 wrote to memory of 2804 2252 vhbxh.exe 68 PID 2252 wrote to memory of 2804 2252 vhbxh.exe 68 PID 2252 wrote to memory of 2804 2252 vhbxh.exe 68 PID 2252 wrote to memory of 2804 2252 vhbxh.exe 68 PID 2804 wrote to memory of 2100 2804 xlprtv.exe 31 PID 2804 wrote to memory of 2100 2804 xlprtv.exe 31 PID 2804 wrote to memory of 2100 2804 xlprtv.exe 31 PID 2804 wrote to memory of 2100 2804 xlprtv.exe 31 PID 2100 wrote to memory of 2620 2100 pddbp.exe 32 PID 2100 wrote to memory of 2620 2100 pddbp.exe 32 PID 2100 wrote to memory of 2620 2100 pddbp.exe 32 PID 2100 wrote to memory of 2620 2100 pddbp.exe 32 PID 2620 wrote to memory of 2400 2620 txxpvlh.exe 33 PID 2620 wrote to memory of 2400 2620 txxpvlh.exe 33 PID 2620 wrote to memory of 2400 2620 txxpvlh.exe 33 PID 2620 wrote to memory of 2400 2620 txxpvlh.exe 33 PID 2400 wrote to memory of 2632 2400 dljvfr.exe 34 PID 2400 wrote to memory of 2632 2400 dljvfr.exe 34 PID 2400 wrote to memory of 2632 2400 dljvfr.exe 34 PID 2400 wrote to memory of 2632 2400 dljvfr.exe 34 PID 2632 wrote to memory of 2416 2632 nldhrd.exe 35 PID 2632 wrote to memory of 2416 2632 nldhrd.exe 35 PID 2632 wrote to memory of 2416 2632 nldhrd.exe 35 PID 2632 wrote to memory of 2416 2632 nldhrd.exe 35 PID 2416 wrote to memory of 2816 2416 hpffpxf.exe 36 PID 2416 wrote to memory of 2816 2416 hpffpxf.exe 36 PID 2416 wrote to memory of 2816 2416 hpffpxf.exe 36 PID 2416 wrote to memory of 2816 2416 hpffpxf.exe 36 PID 2816 wrote to memory of 2820 2816 tlvtv.exe 37 PID 2816 wrote to memory of 2820 2816 tlvtv.exe 37 PID 2816 wrote to memory of 2820 2816 tlvtv.exe 37 PID 2816 wrote to memory of 2820 2816 tlvtv.exe 37 PID 2820 wrote to memory of 2372 2820 vphxd.exe 38 PID 2820 wrote to memory of 2372 2820 vphxd.exe 38 PID 2820 wrote to memory of 2372 2820 vphxd.exe 38 PID 2820 wrote to memory of 2372 2820 vphxd.exe 38 PID 2372 wrote to memory of 1540 2372 dxpjnf.exe 39 PID 2372 wrote to memory of 1540 2372 dxpjnf.exe 39 PID 2372 wrote to memory of 1540 2372 dxpjnf.exe 39 PID 2372 wrote to memory of 1540 2372 dxpjnf.exe 39 PID 1540 wrote to memory of 940 1540 hvjvhbf.exe 40 PID 1540 wrote to memory of 940 1540 hvjvhbf.exe 40 PID 1540 wrote to memory of 940 1540 hvjvhbf.exe 40 PID 1540 wrote to memory of 940 1540 hvjvhbf.exe 40 PID 940 wrote to memory of 1816 940 jfldpt.exe 41 PID 940 wrote to memory of 1816 940 jfldpt.exe 41 PID 940 wrote to memory of 1816 940 jfldpt.exe 41 PID 940 wrote to memory of 1816 940 jfldpt.exe 41 PID 1816 wrote to memory of 284 1816 pdnvxxh.exe 42 PID 1816 wrote to memory of 284 1816 pdnvxxh.exe 42 PID 1816 wrote to memory of 284 1816 pdnvxxh.exe 42 PID 1816 wrote to memory of 284 1816 pdnvxxh.exe 42 PID 284 wrote to memory of 2008 284 drtrnn.exe 43 PID 284 wrote to memory of 2008 284 drtrnn.exe 43 PID 284 wrote to memory of 2008 284 drtrnn.exe 43 PID 284 wrote to memory of 2008 284 drtrnn.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\01f9ff4207fa3a65e36e4ea2b0f6373284a57d9e2a8e931e662ef2a730827cb7.exe"C:\Users\Admin\AppData\Local\Temp\01f9ff4207fa3a65e36e4ea2b0f6373284a57d9e2a8e931e662ef2a730827cb7.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1184 -
\??\c:\lxrrv.exec:\lxrrv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2032 -
\??\c:\vhbxh.exec:\vhbxh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2252 -
\??\c:\xlprtv.exec:\xlprtv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2804 -
\??\c:\pddbp.exec:\pddbp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2100 -
\??\c:\txxpvlh.exec:\txxpvlh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2620 -
\??\c:\dljvfr.exec:\dljvfr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2400 -
\??\c:\nldhrd.exec:\nldhrd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2632 -
\??\c:\hpffpxf.exec:\hpffpxf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2416 -
\??\c:\tlvtv.exec:\tlvtv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2816 -
\??\c:\vphxd.exec:\vphxd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2820 -
\??\c:\dxpjnf.exec:\dxpjnf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2372 -
\??\c:\hvjvhbf.exec:\hvjvhbf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1540 -
\??\c:\jfldpt.exec:\jfldpt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:940 -
\??\c:\pdnvxxh.exec:\pdnvxxh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1816 -
\??\c:\drtrnn.exec:\drtrnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:284 -
\??\c:\hbvvh.exec:\hbvvh.exe17⤵
- Executes dropped EXE
PID:2008 -
\??\c:\fxdvh.exec:\fxdvh.exe18⤵
- Executes dropped EXE
PID:2144 -
\??\c:\fbnnnj.exec:\fbnnnj.exe19⤵
- Executes dropped EXE
PID:1036 -
\??\c:\hhbtltf.exec:\hhbtltf.exe20⤵
- Executes dropped EXE
PID:796 -
\??\c:\lrppd.exec:\lrppd.exe21⤵
- Executes dropped EXE
PID:752 -
\??\c:\bntvxb.exec:\bntvxb.exe22⤵
- Executes dropped EXE
PID:1780 -
\??\c:\vhjjthb.exec:\vhjjthb.exe23⤵
- Executes dropped EXE
PID:1908 -
\??\c:\tflhtb.exec:\tflhtb.exe24⤵
- Executes dropped EXE
PID:2132 -
\??\c:\xbpttvx.exec:\xbpttvx.exe25⤵
- Executes dropped EXE
PID:2096 -
\??\c:\dthhxrl.exec:\dthhxrl.exe26⤵
- Executes dropped EXE
PID:436 -
\??\c:\tlfbb.exec:\tlfbb.exe27⤵
- Executes dropped EXE
PID:1468 -
\??\c:\njnxrr.exec:\njnxrr.exe28⤵
- Executes dropped EXE
PID:1664 -
\??\c:\vtbpdnv.exec:\vtbpdnv.exe29⤵
- Executes dropped EXE
PID:1748 -
\??\c:\hjhdl.exec:\hjhdl.exe30⤵
- Executes dropped EXE
PID:1968 -
\??\c:\hdbtnd.exec:\hdbtnd.exe31⤵
- Executes dropped EXE
PID:2800 -
\??\c:\lljbxxv.exec:\lljbxxv.exe32⤵
- Executes dropped EXE
PID:2904 -
\??\c:\nbxhpfn.exec:\nbxhpfn.exe33⤵
- Executes dropped EXE
PID:1736 -
\??\c:\rnrvrj.exec:\rnrvrj.exe34⤵
- Executes dropped EXE
PID:2880 -
\??\c:\lxlhr.exec:\lxlhr.exe35⤵
- Executes dropped EXE
PID:872 -
\??\c:\ntbnbj.exec:\ntbnbj.exe36⤵
- Executes dropped EXE
PID:2768 -
\??\c:\nrvblpv.exec:\nrvblpv.exe37⤵
- Executes dropped EXE
PID:1272 -
\??\c:\llldn.exec:\llldn.exe38⤵
- Executes dropped EXE
PID:2200 -
\??\c:\xhfrb.exec:\xhfrb.exe39⤵
- Executes dropped EXE
PID:1696 -
\??\c:\lhdtbbj.exec:\lhdtbbj.exe40⤵
- Executes dropped EXE
PID:1292 -
\??\c:\nlttdrx.exec:\nlttdrx.exe41⤵
- Executes dropped EXE
PID:840 -
\??\c:\fpbfljd.exec:\fpbfljd.exe42⤵
- Executes dropped EXE
PID:2804 -
\??\c:\tbbnh.exec:\tbbnh.exe43⤵
- Executes dropped EXE
PID:2596 -
\??\c:\nplfpbd.exec:\nplfpbd.exe44⤵
- Executes dropped EXE
PID:2616 -
\??\c:\djpdlph.exec:\djpdlph.exe45⤵
- Executes dropped EXE
PID:2420 -
\??\c:\txvll.exec:\txvll.exe46⤵
- Executes dropped EXE
PID:2632 -
\??\c:\pbttvrt.exec:\pbttvrt.exe47⤵
- Executes dropped EXE
PID:1964 -
\??\c:\lxnft.exec:\lxnft.exe48⤵
- Executes dropped EXE
PID:372 -
\??\c:\xfhpjr.exec:\xfhpjr.exe49⤵
- Executes dropped EXE
PID:2376 -
\??\c:\hbftnfv.exec:\hbftnfv.exe50⤵
- Executes dropped EXE
PID:1004 -
\??\c:\thrhpph.exec:\thrhpph.exe51⤵
- Executes dropped EXE
PID:2348 -
\??\c:\nxfxbfp.exec:\nxfxbfp.exe52⤵
- Executes dropped EXE
PID:1792 -
\??\c:\jdlhvr.exec:\jdlhvr.exe53⤵
- Executes dropped EXE
PID:1120 -
\??\c:\hplxdvn.exec:\hplxdvn.exe54⤵
- Executes dropped EXE
PID:2344 -
\??\c:\rbxbt.exec:\rbxbt.exe55⤵
- Executes dropped EXE
PID:560 -
\??\c:\xlxxvfd.exec:\xlxxvfd.exe56⤵
- Executes dropped EXE
PID:1996 -
\??\c:\ddlhp.exec:\ddlhp.exe57⤵
- Executes dropped EXE
PID:1268 -
\??\c:\nlprtr.exec:\nlprtr.exe58⤵
- Executes dropped EXE
PID:1040 -
\??\c:\dhbbvr.exec:\dhbbvr.exe59⤵
- Executes dropped EXE
PID:2332 -
\??\c:\hvhtvjt.exec:\hvhtvjt.exe60⤵
- Executes dropped EXE
PID:1596 -
\??\c:\rfphp.exec:\rfphp.exe61⤵
- Executes dropped EXE
PID:796 -
\??\c:\hxjjlbl.exec:\hxjjlbl.exe62⤵
- Executes dropped EXE
PID:2452 -
\??\c:\jtrhhl.exec:\jtrhhl.exe63⤵
- Executes dropped EXE
PID:1992 -
\??\c:\lnvxtvf.exec:\lnvxtvf.exe64⤵
- Executes dropped EXE
PID:2136 -
\??\c:\btlxdhj.exec:\btlxdhj.exe65⤵
- Executes dropped EXE
PID:856 -
\??\c:\nttdfp.exec:\nttdfp.exe66⤵PID:2116
-
\??\c:\btpnr.exec:\btpnr.exe67⤵PID:1132
-
\??\c:\hrbrfd.exec:\hrbrfd.exe68⤵PID:2944
-
\??\c:\ndhxn.exec:\ndhxn.exe69⤵PID:436
-
\??\c:\jvprp.exec:\jvprp.exe70⤵PID:1980
-
\??\c:\flvlvh.exec:\flvlvh.exe71⤵PID:764
-
\??\c:\vxrlhh.exec:\vxrlhh.exe72⤵PID:1952
-
\??\c:\jpdrxbt.exec:\jpdrxbt.exe73⤵PID:1748
-
\??\c:\lbrxlj.exec:\lbrxlj.exe74⤵PID:1956
-
\??\c:\phlhn.exec:\phlhn.exe75⤵PID:956
-
\??\c:\vlnpr.exec:\vlnpr.exe76⤵PID:1052
-
\??\c:\lhxtbv.exec:\lhxtbv.exe77⤵PID:2736
-
\??\c:\nvrrpl.exec:\nvrrpl.exe78⤵PID:2196
-
\??\c:\bptrff.exec:\bptrff.exe79⤵PID:872
-
\??\c:\ddhll.exec:\ddhll.exe80⤵PID:1276
-
\??\c:\htdrt.exec:\htdrt.exe81⤵PID:1508
-
\??\c:\hpndxrv.exec:\hpndxrv.exe82⤵PID:1976
-
\??\c:\lhpvd.exec:\lhpvd.exe83⤵PID:2072
-
\??\c:\xnjtf.exec:\xnjtf.exe84⤵PID:2488
-
\??\c:\jprbfjf.exec:\jprbfjf.exe85⤵PID:2544
-
\??\c:\xhjdr.exec:\xhjdr.exe86⤵PID:2612
-
\??\c:\lhldblt.exec:\lhldblt.exe87⤵PID:2716
-
\??\c:\htbdb.exec:\htbdb.exe88⤵PID:2656
-
\??\c:\fndbb.exec:\fndbb.exe89⤵PID:2540
-
\??\c:\pxpnf.exec:\pxpnf.exe90⤵PID:2684
-
\??\c:\xvtbbtf.exec:\xvtbbtf.exe91⤵PID:2508
-
\??\c:\tddxprf.exec:\tddxprf.exe92⤵PID:2888
-
\??\c:\pxpnvv.exec:\pxpnvv.exe93⤵PID:2816
-
\??\c:\lbvppxn.exec:\lbvppxn.exe94⤵PID:2672
-
\??\c:\ffhpv.exec:\ffhpv.exe95⤵PID:2820
-
\??\c:\bfdxd.exec:\bfdxd.exe96⤵PID:1152
-
\??\c:\flxvhxt.exec:\flxvhxt.exe97⤵PID:1528
-
\??\c:\ntfrh.exec:\ntfrh.exe98⤵PID:1548
-
\??\c:\btbvhvj.exec:\btbvhvj.exe99⤵PID:580
-
\??\c:\xfjrdf.exec:\xfjrdf.exe100⤵PID:868
-
\??\c:\tvjjrp.exec:\tvjjrp.exe101⤵PID:1808
-
\??\c:\plhtvnd.exec:\plhtvnd.exe102⤵PID:2040
-
\??\c:\dlvnf.exec:\dlvnf.exe103⤵PID:2308
-
\??\c:\xxxxr.exec:\xxxxr.exe104⤵PID:1744
-
\??\c:\tbvfx.exec:\tbvfx.exe105⤵PID:924
-
\??\c:\nhbrb.exec:\nhbrb.exe106⤵PID:2788
-
\??\c:\hlrrdbb.exec:\hlrrdbb.exe107⤵PID:1752
-
\??\c:\pvblrn.exec:\pvblrn.exe108⤵PID:1324
-
\??\c:\phvpbv.exec:\phvpbv.exe109⤵PID:2284
-
\??\c:\nxtxbvf.exec:\nxtxbvf.exe110⤵PID:1904
-
\??\c:\lxdrh.exec:\lxdrh.exe111⤵PID:1932
-
\??\c:\lxvnb.exec:\lxvnb.exe112⤵PID:2692
-
\??\c:\xnvtpdj.exec:\xnvtpdj.exe113⤵PID:1920
-
\??\c:\hhptdvl.exec:\hhptdvl.exe114⤵PID:2912
-
\??\c:\vxtxb.exec:\vxtxb.exe115⤵PID:684
-
\??\c:\thhxfrj.exec:\thhxfrj.exe116⤵PID:2124
-
\??\c:\fldvff.exec:\fldvff.exe117⤵PID:1452
-
\??\c:\tjjvh.exec:\tjjvh.exe118⤵PID:1688
-
\??\c:\htdjrf.exec:\htdjrf.exe119⤵PID:2876
-
\??\c:\fjdjpf.exec:\fjdjpf.exe120⤵PID:888
-
\??\c:\ffvptdr.exec:\ffvptdr.exe121⤵PID:1352
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-