Analysis
-
max time kernel
151s -
max time network
158s -
platform
windows10-1703_x64 -
resource
win10-20231215-en -
resource tags
arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system -
submitted
21-01-2024 14:53
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
Resource
win7-20231215-en
windows7-x64
8 signatures
150 seconds
Behavioral task
behavioral2
Sample
f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
Resource
win10-20231215-en
windows10-1703-x64
7 signatures
150 seconds
Behavioral task
behavioral3
Sample
f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
5 signatures
150 seconds
Behavioral task
behavioral4
Sample
f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
Resource
win11-20231222-en
windows11-21h2-x64
6 signatures
150 seconds
General
-
Target
f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
-
Size
1.1MB
-
MD5
e248e214c121845e69bbf266cc9e2853
-
SHA1
683a1a845f0c2d0f358d62a450f710f960190f2f
-
SHA256
f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e
-
SHA512
d5a5968b079b2a561f2adeaa1cff9ba8e2faac242ef362894dde0b8f72ec725780da651950d06e2b019369f34dbbaf31a497440b4aabe7f8357f789bbdab9031
-
SSDEEP
24576:KYxvmwliqDHWHVjdzuM7Br+e5rh+u7z7k:Zvmw3UjnrP9gQY
Malware Config
Signatures
-
Trigona
A ransomware first seen at the beginning of the 2022.
-
Drops startup file 1 IoCs
description ioc Process File created \??\c:\users\admin\appdata\roaming\microsoft\word\startup\how_to_decrypt.hta f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-721438792-2341338383-2410509276-1000\Software\Microsoft\Windows\CurrentVersion\Run\D57C5992946BA5D0897491CA3BC09D1E = "C:\\Users\\Admin\\AppData\\Local\\Temp\\f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe" f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe -
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Drops desktop.ini file(s) 34 IoCs
description ioc Process File opened for modification \??\c:\users\admin\appdata\roaming\microsoft\internet explorer\quick launch\desktop.ini f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\users\public\libraries\desktop.ini f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\users\public\videos\desktop.ini f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\users\admin\searches\desktop.ini f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\users\default\appdata\roaming\microsoft\internet explorer\quick launch\desktop.ini f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\users\public\downloads\desktop.ini f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files (x86)\common files\microsoft shared\stationery\Desktop.ini f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\users\admin\desktop\desktop.ini f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\users\admin\downloads\desktop.ini f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\users\admin\favorites\desktop.ini f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\common files\microsoft shared\stationery\Desktop.ini f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\users\admin\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\desktop.ini f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\users\admin\contacts\desktop.ini f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\users\public\desktop\desktop.ini f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\users\admin\onedrive\desktop.ini f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\users\admin\videos\desktop.ini f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\f:\$recycle.bin\s-1-5-21-721438792-2341338383-2410509276-1000\desktop.ini f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\$recycle.bin\s-1-5-21-721438792-2341338383-2410509276-1000\desktop.ini f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\desktop.ini f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\microsoft office\root\office16\1033\dataservices\DESKTOP.INI f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\users\public\accountpictures\desktop.ini f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files (x86)\desktop.ini f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\users\admin\music\desktop.ini f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\users\admin\pictures\camera roll\desktop.ini f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\users\admin\pictures\desktop.ini f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\users\admin\documents\desktop.ini f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\users\admin\favorites\links\desktop.ini f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\users\admin\saved games\desktop.ini f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\users\public\music\desktop.ini f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\users\public\pictures\desktop.ini f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\users\admin\links\desktop.ini f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\users\admin\pictures\saved pictures\desktop.ini f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\users\public\desktop.ini f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\users\public\documents\desktop.ini f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\reviews\js\nls\hu-hu\ui-strings.js f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files (x86)\common files\microsoft shared\ink\penchs.dll f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\common files\microsoft shared\ink\fr-fr\mip.exe.mui f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\microsoft office\root\office16\1033\officeinventoryagentlogon.xml f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\reference assemblies\microsoft\framework\v3.0\de\PresentationBuildTasks.resources.dll f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\images\A12_Spinner.gif f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File created \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\activity-badge\js\nls\hu-hu\how_to_decrypt.hta f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File created \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\on-boarding\js\nls\nl-nl\how_to_decrypt.hta f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\microsoft office\root\licenses16\ProPlus2019R_Trial2-pl.xrm-ms f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\reference assemblies\microsoft\framework\v3.0\fr\PresentationBuildTasks.resources.dll f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\videolan\vlc\plugins\codec\liblpcm_plugin.dll f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File created \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\desktop-connector-files\js\nls\nl-nl\how_to_decrypt.hta f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File created \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\reviews\js\nls\zh-cn\how_to_decrypt.hta f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\microsoft office\packagemanifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\microsoft office\root\licenses16\WordR_Grace-ppd.xrm-ms f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\microsoft office\root\office16\logoimages\ExcelLogo.contrast-white_scale-80.png f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\microsoft office\root\office16\OUTLFLTR.DLL f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\desktop-connector-files\js\nls\ja-jp\ui-strings.js f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-computer-select\css\main-selector.css f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\microsoft office\root\office16\1033\offsymk.ttf f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\microsoft office\root\office16\logoimages\PowerPntLogoSmall.contrast-black_scale-100.png f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\datamodel\tmtransactions_xl.dll f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\Mso20win32client.dll f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\mozilla firefox\updater.ini f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File created \??\c:\program files (x86)\common files\microsoft shared\stationery\how_to_decrypt.hta f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\microsoft office\root\licenses16\PersonalR_OEM_Perp-ul-oob.xrm-ms f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\datamodel\Microsoft.Data.ConnectionUI.Dialog.dll f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\microsoft office\root\vreg\powerpointmui.msi.16.en-us.vreg.dat f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\images\s_gridview_selected-hover.svg f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files (x86)\common files\system\msadc\es-es\msaddsr.dll.mui f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\java\jdk-1.8\jre\legal\jdk\unicode.md f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\java\jdk-1.8\jre\lib\deploy\[email protected] f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\images\s_sortedby_up_selected_18.svg f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\fss\js\nls\ja-jp\ui-strings.js f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File created \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\scan-files\js\nls\en-ae\how_to_decrypt.hta f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\microsoft office\root\licenses16\Word2019VL_MAK_AE-pl.xrm-ms f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\videolan\vlc\plugins\demux\libdemuxdump_plugin.dll f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File created \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\createpdfupsell-app\js\nls\ko-kr\how_to_decrypt.hta f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\createpdfupsell-app\js\nls\ru-ru\ui-strings.js f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\dcf\Microsoft.Vbe.Interop.dll f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\images\themes\dark\s_filterselected-dark-focus_32.svg f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\on-boarding\images\themeless\pdf-ownership-rdr-en_us.gif f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\videolan\vlc\plugins\access\libsmb_plugin.dll f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\images\file_types\hi_contrast\aic_file_icons_retina_thumb_highContrast_bow.png f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\common files\system\msadc\msdaremr.dll f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\microsoft office\root\office16\sdxs\fa000000018\cardview\lib\native-common\assets\[email protected] f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\microsoft office\root\office16\sdxs\fa000000027\assets\icons\[email protected] f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File created \??\c:\program files\microsoft office\root\vfs\programfilesx86\microsoft office\office16\dcf\1033\how_to_decrypt.hta f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\videolan\vlc\locale\sk\lc_messages\vlc.mo f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\videolan\vlc\lua\http\dialogs\stream_window.html f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File created \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\createpdfupsell-app\js\nls\sl-sl\how_to_decrypt.hta f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File created \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\scan-files\js\nls\en-gb\how_to_decrypt.hta f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\unified-share\js\nls\pl-pl\ui-strings.js f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\uss-search\js\nls\ja-jp\ui-strings.js f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files (x86)\internet explorer\IEShims.dll f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\microsoft office\root\office16\RTC.DLL f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\microsoft office\root\vfs\systemx86\vcruntime140.dll f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files (x86)\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\sample-files\js\nls\nb-no\ui-strings.js f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\microsoft office\root\vfs\common appdata\microsoft help\MS.ONENOTE.16.1033.hxn f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File created \??\c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\themes16\network\how_to_decrypt.hta f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\common files\system\msadc\es-es\msdaremr.dll.mui f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\google\chrome\application\106.0.5249.119\locales\ja.pak f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\java\jdk-1.8\legal\javafx\jpeg_fx.md f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe File opened for modification \??\c:\program files\microsoft office\root\licenses16\MondoR_SubTest-pl.xrm-ms f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe"C:\Users\Admin\AppData\Local\Temp\f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e.exe"1⤵
- Drops startup file
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2184
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
893B
MD5881eb95b13b22d699ff45c7770ce5f82
SHA15948ec3b8367c20e2b139b377a5a2393de7f7f48
SHA2568469cf786fcfb99cca4e5a4bdd96c38dbfcf861c086bd483da1db6e0804019a2
SHA512823675374c51e1f8514a57b19299ebadb60dfc11879c0fdfd6bffc11e7a5abcaff1163c6c4136650dc20b65164722f12b6992ed6b03bd6bff1cf1c05cf96705a
-
Filesize
10KB
MD5684cb9dcdd5225b151080e1c9f87b174
SHA195c59105f41b80befc19913eceeac47c2691199c
SHA25663c0cc7df090f6b4e2406ffd3dc1137fb2f6675dd13f66395708603bae3bab9d
SHA51246abddec27d8749bb5123faa798c78fbf687d43af194e7b7296261ca6cea88ec089b9e395567e2253fa051df6a30f7aca659bd0c5263a3ff0428b5cb9aa9883a
-
C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml
Filesize3.3MB
MD53c1fa9dc51252d1a588dac7bdaa67493
SHA10973e53b5b8dc8621a99965ff9aac98c989e1d18
SHA25628d22d2bc3731078fa055ad785315578b82a321360afb63b48c8c375f5c79da0
SHA512f8fe0ea371cd6975ec75270dce374a419bc05330d85f778bad6dfccabd9a0c32e59c928ce9e101ca14ea5ee7767df48d5249422abad3f06d8fc2b601832aaa0a