jigsaw | 2488fac944393b2110bc68adf52434c6b1d0e85f70925f34c7728c124d63bf1d | Triage

Sharing

General

Target

JigsawRansomware.exe
Size

1.5MB
Sample

240326-a65fasbb24
MD5

7c85ceb084b23493a6ef7fc94a25451a
SHA1

973b492ce9420184ac1922c1cf933c5e4e400270
SHA256

2488fac944393b2110bc68adf52434c6b1d0e85f70925f34c7728c124d63bf1d
SHA512

b27a7e8c87fc6102e67e384e166e336a971c8f850641445036e4e8c05f8d30c0a9506bfa95dbd664a7dc43b296b3ebd8c0e15351b320413e40bb9ba3a5c42956
SSDEEP

49152:X70nS4pfVkqgy6r3a+kqXfd+/9A9TVanieKd:X7K5JEyUa+kqXf0FoVW

Score

10^/10

jigsaw persistence ransomware spyware stealer

Malware Config

Targets

- Target
  
  JigsawRansomware.exe
- Size
  
  1.5MB
- MD5
  
  7c85ceb084b23493a6ef7fc94a25451a
- SHA1
  
  973b492ce9420184ac1922c1cf933c5e4e400270
- SHA256
  
  2488fac944393b2110bc68adf52434c6b1d0e85f70925f34c7728c124d63bf1d
- SHA512
  
  b27a7e8c87fc6102e67e384e166e336a971c8f850641445036e4e8c05f8d30c0a9506bfa95dbd664a7dc43b296b3ebd8c0e15351b320413e40bb9ba3a5c42956
- SSDEEP
  
  49152:X70nS4pfVkqgy6r3a+kqXfd+/9A9TVanieKd:X7K5JEyUa+kqXf0FoVW
Score

10^/10

jigsaw persistence ransomware spyware stealer
- Jigsaw Ransomware
  Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
  ransomware jigsaw
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Renames multiple (1474) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

jigsawpersistenceransomwarespywarestealer