jigsaw | 6247a7a4f29912882d90b9d76243ec9cf64900ed54c165e3c73d7245f48383ae | Triage

Submit
Reports

Overview

overview

Static

static

7

053cec40ef...fa.exe

windows7-x64

053cec40ef...fa.exe

windows10-2004-x64

Sharing

General

Target

053cec40ef1b8c148c4c1f798509e8b33e0f86f81555307b65e9fdffd670b9fa.exe.zip
Size

240KB
Sample

231002-n9bt2sad71
MD5

912b54393dbaa2365d84a5d1d1559ee9
SHA1

45fd8dc74f1c61dd75a601fed422f74e879454c5
SHA256

6247a7a4f29912882d90b9d76243ec9cf64900ed54c165e3c73d7245f48383ae
SHA512

c153f8e01f695ea903b84a6473ecab9d34bb89981b8a8b91a4a2b78c3680ad025376f067007215123bfc28957323d3d80df600d148c44e8230ee437671d72339
SSDEEP

6144:wMsnPsxUG1G3ukVgbasp4dHzStXBCh7WuT7y/2:wxnP9GUukVAaG4MMKuT7y/2

Score

10^/10

jigsaw persistence ransomware spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

053cec40ef1b8c148c4c1f798509e8b33e0f86f81555307b65e9fdffd670b9fa.exe

Resource

win7-20230831-en

jigsaw persistence ransomware spyware stealer upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

053cec40ef1b8c148c4c1f798509e8b33e0f86f81555307b65e9fdffd670b9fa.exe

Resource

win10v2004-20230915-en

jigsaw persistence ransomware upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  053cec40ef1b8c148c4c1f798509e8b33e0f86f81555307b65e9fdffd670b9fa.exe
- Size
  
  249KB
- MD5
  
  33862bca1fe73d44277e9ad4f0aa81e1
- SHA1
  
  e900bf9dc2ad2b18e362c8d42ae8e8ce74fb3ff1
- SHA256
  
  053cec40ef1b8c148c4c1f798509e8b33e0f86f81555307b65e9fdffd670b9fa
- SHA512
  
  08c0ef71dcab39f772abf17b2c714bc89fe2add6fa61f734ea04c05770ad93a68e5fd9caf73d740c3c17dce1ebb0563b0bd82b20fc6a7e508a778bccbbf8384c
- SSDEEP
  
  6144:VFVg9EpWQxCKDgqLSV2hIq45K4O4xDL1UnhvHNJ7h0W93MPNdLM7G:/VgGD4KNWViIq4pOOPipHlzsQ7
Score

10^/10

jigsaw persistence ransomware spyware stealer upx
- Jigsaw Ransomware
  Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
  ransomware jigsaw
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

jigsawpersistenceransomwarespywarestealerupx

behavioral2

jigsawpersistenceransomwareupx

© 2018-2024

Terms | Privacy