trigona | 704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2

General

Target

704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
Size

1.1MB
MD5

67dd0708a2dcbe6b7661fd5eb4593ea7
SHA1

3d496563984c73e129577da8ca87d3e823fdcce4
SHA256

704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2
SHA512

6dc6949196b6aa1e44564c955bf02b45e74247c23408e24fe206087725922dcb5cebb5db58635414313e6c96cfba26758919509ecd0e19832506069236dd9c21
SSDEEP

24576:oYj5E9T+xHeQhNmYOnW8FQrbID+u9v1Qs:Z5E9LQvRrtSvB

Score

10^/10

trigona discovery persistence ransomware

Malware Config

Signatures

Trigona
A ransomware first seen at the beginning of the 2022.
ransomware trigona

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6D865A3B0874323B88B95678D019511E = "C:\\Users\\Admin\\AppData\\Local\\Temp\\704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe"	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Drops desktop.ini file(s) 1 IoCs

Processes:

704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe

description	ioc	process
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe

Drops file in Program Files directory 64 IoCs

Processes:

704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe

description	ioc	process
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_win7.css	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\plugins\demux\libmod_plugin.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ExtendScript.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_hu.jar	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\jre\bin\t2k.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_folder-default_32.svg	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_K_COL.HXK	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TEXTCONV\MSCONV97.DLL	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.configuration_5.5.0.165303.jar	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-pl.xrm-ms	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.UI.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-100.png	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\plugins\text_renderer\libtdummy_plugin.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\plugins\video_output\libwgl_plugin.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\jre\bin\jp2native.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Java\jre1.8.0_66\bin\jawt.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-oob.xrm-ms	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN120.XML	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\plugins\codec\libkate_plugin.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\jre\bin\sawindbg.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-loaders_zh_CN.jar	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-ul-oob.xrm-ms	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-140.png	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN081.XML	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Design.resources.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\locale\org-openide-util-lookup_ja.jar	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3102-0000-1000-0000000FF1CE.xml	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-oob.xrm-ms	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbProvider.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\rsod\proof.es-es.msi.16.es-es.boot.tree.dat	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuvp_plugin.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-startup.xml	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-pl.xrm-ms	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LAYERS\PREVIEW.GIF	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\how_to_decrypt.hta	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-modules-core-kit.xml	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ppd.xrm-ms	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Document Themes 16\Ion Boardroom.thmx	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Framework.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\nbexec.exe	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-pl.xrm-ms	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ppd.xrm-ms	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\cs\how_to_decrypt.hta	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\how_to_decrypt.hta	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\progress_spinner_dark2x.gif	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_zh_4.4.0.v20140623020002.jar	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-pl.xrm-ms	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\xmlrwbin_xl.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-oob.xrm-ms	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Grace-ppd.xrm-ms	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\ucrtbase.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\version.js	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File created	\??\c:\Program Files\Microsoft Office\Updates\Download\PackageFiles\B214D8B3-D494-4CED-AFE3-3EE6CE0F68C8\root\how_to_decrypt.hta	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\plugins\access\libaccess_mms_plugin.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\plugins\video_filter\libwave_plugin.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-core-execution.xml	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\CSS7DATA0009.DLL	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File created	\??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Office Setup Controller\Office.en-us\how_to_decrypt.hta	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe

C:\Users\Admin\AppData\Local\Temp\704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
"C:\Users\Admin\AppData\Local\Temp\704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe"
1⤵
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:4460

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Network Service Scanning

1

T1046

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads