jigsaw | a705e662a0fd1415561578f65c029d21f20aabd1b3baffa7fb66294e92616a98 | Triage

Submit
Reports

Overview

overview

Static

static

1

d.jpg

windows10-2004-x64

Sharing

General

Target

d.jfif
Size

589B
Sample

240804-kxvjvawbqh
MD5

2e934e6e0af68871e37923b402f78219
SHA1

dd35ec46244325473359bd8b0ec393827c0358d6
SHA256

a705e662a0fd1415561578f65c029d21f20aabd1b3baffa7fb66294e92616a98
SHA512

c1bb7e2fbc4bd6f60deff92b6d38d2c7e950ee66f7a3a9dc606ef4bb7960cbd5f44c3be774f1a9aef1a55585e8f646e7443e0f66a2aefbb40f96bd7909bfdafd

Score

10^/10

jigsaw discovery persistence ransomware spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

d.jpg

Resource

win10v2004-20240802-en

jigsaw discovery persistence ransomware spyware stealer

windows10-2004-x64

26 signatures

1800 seconds

Malware Config

Targets

- Target
  
  d.jfif
- Size
  
  589B
- MD5
  
  2e934e6e0af68871e37923b402f78219
- SHA1
  
  dd35ec46244325473359bd8b0ec393827c0358d6
- SHA256
  
  a705e662a0fd1415561578f65c029d21f20aabd1b3baffa7fb66294e92616a98
- SHA512
  
  c1bb7e2fbc4bd6f60deff92b6d38d2c7e950ee66f7a3a9dc606ef4bb7960cbd5f44c3be774f1a9aef1a55585e8f646e7443e0f66a2aefbb40f96bd7909bfdafd
Score

10^/10

jigsaw discovery persistence ransomware spyware stealer
- Jigsaw Ransomware
  Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
  ransomware jigsaw
- Renames multiple (3745) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

jigsawdiscoverypersistenceransomwarespywarestealer

© 2018-2024

Terms | Privacy