resource	yara_rule
behavioral1/memory/1032-0-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/1032-1-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/1032-2-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/1032-4-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/1032-9-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/1032-217-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/1032-2131-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/1032-2132-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/1032-2136-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/1032-2291-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/1032-2691-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/1032-6052-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/1032-10367-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral1/memory/1032-10368-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona

description	ioc	process
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-3427588347-1492276948-3422228430-1000\desktop.ini	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\desktop.ini	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\FreeCell\desktop.ini	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\Hearts\desktop.ini	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\Purble Place\desktop.ini	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-3427588347-1492276948-3422228430-1000\desktop.ini	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\Chess\desktop.ini	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\Mahjong\desktop.ini	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\Solitaire\desktop.ini	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe

description	ioc	process
File created	\??\c:\Program Files (x86)\Common Files\microsoft shared\VSTA\how_to_decrypt.hta	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File created	\??\c:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\how_to_decrypt.hta	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Java\jre7\lib\zi\America\Danmarkshavn	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\settings.html	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File created	\??\c:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\how_to_decrypt.hta	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Java\jre7\lib\plugin.jar	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Java\jre7\lib\zi\Europe\Vienna	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\lua\playlist\appletrailers.luac	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Windows Mail\it-IT\msoeres.dll.mui	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File created	\??\c:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\js\how_to_decrypt.hta	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\how_to_decrypt.hta	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File created	\??\c:\Program Files\VideoLAN\VLC\plugins\audio_mixer\how_to_decrypt.hta	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Windows Media Player\it-IT\wmpnetwk.exe.mui	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_dot.png	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File created	\??\c:\Program Files\Microsoft Games\More Games\de-DE\how_to_decrypt.hta	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\how_to_decrypt.hta	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File created	\??\c:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\how_to_decrypt.hta	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\vlc.mo	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\NEWS.txt	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File created	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\how_to_decrypt.hta	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File created	\??\c:\Program Files (x86)\Windows NT\TableTextService\how_to_decrypt.hta	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\LICENSE	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File created	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\how_to_decrypt.hta	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Windows Photo Viewer\ja-JP\ImagingDevices.exe.mui	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Java\jre7\lib\zi\Asia\Irkutsk	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Java\jre7\lib\zi\Atlantic\Stanley	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double.png	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File created	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\how_to_decrypt.hta	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Internet Explorer\SIGNUP\install.ins	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\jsse.jar	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kwajalein	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-actions.xml	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application.jar	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File created	\??\c:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\how_to_decrypt.hta	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.common_5.5.0.165303.jar	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Java\jre7\lib\fonts\LucidaSansRegular.ttf	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Java\jre7\lib\management\jmxremote.access	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File opened for modification	\??\c:\Program Files\Java\jre7\lib\zi\Pacific\Tahiti	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File created	\??\c:\Program Files\Microsoft Games\Minesweeper\it-IT\how_to_decrypt.hta	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File created	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\how_to_decrypt.hta	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
File created	\??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\how_to_decrypt.hta	8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads