Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10_x64
  • resource
    win10v200217
  • submitted
    30-03-2020 14:54

General

  • Target

    5cc851c0bce31e62a7c293c01117e5d80383b97ce97c040f2c08cfaa29380037.exe

  • Size

    676KB

  • MD5

    c1ed709a4375516d25889357d0660f00

  • SHA1

    3f16cd69f3772b9aa51ff2b528f95227e7caed6f

  • SHA256

    5cc851c0bce31e62a7c293c01117e5d80383b97ce97c040f2c08cfaa29380037

  • SHA512

    215cc02a53e3d0eff52f511c516fd5d87726926984e84cd18a7b35c3783792a0ee050e736f2c72bc28d42f1975bb6314d9f0f9e28766839db257c7c500c81ac0

Malware Config

Signatures

  • Jigsaw

    Ransomware family first created in 2016. Named based on wallpaper set after infection.

  • Drops file in Program Files directory 10263 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run entry to start application 2 TTPs 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5cc851c0bce31e62a7c293c01117e5d80383b97ce97c040f2c08cfaa29380037.exe
    "C:\Users\Admin\AppData\Local\Temp\5cc851c0bce31e62a7c293c01117e5d80383b97ce97c040f2c08cfaa29380037.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    • Adds Run entry to start application
    PID:3936
    • C:\Users\Admin\AppData\Local\chrme\chrome.exe
      "C:\Users\Admin\AppData\Local\chrme\chrome.exe" C:\Users\Admin\AppData\Local\Temp\5cc851c0bce31e62a7c293c01117e5d80383b97ce97c040f2c08cfaa29380037.exe
      2⤵
      • Drops file in Program Files directory
      • Executes dropped EXE
      PID:3984

Network

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Replay Monitor

Loading Replay Monitor...

Downloads