Resubmissions
17-12-2023 09:25
231217-ld4tvafee8 1017-12-2023 09:25
231217-ldtc4sfee7 1017-12-2023 03:55
231217-eg3bvsdgbm 10Analysis
-
max time kernel
127s -
max time network
131s -
platform
windows10-1703_x64 -
resource
win10-20231215-en -
resource tags
arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system -
submitted
17-12-2023 09:25
Static task
static1
Behavioral task
behavioral1
Sample
jigsaw.exe
Resource
win10-20231215-en
General
-
Target
jigsaw.exe
-
Size
283KB
-
MD5
2773e3dc59472296cb0024ba7715a64e
-
SHA1
27d99fbca067f478bb91cdbcb92f13a828b00859
-
SHA256
3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7
-
SHA512
6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262
-
SSDEEP
6144:7fukPLPvucHiQQQ4uuy9ApZbZWxcZt+kTfMLJTOAZiYSXjjeqXus:7fu5cCT7yYlWi8kTfMLJTOAZiYSXjyqX
Malware Config
Signatures
-
Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
-
Executes dropped EXE 1 IoCs
pid Process 4396 drpbx.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000\Software\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe" jigsaw.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 3612 wrote to memory of 4396 3612 jigsaw.exe 72 PID 3612 wrote to memory of 4396 3612 jigsaw.exe 72
Processes
-
C:\Users\Admin\AppData\Local\Temp\jigsaw.exe"C:\Users\Admin\AppData\Local\Temp\jigsaw.exe"1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:3612 -
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe"C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\jigsaw.exe2⤵
- Executes dropped EXE
PID:4396
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
128KB
MD5944df883734460748224ee85ca87b91e
SHA19daac3bd92354c3fbea3e15fa46d08fbda4213f6
SHA2566e4402df53a35149f772e9876e194618ba9d51445ef18d7ed924c198b0eddf01
SHA512620806e6d040952a23fa8bb97d3e8cff4a76764ec327255ad5142323f6aa8225f9d2fa6707ae8e243cc45856cdd2cc5556dc1054a6e6bdd71da381938bf1775e
-
Filesize
58KB
MD5e73d9dc6aae4ac0f7ec5b1c491e9067d
SHA10556eb532d0ca507c52a9da6399185ac386be4a3
SHA256c40ea2569f9df9115603bd4458e5f74ad61376b8f553c613692b1361d85bcc7c
SHA5129722f6650b35560738731831532fc088ff7b11dad4ee8c12b60842c6118a6c5fe5117fabb142a195583348d04f125223aaa4b228564004b9ecaed3c78a303b69