File name:

Trigon 4.3.2.rar

Full analysis: https://app.any.run/tasks/c0163ff4-c0ee-4ac9-a414-41e325860e29
Verdict: Malicious activity
Analysis date: October 14, 2019, 03:05:49
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

5E7DA5EEEFF90A1543D9B68B7DCD9AB7

SHA1:

9B221E5E83FDA5016CA8B1AEBE2C6E008C698B39

SHA256:

1478330B64A3628709741143458EC35F07C020A6DAF2A187C41C79C410402565

SSDEEP:

196608:xoRhnxzzgDvmmsulaAou+/TdLNglxn+DgGbyOBkr0Q:Chnx5msBrutLnWuNr0Q

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Trigon.exe (PID: 3940)
      • Trigon.exe (PID: 1584)
      • Trigon.exe (PID: 1292)
      • Trigon.exe (PID: 2876)

    • Loads dropped or rewritten executable

      • Trigon.exe (PID: 1584)
      • Trigon.exe (PID: 2876)

    • Changes settings of System certificates

      • Trigon.exe (PID: 1584)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1896)
      • Trigon.exe (PID: 1584)
      • Trigon.exe (PID: 2876)

    • Modifies the open verb of a shell class

      • Trigon.exe (PID: 1584)
      • Trigon.exe (PID: 2876)

    • Adds / modifies Windows certificates

      • Trigon.exe (PID: 1584)

    • Reads internet explorer settings

      • Trigon.exe (PID: 1584)
      • Trigon.exe (PID: 2876)

    • Changes IE settings (feature browser emulation)

      • Trigon.exe (PID: 1584)

  • INFO

    • Dropped object may contain Bitcoin addresses

      • WinRAR.exe (PID: 1896)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
5
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
drop and start drop and start drop and start drop and start start winrar.exe trigon.exe no specs trigon.exe trigon.exe no specs trigon.exe

Process information

PID
CMD
Path
Indicators
Parent process
1292"C:\Users\admin\AppData\Local\Temp\Rar$EXa1896.38632\Trigon 4.3.2\Trigon.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa1896.38632\Trigon 4.3.2\Trigon.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Trigon
Exit code:
3221226540
Version:
4.3.2.0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa1896.38632\trigon 4.3.2\trigon.exe
c:\systemroot\system32\ntdll.dll
1584"C:\Users\admin\AppData\Local\Temp\Rar$EXa1896.38399\Trigon 4.3.2\Trigon.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa1896.38399\Trigon 4.3.2\Trigon.exe
WinRAR.exe
User:
admin
Integrity Level:
HIGH
Description:
Trigon
Exit code:
0
Version:
4.3.2.0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa1896.38399\trigon 4.3.2\trigon.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1896"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Trigon 4.3.2.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2876"C:\Users\admin\AppData\Local\Temp\Rar$EXa1896.38632\Trigon 4.3.2\Trigon.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa1896.38632\Trigon 4.3.2\Trigon.exe
WinRAR.exe
User:
admin
Integrity Level:
HIGH
Description:
Trigon
Exit code:
0
Version:
4.3.2.0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa1896.38632\trigon 4.3.2\trigon.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
3940"C:\Users\admin\AppData\Local\Temp\Rar$EXa1896.38399\Trigon 4.3.2\Trigon.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa1896.38399\Trigon 4.3.2\Trigon.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Trigon
Exit code:
3221226540
Version:
4.3.2.0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa1896.38399\trigon 4.3.2\trigon.exe
c:\systemroot\system32\ntdll.dll
Total events
670
Read events
608
Write events
62
Delete events
0

Modification events

(PID) Process:(1896) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(1896) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(1896) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1896) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Trigon 4.3.2.rar
(PID) Process:(1896) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1896) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1896) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(1896) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(1896) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(1896) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
Executable files
15
Suspicious files
0
Text files
150
Unknown types
0

Dropped files

PID
Process
Filename
Type
1896WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1896.38399\Trigon 4.3.2\Scripts\Print.txttext
MD5:
SHA256:
1896WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1896.38399\Trigon 4.3.2\Scripts\Dark Dex.txttext
MD5:
SHA256:
1896WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1896.38399\Trigon 4.3.2\Data_\Dark.htmlhtml
MD5:
SHA256:
1896WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1896.38399\Trigon 4.3.2\Data_\vs\editor\editor.main.jstext
MD5:9399A8EAA741D04B0AE6566A5EBB8106
SHA256:93D28520C07FBCA09E20886087F28797BB7BD0E6CF77400153AAB5AE67E3CE18
1896WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1896.38399\Trigon 4.3.2\Scripts\OPFinality.txttext
MD5:E80B40B9B8E8145CE4EBFFB882DDD96E
SHA256:8C95140372EEBA29F20E15A7A49F6B6706F4DD59779A9715286CD3CE5AE71465
1896WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1896.38399\Trigon 4.3.2\Scripts\INFINITE YIELD FD.txttext
MD5:19541BA7A07F3BE547D0D6A7F0091AAE
SHA256:5EAAFB68C57EDDEE8BA659A76375D1CBC1C905A6DDFFD625CB80EEB8D9B8A354
1896WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1896.38399\Trigon 4.3.2\Data_\vs\editor\editor.main.csstext
MD5:233217455A3EF3604BF4942024B94F98
SHA256:2EC118616A1370E7C37342DA85834CA1819400C28F83ABFCBBB1EF50B51F7701
1896WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1896.38399\Trigon 4.3.2\Scripts\Reviz Admin v2.txttext
MD5:DAA4BD50948D97012D74E9A822BB63AF
SHA256:BF1678B49397E7417EEB4D13DCE8951910347238230D431E2A341DDB985E10D8
1896WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1896.38399\Trigon 4.3.2\Data_\vs\basic-languages\csp\csp.jstext
MD5:22ADA25D590811DCFF4E5F5D698E583B
SHA256:4B5A5D7D50986B86B00833447E097C0F01A4388CE1765B48E7E371D06E3A4789
1896WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1896.38399\Trigon 4.3.2\Data_\vs\language\css\cssWorker.jstext
MD5:152244E2AB4F663141E9466A8282EBE8
SHA256:288BB68A2C685957B5DC3E5353B1A03DC482B10858059063B99C1549D5FEF01C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
6
DNS requests
4
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1584
Trigon.exe
104.22.2.84:443
pastebin.com
Cloudflare Inc
US
shared
2876
Trigon.exe
104.22.2.84:443
pastebin.com
Cloudflare Inc
US
shared
2876
Trigon.exe
104.31.79.78:443
www.arponag.xyz
Cloudflare Inc
US
shared
2876
Trigon.exe
162.159.130.233:443
cdn.discordapp.com
Cloudflare Inc
shared
1584
Trigon.exe
162.159.130.233:443
cdn.discordapp.com
Cloudflare Inc
shared
1584
Trigon.exe
104.31.79.78:443
www.arponag.xyz
Cloudflare Inc
US
shared

DNS requests

Domain
IP
Reputation
pastebin.com
  • 104.22.2.84
  • 104.22.3.84
malicious
www.arponag.xyz
  • 104.31.79.78
  • 104.31.78.78
suspicious
cdn.discordapp.com
  • 162.159.130.233
  • 162.159.129.233
  • 162.159.134.233
  • 162.159.133.233
  • 162.159.135.233
shared

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Trigon 4.3.2.rar