Overview

overview

10

Static

static

10

8804d34b7c...d0.exe

windows7-x64

10

8804d34b7c...d0.exe

windows10-1703-x64

10

8804d34b7c...d0.exe

windows10-2004-x64

10

8804d34b7c...d0.exe

windows11-21h2-x64

10

Resubmissions

21-01-2024 14:54

240121-r9xcjaddhq 10

17-03-2023 05:51

230317-gj57msed95 10

Analysis

  • max time kernel
    67s
  • max time network
    151s
  • platform
    windows10-1703_x64
  • resource
    win10-20231220-en
  • resource tags

    arch:x64arch:x86image:win10-20231220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    21-01-2024 14:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe

  • Size

    1.1MB

  • MD5

    1cd4ab809fb2a9eebb801ab9c9d4a545

  • SHA1

    ce4f4ba93ec1adf8b5c3bac8552fbafd8dcddf27

  • SHA256

    8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0

  • SHA512

    db0476d3193a89104c116805eb34be5ea46774d77745b1e1ecfe48ec5a573e96150e9e48fcd630384c9bb88847ef12b46bd124b4b8ef1a072be4c1b319a76264

  • SSDEEP

    12288:CU5s41o+T7VmjE2Tz23vxO3jWhn370VPWJFwBybD3Y5WrxqnuskDq4:t5swNmjEoujhn3wVPWJFwEQWV+u75

Score
10/10
trigonadiscoverypersistenceransomware

Malware Config

Signatures

  • Detects Trigona ransomware 13 IoCs
  • Trigona

    A ransomware first seen at the beginning of the 2022.

    ransomwaretrigona
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Drops desktop.ini file(s) 1 IoCs
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe
    "C:\Users\Admin\AppData\Local\Temp\8804d34b7cf7bd2fc6e20c0dc27da287cee9fccbc52a5630c4752f9cfc6d6cd0.exe"
    1⤵
    • Adds Run key to start application
    • Drops desktop.ini file(s)
    • Drops file in Program Files directory
    PID:4104

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1775739321-368907234-981748298-1000\desktop.ini
    Filesize

    2KB

    MD5

    575d31d1496ae8b682ef683f33bec52f

    SHA1

    da8f1b418fe8d11d2db33e6ae615491689557434

    SHA256

    e73e235aebfe7a0565e5dfc491431b0028d30442c3ff048dd48087b9e9370455

    SHA512

    ba91217da6ed4b0565318c2e7eea881145cd23931dbae7ed9101224d9465a9ee15ba74626018f8783fcd60c8dacd61cd89b1e382020203951adeee493a270c9a

    Download Submit
  • C:\$Recycle.Bin\S-1-5-21-1775739321-368907234-981748298-1000\how_to_decrypt.hta
    Filesize

    12KB

    MD5

    094e39b73ca92b273685a971bb38ecf7

    SHA1

    9f1a744b5a4d9839634f97d690cdf304d363f7b6

    SHA256

    03122cb71e7fe6ce642fb040887b9ed726dbc7f0d1556928974bf52f8f2ea07d

    SHA512

    86a6d2466df10654d7b8a37da36564d3f61b794f23d5a47942b212653d26537f1f3392c09f826ca5b8f711cc35a32e57e9e8891536931fb2c87d35d56974cc7e

    Download Submit
  • memory/4104-836-0x0000000000400000-0x0000000000526000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/4104-7-0x0000000000400000-0x0000000000526000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/4104-2-0x0000000000400000-0x0000000000526000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/4104-835-0x0000000000400000-0x0000000000526000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/4104-0-0x0000000000400000-0x0000000000526000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/4104-841-0x0000000000400000-0x0000000000526000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/4104-1-0x0000000000400000-0x0000000000526000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/4104-1207-0x0000000000400000-0x0000000000526000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/4104-4336-0x0000000000400000-0x0000000000526000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/4104-9429-0x0000000000400000-0x0000000000526000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/4104-10771-0x0000000000400000-0x0000000000526000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/4104-10772-0x0000000000400000-0x0000000000526000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/4104-10773-0x0000000000400000-0x0000000000526000-memory.dmp
    Filesize

    1.1MB

    Download