Overview

overview

10

Static

static

10

fb128dbd4e...1b.exe

windows7-x64

10

fb128dbd4e...1b.exe

windows10-1703-x64

10

fb128dbd4e...1b.exe

windows10-2004-x64

10

fb128dbd4e...1b.exe

windows11-21h2-x64

10

Resubmissions

21-01-2024 14:53

240121-r9d6ysead3 10

18-04-2023 10:19

230418-mclsbacf2v 10

Analysis

  • max time kernel
    56s
  • max time network
    157s
  • platform
    windows10-1703_x64
  • resource
    win10-20231220-en
  • resource tags

    arch:x64arch:x86image:win10-20231220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    21-01-2024 14:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe

  • Size

    1.1MB

  • MD5

    530967fb3b7d9427552e4ac181a37b9a

  • SHA1

    41bcf469661ab9609a0d181953c2f8ffb75bb483

  • SHA256

    fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b

  • SHA512

    b81a447a994839a6858bab10eaa2c26aabaf3f73e7ffd2c70d27dfde5f11b35f5d153362277c046d47bcf9dc2d2b7c92d5805e89e633f9326306071abb213afa

  • SSDEEP

    24576:15swNmjEoujhn3wVPWJFwEQWV+u7h62TL:HouNVOEbcah6qL

Score
10/10
trigonadiscoverypersistenceransomware

Malware Config

Signatures

  • Detects Trigona ransomware 13 IoCs
  • Trigona

    A ransomware first seen at the beginning of the 2022.

    ransomwaretrigona
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe
    "C:\Users\Admin\AppData\Local\Temp\fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Program Files directory
    PID:4500

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1775739321-368907234-981748298-1000\desktop.ini
    Filesize

    2KB

    MD5

    02828b052d67f6d379d132fbac012d54

    SHA1

    81fec29317c4e8d4a0b363116acf8ecb00a17a01

    SHA256

    8a546fd20ff152f016a935edcbb28d58f9a4548b25566d10748aa3808470e01e

    SHA512

    bd99389329ffdfcc20ca9970eca668c9ae52c43ae45d619d0560fc88db43cbfdd5b94191b35909be9745997ef8e1d36fb564986c4c4789ac9a6ea2412c020724

    Download Submit

  • C:\$Recycle.Bin\S-1-5-21-1775739321-368907234-981748298-1000\how_to_decrypt.hta
    Filesize

    11KB

    MD5

    5bc969b015a9f27e5363719a02be7ded

    SHA1

    b194e21710131e7a2f53f61cecde2338a9b13b42

    SHA256

    1e469083e3f3aec831d2116baff364b481558cd05c9f9d0acf0527812c34259e

    SHA512

    a9281c1ec6b7e0e61632df79ed75207193a5d94dbcbbcf89f635f37b82d7519f1b655f019d8d3f904a80832941ae79c2272e158b6725f69716075d9a06ea4e0d

    Download Submit

  • memory/4500-853-0x0000000000400000-0x0000000000526000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4500-7-0x0000000000400000-0x0000000000526000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4500-2-0x0000000000400000-0x0000000000526000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4500-849-0x0000000000400000-0x0000000000526000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4500-0-0x0000000000400000-0x0000000000526000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4500-1-0x0000000000400000-0x0000000000526000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4500-1472-0x0000000000400000-0x0000000000526000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4500-2076-0x0000000000400000-0x0000000000526000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4500-12541-0x0000000000400000-0x0000000000526000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4500-16340-0x0000000000400000-0x0000000000526000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4500-16341-0x0000000000400000-0x0000000000526000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4500-16342-0x0000000000400000-0x0000000000526000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4500-16343-0x0000000000400000-0x0000000000526000-memory.dmp

    Filesize

    1.1MB

    Download