General
-
Target
JigsawRansomware.exe
-
Size
60KB
-
Sample
240529-s8fh3abf52
-
MD5
72c2cc3ab874b3cb59bca4724cf0c1e7
-
SHA1
f57625becb7513623ce1dc4a18f30a8df0c5763b
-
SHA256
05f42b673ebd0d13220a1ec382ddc830892c5ca3376089dfea0b72d601483d7a
-
SHA512
f9772b4fc46ae66cdcc110de1f5429f4c5f233373e13b0da839788aff076f29a5a93d16664ab91cb0664227f34d39698e112cff3c5d2db8b5eab1dd9cb6c583a
-
SSDEEP
768:Y1EW7GeB4uyTbIJgysVnlphLMZwZxeKtYJ8xDTIZUY2QRT/b4I19Yi6WrGgpCe0f:Y1E4Bgyulpzs+IZUY1sIzYi7D10Py7O
Static task
static1
Behavioral task
behavioral1
Sample
JigsawRansomware.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
JigsawRansomware.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
JigsawRansomware.exe
-
Size
60KB
-
MD5
72c2cc3ab874b3cb59bca4724cf0c1e7
-
SHA1
f57625becb7513623ce1dc4a18f30a8df0c5763b
-
SHA256
05f42b673ebd0d13220a1ec382ddc830892c5ca3376089dfea0b72d601483d7a
-
SHA512
f9772b4fc46ae66cdcc110de1f5429f4c5f233373e13b0da839788aff076f29a5a93d16664ab91cb0664227f34d39698e112cff3c5d2db8b5eab1dd9cb6c583a
-
SSDEEP
768:Y1EW7GeB4uyTbIJgysVnlphLMZwZxeKtYJ8xDTIZUY2QRT/b4I19Yi6WrGgpCe0f:Y1E4Bgyulpzs+IZUY1sIzYi7D10Py7O
Score10/10-
Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
-
Renames multiple (1961) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-