Overview

overview

10

Static

static

10

41c9080f9c...ff.exe

windows7-x64

10

41c9080f9c...ff.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250207-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250207-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/02/2025, 16:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe

  • Size

    1.7MB

  • MD5

    15d05dfa5cff0cfc86e5135155744385

  • SHA1

    3eb904370ebf0bd3d4665a0f4ea80f8cc8e89dc9

  • SHA256

    41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff

  • SHA512

    a1990e12b1397d12d718717e46a6ffc3721a44058f499b86b11b2d163b03afd2f8d7c816633abbd6a90773369b3ecb2b3f391ceed341d39bedfea5f4c1b99efd

  • SSDEEP

    24576:uGA0AhSVzjJqVR/xmx0AsQ5r2jOGJTS8KmlI+u+68+DrAmz:xAhuzc3DXJTS8KmVzeD5

Score
10/10
trigonadiscoverypersistenceransomwarespywarestealer

Malware Config

Signatures

  • Detects Trigona ransomware 13 IoCs
  • Trigona

    A ransomware first seen at the beginning of the 2022.

    ransomwaretrigona
  • Trigona family
    trigona
  • Downloads MZ/PE file 1 IoCs
  • Drops startup file 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops desktop.ini file(s) 4 IoCs
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe
    "C:\Users\Admin\AppData\Local\Temp\41c9080f9c90e00a431b2fb04b461584abe68576996379a97469a71be42fc6ff.exe"
    1⤵
    • Drops startup file
    • Adds Run key to start application
    • Drops desktop.ini file(s)
    • Drops file in Program Files directory
    PID:3876
  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTM5NTMxMTgtNzM5Ri00RjhGLTkyOUMtRjIwQjczNkZDOEY1fSIgdXNlcmlkPSJ7NDdCODhBMjYtNjA5My00NDg5LTgyMjAtMDQ0MDRCMDc5M0M2fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NjUwRjEyQjItQjA4OC00MDU0LUE0Q0YtMkNDNjMxRUYzNUM1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIzIiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDY4ODkiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxOTM2NTgwOTAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0OTM5NDk4MjQzIi8-PC9hcHA-PC9yZXF1ZXN0Pg
    1⤵
    • System Location Discovery: System Language Discovery
    • System Network Configuration Discovery: Internet Connection Discovery
    PID:3360

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1639772215-809007892-4072230623-1000\desktop.ini
    Filesize

    2KB

    MD5

    12af4fcc20e48819dc62f5a1e0251e35

    SHA1

    b702c055c815f164ca4fbf8f2bee372734345e04

    SHA256

    0d7eea7cce0910aee3f6040d4ba336dcc79ba8aa4a9a9bac9496a61c0b5b5166

    SHA512

    ddbf5588d3889361f139f9095f940656c20b2520e39fcf261b9f8af7ab67d79211c24c0d5f4caa27bc2e56c5392c3ddbad85fed3b62db519139b6138771a8dfe

    Download Submit

  • C:\$Recycle.Bin\S-1-5-21-1639772215-809007892-4072230623-1000\how_to_decrypt.hta
    Filesize

    12KB

    MD5

    a65037c3dd288d22b898be8fb034f8a2

    SHA1

    3897fb33d1a2aeb5c8a7966ccc397859b3a35986

    SHA256

    43a25dcc657dba75b9f48f59800caa14f9ded3850e10485d971e88f5150ec1d9

    SHA512

    c2e572ee67b060c5b85e07868202facb9b53c49eb47180c8329ceeea6d53761e53ac3a20a2f052599f747eb2ba628aa688cc422e4fbb841216aef7629be8e16d

    Download Submit

  • memory/3876-4579-0x0000000000400000-0x00000000005CF000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/3876-5-0x0000000000400000-0x00000000005CF000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/3876-10-0x0000000000400000-0x00000000005CF000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/3876-3-0x0000000000400000-0x00000000005CF000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/3876-1-0x0000000000400000-0x00000000005CF000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/3876-4604-0x0000000000400000-0x00000000005CF000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/3876-2-0x0000000000400000-0x00000000005CF000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/3876-5224-0x0000000000400000-0x00000000005CF000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/3876-7808-0x0000000000400000-0x00000000005CF000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/3876-14493-0x0000000000400000-0x00000000005CF000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/3876-21358-0x0000000000400000-0x00000000005CF000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/3876-24443-0x0000000000400000-0x00000000005CF000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/3876-24444-0x0000000000400000-0x00000000005CF000-memory.dmp

    Filesize

    1.8MB

    Download