Overview

overview

10

Static

static

3

VirusShare...96.exe

windows7-x64

10

VirusShare...96.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07/06/2024, 19:02 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VirusShare_5a9bd3d7f1534431a396a033d16ca496.exe

  • Size

    240KB

  • MD5

    5a9bd3d7f1534431a396a033d16ca496

  • SHA1

    0c269c5a641fd479269c2f353841a5bf9910888b

  • SHA256

    bc83ef30422eb7b0c8903d3b4f1d4258e25cf78e9357a30dac773f8d2c17aa28

  • SHA512

    e9c5b2df61e3002a4619073a442cd1041854bafbb99de2ec0e5974ceea36aaacd1aefa43cd9c4b54477af9f3400f1f356d43e506f100f3208ca595ccb5aa3844

  • SSDEEP

    6144:aDYZVxYgPZEz36R2eqHzs5oP+8fgsOznWqZajzCrY4F8TV:nXxO3RHzsmP+agVznWqZa/Cr7W

Score
10/10
jigsawpersistenceransomwarespywarestealer

Malware Config

Signatures

  • Jigsaw Ransomware

    Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

    ransomwarejigsaw
  • Renames multiple (1921) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\VirusShare_5a9bd3d7f1534431a396a033d16ca496.exe
    "C:\Users\Admin\AppData\Local\Temp\VirusShare_5a9bd3d7f1534431a396a033d16ca496.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2120
    • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
      "C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\VirusShare_5a9bd3d7f1534431a396a033d16ca496.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:2520

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\invalid32x32.gif.fun
    Filesize

    160B

    MD5

    580ee0344b7da2786da6a433a1e84893

    SHA1

    60f8c4dd5457e9834f5402cb326b1a2d3ca0ba7e

    SHA256

    98b6c2ddfefc628d03ceaef9d69688674a6bc32eb707f9ed86bc8c75675c4513

    SHA512

    356d2cdea3321e894b5b46ad1ea24c0e3c8be8e3c454b5bd300b7340cbb454e71fc89ca09ea0785b373b483e67c2f6f6bb408e489b0de4ff82d5ed69a75613ba

    Download Submit

  • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
    Filesize

    240KB

    MD5

    5a9bd3d7f1534431a396a033d16ca496

    SHA1

    0c269c5a641fd479269c2f353841a5bf9910888b

    SHA256

    bc83ef30422eb7b0c8903d3b4f1d4258e25cf78e9357a30dac773f8d2c17aa28

    SHA512

    e9c5b2df61e3002a4619073a442cd1041854bafbb99de2ec0e5974ceea36aaacd1aefa43cd9c4b54477af9f3400f1f356d43e506f100f3208ca595ccb5aa3844

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\container.dat.fun
    Filesize

    16B

    MD5

    8ebcc5ca5ac09a09376801ecdd6f3792

    SHA1

    81187142b138e0245d5d0bc511f7c46c30df3e14

    SHA256

    619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880

    SHA512

    cec50bfc6ad2f57f16da99459f40f2d424c6d5691685fa1053284f46c8c8c8a975d7bcb1f3521c4f3fbdc310cf4714e29404aa23be6021e2e267c97b090dc650

    Download Submit

  • memory/2120-3-0x000007FEF5DF0000-0x000007FEF678D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2120-0-0x000007FEF60AE000-0x000007FEF60AF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2120-9-0x000007FEF5DF0000-0x000007FEF678D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2120-5-0x000007FEF5DF0000-0x000007FEF678D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2520-10-0x000007FEF5DF0000-0x000007FEF678D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2520-237-0x000007FEF5DF0000-0x000007FEF678D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2520-238-0x000007FEF5DF0000-0x000007FEF678D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2520-239-0x000007FEF5DF0000-0x000007FEF678D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2520-12-0x000007FEF5DF0000-0x000007FEF678D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2520-11-0x000007FEF5DF0000-0x000007FEF678D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2520-1944-0x000007FEF5DF0000-0x000007FEF678D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2520-1947-0x000007FEF5DF0000-0x000007FEF678D000-memory.dmp

    Filesize

    9.6MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.