Overview

overview

10

Static

static

10

sample.exe

windows7-x64

10

sample.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-02-2024 11:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sample.exe

  • Size

    1.1MB

  • MD5

    530967fb3b7d9427552e4ac181a37b9a

  • SHA1

    41bcf469661ab9609a0d181953c2f8ffb75bb483

  • SHA256

    fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b

  • SHA512

    b81a447a994839a6858bab10eaa2c26aabaf3f73e7ffd2c70d27dfde5f11b35f5d153362277c046d47bcf9dc2d2b7c92d5805e89e633f9326306071abb213afa

  • SSDEEP

    24576:15swNmjEoujhn3wVPWJFwEQWV+u7h62TL:HouNVOEbcah6qL

Score
10/10
trigonapersistenceransomwarespywarestealer

Malware Config

Signatures

  • Detects Trigona ransomware 12 IoCs
  • Trigona

    A ransomware first seen at the beginning of the 2022.

    ransomwaretrigona
  • Drops startup file 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops desktop.ini file(s) 3 IoCs
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\sample.exe
    "C:\Users\Admin\AppData\Local\Temp\sample.exe"
    1⤵
    • Drops startup file
    • Adds Run key to start application
    • Drops desktop.ini file(s)
    • Drops file in Program Files directory
    PID:464
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4156 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4028

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini
      Filesize

      2KB

      MD5

      8749c9755701834903720a797307591c

      SHA1

      4ccbe384ae5d231fddfe43023a5f52d82ec3a85e

      SHA256

      e7acd29e446fc07a0db36cd7abbb236c4ef6c7b1da0e5d28db5a9942fc21f422

      SHA512

      862ecf6237b8e8251e2846056886538050e14784dff01ce44c7c76366499e5dd41a1fb8b6ad1b0bd070c46ae1d4e465b018dc180d419a94960535ff2466e0a0f

      Download Submit

    • C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\how_to_decrypt.hta
      Filesize

      11KB

      MD5

      23ad3ece121ef7256b35bd457401c03b

      SHA1

      c092975e65434f8e599182375888ad1847443cca

      SHA256

      cbd25c85e78554e7bc001414d8f857bf7d502cea680b3e53694cdea0797f99ae

      SHA512

      49be48c9f1d9afb38bb6bb9fd08b0f6de3f29c9e525a30ba0c2a1e2c7ac309fe1202a39ab995c69b4c52973e0b836e8f18f67daaa32a166b08190af3e3e9191e

      Download Submit

    • memory/464-4-0x0000000000400000-0x0000000000526000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/464-0-0x0000000000400000-0x0000000000526000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/464-9-0x0000000000400000-0x0000000000526000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/464-2-0x0000000000400000-0x0000000000526000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/464-543-0x0000000000400000-0x0000000000526000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/464-2582-0x0000000000400000-0x0000000000526000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/464-4055-0x0000000000400000-0x0000000000526000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/464-1-0x0000000000400000-0x0000000000526000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/464-5143-0x0000000000400000-0x0000000000526000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/464-5189-0x0000000000400000-0x0000000000526000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/464-7176-0x0000000000400000-0x0000000000526000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/464-10522-0x0000000000400000-0x0000000000526000-memory.dmp

      Filesize

      1.1MB

      Download