jigsaw | 47145ecc729d25e288a6b7c512ec15c9dd07e36149578a882b38f772248d8174 | Triage

Submit
Reports

Overview

overview

Static

static

Statement.pdf.msi

windows10-2004-x64

Resubmissions

19-07-2024 15:23

240719-ssp3ka1dng 10

09-10-2023 22:48

231009-2rhrjagh71 10

29-01-2023 17:46

230129-wchv4afh63 10

14-07-2022 07:49

220714-jn2fcsdbgr 10

Sharing

General

Target

47145ecc729d25e288a6b7c512ec15c9dd07e36149578a882b38f772248d8174
Size

305KB
Sample

230129-wchv4afh63
MD5

154b0648c8e62f895fa232d0ec621fd9
SHA1

9b6b9be6bfd7c02890af0aaf666964dda18078cc
SHA256

47145ecc729d25e288a6b7c512ec15c9dd07e36149578a882b38f772248d8174
SHA512

372770b00561116650d4a1593f76f4db3c0c0e1910cd99e431a919b8d09b28ea7a43d857ac22f8a947cbb993580f046428cd823b8c06d7e18ead19e13075561e
SSDEEP

6144:dpcRpXY33419nqffVVjgac9bpdGvW05Rgc1xhvXu9Kqn/Sl:ARFYntfVNc9bl05R1buNM

Score

10^/10

jigsaw persistence ransomware spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Statement.pdf.msi

Resource

win10v2004-20220812-en

jigsaw persistence ransomware spyware stealer

windows10-2004-x64

19 signatures

300 seconds

Malware Config

Targets

- Target
  
  Statement.pdf.msi
- Size
  
  1.1MB
- MD5
  
  a362de111d5dff6bcdeaf4717af268b6
- SHA1
  
  2e5104db35871c5bc7da2035d8b91398bb5d5e0e
- SHA256
  
  0921add95609d77f0c6195b2bec474b693ec217abb1db496f367c768bfbe7cca
- SHA512
  
  b48a18158a0dff9a9012952c467fcf69b8bfc53ceeacaf32a90fc4b7f3afd34465e676b282fa87f3c5c85b4780baf96cc754dcdeef77ba5330fa8c4fd1d20b72
- SSDEEP
  
  12288:w6yilXxt+i9uJB5XladYq15U+F54Sy3JItYzpm+zF4KSlgNY/k09L4:byKtb9gXdqjF54/JuOplFB09
Score

10^/10

jigsaw persistence ransomware spyware stealer
- Jigsaw Ransomware
  Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
  ransomware jigsaw
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

jigsawpersistenceransomwarespywarestealer

© 2018-2024

Terms | Privacy