Overview

overview

10

Static

static

10

d743daa22f...8a.exe

windows7-x64

10

d743daa22f...8a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    12/02/2025, 06:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d743daa22fdf4313a10da027b034c603eda255be037cb45b28faea23114d3b8a.exe

  • Size

    1.1MB

  • MD5

    1852be15aa8dcf664291b3849bd348e4

  • SHA1

    eea811d2a304101cc0b0edebe6590ea0f3da0a27

  • SHA256

    d743daa22fdf4313a10da027b034c603eda255be037cb45b28faea23114d3b8a

  • SHA512

    91ca1d44fa98a43dbc53541cecb8ca656df01d6dc57783f12c70df49347520e150796834731b56107976b5b9dc915006d18caf39ac6792187d605542452bd4eb

  • SSDEEP

    24576:hY6frxBDmkY+Jr0Iql2v4sx+uxtTyJuqe:bKuTvBwSdCud

Score
10/10
trigonadiscoverypersistenceransomware

Malware Config

Signatures

  • Detects Trigona ransomware 14 IoCs
  • Trigona

    A ransomware first seen at the beginning of the 2022.

    ransomwaretrigona
  • Trigona family
    trigona
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops desktop.ini file(s) 13 IoCs
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\d743daa22fdf4313a10da027b034c603eda255be037cb45b28faea23114d3b8a.exe
    "C:\Users\Admin\AppData\Local\Temp\d743daa22fdf4313a10da027b034c603eda255be037cb45b28faea23114d3b8a.exe"
    1⤵
    • Adds Run key to start application
    • Drops desktop.ini file(s)
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2628

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1163522206-1469769407-485553996-1000\desktop.ini
    Filesize

    2KB

    MD5

    9e0ba776cdf99a60c2cdbe5561c43afa

    SHA1

    7b3dfb67f2341610651daeffc2cc3bbf13e59b5f

    SHA256

    162b1045f22818eedcc1be6f795015b0755a6d23d87b4273b5037e83840320e9

    SHA512

    a2aa54649aaf8aa65130bdd4a2c2b0ae2070d2af929ed76479eda56222d89605dacef9d9188284fe55cbdf622ff405ac22ad36713c44d749dc38b00d3801a978

    Download Submit

  • C:\how_to_decrypt.hta
    Filesize

    11KB

    MD5

    33d96f8733cd0891b1e2b647bcf8669e

    SHA1

    0d00018b6d682c54bb16ee9fb1f2caa6c6734ba2

    SHA256

    41b8caf39cb14d33c3048b4898b58c808d3fd1d473f010eedd146c581717ff54

    SHA512

    8b493ce34b7862a4235d8a6bea2606a1cc00c872059f7cf3d080f7664545f7440e22b27de34b0e84b8ec63813cab22fe40a6029d54b6e9a68b8a0311dfd5e150

    Download Submit

  • memory/2628-6-0x0000000000400000-0x0000000000526000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2628-316-0x0000000000400000-0x0000000000526000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2628-0-0x0000000000400000-0x0000000000526000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2628-7-0x0000000000400000-0x0000000000526000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2628-14-0x0000000000400000-0x0000000000526000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2628-2-0x0000000000400000-0x0000000000526000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2628-1-0x0000000000400000-0x0000000000526000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2628-5-0x0000000000400000-0x0000000000526000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2628-810-0x0000000000400000-0x0000000000526000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2628-6719-0x0000000000400000-0x0000000000526000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2628-11568-0x0000000000400000-0x0000000000526000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2628-11666-0x0000000000400000-0x0000000000526000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2628-11760-0x0000000000400000-0x0000000000526000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2628-14104-0x0000000000400000-0x0000000000526000-memory.dmp

    Filesize

    1.1MB

    Download