Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
15/06/2024, 19:39
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
220e9024e8e14985ffaa172e09c1a64aa9cd75178f09992a8387a14ff7e7e967.exe
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
General
-
Target
220e9024e8e14985ffaa172e09c1a64aa9cd75178f09992a8387a14ff7e7e967.exe
-
Size
476KB
-
MD5
09095bedf526f418dfd1ae43b1714d58
-
SHA1
718bf51dfa05cfdaefcb2f24842342a86454d460
-
SHA256
220e9024e8e14985ffaa172e09c1a64aa9cd75178f09992a8387a14ff7e7e967
-
SHA512
e5571c66892878f9fdd1ee810756a83956e8d4c2846fa08518ffa4ceff664dd8bfa8e883475b60c0bb9557e25dab141ac02b079b6b0b5f41df8df034bafd2763
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwT+aZKlumArSPBXuGsS:q7Tc2NYHUrAwT+OKomA+5uy
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral1/memory/2128-10-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/1712-18-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/3020-27-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2544-32-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/3020-29-0x0000000000320000-0x00000000003E4000-memory.dmp family_blackmoon behavioral1/memory/3020-28-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2852-43-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2544-39-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2760-51-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2852-50-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2628-63-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2760-59-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2760-58-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2628-69-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2256-71-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2256-79-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2508-91-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2404-88-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2404-87-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2784-101-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2508-98-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2508-94-0x00000000004D0000-0x0000000000594000-memory.dmp family_blackmoon behavioral1/memory/2784-104-0x0000000000330000-0x00000000003F4000-memory.dmp family_blackmoon behavioral1/memory/2896-111-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2236-121-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2896-118-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2896-117-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/1716-130-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/1716-136-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/1504-138-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/1504-145-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/1504-146-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/1768-148-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/288-166-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2928-196-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/1004-263-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2312-333-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2732-381-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2512-657-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/1628-669-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/1516-699-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2416-717-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/1128-741-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/3048-753-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/604-765-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/640-729-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/1296-705-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2208-693-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2792-681-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/716-645-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2448-633-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/3052-621-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/936-597-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/1880-585-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2996-573-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2888-561-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/1564-549-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/840-537-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/988-525-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2204-501-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/1224-489-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/1624-465-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/1600-453-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2616-417-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral1/memory/2128-0-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/2128-10-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/1712-18-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/3020-27-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/2544-32-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/3020-29-0x0000000000320000-0x00000000003E4000-memory.dmp UPX behavioral1/memory/3020-28-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/2852-43-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/2544-39-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/2760-51-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/2852-50-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/2628-63-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/2760-59-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/2760-58-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/2628-69-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/2256-71-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/2256-79-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/2508-91-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/2404-88-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/2784-101-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/2784-104-0x0000000000330000-0x00000000003F4000-memory.dmp UPX behavioral1/memory/2896-111-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/2236-121-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/2896-118-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/2896-117-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/1716-130-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/1504-138-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/1504-145-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/1504-146-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/1768-148-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/288-166-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/2928-196-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/1004-263-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/2312-333-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/2732-381-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/2512-657-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/1628-669-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/1516-699-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/2416-717-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/1128-741-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/3048-753-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/604-765-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/640-729-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/1296-705-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/2208-693-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/2792-681-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/716-645-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/2448-633-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/3052-621-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/936-597-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/1880-585-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/2996-573-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/2888-561-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/1564-549-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/840-537-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/988-525-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/2204-501-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/1224-489-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/1624-465-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/1600-453-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/2484-405-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/2484-398-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/2576-397-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral1/memory/2576-390-0x0000000000400000-0x00000000004C4000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 1712 jdpvd.exe 3020 i424064.exe 2544 68820.exe 2852 9dvdj.exe 2760 868406.exe 2628 lrrxlrf.exe 2256 1bbhnn.exe 2404 4440808.exe 2508 888040.exe 2784 dpjpd.exe 2896 vpjjp.exe 2236 3thhbh.exe 1716 w00684.exe 1504 s4880.exe 1768 7tttbb.exe 712 226820.exe 288 424400.exe 1308 q02244.exe 1772 664462.exe 2928 9pddp.exe 1728 rflrxxf.exe 2108 btnbnn.exe 1868 00886.exe 1500 dpvpv.exe 3044 bbbhhn.exe 2864 s6060.exe 1004 thntbh.exe 320 tttbbn.exe 920 xrlrflx.exe 1796 840026.exe 1612 xlflrff.exe 880 rfffxrx.exe 1028 264066.exe 2312 bhhntt.exe 2128 2088402.exe 1964 bhhnht.exe 3040 444028.exe 2592 dpdjv.exe 3052 040866.exe 2696 btnhbh.exe 2732 xlfllrx.exe 2576 42062.exe 2484 lrxrllf.exe 2932 82080.exe 2616 k88080.exe 2656 hbttbb.exe 1644 tnhhnn.exe 1520 42684.exe 1628 rlxfffx.exe 1856 rfrrxxl.exe 1600 44608.exe 1200 llrrrxl.exe 1624 22868.exe 684 bhbnhb.exe 2336 vjvpj.exe 288 4266846.exe 1224 hnhnbh.exe 2480 7jjpj.exe 2204 lrfxlrf.exe 3048 1hbbbb.exe 2376 04280.exe 2100 9xxrffr.exe 988 lfrxffr.exe 456 604404.exe -
resource yara_rule behavioral1/memory/2128-0-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2128-10-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/1712-18-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/3020-27-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2544-32-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/3020-29-0x0000000000320000-0x00000000003E4000-memory.dmp upx behavioral1/memory/3020-28-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2852-43-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2544-39-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2760-51-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2852-50-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2628-63-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2760-59-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2760-58-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2628-69-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2256-71-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2256-79-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2508-91-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2404-88-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2784-101-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2896-111-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2236-121-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2896-118-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2896-117-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/1716-130-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/1504-138-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/1504-145-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/1504-146-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/1768-148-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/288-166-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2928-196-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/1004-263-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2312-333-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2732-381-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2512-657-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/1628-669-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/1516-699-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2416-717-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/1128-741-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/3048-753-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/604-765-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/640-729-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/1296-705-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2208-693-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2792-681-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/716-645-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2448-633-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/3052-621-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/936-597-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/1880-585-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2996-573-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2888-561-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/1564-549-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/840-537-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/988-525-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2204-501-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/1224-489-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/1624-465-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/1600-453-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2484-405-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2484-398-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2576-397-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2576-390-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2732-389-0x0000000000400000-0x00000000004C4000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2128 wrote to memory of 1712 2128 220e9024e8e14985ffaa172e09c1a64aa9cd75178f09992a8387a14ff7e7e967.exe 28 PID 2128 wrote to memory of 1712 2128 220e9024e8e14985ffaa172e09c1a64aa9cd75178f09992a8387a14ff7e7e967.exe 28 PID 2128 wrote to memory of 1712 2128 220e9024e8e14985ffaa172e09c1a64aa9cd75178f09992a8387a14ff7e7e967.exe 28 PID 2128 wrote to memory of 1712 2128 220e9024e8e14985ffaa172e09c1a64aa9cd75178f09992a8387a14ff7e7e967.exe 28 PID 1712 wrote to memory of 3020 1712 jdpvd.exe 29 PID 1712 wrote to memory of 3020 1712 jdpvd.exe 29 PID 1712 wrote to memory of 3020 1712 jdpvd.exe 29 PID 1712 wrote to memory of 3020 1712 jdpvd.exe 29 PID 3020 wrote to memory of 2544 3020 i424064.exe 30 PID 3020 wrote to memory of 2544 3020 i424064.exe 30 PID 3020 wrote to memory of 2544 3020 i424064.exe 30 PID 3020 wrote to memory of 2544 3020 i424064.exe 30 PID 2544 wrote to memory of 2852 2544 68820.exe 31 PID 2544 wrote to memory of 2852 2544 68820.exe 31 PID 2544 wrote to memory of 2852 2544 68820.exe 31 PID 2544 wrote to memory of 2852 2544 68820.exe 31 PID 2852 wrote to memory of 2760 2852 9dvdj.exe 32 PID 2852 wrote to memory of 2760 2852 9dvdj.exe 32 PID 2852 wrote to memory of 2760 2852 9dvdj.exe 32 PID 2852 wrote to memory of 2760 2852 9dvdj.exe 32 PID 2760 wrote to memory of 2628 2760 868406.exe 33 PID 2760 wrote to memory of 2628 2760 868406.exe 33 PID 2760 wrote to memory of 2628 2760 868406.exe 33 PID 2760 wrote to memory of 2628 2760 868406.exe 33 PID 2628 wrote to memory of 2256 2628 lrrxlrf.exe 34 PID 2628 wrote to memory of 2256 2628 lrrxlrf.exe 34 PID 2628 wrote to memory of 2256 2628 lrrxlrf.exe 34 PID 2628 wrote to memory of 2256 2628 lrrxlrf.exe 34 PID 2256 wrote to memory of 2404 2256 1bbhnn.exe 35 PID 2256 wrote to memory of 2404 2256 1bbhnn.exe 35 PID 2256 wrote to memory of 2404 2256 1bbhnn.exe 35 PID 2256 wrote to memory of 2404 2256 1bbhnn.exe 35 PID 2404 wrote to memory of 2508 2404 4440808.exe 36 PID 2404 wrote to memory of 2508 2404 4440808.exe 36 PID 2404 wrote to memory of 2508 2404 4440808.exe 36 PID 2404 wrote to memory of 2508 2404 4440808.exe 36 PID 2508 wrote to memory of 2784 2508 888040.exe 37 PID 2508 wrote to memory of 2784 2508 888040.exe 37 PID 2508 wrote to memory of 2784 2508 888040.exe 37 PID 2508 wrote to memory of 2784 2508 888040.exe 37 PID 2784 wrote to memory of 2896 2784 dpjpd.exe 38 PID 2784 wrote to memory of 2896 2784 dpjpd.exe 38 PID 2784 wrote to memory of 2896 2784 dpjpd.exe 38 PID 2784 wrote to memory of 2896 2784 dpjpd.exe 38 PID 2896 wrote to memory of 2236 2896 vpjjp.exe 39 PID 2896 wrote to memory of 2236 2896 vpjjp.exe 39 PID 2896 wrote to memory of 2236 2896 vpjjp.exe 39 PID 2896 wrote to memory of 2236 2896 vpjjp.exe 39 PID 2236 wrote to memory of 1716 2236 3thhbh.exe 40 PID 2236 wrote to memory of 1716 2236 3thhbh.exe 40 PID 2236 wrote to memory of 1716 2236 3thhbh.exe 40 PID 2236 wrote to memory of 1716 2236 3thhbh.exe 40 PID 1716 wrote to memory of 1504 1716 w00684.exe 41 PID 1716 wrote to memory of 1504 1716 w00684.exe 41 PID 1716 wrote to memory of 1504 1716 w00684.exe 41 PID 1716 wrote to memory of 1504 1716 w00684.exe 41 PID 1504 wrote to memory of 1768 1504 s4880.exe 42 PID 1504 wrote to memory of 1768 1504 s4880.exe 42 PID 1504 wrote to memory of 1768 1504 s4880.exe 42 PID 1504 wrote to memory of 1768 1504 s4880.exe 42 PID 1768 wrote to memory of 712 1768 7tttbb.exe 43 PID 1768 wrote to memory of 712 1768 7tttbb.exe 43 PID 1768 wrote to memory of 712 1768 7tttbb.exe 43 PID 1768 wrote to memory of 712 1768 7tttbb.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\220e9024e8e14985ffaa172e09c1a64aa9cd75178f09992a8387a14ff7e7e967.exe"C:\Users\Admin\AppData\Local\Temp\220e9024e8e14985ffaa172e09c1a64aa9cd75178f09992a8387a14ff7e7e967.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2128 -
\??\c:\jdpvd.exec:\jdpvd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1712 -
\??\c:\i424064.exec:\i424064.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3020 -
\??\c:\68820.exec:\68820.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2544 -
\??\c:\9dvdj.exec:\9dvdj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2852 -
\??\c:\868406.exec:\868406.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2760 -
\??\c:\lrrxlrf.exec:\lrrxlrf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2628 -
\??\c:\1bbhnn.exec:\1bbhnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2256 -
\??\c:\4440808.exec:\4440808.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2404 -
\??\c:\888040.exec:\888040.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2508 -
\??\c:\dpjpd.exec:\dpjpd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2784 -
\??\c:\vpjjp.exec:\vpjjp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2896 -
\??\c:\3thhbh.exec:\3thhbh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2236 -
\??\c:\w00684.exec:\w00684.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1716 -
\??\c:\s4880.exec:\s4880.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1504 -
\??\c:\7tttbb.exec:\7tttbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1768 -
\??\c:\226820.exec:\226820.exe17⤵
- Executes dropped EXE
PID:712 -
\??\c:\424400.exec:\424400.exe18⤵
- Executes dropped EXE
PID:288 -
\??\c:\q02244.exec:\q02244.exe19⤵
- Executes dropped EXE
PID:1308 -
\??\c:\664462.exec:\664462.exe20⤵
- Executes dropped EXE
PID:1772 -
\??\c:\9pddp.exec:\9pddp.exe21⤵
- Executes dropped EXE
PID:2928 -
\??\c:\rflrxxf.exec:\rflrxxf.exe22⤵
- Executes dropped EXE
PID:1728 -
\??\c:\btnbnn.exec:\btnbnn.exe23⤵
- Executes dropped EXE
PID:2108 -
\??\c:\00886.exec:\00886.exe24⤵
- Executes dropped EXE
PID:1868 -
\??\c:\dpvpv.exec:\dpvpv.exe25⤵
- Executes dropped EXE
PID:1500 -
\??\c:\bbbhhn.exec:\bbbhhn.exe26⤵
- Executes dropped EXE
PID:3044 -
\??\c:\s6060.exec:\s6060.exe27⤵
- Executes dropped EXE
PID:2864 -
\??\c:\thntbh.exec:\thntbh.exe28⤵
- Executes dropped EXE
PID:1004 -
\??\c:\tttbbn.exec:\tttbbn.exe29⤵
- Executes dropped EXE
PID:320 -
\??\c:\xrlrflx.exec:\xrlrflx.exe30⤵
- Executes dropped EXE
PID:920 -
\??\c:\840026.exec:\840026.exe31⤵
- Executes dropped EXE
PID:1796 -
\??\c:\xlflrff.exec:\xlflrff.exe32⤵
- Executes dropped EXE
PID:1612 -
\??\c:\rfffxrx.exec:\rfffxrx.exe33⤵
- Executes dropped EXE
PID:880 -
\??\c:\264066.exec:\264066.exe34⤵
- Executes dropped EXE
PID:1028 -
\??\c:\bhhntt.exec:\bhhntt.exe35⤵
- Executes dropped EXE
PID:2312 -
\??\c:\2088402.exec:\2088402.exe36⤵
- Executes dropped EXE
PID:2128 -
\??\c:\bhhnht.exec:\bhhnht.exe37⤵
- Executes dropped EXE
PID:1964 -
\??\c:\444028.exec:\444028.exe38⤵
- Executes dropped EXE
PID:3040 -
\??\c:\dpdjv.exec:\dpdjv.exe39⤵
- Executes dropped EXE
PID:2592 -
\??\c:\040866.exec:\040866.exe40⤵
- Executes dropped EXE
PID:3052 -
\??\c:\btnhbh.exec:\btnhbh.exe41⤵
- Executes dropped EXE
PID:2696 -
\??\c:\xlfllrx.exec:\xlfllrx.exe42⤵
- Executes dropped EXE
PID:2732 -
\??\c:\42062.exec:\42062.exe43⤵
- Executes dropped EXE
PID:2576 -
\??\c:\lrxrllf.exec:\lrxrllf.exe44⤵
- Executes dropped EXE
PID:2484 -
\??\c:\82080.exec:\82080.exe45⤵
- Executes dropped EXE
PID:2932 -
\??\c:\k88080.exec:\k88080.exe46⤵
- Executes dropped EXE
PID:2616 -
\??\c:\hbttbb.exec:\hbttbb.exe47⤵
- Executes dropped EXE
PID:2656 -
\??\c:\tnhhnn.exec:\tnhhnn.exe48⤵
- Executes dropped EXE
PID:1644 -
\??\c:\42684.exec:\42684.exe49⤵
- Executes dropped EXE
PID:1520 -
\??\c:\rlxfffx.exec:\rlxfffx.exe50⤵
- Executes dropped EXE
PID:1628 -
\??\c:\rfrrxxl.exec:\rfrrxxl.exe51⤵
- Executes dropped EXE
PID:1856 -
\??\c:\44608.exec:\44608.exe52⤵
- Executes dropped EXE
PID:1600 -
\??\c:\llrrrxl.exec:\llrrrxl.exe53⤵
- Executes dropped EXE
PID:1200 -
\??\c:\22868.exec:\22868.exe54⤵
- Executes dropped EXE
PID:1624 -
\??\c:\bhbnhb.exec:\bhbnhb.exe55⤵
- Executes dropped EXE
PID:684 -
\??\c:\vjvpj.exec:\vjvpj.exe56⤵
- Executes dropped EXE
PID:2336 -
\??\c:\4266846.exec:\4266846.exe57⤵
- Executes dropped EXE
PID:288 -
\??\c:\hnhnbh.exec:\hnhnbh.exe58⤵
- Executes dropped EXE
PID:1224 -
\??\c:\7jjpj.exec:\7jjpj.exe59⤵
- Executes dropped EXE
PID:2480 -
\??\c:\lrfxlrf.exec:\lrfxlrf.exe60⤵
- Executes dropped EXE
PID:2204 -
\??\c:\1hbbbb.exec:\1hbbbb.exe61⤵
- Executes dropped EXE
PID:3048 -
\??\c:\04280.exec:\04280.exe62⤵
- Executes dropped EXE
PID:2376 -
\??\c:\9xxrffr.exec:\9xxrffr.exe63⤵
- Executes dropped EXE
PID:2100 -
\??\c:\lfrxffr.exec:\lfrxffr.exe64⤵
- Executes dropped EXE
PID:988 -
\??\c:\604404.exec:\604404.exe65⤵
- Executes dropped EXE
PID:456 -
\??\c:\82042.exec:\82042.exe66⤵PID:840
-
\??\c:\xrfrxxl.exec:\xrfrxxl.exe67⤵PID:1004
-
\??\c:\u864064.exec:\u864064.exe68⤵PID:1564
-
\??\c:\ttnhtb.exec:\ttnhtb.exe69⤵PID:916
-
\??\c:\1jddj.exec:\1jddj.exe70⤵PID:2888
-
\??\c:\864406.exec:\864406.exe71⤵PID:2088
-
\??\c:\vdpdd.exec:\vdpdd.exe72⤵PID:2996
-
\??\c:\000684.exec:\000684.exe73⤵PID:2260
-
\??\c:\rrfxflr.exec:\rrfxflr.exe74⤵PID:1880
-
\??\c:\1bnnbb.exec:\1bnnbb.exe75⤵PID:1752
-
\??\c:\0242284.exec:\0242284.exe76⤵PID:936
-
\??\c:\pjvdv.exec:\pjvdv.exe77⤵PID:996
-
\??\c:\08624.exec:\08624.exe78⤵PID:2624
-
\??\c:\7lrrrrx.exec:\7lrrrrx.exe79⤵PID:2032
-
\??\c:\hhhhth.exec:\hhhhth.exe80⤵PID:3052
-
\??\c:\08624.exec:\08624.exe81⤵PID:2848
-
\??\c:\9hthnt.exec:\9hthnt.exe82⤵PID:2448
-
\??\c:\vvdvp.exec:\vvdvp.exe83⤵PID:2600
-
\??\c:\22484.exec:\22484.exe84⤵PID:716
-
\??\c:\08620.exec:\08620.exe85⤵PID:2188
-
\??\c:\ddddp.exec:\ddddp.exe86⤵PID:2512
-
\??\c:\lfrrffx.exec:\lfrrffx.exe87⤵PID:2984
-
\??\c:\s8668.exec:\s8668.exe88⤵PID:1628
-
\??\c:\xrlxrfx.exec:\xrlxrfx.exe89⤵PID:1828
-
\??\c:\nnbbtb.exec:\nnbbtb.exe90⤵PID:2792
-
\??\c:\btntbb.exec:\btntbb.exe91⤵PID:2808
-
\??\c:\rrrfxff.exec:\rrrfxff.exe92⤵PID:2208
-
\??\c:\thnttt.exec:\thnttt.exe93⤵PID:1516
-
\??\c:\hbnnhb.exec:\hbnnhb.exe94⤵PID:1296
-
\??\c:\bbbhhb.exec:\bbbhhb.exe95⤵PID:772
-
\??\c:\7xrflrf.exec:\7xrflrf.exe96⤵PID:2416
-
\??\c:\bbtbnn.exec:\bbtbnn.exe97⤵PID:1512
-
\??\c:\xrlxlrl.exec:\xrlxlrl.exe98⤵PID:640
-
\??\c:\o044606.exec:\o044606.exe99⤵PID:1052
-
\??\c:\a0846.exec:\a0846.exe100⤵PID:1128
-
\??\c:\llxffxr.exec:\llxffxr.exe101⤵PID:2800
-
\??\c:\406002.exec:\406002.exe102⤵PID:3048
-
\??\c:\xxlrxfl.exec:\xxlrxfl.exe103⤵PID:2536
-
\??\c:\0008280.exec:\0008280.exe104⤵PID:604
-
\??\c:\rrllrlr.exec:\rrllrlr.exe105⤵PID:2348
-
\??\c:\264088.exec:\264088.exe106⤵PID:2056
-
\??\c:\tbbhnh.exec:\tbbhnh.exe107⤵PID:1740
-
\??\c:\pjjpp.exec:\pjjpp.exe108⤵PID:2960
-
\??\c:\lxffllf.exec:\lxffllf.exe109⤵PID:1564
-
\??\c:\268608.exec:\268608.exe110⤵PID:916
-
\??\c:\ttnbtt.exec:\ttnbtt.exe111⤵PID:1364
-
\??\c:\s2680.exec:\s2680.exe112⤵PID:2368
-
\??\c:\404684.exec:\404684.exe113⤵PID:1040
-
\??\c:\m0228.exec:\m0228.exe114⤵PID:2260
-
\??\c:\224462.exec:\224462.exe115⤵PID:1880
-
\??\c:\dvdjd.exec:\dvdjd.exe116⤵PID:908
-
\??\c:\rlxfxfr.exec:\rlxfxfr.exe117⤵PID:384
-
\??\c:\xxrflrf.exec:\xxrflrf.exe118⤵PID:2292
-
\??\c:\rfflrrr.exec:\rfflrrr.exe119⤵PID:1940
-
\??\c:\hbntbn.exec:\hbntbn.exe120⤵PID:2396
-
\??\c:\xfxxrfx.exec:\xfxxrfx.exe121⤵PID:1960
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-