jigsaw | 0ec947a4f30a6ad7d055c72f5d6c1ffe7a538349f41e8156e9aa5c7a8b0d7811 | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...18.exe

windows7_x64

SecuriteIn...18.exe

windows10_x64

Resubmissions

09-10-2023 22:49

231009-2rxwfsgh8z 10

06-03-2021 22:20

210306-e542m4kcwn 10

09-11-2020 19:51

201109-ldpapz7ekx 10

Sharing

General

Target

SecuriteInfo.com.BehavesLike.Win32.Generic.dc.28918
Size

291KB
Sample

210306-e542m4kcwn
MD5

5a5c745bf3e97fe2be01880132662f28
SHA1

924af25d379fc88319bc55958db898dbf5054309
SHA256

0ec947a4f30a6ad7d055c72f5d6c1ffe7a538349f41e8156e9aa5c7a8b0d7811
SHA512

151e4a07e19350d677e049c57c971b64924150eec007e665843cb6142ec73fc06ae4145c64164d3f7f25a376a7536ac6d9b3c85180503549a0c86f09cc0ded10

Score

10^/10

jigsaw persistence ransomware spyware

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.BehavesLike.Win32.Generic.dc.28918.exe

Resource

win7v20201028

jigsaw persistence ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.BehavesLike.Win32.Generic.dc.28918.exe

Resource

win10v20201028

jigsaw persistence ransomware spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  SecuriteInfo.com.BehavesLike.Win32.Generic.dc.28918
- Size
  
  291KB
- MD5
  
  5a5c745bf3e97fe2be01880132662f28
- SHA1
  
  924af25d379fc88319bc55958db898dbf5054309
- SHA256
  
  0ec947a4f30a6ad7d055c72f5d6c1ffe7a538349f41e8156e9aa5c7a8b0d7811
- SHA512
  
  151e4a07e19350d677e049c57c971b64924150eec007e665843cb6142ec73fc06ae4145c64164d3f7f25a376a7536ac6d9b3c85180503549a0c86f09cc0ded10
Score

10^/10

jigsaw persistence ransomware spyware
- Jigsaw Ransomware
  Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
  ransomware jigsaw
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

jigsawpersistenceransomware

behavioral2

jigsawpersistenceransomwarespyware

© 2018-2024

Terms | Privacy