resource	yara_rule
behavioral1/memory/1540-0-0x0000000000400000-0x0000000000523000-memory.dmp	family_trigona
behavioral1/memory/1540-1-0x0000000000400000-0x0000000000523000-memory.dmp	family_trigona
behavioral1/memory/1540-2-0x0000000000400000-0x0000000000523000-memory.dmp	family_trigona
behavioral1/memory/1540-4-0x0000000000400000-0x0000000000523000-memory.dmp	family_trigona
behavioral1/memory/1540-5-0x0000000000400000-0x0000000000523000-memory.dmp	family_trigona
behavioral1/memory/1540-8-0x0000000000400000-0x0000000000523000-memory.dmp	family_trigona
behavioral1/memory/1540-715-0x0000000000400000-0x0000000000523000-memory.dmp	family_trigona
behavioral1/memory/1540-857-0x0000000000400000-0x0000000000523000-memory.dmp	family_trigona
behavioral1/memory/1540-901-0x0000000000400000-0x0000000000523000-memory.dmp	family_trigona
behavioral1/memory/1540-8778-0x0000000000400000-0x0000000000523000-memory.dmp	family_trigona
behavioral1/memory/1540-12493-0x0000000000400000-0x0000000000523000-memory.dmp	family_trigona
behavioral1/memory/1540-13844-0x0000000000400000-0x0000000000523000-memory.dmp	family_trigona
behavioral1/memory/1540-26595-0x0000000000400000-0x0000000000523000-memory.dmp	family_trigona
behavioral1/memory/1540-30004-0x0000000000400000-0x0000000000523000-memory.dmp	family_trigona
behavioral1/memory/1540-30006-0x0000000000400000-0x0000000000523000-memory.dmp	family_trigona

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Run\231508718B70A9723FEAA4865E6B6B79 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe"	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Run\491B2F9B9F83C83C4E969C156B74586A = "c:\\users\\admin\\appdata\\local\\temp\\how_to_decrypt.hta"	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe

description	ioc	process
File opened for modification	\??\c:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\FreeCell\fr-FR\FreeCell.exe.mui	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107182.WMF	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\Stationery\Green Bubbles.htm	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA02413_.WMF	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\VSTAProjectUI.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\lt\LC_MESSAGES\how_to_decrypt.hta	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\Office14\MAPISHELL.DLL	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsBlankPage.html	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\UserControl.zip	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Internet Explorer\en-US\DiagnosticsTap.dll.mui	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\form_edit.js	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-13	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RICEPAPR\PREVIEW.GIF	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File created	\??\c:\Program Files (x86)\Microsoft Office\Office14\PUBBA\how_to_decrypt.hta	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\1033\PHONE.XML	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\System\msadc\msdaprsr.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE02296_.WMF	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\lua\playlist\soundcloud.luac	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File created	\??\c:\Program Files (x86)\Common Files\System\msadc\ja-JP\how_to_decrypt.hta	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GrayCheck\TAB_OFF.GIF	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Rio_Gallegos	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File created	\??\c:\Program Files\Java\jre7\bin\plugin2\how_to_decrypt.hta	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Java\jre7\lib\cmm\CIEXYZ.pf	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\GIFT.DPV	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\BZCARDHM.POC	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\plugins\codec\libdxva2_plugin.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\eng.hyp	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR33F.GIF	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsVersion1Warning.htm	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\BRCHUR98.POC	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\how_to_decrypt.hta	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-templates.xml	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Games\Hearts\de-DE\Hearts.exe.mui	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Client.resources.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0292270.WMF	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\PublicFunctions.js	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGCOUPON.XML	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_ja_4.4.0.v20140623020002.jar	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Abstractions.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tunis	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\TipBand.dll.mui	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_uk.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0318804.WMF	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\BCSAutogen.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-views.xml	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File created	\??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\how_to_decrypt.hta	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_ja_4.4.0.v20140623020002.jar	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Common Files\System\msadc\it-IT\msadcfr.dll.mui	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\TASKDECL.ICO	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Java\jre7\lib\zi\Asia\Omsk	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\plugins\video_filter\libadjust_plugin.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe

description	pid	process	target process
PID 1540 wrote to memory of 8360	1540	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe	mshta.exe
PID 1540 wrote to memory of 8360	1540	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe	mshta.exe
PID 1540 wrote to memory of 8360	1540	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe	mshta.exe
PID 1540 wrote to memory of 8360	1540	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe	mshta.exe

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads