resource	yara_rule
behavioral1/memory/1568-0-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/1568-1-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/1568-2-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/1568-8-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/1568-2259-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/1568-2263-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/1568-2905-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/1568-6044-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/1568-13101-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/1568-13102-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/1568-13103-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/1568-15186-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/1568-29215-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona

description	ioc	process
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-3601492379-692465709-652514833-1000\desktop.ini	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\FreeCell\desktop.ini	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files (x86)\desktop.ini	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-3601492379-692465709-652514833-1000\desktop.ini	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\Chess\desktop.ini	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\Hearts\desktop.ini	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\desktop.ini	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\Purble Place\desktop.ini	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\DESKTOP.INI	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\Mahjong\desktop.ini	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\Solitaire\desktop.ini	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe

description	ioc	process
File created	\??\c:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\javaws.jar	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolIcons\StatusDoNotDisturb.ico	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\plugins\codec\libd3d11va_plugin.dll	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145707.JPG	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsHomePageScript.js	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\slideShow.html	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\System\Ole DB\xmlrw.dll	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14565_.GIF	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolIcons\messageboxalert.ico	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\BTOPENWORLD.COM.XML	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Text.zip	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files (x86)\Microsoft Visual Studio 8\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA01627_.WMF	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR24F.GIF	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\BROCHURE.DPV	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Windows Media Player\wmpshare.exe	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0234001.WMF	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_up.png	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXEV.DLL	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BS00186_.WMF	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382963.JPG	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0149627.WMF	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\1033\EXCEL.DEV_K_COL.HXK	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_zh_CN.jar	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\PROGRAM.XML	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\APPTS.ICO	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Windows Photo Viewer\it-IT\PhotoAcq.dll.mui	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0292248.WMF	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsBase.resources.dll	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\LICLUA.EXE	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AN01060_.WMF	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01744_.GIF	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\npjp2.dll	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\tzmappings	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_s.png	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH00681_.WMF	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0187839.WMF	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0239943.WMF	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Java\jre7\lib\zi\Europe\Athens	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\THEMES14\REFINED\REFINED.ELM	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLENDS\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\plugins\video_filter\liboldmovie_plugin.dll	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.LTS	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\cy\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files (x86)\Microsoft Office\Office14\CONVERT\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\gadget.xml	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\System\msadc\msdfmap.dll	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_MediumMAsk.bmp	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\TWCUTLIN.DLL	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BL00985_.WMF	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Microsoft Games\Purble Place\it-IT\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\StopEnable.contact	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\picturePuzzle.html	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads