analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

Trigon 4.3.2.rar

Full analysis: https://app.any.run/tasks/c0163ff4-c0ee-4ac9-a414-41e325860e29
Verdict: Malicious activity
Analysis date: October 14, 2019, 03:05:49
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

5E7DA5EEEFF90A1543D9B68B7DCD9AB7

SHA1:

9B221E5E83FDA5016CA8B1AEBE2C6E008C698B39

SHA256:

1478330B64A3628709741143458EC35F07C020A6DAF2A187C41C79C410402565

SSDEEP:

196608:xoRhnxzzgDvmmsulaAou+/TdLNglxn+DgGbyOBkr0Q:Chnx5msBrutLnWuNr0Q

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • Trigon.exe (PID: 2876)
      • Trigon.exe (PID: 1584)

    • Application was dropped or rewritten from another process

      • Trigon.exe (PID: 1292)
      • Trigon.exe (PID: 1584)
      • Trigon.exe (PID: 2876)
      • Trigon.exe (PID: 3940)

    • Changes settings of System certificates

      • Trigon.exe (PID: 1584)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1896)
      • Trigon.exe (PID: 1584)
      • Trigon.exe (PID: 2876)

    • Adds / modifies Windows certificates

      • Trigon.exe (PID: 1584)

    • Modifies the open verb of a shell class

      • Trigon.exe (PID: 1584)
      • Trigon.exe (PID: 2876)

    • Changes IE settings (feature browser emulation)

      • Trigon.exe (PID: 1584)

    • Reads internet explorer settings

      • Trigon.exe (PID: 2876)
      • Trigon.exe (PID: 1584)

  • INFO

    • Dropped object may contain Bitcoin addresses

      • WinRAR.exe (PID: 1896)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
5
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
drop and start drop and start drop and start drop and start start winrar.exe trigon.exe no specs trigon.exe trigon.exe no specs trigon.exe

Process information

PID
CMD
Path
Indicators
Parent process
1896"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Trigon 4.3.2.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.60.0
3940"C:\Users\admin\AppData\Local\Temp\Rar$EXa1896.38399\Trigon 4.3.2\Trigon.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa1896.38399\Trigon 4.3.2\Trigon.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Trigon
Exit code:
3221226540
Version:
4.3.2.0
1584"C:\Users\admin\AppData\Local\Temp\Rar$EXa1896.38399\Trigon 4.3.2\Trigon.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa1896.38399\Trigon 4.3.2\Trigon.exe
WinRAR.exe
User:
admin
Integrity Level:
HIGH
Description:
Trigon
Version:
4.3.2.0
1292"C:\Users\admin\AppData\Local\Temp\Rar$EXa1896.38632\Trigon 4.3.2\Trigon.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa1896.38632\Trigon 4.3.2\Trigon.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Trigon
Exit code:
3221226540
Version:
4.3.2.0
2876"C:\Users\admin\AppData\Local\Temp\Rar$EXa1896.38632\Trigon 4.3.2\Trigon.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa1896.38632\Trigon 4.3.2\Trigon.exe
WinRAR.exe
User:
admin
Integrity Level:
HIGH
Description:
Trigon
Version:
4.3.2.0
Total events
670
Read events
608
Write events
0
Delete events
0

Modification events

No data
Executable files
15
Suspicious files
0
Text files
150
Unknown types
0

Dropped files

PID
Process
Filename
Type
1896WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1896.38399\Trigon 4.3.2\Scripts\Dark Dex.txttext
MD5:525C6B250B0510A4C3BD4335AEAEDDC0
SHA256:D53C5E245E779FC7601F1D00EA7F4BEC6A6B943BB99D857EB5AFD6BE2918ED16
1896WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1896.38399\Trigon 4.3.2\Data_\Dark.htmlhtml
MD5:7B0787D7D456C05CE71C8983F3366825
SHA256:CF3FA16E9E71CFA4C48F4F6A627ED7CC2CCCFF9C6B05212EBB406CEF1FC28B0E
1896WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1896.38399\Trigon 4.3.2\Scripts\Print.txttext
MD5:05A5E1CB1A8139F0C25EA40EDB5DDCB2
SHA256:23DFA7B3EAD34909D366F093E2C48F255165F4355DB6B0227BD4A88CEC00F46A
1896WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1896.38399\Trigon 4.3.2\Scripts\INFINITE YIELD FD.txttext
MD5:19541BA7A07F3BE547D0D6A7F0091AAE
SHA256:5EAAFB68C57EDDEE8BA659A76375D1CBC1C905A6DDFFD625CB80EEB8D9B8A354
1896WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1896.38399\Trigon 4.3.2\Scripts\OPFinality.txttext
MD5:E80B40B9B8E8145CE4EBFFB882DDD96E
SHA256:8C95140372EEBA29F20E15A7A49F6B6706F4DD59779A9715286CD3CE5AE71465
1896WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1896.38399\Trigon 4.3.2\Data_\vs\basic-languages\csp\csp.jstext
MD5:22ADA25D590811DCFF4E5F5D698E583B
SHA256:4B5A5D7D50986B86B00833447E097C0F01A4388CE1765B48E7E371D06E3A4789
1896WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1896.38399\Trigon 4.3.2\Data_\vs\basic-languages\dockerfile\dockerfile.jstext
MD5:E32DE981BDAF75E6FFB8FE40BC955A68
SHA256:65B86FC54E9B35D6CB84F01DFB905680DBCAD6605757DE1D6BCA84E3029889AF
1896WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1896.38399\Trigon 4.3.2\Data_\vs\language\css\cssMode.jstext
MD5:40A99739F89D382C92EB26F05A9A4497
SHA256:D3108AF9FFCDAD3133345686646CAFE3B628AD6B25A3758786B2AA7B7B51809D
1896WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1896.38399\Trigon 4.3.2\Data_\vs\basic-languages\cpp\cpp.jstext
MD5:0A16509E6CD0155FB622E785CFE976C7
SHA256:A7C2BEA7CA3D9E203A3A286735945FE010C8F4F8D46620386EE8BEFC6A78B32B
1896WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1896.38399\Trigon 4.3.2\Data_\vs\editor\editor.main.csstext
MD5:233217455A3EF3604BF4942024B94F98
SHA256:2EC118616A1370E7C37342DA85834CA1819400C28F83ABFCBBB1EF50B51F7701
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
6
DNS requests
4
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1584
Trigon.exe
104.22.2.84:443
pastebin.com
Cloudflare Inc
US
shared
1584
Trigon.exe
162.159.130.233:443
cdn.discordapp.com
Cloudflare Inc
shared
2876
Trigon.exe
162.159.130.233:443
cdn.discordapp.com
Cloudflare Inc
shared
2876
Trigon.exe
104.22.2.84:443
pastebin.com
Cloudflare Inc
US
shared
1584
Trigon.exe
104.31.79.78:443
www.arponag.xyz
Cloudflare Inc
US
shared
2876
Trigon.exe
104.31.79.78:443
www.arponag.xyz
Cloudflare Inc
US
shared

DNS requests

Domain
IP
Reputation
pastebin.com
  • 104.22.2.84
  • 104.22.3.84
shared
www.arponag.xyz
  • 104.31.79.78
  • 104.31.78.78
suspicious
cdn.discordapp.com
  • 162.159.130.233
  • 162.159.129.233
  • 162.159.134.233
  • 162.159.133.233
  • 162.159.135.233
shared

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Trigon 4.3.2.rar