Overview

overview

10

Static

static

10

a891d24823...f9.exe

windows7-x64

10

a891d24823...f9.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250207-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250207-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/02/2025, 06:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a891d24823796a4ffa2fac76d92fec2c7ffae1ac1c3665be0d4f85e13acd33f9.exe

  • Size

    1.7MB

  • MD5

    68635ad9d12f683071611bfd34c1ec34

  • SHA1

    3d59b3053f9f531197a47a6a936240cb81a700d9

  • SHA256

    a891d24823796a4ffa2fac76d92fec2c7ffae1ac1c3665be0d4f85e13acd33f9

  • SHA512

    811764a687edc700883ae31503bedb299702ee6281ae57bc0885f9fd60f80d0f572f545bb060dcd610f904167665ee2a520dbdd77e4f4fd953250b1fcf48cf96

  • SSDEEP

    24576:GGA0AhSVzjJqVR/xmx0AsQ5r2jOGJTS8KmlI+u+68+05vNR:JAhuzc3DXJTS8KmVzecH

Score
10/10
trigonadiscoverypersistenceransomwarespywarestealer

Malware Config

Signatures

  • Detects Trigona ransomware 13 IoCs
  • Trigona

    A ransomware first seen at the beginning of the 2022.

    ransomwaretrigona
  • Trigona family
    trigona
  • Downloads MZ/PE file 1 IoCs
  • Drops startup file 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops desktop.ini file(s) 4 IoCs
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\a891d24823796a4ffa2fac76d92fec2c7ffae1ac1c3665be0d4f85e13acd33f9.exe
    "C:\Users\Admin\AppData\Local\Temp\a891d24823796a4ffa2fac76d92fec2c7ffae1ac1c3665be0d4f85e13acd33f9.exe"
    1⤵
    • Drops startup file
    • Adds Run key to start application
    • Drops desktop.ini file(s)
    • Drops file in Program Files directory
    PID:2976
  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OUEwMjNCOUUtNEVCQy00OTkxLTk2MjgtNUNCNzBBMzQ5QjBDfSIgdXNlcmlkPSJ7NTM4NjdFMjEtNTY0Ri00MTFELUEzQjAtQzQzQTRFMEJGOEUwfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MDFGOTU4QUYtMDkzOC00MTYwLUE3ODAtMTY1NDExMzhBNDkwfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI0IiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDcxNzgiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxOTY4MDM3MTAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1Mjk4MDg5NTA3Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
    1⤵
    • System Location Discovery: System Language Discovery
    • System Network Configuration Discovery: Internet Connection Discovery
    PID:7696

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-194335498-2604837297-537231065-1000\desktop.ini
    Filesize

    2KB

    MD5

    812313a6fb402c760e4ff8df19ad0c00

    SHA1

    da8d33e6134ebc7048b3618236a5176323fb6872

    SHA256

    844b70e80acce87865e21c953ef9712e8d4caa4a9e24fd62f282a505c6448cf9

    SHA512

    a5e6e08cf4af6d41c4e92e0cbf9812bb6dd48a7172212ca2d7e069cd663bbff2cdda5cb7f95e96cbf8f398a1a522255a6b0a627e83eebaed217c9fd76e85a103

    Download Submit

  • C:\$Recycle.Bin\S-1-5-21-194335498-2604837297-537231065-1000\how_to_decrypt.hta
    Filesize

    12KB

    MD5

    a14b85c305047aacd8f1f0ce23f7a4aa

    SHA1

    954fd0a9c8971ce32099633115291de64c8f5034

    SHA256

    dc2865d28f508946af1cb1b8fc090b84ff84282bfbd58cefbb7e39c2024fbf9a

    SHA512

    0b673306d90467395afab6cf44305eca1b0a2a43a20cebe415711f7b2bc4d0e7fdaa374a28f01f7df3bae23e33bb87a635bcfd0e0381f06e6d2c7eb882b8818c

    Download Submit

  • memory/2976-4546-0x0000000000400000-0x00000000005CF000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2976-8-0x0000000000400000-0x00000000005CF000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2976-2-0x0000000000400000-0x00000000005CF000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2976-2324-0x0000000000400000-0x00000000005CF000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2976-0-0x0000000000400000-0x00000000005CF000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2976-1-0x0000000000400000-0x00000000005CF000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2976-5217-0x0000000000400000-0x00000000005CF000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2976-8818-0x0000000000400000-0x00000000005CF000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2976-16859-0x0000000000400000-0x00000000005CF000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2976-22761-0x0000000000400000-0x00000000005CF000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2976-24409-0x0000000000400000-0x00000000005CF000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2976-24410-0x0000000000400000-0x00000000005CF000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2976-24411-0x0000000000400000-0x00000000005CF000-memory.dmp

    Filesize

    1.8MB

    Download