resource	yara_rule
behavioral2/memory/3380-0-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral2/memory/3380-1-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral2/memory/3380-2-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral2/memory/3380-209-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral2/memory/3380-850-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral2/memory/3380-854-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral2/memory/3380-1466-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral2/memory/3380-2064-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral2/memory/3380-8161-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral2/memory/3380-9920-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral2/memory/3380-12507-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral2/memory/3380-14086-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral2/memory/3380-15953-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona

description	ioc	process
File created	\??\c:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Web Server Extensions\16\BIN\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-150_8wekyb3d8bbwe\microsoft.system.package.metadata\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\Office16\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\tr-TR\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\VideoLAN\VLC\plugins\video_output\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.10252.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Java\jdk-1.8\jre\lib\amd64\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Microsoft Office\root\Office16\MSIPC\cs\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\WindowsApps\Microsoft.3DBuilder_13.0.10349.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\WindowsApps\Microsoft.3DBuilder_13.0.10349.0_neutral_split.scale-140_8wekyb3d8bbwe\Assets\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Java\jdk-1.8\jre\lib\security\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Java\jdk-1.8\jre\lib\security\policy\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.0.1605.0_x86__8wekyb3d8bbwe\AppxMetadata\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.10252.0_x64__8wekyb3d8bbwe\Assets\contrast-white\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Internet Explorer\it-IT\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\IRIS\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Windows Media Player\es-ES\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\WindowsApps\Microsoft.Getstarted_4.5.6.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Java\jdk-1.8\jre\legal\jdk\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Java\jre-1.8\bin\dtplugin\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Microsoft Office\root\Office16\MSIPC\th\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Windows Photo Viewer\fr-FR\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.10252.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\WindowsApps\Microsoft.Messaging_3.26.24002.0_neutral_split.scale-150_8wekyb3d8bbwe\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Microsoft Office\root\Office16\MSIPC\et\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Uninstall Information\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\he\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe\_Resources\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\WindowsApps\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe\AppxMetadata\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Java\jre-1.8\lib\deploy\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Microsoft Office\root\Office16\MSIPC\en-us\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Microsoft Office\root\Office16\MSIPC\es\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\af\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Windows Defender\en-US\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Common Files\System\en-US\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\QUAD\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\VideoLAN\VLC\plugins\stream_extractor\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Microsoft Office\root\Office16\FPA_FA000000011\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Microsoft Office\root\Office16\MSIPC\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EVRGREEN\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\1033\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads