Overview

overview

10

Static

static

3efc575b6c...67.exe

windows7-x64

10

3efc575b6c...67.exe

windows10-2004-x64

10

Resubmissions

09-10-2023 22:48

231009-2rg51aah99 10

29-01-2023 17:35

230129-v55pwsha8v 10

30-11-2022 18:03

221130-wm9rkafc81 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3efc575b6cfd36e57a7b244a860160a35e76c0945bdad1bd79294a1816887467

  • Size

    2.4MB

  • Sample

    221130-wm9rkafc81

  • MD5

    c2c5848ec8ae11e84d42521c527f75ca

  • SHA1

    d8d98dff64297d4cf8a227a2c138efc4774942b2

  • SHA256

    3efc575b6cfd36e57a7b244a860160a35e76c0945bdad1bd79294a1816887467

  • SHA512

    10e3f210c2d98c090ce3a65be2ff70279c07c1bf3dcb06a48dbfaa34ab6471ed0e8f2a35fbf5bd0c9b61b1c55493c5042daa32556b4b28e22c28e8d80c5d0846

  • SSDEEP

    49152:3rKiRwG7r2ie/XMK+kLg7SdqnCvIUdJi0l2Css5qq2nY4/gX1aNnUm5vL:3RXK+b7ScCvFPx3Kr48UmN

Score
10/10
jigsawpersistenceransomware

Malware Config

Targets

    • Target

      3efc575b6cfd36e57a7b244a860160a35e76c0945bdad1bd79294a1816887467

    • Size

      2.4MB

    • MD5

      c2c5848ec8ae11e84d42521c527f75ca

    • SHA1

      d8d98dff64297d4cf8a227a2c138efc4774942b2

    • SHA256

      3efc575b6cfd36e57a7b244a860160a35e76c0945bdad1bd79294a1816887467

    • SHA512

      10e3f210c2d98c090ce3a65be2ff70279c07c1bf3dcb06a48dbfaa34ab6471ed0e8f2a35fbf5bd0c9b61b1c55493c5042daa32556b4b28e22c28e8d80c5d0846

    • SSDEEP

      49152:3rKiRwG7r2ie/XMK+kLg7SdqnCvIUdJi0l2Css5qq2nY4/gX1aNnUm5vL:3RXK+b7ScCvFPx3Kr48UmN

    Score
    10/10
    jigsawpersistenceransomware

    • Jigsaw Ransomware

      Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

      ransomwarejigsaw

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks