Overview

overview

10

Static

static

10

sample.exe

windows7-x64

10

sample.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28-02-2024 11:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sample.exe

  • Size

    1.1MB

  • MD5

    b02301c3c8e078e2287c1fbca12f8a00

  • SHA1

    f740cb6c2bb9973fe5a4dc3ac609e36436e719eb

  • SHA256

    11b0e9673bbeb978aa9b95bcad43eb21bbe0bbaaf7e5a0e20d48b93d60204406

  • SHA512

    d1e447fbc546234200c705d4b35151a18c3041e5e39c7849bd524b3cc76e51872b831b2f71fa92008a10c006ecf7c9e4f5279212e949078fe09ad8542e6ee7f9

  • SSDEEP

    12288:3RYqX7pdDWExBDmkYhiPJSA0IqOO2vBwRns2MqnuY/gtTyoCCP:BY6frxBDmkY+Jr0Iql2v4sx+uxtTy/CP

Score
10/10
trigonapersistenceransomware

Malware Config

Signatures

  • Detects Trigona ransomware 13 IoCs
  • Trigona

    A ransomware first seen at the beginning of the 2022.

    ransomwaretrigona
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops desktop.ini file(s) 12 IoCs
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\sample.exe
    "C:\Users\Admin\AppData\Local\Temp\sample.exe"
    1⤵
    • Adds Run key to start application
    • Drops desktop.ini file(s)
    • Drops file in Program Files directory
    PID:2360

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\how_to_decrypt.hta
    Filesize

    11KB

    MD5

    3e0682a6fb93c4eb5fa40314842aa292

    SHA1

    3141ef9d74b06ba7f968bdb279ad2b575db78b83

    SHA256

    1af29723b96b3b7dc17d0925ef7ab85ed7e45229f4bd350a3149f536bd93270b

    SHA512

    45d14390ed8fc22e00e6de191e83525721f46440805ef0d212c22badbe9b69b7228163c96575dca37cc78698c6f4f757536f3a7b0f29f539d2d487a3666a4ad3

    Download Submit
  • memory/2360-772-0x0000000000400000-0x0000000000526000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2360-4-0x0000000000400000-0x0000000000526000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2360-5-0x0000000000400000-0x0000000000526000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2360-1-0x0000000000400000-0x0000000000526000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2360-405-0x0000000000400000-0x0000000000526000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2360-0-0x0000000000400000-0x0000000000526000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2360-4017-0x0000000000400000-0x0000000000526000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2360-8981-0x0000000000400000-0x0000000000526000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2360-9750-0x0000000000400000-0x0000000000526000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2360-9828-0x0000000000400000-0x0000000000526000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2360-9912-0x0000000000400000-0x0000000000526000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2360-10787-0x0000000000400000-0x0000000000526000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2360-11879-0x0000000000400000-0x0000000000526000-memory.dmp
    Filesize

    1.1MB

    Download