resource	yara_rule
behavioral2/memory/2296-0-0x0000000000400000-0x0000000000523000-memory.dmp	family_trigona
behavioral2/memory/2296-1-0x0000000000400000-0x0000000000523000-memory.dmp	family_trigona
behavioral2/memory/2296-3-0x0000000000400000-0x0000000000523000-memory.dmp	family_trigona
behavioral2/memory/2296-4-0x0000000000400000-0x0000000000523000-memory.dmp	family_trigona
behavioral2/memory/2296-789-0x0000000000400000-0x0000000000523000-memory.dmp	family_trigona
behavioral2/memory/2296-831-0x0000000000400000-0x0000000000523000-memory.dmp	family_trigona
behavioral2/memory/2296-1344-0x0000000000400000-0x0000000000523000-memory.dmp	family_trigona
behavioral2/memory/2296-3564-0x0000000000400000-0x0000000000523000-memory.dmp	family_trigona
behavioral2/memory/2296-8001-0x0000000000400000-0x0000000000523000-memory.dmp	family_trigona
behavioral2/memory/2296-8044-0x0000000000400000-0x0000000000523000-memory.dmp	family_trigona
behavioral2/memory/2296-10257-0x0000000000400000-0x0000000000523000-memory.dmp	family_trigona
behavioral2/memory/2296-12227-0x0000000000400000-0x0000000000523000-memory.dmp	family_trigona
behavioral2/memory/2296-14368-0x0000000000400000-0x0000000000523000-memory.dmp	family_trigona

description	ioc	process
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\th-TH\how_to_decrypt.hta	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File created	\??\c:\Program Files\Internet Explorer\fr-FR\how_to_decrypt.hta	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.White.png	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\MSIPC\en-us\msipc.dll.mui	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File created	\??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Cultures\how_to_decrypt.hta	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\db2v0801.xsl	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File created	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\how_to_decrypt.hta	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Common Files\System\de-DE\wab32res.dll.mui	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-180.png	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\strings.resjson	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Schoolbook.xml	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Mso40UIwin32client.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_cdg_plugin.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\close_x.png	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\gstreamer-lite.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-pl.xrm-ms	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\vfs\Fonts\private\BKANT.TTF	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\IRIS\PREVIEW.GIF	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\MSIPC\lt\msipc.dll.mui	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\how_to_decrypt.hta	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-pl.xrm-ms	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\OneNoteFreeR_Bypass-ppd.xrm-ms	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_F_COL.HXK	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECHO\ECHO.INF	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File created	\??\c:\Program Files\Internet Explorer\images\how_to_decrypt.hta	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\pack200.exe	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\FPA_f2\FA000000002	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-140.png	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL027.XML	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\zh-CN\tipresx.dll.mui	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\idlj.exe	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\api-ms-win-core-debug-l1-1-0.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\openssl64.dlla.manifest	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationTypes.resources.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\plugins\video_splitter\libpanoramix_plugin.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-debug-l1-1-0.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ppd.xrm-ms	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL082.XML	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.WorkflowServices.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\include\win32\jni_md.h	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-pl.xrm-ms	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-phn.xrm-ms	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXE8SharedExpat.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Common Files\Services\verisign.bmp	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\vlc.mo	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File created	\??\c:\Program Files\VideoLAN\VLC\plugins\logger\how_to_decrypt.hta	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\plugins\demux\librawvid_plugin.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\1033\MSO.ACL	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL097.XML	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LAYERS\THMBNAIL.PNG	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DcfMsoWrapper.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\my\how_to_decrypt.hta	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ul-oob.xrm-ms	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-oob.xrm-ms	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-stdio-l1-1-0.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libinteger_mixer_plugin.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-private-l1-1-0.dll	704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2.exe

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads