Overview

overview

10

Static

static

3

jigsaw.exe

windows7-x64

10

jigsaw.exe

windows10-1703-x64

10

jigsaw.exe

windows10-2004-x64

10

Resubmissions

09-10-2023 22:48

231009-2rc62sah96 10

13-07-2023 09:55

230713-lxrzdsgb77 10

Analysis

  • max time kernel
    149s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-10-2023 22:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    jigsaw.exe

  • Size

    283KB

  • MD5

    2773e3dc59472296cb0024ba7715a64e

  • SHA1

    27d99fbca067f478bb91cdbcb92f13a828b00859

  • SHA256

    3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7

  • SHA512

    6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262

  • SSDEEP

    6144:7fukPLPvucHiQQQ4uuy9ApZbZWxcZt+kTfMLJTOAZiYSXjjeqXus:7fu5cCT7yYlWi8kTfMLJTOAZiYSXjyqX

Score
10/10
jigsawpersistenceransomwarespywarestealer

Malware Config

Signatures

  • Jigsaw Ransomware

    Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

    ransomwarejigsaw
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\jigsaw.exe
    "C:\Users\Admin\AppData\Local\Temp\jigsaw.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2324
    • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
      "C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\jigsaw.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:464

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.fun
    Filesize

    32KB

    MD5

    829165ca0fd145de3c2c8051b321734f

    SHA1

    f5cc3af85ab27c3ea2c2f7cbb8295b28a76a459e

    SHA256

    a193ee2673e0ba5ebc5ea6e65665b8a28bd7611f06d2b0174ec2076e22d94356

    SHA512

    7d380cda12b342a770def9d4e9c078c97874f3a30cd9f531355e3744a8fef2308f79878ffeb12ce26953325cb6a17bc7e54237dfdc2ee72b140ec295676adbcb

    Download Submit

  • C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\cursors\invalid32x32.gif.fun
    Filesize

    160B

    MD5

    580ee0344b7da2786da6a433a1e84893

    SHA1

    60f8c4dd5457e9834f5402cb326b1a2d3ca0ba7e

    SHA256

    98b6c2ddfefc628d03ceaef9d69688674a6bc32eb707f9ed86bc8c75675c4513

    SHA512

    356d2cdea3321e894b5b46ad1ea24c0e3c8be8e3c454b5bd300b7340cbb454e71fc89ca09ea0785b373b483e67c2f6f6bb408e489b0de4ff82d5ed69a75613ba

    Download Submit

  • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
    Filesize

    283KB

    MD5

    2773e3dc59472296cb0024ba7715a64e

    SHA1

    27d99fbca067f478bb91cdbcb92f13a828b00859

    SHA256

    3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7

    SHA512

    6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262

    Download Submit

  • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
    Filesize

    283KB

    MD5

    2773e3dc59472296cb0024ba7715a64e

    SHA1

    27d99fbca067f478bb91cdbcb92f13a828b00859

    SHA256

    3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7

    SHA512

    6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262

    Download Submit

  • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
    Filesize

    283KB

    MD5

    2773e3dc59472296cb0024ba7715a64e

    SHA1

    27d99fbca067f478bb91cdbcb92f13a828b00859

    SHA256

    3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7

    SHA512

    6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\EmieSiteList\container.dat.fun
    Filesize

    16B

    MD5

    8ebcc5ca5ac09a09376801ecdd6f3792

    SHA1

    81187142b138e0245d5d0bc511f7c46c30df3e14

    SHA256

    619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880

    SHA512

    cec50bfc6ad2f57f16da99459f40f2d424c6d5691685fa1053284f46c8c8c8a975d7bcb1f3521c4f3fbdc310cf4714e29404aa23be6021e2e267c97b090dc650

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.fun
    Filesize

    8KB

    MD5

    f22599af9343cac74a6c5412104d748c

    SHA1

    e2ac4c57fa38f9d99f3d38c2f6582b4334331df5

    SHA256

    36537e56d60910ab6aa548e64ca4adafdcabde9d60739013993e12ba061dfd65

    SHA512

    5c8afc025e1d8342d93b7842dc7ef22eca61085857a80a08ba9b3f156ee3b814606bb32bc244bd525a7913e7915bdf3a86771d39577f4a1176ade04dc381c6d4

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133392319171282739.txt.fun
    Filesize

    77KB

    MD5

    d997633d0b3ec96704d5cf43d376a5c0

    SHA1

    273ca304e7dcb220fba060fc5f86249a85c6277e

    SHA256

    30ec7d89d2a5a895638cf2d4c5b3b64e722c1b243a0d7be2ae6564c43eed0af0

    SHA512

    6cb67b520f4d558cbfde508fec4ddfda36d55ae8dacd2b8680d142ca038ff0afa109dd6d6ee7dba4f3fa7b614534baebf740165de9b789a83e8724c2c9a64728

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133392323805994175.txt.fun
    Filesize

    47KB

    MD5

    3bbad2d39db5d82040a725ee4f32e2b4

    SHA1

    3efd65ea5c01c135de7f5db12f2e22ab99841ad3

    SHA256

    2ca2d3ca524b1f82e2fb0d1f0463d2503b38ddcf73112b68e11eed7abd3234de

    SHA512

    deaef7a1786494915a7321b861d4fe9090ae2ddf7f2ac20a8c09bece204a7696e1de36818913732e6bd6d31a4785a5401d39fbba138ed814570a5178033d3a35

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133392330282033677.txt.fun
    Filesize

    65KB

    MD5

    57de61933735ed242ea124a3b3ae05d1

    SHA1

    17b96da6dafefa25215bf06b42fa1f47eb47726d

    SHA256

    f97d46c926295d9d96390942136726d6fae4c8a75af24ecbb1eb6601c8b06b08

    SHA512

    ca7f153eb2168a09ce2cdd6500a88cef62b7d25ab44e76aa9b0c62cfeef75e0cf8f5b85d8bf749d3a9a63ebad39ba5a3581d6689c210f2e4017793e4de474ef5

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133392365261177427.txt.fun
    Filesize

    75KB

    MD5

    02226a2aae89dcc43d00ba6ce31c8582

    SHA1

    99589baa0e0e61f3047fad5001cb0456e08c2c68

    SHA256

    119612277ce4eae07e37d4b35b92125ed1338f478b581e7e6e59ccdaa010509c

    SHA512

    dc64c8a0872e613295a760e4b1c81dae051e473f2346e6f5de037a2592a38e1dd2b469309cc61180ff4c8b01a08d7ac2f268883a694ed2d108aa9ee17aa05f06

    Download Submit

  • memory/464-19-0x00007FFDB54A0000-0x00007FFDB5E41000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/464-21-0x00007FFDB54A0000-0x00007FFDB5E41000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/464-22-0x00000000015A0000-0x00000000015B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/464-23-0x0000000001770000-0x0000000001778000-memory.dmp

    Filesize

    32KB

    Download

  • memory/464-24-0x00007FFDB54A0000-0x00007FFDB5E41000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/464-27-0x00000000015A0000-0x00000000015B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2324-20-0x00007FFDB54A0000-0x00007FFDB5E41000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2324-0-0x00007FFDB54A0000-0x00007FFDB5E41000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2324-1-0x00000000009B0000-0x00000000009E8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2324-2-0x00007FFDB54A0000-0x00007FFDB5E41000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2324-5-0x000000001B9B0000-0x000000001BA4C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/2324-3-0x000000001B4E0000-0x000000001B9AE000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/2324-4-0x0000000000A00000-0x0000000000A10000-memory.dmp

    Filesize

    64KB

    Download