Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

Jigsaw.zip

windows11-21h2-x64

1

Resubmissions

07/12/2023, 00:24

231207-aqbhaagcgj 10

06/12/2023, 23:45

231206-3r3blsgbgp 3

Analysis

  • max time kernel
    432s
  • max time network
    433s
  • platform
    windows11-21h2_x64
  • resource
    win11-20231129-en
  • resource tags

    arch:x64arch:x86image:win11-20231129-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    06/12/2023, 23:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Jigsaw.zip

  • Size

    239KB

  • MD5

    bccd9fe85eb31117cfe1fd877dd08fcd

  • SHA1

    a4c89e4d1290b392e967483979dba92f3309f2bd

  • SHA256

    b534355c974da421e12bedd40cc69ac2b8bea7126d0c58f5d2ab8c2999f42e87

  • SHA512

    ca98d1c354a596c36a3e85a6f11478d3401bd8a1b8b9bc5dbb8504c30db5f0bf3e662977b627d4ae64ffc58a2bbf7ba902364c9554d66897f64964afb15173bb

  • SSDEEP

    6144:5/vucHCQQQEwuyjADlZZuxcntYVecfdth:5OcitByWHu2eVecf9

Score
1/10

Malware Config

Signatures

  • Modifies registry class 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Jigsaw.zip
    1⤵
      PID:4368
    • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
      "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4060
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:1900
      • C:\Users\Admin\Desktop\2773e3dc59472296cb0024ba7715a64e.exe
        "C:\Users\Admin\Desktop\2773e3dc59472296cb0024ba7715a64e.exe"
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:1056
        • C:\Windows\system32\fondue.exe
          "C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll
          2⤵
            PID:3952
        • C:\Users\Admin\Desktop\2773e3dc59472296cb0024ba7715a64e.exe
          "C:\Users\Admin\Desktop\2773e3dc59472296cb0024ba7715a64e.exe"
          1⤵
          • Suspicious use of WriteProcessMemory
          PID:2332
          • C:\Windows\system32\fondue.exe
            "C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll
            2⤵
              PID:3732

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
            Filesize

            10KB

            MD5

            597e77be71bc1b1bc2c0147f0cfd0a37

            SHA1

            d1317f05e475077ca76f0546037c42ed6e776683

            SHA256

            16a86e049d3bec0cf072e336029a021e40c28842917d195c2a904e0db66a7d1a

            SHA512

            b37855118d49772cfa37bf5a2b2625c5468ab7a15bc8b2ecf036c6c9433a998b6d1963889a70ffcfaa38dd3639119cd39989b869e96af33502b61dc6394546e2

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Jigsaw.zip
            Filesize

            239KB

            MD5

            bccd9fe85eb31117cfe1fd877dd08fcd

            SHA1

            a4c89e4d1290b392e967483979dba92f3309f2bd

            SHA256

            b534355c974da421e12bedd40cc69ac2b8bea7126d0c58f5d2ab8c2999f42e87

            SHA512

            ca98d1c354a596c36a3e85a6f11478d3401bd8a1b8b9bc5dbb8504c30db5f0bf3e662977b627d4ae64ffc58a2bbf7ba902364c9554d66897f64964afb15173bb

            Download Submit