Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
15/06/2024, 19:39
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
220e9024e8e14985ffaa172e09c1a64aa9cd75178f09992a8387a14ff7e7e967.exe
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
General
-
Target
220e9024e8e14985ffaa172e09c1a64aa9cd75178f09992a8387a14ff7e7e967.exe
-
Size
476KB
-
MD5
09095bedf526f418dfd1ae43b1714d58
-
SHA1
718bf51dfa05cfdaefcb2f24842342a86454d460
-
SHA256
220e9024e8e14985ffaa172e09c1a64aa9cd75178f09992a8387a14ff7e7e967
-
SHA512
e5571c66892878f9fdd1ee810756a83956e8d4c2846fa08518ffa4ceff664dd8bfa8e883475b60c0bb9557e25dab141ac02b079b6b0b5f41df8df034bafd2763
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwT+aZKlumArSPBXuGsS:q7Tc2NYHUrAwT+OKomA+5uy
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/3432-8-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/3432-14-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/3040-15-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/1436-6-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/3040-23-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/3164-20-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/228-29-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/3164-27-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/228-34-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/2700-35-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/2700-40-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/4204-49-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/1920-55-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/1900-58-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/1900-62-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/4456-71-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/4456-78-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/3240-76-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/4816-85-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/2108-90-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/3240-87-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/1736-67-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/2108-96-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/4220-97-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/4220-104-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/2888-110-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/632-109-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/2888-114-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/1820-117-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/1820-121-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/1084-128-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/4464-131-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/4464-135-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/1904-143-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/4040-145-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/4040-151-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/884-159-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/3504-165-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/748-172-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/748-167-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/3504-157-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/884-156-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/384-175-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/632-173-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/384-178-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/2308-181-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/3820-189-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/2308-187-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/3820-192-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/1796-195-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/4324-214-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/4740-217-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/64-229-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/1884-227-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/4740-224-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/64-222-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/2480-210-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/4324-207-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/2480-206-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/1796-202-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/1884-232-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/1884-231-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/3876-234-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral2/memory/3876-237-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/1436-0-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/3432-8-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/3432-14-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/3040-15-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/1436-6-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/3040-23-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/3164-20-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/228-29-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/3164-27-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/228-34-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/2700-35-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/2700-40-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/4204-42-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/1920-47-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/4204-49-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/1920-55-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/1900-58-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/1900-62-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/1736-63-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/4456-71-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/4456-78-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/3240-76-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/4816-85-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/2108-90-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/3240-87-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/1736-67-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/2108-96-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/4220-97-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/4220-104-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/2888-110-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/632-109-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/2888-114-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/1820-117-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/1820-121-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/1084-124-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/1084-128-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/4464-131-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/4464-135-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/1904-138-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/1904-143-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/4040-145-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/4040-151-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/884-159-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/3504-165-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/748-172-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/748-167-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/3504-157-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/884-156-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/384-175-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/632-173-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/384-178-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/2308-181-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/3820-189-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/2308-187-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/3820-192-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/4324-214-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/4740-217-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/64-229-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/1884-227-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/4740-224-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/64-222-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/2480-210-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/4324-207-0x0000000000400000-0x00000000004C4000-memory.dmp UPX behavioral2/memory/2480-206-0x0000000000400000-0x00000000004C4000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 3432 1xxrllf.exe 3040 1hnhbb.exe 3164 jjvpp.exe 228 7tbtbb.exe 2700 9jjdv.exe 4204 lfxfffl.exe 1920 frrrxxr.exe 1900 bhbnbb.exe 1736 vddvv.exe 4456 9bhthh.exe 3240 5ddvp.exe 4816 1fxrllf.exe 2108 jddjd.exe 4220 fxfxrrl.exe 632 5hhbtn.exe 2888 hntnbt.exe 1820 3jvjp.exe 1084 btnbtt.exe 4464 nntnhb.exe 1904 pppjj.exe 4040 vjpdv.exe 884 nhhbnn.exe 3504 djpjd.exe 748 frlfxrr.exe 384 fxxfxxf.exe 2308 lxrlxxf.exe 3820 vvdpv.exe 1796 dvdvv.exe 2480 fxffxxx.exe 4324 rfffffx.exe 4740 9btnbb.exe 64 xrffxxr.exe 1884 fxxxffl.exe 3876 htbtnn.exe 3352 9lxlrlr.exe 4320 fxxrrrr.exe 2620 rfrlffx.exe 3432 dddvp.exe 3608 nbhbnn.exe 5108 pvvpv.exe 5024 pjppj.exe 1516 xffxrrl.exe 448 9pvpj.exe 3052 bbnnhn.exe 1408 jvddv.exe 1828 bnbttt.exe 4552 dvppd.exe 908 5nttbb.exe 2460 ntnhbb.exe 948 jdpdj.exe 1736 3rxrlrl.exe 628 bbhhhh.exe 396 jvdpj.exe 3312 9jjdv.exe 2264 ttbbtt.exe 2108 hhnhhh.exe 2072 lflfxrx.exe 2944 hthbnn.exe 4908 5lrllff.exe 4844 ddvjv.exe 3420 vdjdv.exe 2952 3fxfrlf.exe 528 bthbnn.exe 1896 jvvpp.exe -
resource yara_rule behavioral2/memory/1436-0-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/3432-8-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/3432-14-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/3040-15-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/1436-6-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/3040-23-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/3164-20-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/228-29-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/3164-27-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/228-34-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/2700-35-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/2700-40-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/4204-42-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/1920-47-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/4204-49-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/1920-55-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/1900-58-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/1900-62-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/1736-63-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/4456-71-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/4456-78-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/3240-76-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/4816-85-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/2108-90-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/3240-87-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/1736-67-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/2108-96-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/4220-104-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/2888-110-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/632-109-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/2888-114-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/1820-121-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/1084-128-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/4464-135-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/1904-138-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/1904-143-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/4040-145-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/4040-151-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/884-159-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/3504-165-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/748-172-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/748-167-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/884-156-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/384-175-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/632-173-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/384-178-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/2308-181-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/3820-189-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/2308-187-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/3820-192-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/4324-214-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/4740-217-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/64-229-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/1884-227-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/4740-224-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/64-222-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/2480-210-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/4324-207-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/2480-206-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/1796-202-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/1884-232-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/3876-234-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/3876-237-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral2/memory/3352-243-0x0000000000400000-0x00000000004C4000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1436 wrote to memory of 3432 1436 220e9024e8e14985ffaa172e09c1a64aa9cd75178f09992a8387a14ff7e7e967.exe 84 PID 1436 wrote to memory of 3432 1436 220e9024e8e14985ffaa172e09c1a64aa9cd75178f09992a8387a14ff7e7e967.exe 84 PID 1436 wrote to memory of 3432 1436 220e9024e8e14985ffaa172e09c1a64aa9cd75178f09992a8387a14ff7e7e967.exe 84 PID 3432 wrote to memory of 3040 3432 1xxrllf.exe 85 PID 3432 wrote to memory of 3040 3432 1xxrllf.exe 85 PID 3432 wrote to memory of 3040 3432 1xxrllf.exe 85 PID 3040 wrote to memory of 3164 3040 1hnhbb.exe 86 PID 3040 wrote to memory of 3164 3040 1hnhbb.exe 86 PID 3040 wrote to memory of 3164 3040 1hnhbb.exe 86 PID 3164 wrote to memory of 228 3164 jjvpp.exe 87 PID 3164 wrote to memory of 228 3164 jjvpp.exe 87 PID 3164 wrote to memory of 228 3164 jjvpp.exe 87 PID 228 wrote to memory of 2700 228 7tbtbb.exe 88 PID 228 wrote to memory of 2700 228 7tbtbb.exe 88 PID 228 wrote to memory of 2700 228 7tbtbb.exe 88 PID 2700 wrote to memory of 4204 2700 9jjdv.exe 89 PID 2700 wrote to memory of 4204 2700 9jjdv.exe 89 PID 2700 wrote to memory of 4204 2700 9jjdv.exe 89 PID 4204 wrote to memory of 1920 4204 lfxfffl.exe 91 PID 4204 wrote to memory of 1920 4204 lfxfffl.exe 91 PID 4204 wrote to memory of 1920 4204 lfxfffl.exe 91 PID 1920 wrote to memory of 1900 1920 frrrxxr.exe 93 PID 1920 wrote to memory of 1900 1920 frrrxxr.exe 93 PID 1920 wrote to memory of 1900 1920 frrrxxr.exe 93 PID 1900 wrote to memory of 1736 1900 bhbnbb.exe 94 PID 1900 wrote to memory of 1736 1900 bhbnbb.exe 94 PID 1900 wrote to memory of 1736 1900 bhbnbb.exe 94 PID 1736 wrote to memory of 4456 1736 vddvv.exe 96 PID 1736 wrote to memory of 4456 1736 vddvv.exe 96 PID 1736 wrote to memory of 4456 1736 vddvv.exe 96 PID 4456 wrote to memory of 3240 4456 9bhthh.exe 97 PID 4456 wrote to memory of 3240 4456 9bhthh.exe 97 PID 4456 wrote to memory of 3240 4456 9bhthh.exe 97 PID 3240 wrote to memory of 4816 3240 5ddvp.exe 98 PID 3240 wrote to memory of 4816 3240 5ddvp.exe 98 PID 3240 wrote to memory of 4816 3240 5ddvp.exe 98 PID 4816 wrote to memory of 2108 4816 1fxrllf.exe 99 PID 4816 wrote to memory of 2108 4816 1fxrllf.exe 99 PID 4816 wrote to memory of 2108 4816 1fxrllf.exe 99 PID 2108 wrote to memory of 4220 2108 jddjd.exe 100 PID 2108 wrote to memory of 4220 2108 jddjd.exe 100 PID 2108 wrote to memory of 4220 2108 jddjd.exe 100 PID 4220 wrote to memory of 632 4220 fxfxrrl.exe 101 PID 4220 wrote to memory of 632 4220 fxfxrrl.exe 101 PID 4220 wrote to memory of 632 4220 fxfxrrl.exe 101 PID 632 wrote to memory of 2888 632 5hhbtn.exe 102 PID 632 wrote to memory of 2888 632 5hhbtn.exe 102 PID 632 wrote to memory of 2888 632 5hhbtn.exe 102 PID 2888 wrote to memory of 1820 2888 hntnbt.exe 103 PID 2888 wrote to memory of 1820 2888 hntnbt.exe 103 PID 2888 wrote to memory of 1820 2888 hntnbt.exe 103 PID 1820 wrote to memory of 1084 1820 3jvjp.exe 104 PID 1820 wrote to memory of 1084 1820 3jvjp.exe 104 PID 1820 wrote to memory of 1084 1820 3jvjp.exe 104 PID 1084 wrote to memory of 4464 1084 btnbtt.exe 105 PID 1084 wrote to memory of 4464 1084 btnbtt.exe 105 PID 1084 wrote to memory of 4464 1084 btnbtt.exe 105 PID 4464 wrote to memory of 1904 4464 nntnhb.exe 106 PID 4464 wrote to memory of 1904 4464 nntnhb.exe 106 PID 4464 wrote to memory of 1904 4464 nntnhb.exe 106 PID 1904 wrote to memory of 4040 1904 pppjj.exe 107 PID 1904 wrote to memory of 4040 1904 pppjj.exe 107 PID 1904 wrote to memory of 4040 1904 pppjj.exe 107 PID 4040 wrote to memory of 884 4040 vjpdv.exe 108
Processes
-
C:\Users\Admin\AppData\Local\Temp\220e9024e8e14985ffaa172e09c1a64aa9cd75178f09992a8387a14ff7e7e967.exe"C:\Users\Admin\AppData\Local\Temp\220e9024e8e14985ffaa172e09c1a64aa9cd75178f09992a8387a14ff7e7e967.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1436 -
\??\c:\1xxrllf.exec:\1xxrllf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3432 -
\??\c:\1hnhbb.exec:\1hnhbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3040 -
\??\c:\jjvpp.exec:\jjvpp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3164 -
\??\c:\7tbtbb.exec:\7tbtbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:228 -
\??\c:\9jjdv.exec:\9jjdv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2700 -
\??\c:\lfxfffl.exec:\lfxfffl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4204 -
\??\c:\frrrxxr.exec:\frrrxxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1920 -
\??\c:\bhbnbb.exec:\bhbnbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1900 -
\??\c:\vddvv.exec:\vddvv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1736 -
\??\c:\9bhthh.exec:\9bhthh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4456 -
\??\c:\5ddvp.exec:\5ddvp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3240 -
\??\c:\1fxrllf.exec:\1fxrllf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4816 -
\??\c:\jddjd.exec:\jddjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2108 -
\??\c:\fxfxrrl.exec:\fxfxrrl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4220 -
\??\c:\5hhbtn.exec:\5hhbtn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:632 -
\??\c:\hntnbt.exec:\hntnbt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2888 -
\??\c:\3jvjp.exec:\3jvjp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1820 -
\??\c:\btnbtt.exec:\btnbtt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1084 -
\??\c:\nntnhb.exec:\nntnhb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4464 -
\??\c:\pppjj.exec:\pppjj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1904 -
\??\c:\vjpdv.exec:\vjpdv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4040 -
\??\c:\nhhbnn.exec:\nhhbnn.exe23⤵
- Executes dropped EXE
PID:884 -
\??\c:\djpjd.exec:\djpjd.exe24⤵
- Executes dropped EXE
PID:3504 -
\??\c:\frlfxrr.exec:\frlfxrr.exe25⤵
- Executes dropped EXE
PID:748 -
\??\c:\fxxfxxf.exec:\fxxfxxf.exe26⤵
- Executes dropped EXE
PID:384 -
\??\c:\lxrlxxf.exec:\lxrlxxf.exe27⤵
- Executes dropped EXE
PID:2308 -
\??\c:\vvdpv.exec:\vvdpv.exe28⤵
- Executes dropped EXE
PID:3820 -
\??\c:\dvdvv.exec:\dvdvv.exe29⤵
- Executes dropped EXE
PID:1796 -
\??\c:\fxffxxx.exec:\fxffxxx.exe30⤵
- Executes dropped EXE
PID:2480 -
\??\c:\rfffffx.exec:\rfffffx.exe31⤵
- Executes dropped EXE
PID:4324 -
\??\c:\9btnbb.exec:\9btnbb.exe32⤵
- Executes dropped EXE
PID:4740 -
\??\c:\xrffxxr.exec:\xrffxxr.exe33⤵
- Executes dropped EXE
PID:64 -
\??\c:\fxxxffl.exec:\fxxxffl.exe34⤵
- Executes dropped EXE
PID:1884 -
\??\c:\htbtnn.exec:\htbtnn.exe35⤵
- Executes dropped EXE
PID:3876 -
\??\c:\9lxlrlr.exec:\9lxlrlr.exe36⤵
- Executes dropped EXE
PID:3352 -
\??\c:\fxxrrrr.exec:\fxxrrrr.exe37⤵
- Executes dropped EXE
PID:4320 -
\??\c:\rfrlffx.exec:\rfrlffx.exe38⤵
- Executes dropped EXE
PID:2620 -
\??\c:\dddvp.exec:\dddvp.exe39⤵
- Executes dropped EXE
PID:3432 -
\??\c:\nbhbnn.exec:\nbhbnn.exe40⤵
- Executes dropped EXE
PID:3608 -
\??\c:\pvvpv.exec:\pvvpv.exe41⤵
- Executes dropped EXE
PID:5108 -
\??\c:\pjppj.exec:\pjppj.exe42⤵
- Executes dropped EXE
PID:5024 -
\??\c:\xffxrrl.exec:\xffxrrl.exe43⤵
- Executes dropped EXE
PID:1516 -
\??\c:\9pvpj.exec:\9pvpj.exe44⤵
- Executes dropped EXE
PID:448 -
\??\c:\bbnnhn.exec:\bbnnhn.exe45⤵
- Executes dropped EXE
PID:3052 -
\??\c:\jvddv.exec:\jvddv.exe46⤵
- Executes dropped EXE
PID:1408 -
\??\c:\bnbttt.exec:\bnbttt.exe47⤵
- Executes dropped EXE
PID:1828 -
\??\c:\dvppd.exec:\dvppd.exe48⤵
- Executes dropped EXE
PID:4552 -
\??\c:\5nttbb.exec:\5nttbb.exe49⤵
- Executes dropped EXE
PID:908 -
\??\c:\ntnhbb.exec:\ntnhbb.exe50⤵
- Executes dropped EXE
PID:2460 -
\??\c:\jdpdj.exec:\jdpdj.exe51⤵
- Executes dropped EXE
PID:948 -
\??\c:\3rxrlrl.exec:\3rxrlrl.exe52⤵
- Executes dropped EXE
PID:1736 -
\??\c:\bbhhhh.exec:\bbhhhh.exe53⤵
- Executes dropped EXE
PID:628 -
\??\c:\jvdpj.exec:\jvdpj.exe54⤵
- Executes dropped EXE
PID:396 -
\??\c:\9jjdv.exec:\9jjdv.exe55⤵
- Executes dropped EXE
PID:3312 -
\??\c:\ttbbtt.exec:\ttbbtt.exe56⤵
- Executes dropped EXE
PID:2264 -
\??\c:\hhnhhh.exec:\hhnhhh.exe57⤵
- Executes dropped EXE
PID:2108 -
\??\c:\lflfxrx.exec:\lflfxrx.exe58⤵
- Executes dropped EXE
PID:2072 -
\??\c:\hthbnn.exec:\hthbnn.exe59⤵
- Executes dropped EXE
PID:2944 -
\??\c:\5lrllff.exec:\5lrllff.exe60⤵
- Executes dropped EXE
PID:4908 -
\??\c:\ddvjv.exec:\ddvjv.exe61⤵
- Executes dropped EXE
PID:4844 -
\??\c:\vdjdv.exec:\vdjdv.exe62⤵
- Executes dropped EXE
PID:3420 -
\??\c:\3fxfrlf.exec:\3fxfrlf.exe63⤵
- Executes dropped EXE
PID:2952 -
\??\c:\bthbnn.exec:\bthbnn.exe64⤵
- Executes dropped EXE
PID:528 -
\??\c:\jvvpp.exec:\jvvpp.exe65⤵
- Executes dropped EXE
PID:1896 -
\??\c:\pjvvp.exec:\pjvvp.exe66⤵PID:1976
-
\??\c:\rlrlrrf.exec:\rlrlrrf.exe67⤵PID:3416
-
\??\c:\nnbbtb.exec:\nnbbtb.exe68⤵PID:960
-
\??\c:\jdddp.exec:\jdddp.exe69⤵PID:1988
-
\??\c:\jddpj.exec:\jddpj.exe70⤵PID:2316
-
\??\c:\rlrrlrr.exec:\rlrrlrr.exe71⤵PID:1712
-
\??\c:\bthnhb.exec:\bthnhb.exe72⤵PID:3824
-
\??\c:\dvjjj.exec:\dvjjj.exe73⤵PID:868
-
\??\c:\7jvpp.exec:\7jvpp.exe74⤵PID:1568
-
\??\c:\7lrlflf.exec:\7lrlflf.exe75⤵PID:4408
-
\??\c:\nntnhh.exec:\nntnhh.exe76⤵PID:4876
-
\??\c:\7thhnn.exec:\7thhnn.exe77⤵PID:4740
-
\??\c:\dvjvp.exec:\dvjvp.exe78⤵PID:1948
-
\??\c:\frxrlff.exec:\frxrlff.exe79⤵PID:4860
-
\??\c:\7vddv.exec:\7vddv.exe80⤵PID:432
-
\??\c:\djpjj.exec:\djpjj.exe81⤵PID:1148
-
\??\c:\7fffxxx.exec:\7fffxxx.exe82⤵PID:4316
-
\??\c:\thtnhh.exec:\thtnhh.exe83⤵PID:4064
-
\??\c:\vvjdj.exec:\vvjdj.exe84⤵PID:3252
-
\??\c:\rlrrxxf.exec:\rlrrxxf.exe85⤵PID:2280
-
\??\c:\9xfxxxr.exec:\9xfxxxr.exe86⤵PID:3440
-
\??\c:\bbbhbb.exec:\bbbhbb.exe87⤵PID:1288
-
\??\c:\jvjdv.exec:\jvjdv.exe88⤵PID:1932
-
\??\c:\dvpvd.exec:\dvpvd.exe89⤵PID:4828
-
\??\c:\xxlfrfx.exec:\xxlfrfx.exe90⤵PID:1184
-
\??\c:\7nnttt.exec:\7nnttt.exe91⤵PID:2904
-
\??\c:\5ddvj.exec:\5ddvj.exe92⤵PID:4460
-
\??\c:\7lrlflf.exec:\7lrlflf.exe93⤵PID:1920
-
\??\c:\llrlllf.exec:\llrlllf.exe94⤵PID:1652
-
\??\c:\bttnhb.exec:\bttnhb.exe95⤵PID:2592
-
\??\c:\9djpd.exec:\9djpd.exe96⤵PID:4068
-
\??\c:\3rrfrrl.exec:\3rrfrrl.exe97⤵PID:1272
-
\??\c:\frfxrfx.exec:\frfxrfx.exe98⤵PID:4456
-
\??\c:\hhhbnn.exec:\hhhbnn.exe99⤵PID:3568
-
\??\c:\jddpj.exec:\jddpj.exe100⤵PID:3752
-
\??\c:\ddjdv.exec:\ddjdv.exe101⤵PID:1584
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe102⤵PID:4392
-
\??\c:\btthtt.exec:\btthtt.exe103⤵PID:1208
-
\??\c:\bhbthb.exec:\bhbthb.exe104⤵PID:4948
-
\??\c:\jppjd.exec:\jppjd.exe105⤵PID:4136
-
\??\c:\xlrfxxx.exec:\xlrfxxx.exe106⤵PID:4924
-
\??\c:\nhthnh.exec:\nhthnh.exe107⤵PID:4160
-
\??\c:\vjdpj.exec:\vjdpj.exe108⤵PID:5092
-
\??\c:\lxxrllf.exec:\lxxrllf.exe109⤵PID:3564
-
\??\c:\tnhhbb.exec:\tnhhbb.exe110⤵PID:4356
-
\??\c:\jdpjp.exec:\jdpjp.exe111⤵PID:1152
-
\??\c:\lfxrrll.exec:\lfxrrll.exe112⤵PID:4856
-
\??\c:\lffrllf.exec:\lffrllf.exe113⤵PID:3628
-
\??\c:\htbtbn.exec:\htbtbn.exe114⤵PID:4224
-
\??\c:\dddpj.exec:\dddpj.exe115⤵PID:4560
-
\??\c:\rffxrrl.exec:\rffxrrl.exe116⤵PID:3060
-
\??\c:\xxfxlfx.exec:\xxfxlfx.exe117⤵PID:4980
-
\??\c:\hnthbt.exec:\hnthbt.exe118⤵PID:4504
-
\??\c:\1jpdd.exec:\1jpdd.exe119⤵PID:1484
-
\??\c:\jddvj.exec:\jddvj.exe120⤵PID:2596
-
\??\c:\lxxfrlx.exec:\lxxfrlx.exe121⤵PID:2480
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-