resource	yara_rule
behavioral1/memory/2204-0-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/2204-1-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/2204-2-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/2204-4-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/2204-6-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/2204-7-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/2204-8-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/2204-15-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/2204-44-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/2204-801-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/2204-1380-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/2204-7683-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/2204-9988-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/2204-11579-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona

description	ioc	process
File opened for modification	\??\c:\Program Files\Microsoft Games\Mahjong\desktop.ini	Trigona.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\Solitaire\desktop.ini	Trigona.exe
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-3427588347-1492276948-3422228430-1000\desktop.ini	Trigona.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	Trigona.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\FreeCell\desktop.ini	Trigona.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\Hearts\desktop.ini	Trigona.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\Purble Place\desktop.ini	Trigona.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	Trigona.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-3427588347-1492276948-3422228430-1000\desktop.ini	Trigona.exe
File opened for modification	\??\c:\Program Files\desktop.ini	Trigona.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\Chess\desktop.ini	Trigona.exe

description	ioc	process
File opened for modification	\??\c:\Program Files\7-Zip\Lang\sw.txt	Trigona.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties	Trigona.exe
File opened for modification	\??\c:\Program Files\Java\jre7\lib\zi\Africa\Tunis	Trigona.exe
File created	\??\c:\Program Files\Microsoft Games\Hearts\es-ES\how_to_decrypt.hta	Trigona.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\plugins\audio_filter\libparam_eq_plugin.dll	Trigona.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\lua\http\requests\browse.xml	Trigona.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\msaddsr.dll	Trigona.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiItalic.ttf	Trigona.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html	Trigona.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_ja.jar	Trigona.exe
File opened for modification	\??\c:\Program Files\Java\jre7\lib\zi\Africa\Ceuta	Trigona.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.lnk	Trigona.exe
File opened for modification	\??\c:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_settings.png	Trigona.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\da.txt	Trigona.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-heapdump.xml	Trigona.exe
File created	\??\c:\Program Files\Java\jre7\lib\how_to_decrypt.hta	Trigona.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\ckb\how_to_decrypt.hta	Trigona.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\vlc.mo	Trigona.exe
File opened for modification	\??\c:\Program Files\Windows Sidebar\es-ES\Sidebar.exe.mui	Trigona.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_ja.jar	Trigona.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-snaptracer.xml	Trigona.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_autodel_plugin.dll	Trigona.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui	Trigona.exe
File opened for modification	\??\c:\Program Files\Internet Explorer\jsdebuggeride.dll	Trigona.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ust-Nera	Trigona.exe
File opened for modification	\??\c:\Program Files\Java\jre7\bin\JdbcOdbc.dll	Trigona.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak	Trigona.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk	Trigona.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_ja_4.4.0.v20140623020002.jar	Trigona.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server.jar	Trigona.exe
File created	\??\c:\Program Files\Java\jre7\lib\zi\Asia\how_to_decrypt.hta	Trigona.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_gather_plugin.dll	Trigona.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Winnipeg	Trigona.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar	Trigona.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\el\how_to_decrypt.hta	Trigona.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libinteger_mixer_plugin.dll	Trigona.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core_2.3.0.v20131211-1531.jar	Trigona.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar	Trigona.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\Documentation.url	Trigona.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\it\how_to_decrypt.hta	Trigona.exe
File opened for modification	\??\c:\Program Files\Windows Defender\MpEvMsg.dll	Trigona.exe
File opened for modification	\??\c:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui	Trigona.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_zh_4.4.0.v20140623020002.jar	Trigona.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml	Trigona.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-text.xml	Trigona.exe
File opened for modification	\??\c:\Program Files\Java\jre7\bin\server\Xusage.txt	Trigona.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\More Games\MoreGames.dll	Trigona.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\how_to_decrypt.hta	Trigona.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat	Trigona.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.contexts_1.3.100.v20140407-1019.jar	Trigona.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.util_8.1.14.v20131031.jar	Trigona.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-api.xml	Trigona.exe
File opened for modification	\??\c:\Program Files\Java\jre7\lib\zi\America\Thunder_Bay	Trigona.exe
File opened for modification	\??\c:\Program Files\Java\jre7\lib\zi\Asia\Dubai	Trigona.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\how_to_decrypt.hta	Trigona.exe
File opened for modification	\??\c:\Program Files\Windows Mail\ja-JP\WinMail.exe.mui	Trigona.exe
File created	\??\c:\Program Files\Windows Defender\en-US\how_to_decrypt.hta	Trigona.exe
File opened for modification	\??\c:\Program Files\Windows NT\TableTextService\es-ES\TableTextService.dll.mui	Trigona.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Currie	Trigona.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Madrid	Trigona.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Rome	Trigona.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_zh_CN.jar	Trigona.exe
File opened for modification	\??\c:\Program Files\Java\jre7\lib\zi\MST7MDT	Trigona.exe
File opened for modification	\??\c:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Design.Resources.dll	Trigona.exe

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads