resource	yara_rule
behavioral1/memory/2380-0-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/2380-1-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/2380-2-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/2380-1084-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/2380-2253-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/2380-2257-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/2380-2929-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/2380-10571-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/2380-13017-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/2380-13018-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/2380-13019-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/2380-15111-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/2380-27028-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona

description	ioc	process
File opened for modification	\??\c:\Program Files\desktop.ini	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\Chess\desktop.ini	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\Purble Place\desktop.ini	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\DESKTOP.INI	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\FreeCell\desktop.ini	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\Mahjong\desktop.ini	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\Solitaire\desktop.ini	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files (x86)\desktop.ini	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\Hearts\desktop.ini	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe

description	ioc	process
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_ja.jar	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File created	\??\c:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SLATE\how_to_decrypt.hta	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-lib-uihandler.jar	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\README.TXT	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00222_.WMF	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18222_.WMF	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_mid_over.gif	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\how_to_decrypt.hta	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18245_.WMF	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files\Java\jre7\lib\zi\Etc\GMT-13	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\vlc.mo	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_m.png	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Document Themes 14\Metro.thmx	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.xml_1.3.4.v201005080400.jar	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgRes.dll.mui	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01293_.GIF	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Resources.dll	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\Minesweeper\es-ES\Minesweeper.exe.mui	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0241041.WMF	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\weather.css	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099176.WMF	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_ja.jar	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\More Games\it-IT\MoreGames.dll.mui	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files\Java\jre7\lib\zi\America\Phoenix	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\airappinstaller.exe	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21433_.GIF	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\IMAGE.JPG	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_ja_4.4.0.v20140623020002.jar	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BREEZE\BREEZE.INF	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSDecWrp.dll	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\TAB_ON.GIF	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationTypes.resources.dll	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files\Windows Journal\it-IT\JNTFiltr.dll.mui	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_zh_4.4.0.v20140623020002.jar	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\25.png	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FREN\WT61FR.LEX	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\26.png	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File created	\??\c:\Program Files\Windows Sidebar\fr-FR\how_to_decrypt.hta	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_hu.dll	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099174.WMF	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01242_.GIF	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files\Internet Explorer\D3DCompiler_47.dll	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\icucnv36.dll	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files\Windows NT\Accessories\ja-JP\wordpad.exe.mui	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_zh_CN.jar	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\System\ado\es-ES\msader15.dll.mui	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\msdaorar.dll.mui	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH00601_.WMF	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File created	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\how_to_decrypt.hta	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Client.resources.dll	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15019_.GIF	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Stationery\1033\OFFISUPP.HTM	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0105412.WMF	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00345_.WMF	fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads