Extracted

• • Target

    Ransomware.Jigsaw.zip

  • Size

    239KB

  • MD5

    3ad6374a3558149d09d74e6af72344e3

  • SHA1

    e7be9f22578027fc0b6ddb94c09b245ee8ce1620

  • SHA256

    86a391fe7a237f4f17846c53d71e45820411d1a9a6e0c16f22a11ebc491ff9ff

  • SHA512

    21c21b36be200a195bfa648e228c64e52262b06d19d294446b8a544ff1d81f81eb2af74ddbdebc59915168db5dba76d0f0585e83471801d9ee37e59af0620720

  • SSDEEP

    3072:p7ykj3uuY4NsJD7kPdSRQLqas/pkPm9jvkEL60Uf7k2BgS6/aFybrNN5ZAdNstk7:p7ym3VNA7w8R5/rxv7O0yng0UtVw5NJ

  Score

  10^/10

  jigsawwannacrydiscoverypersistenceransomwarespywarestealerworm

  • Jigsaw Ransomware

    Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

    ransomwarejigsaw

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Renames multiple (3713) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Deletes itself

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies file permissions

    discovery

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1