resource	yara_rule
behavioral4/memory/2008-0-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral4/memory/2008-1-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral4/memory/2008-2-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral4/memory/2008-4-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral4/memory/2008-13-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral4/memory/2008-970-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral4/memory/2008-11552-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral4/memory/2008-17244-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral4/memory/2008-19295-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral4/memory/2008-19296-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral4/memory/2008-19297-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral4/memory/2008-19298-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona

description	ioc	process
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-771046930-2949676035-3337286276-1000\desktop.ini	Trigona.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-771046930-2949676035-3337286276-1000\desktop.ini	Trigona.exe
File opened for modification	\??\c:\Program Files\desktop.ini	Trigona.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	Trigona.exe

description	ioc	process
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-1-0.dll	Trigona.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\wsdetect.dll	Trigona.exe
File created	\??\c:\Program Files\WindowsApps\Microsoft.BingWeather_4.9.2002.0_neutral_~_8wekyb3d8bbwe\how_to_decrypt.hta	Trigona.exe
File opened for modification	\??\c:\Program Files\WindowsApps\Microsoft.GetHelp_10.2008.32311.0_x64__8wekyb3d8bbwe\Assets\GetHelpAppList.targetsize-36_altform-unplated.png	Trigona.exe
File opened for modification	\??\c:\Program Files\WindowsApps\Microsoft.Paint_10.2104.17.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PaintAppList.targetsize-20_altform-unplated.png	Trigona.exe
File opened for modification	\??\c:\Program Files\WindowsApps\Microsoft.Todos_0.33.33351.0_x64__8wekyb3d8bbwe\Assets\Square310x310Logo.scale-200.png	Trigona.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.UnmanagedMemoryStream.dll	Trigona.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ul-phn.xrm-ms	Trigona.exe
File opened for modification	\??\c:\Program Files\WindowsApps\Microsoft.GamingApp_2105.900.24.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Xbox_WideTile.scale-125_contrast-black.png	Trigona.exe
File opened for modification	\??\c:\Program Files\WindowsApps\Microsoft.People_10.1909.12456.0_x64__8wekyb3d8bbwe\Microsoft.People.Relevance.dll	Trigona.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-string-l1-1-0.dll	Trigona.exe
File opened for modification	\??\c:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.42251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.scale-125_contrast-black.png	Trigona.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ipshi.xml	Trigona.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Formats.Asn1.dll	Trigona.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\PresentationUI.resources.dll	Trigona.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\j2pkcs11.dll	Trigona.exe
File created	\??\c:\Program Files\Microsoft Office\root\Integration\how_to_decrypt.hta	Trigona.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ul-oob.xrm-ms	Trigona.exe
File opened for modification	\??\c:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-40_altform-unplated_contrast-black.png	Trigona.exe
File opened for modification	\??\c:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.29231.0_x64__8wekyb3d8bbwe\vcruntime140_1_app.dll	Trigona.exe
File opened for modification	\??\c:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.41182.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SmallTile.scale-400_contrast-white.png	Trigona.exe
File opened for modification	\??\c:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2104.12721.0_x64__8wekyb3d8bbwe\System.Private.Uri.dll	Trigona.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\nio.dll	Trigona.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.SqlServer.Configuration.SString.dll	Trigona.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\how_to_decrypt.hta	Trigona.exe
File created	\??\c:\Program Files\VideoLAN\VLC\plugins\misc\how_to_decrypt.hta	Trigona.exe
File opened for modification	\??\c:\Program Files\WindowsApps\Microsoft.BingWeather_1.0.6.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\WeatherMedTile.scale-100_contrast-white.png	Trigona.exe
File opened for modification	\??\c:\Program Files\WindowsApps\Microsoft.GamingApp_2105.900.24.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Xbox_MedTile.scale-100_contrast-black.png	Trigona.exe
File opened for modification	\??\c:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_1.0.65.0_x64__8wekyb3d8bbwe\uk-UA\PAD.Console.Host.resources.dll	Trigona.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework-SystemData.dll	Trigona.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ppd.xrm-ms	Trigona.exe
File created	\??\c:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Latn-RS\how_to_decrypt.hta	Trigona.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	Trigona.exe
File opened for modification	\??\c:\Program Files\WindowsApps\Microsoft.BingWeather_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherAppList.targetsize-48_altform-unplated.png	Trigona.exe
File opened for modification	\??\c:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_4.0.2.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Icons\StickyNotesLargeTile.scale-125_altform-colorful_theme-light.png	Trigona.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\en-US\how_to_decrypt.hta	Trigona.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\System.Windows.Forms.Design.resources.dll	Trigona.exe
File opened for modification	\??\c:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Xml.Linq.dll	Trigona.exe
File opened for modification	\??\c:\Program Files\WindowsApps\Microsoft.Getstarted_10.2.41172.0_x64__8wekyb3d8bbwe\Assets\TipsAppList.targetsize-24_altform-lightunplated.png	Trigona.exe
File opened for modification	\??\c:\Program Files\WindowsApps\Microsoft.Getstarted_10.2.41172.0_x64__8wekyb3d8bbwe\Assets\TipsAppList.targetsize-40_altform-lightunplated_contrast-white.png	Trigona.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll	Trigona.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ppd.xrm-ms	Trigona.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ppd.xrm-ms	Trigona.exe
File created	\??\c:\Program Files\WindowsApps\Microsoft.People_10.1909.12456.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\how_to_decrypt.hta	Trigona.exe
File opened for modification	\??\c:\Program Files\WindowsApps\Microsoft.People_10.1909.12456.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-80_altform-unplated.png	Trigona.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ul-oob.xrm-ms	Trigona.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-phn.xrm-ms	Trigona.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART2.BDR	Trigona.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\Library\Analysis\FUNCRES.XLAM	Trigona.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\how_to_decrypt.hta	Trigona.exe
File opened for modification	\??\c:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_12104.1001.1.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\StoreSplashScreen.scale-125_altform-colorful_theme-dark.png	Trigona.exe
File opened for modification	\??\c:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_1.0.65.0_x64__8wekyb3d8bbwe\Images\contrast-black\PowerAutomateSquare70x70Logo.scale-140.png	Trigona.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL108.XML	Trigona.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql90.xsl	Trigona.exe
File opened for modification	\??\c:\Program Files\Mozilla Firefox\api-ms-win-crt-math-l1-1-0.dll	Trigona.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\plugins\video_filter\libinvert_plugin.dll	Trigona.exe
File opened for modification	\??\c:\Program Files\WindowsApps\Microsoft.BingWeather_1.0.6.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\WeatherAppList.scale-100_contrast-black.png	Trigona.exe
File opened for modification	\??\c:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2104.12721.0_x64__8wekyb3d8bbwe\LocalBridge.exe	Trigona.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\D3DCompiler_47_cor3.dll	Trigona.exe
File opened for modification	\??\c:\Program Files\Internet Explorer\hmmapi.dll	Trigona.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ppd.xrm-ms	Trigona.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-oob.xrm-ms	Trigona.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	Trigona.exe
File opened for modification	\??\c:\Program Files\WindowsApps\Microsoft.Todos_0.33.33351.0_x64__8wekyb3d8bbwe\Assets\Illustrations\icon2.scale-200_theme-dark.png	Trigona.exe

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads