Overview

overview

10

Static

static

3

e5dce3d5e3...18.exe

windows7-x64

10

e5dce3d5e3...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    63s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    17-09-2024 01:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e5dce3d5e39a5e790a407c3e0632b887_JaffaCakes118.exe

  • Size

    266KB

  • MD5

    e5dce3d5e39a5e790a407c3e0632b887

  • SHA1

    8aa120b9b284744ea45ce5368a64b979e4a19ed4

  • SHA256

    61a9ddcb15f0845bd89f2c4ca454e7d8f0a0b7a478ec2d980ae4fa333c1b4dd2

  • SHA512

    9fb695d9b51f909a9c467f8f6dd2a0b6aa3379120b51d0a1eba308650e71f6dc330ea9ddcb9ec01e6097c1ef245bd3705f741a5b43d24237219a4be1d4150ea9

  • SSDEEP

    6144:3r+AA8TO0n0YpiMEXKc9TeUrAbqBnMV6WC+:73O0n5KXjyUsmhW

Score
10/10
jigsawpersistenceransomwarespywarestealer

Malware Config

Signatures

  • Jigsaw Ransomware

    Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

    ransomwarejigsaw
  • Renames multiple (2025) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e5dce3d5e39a5e790a407c3e0632b887_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e5dce3d5e39a5e790a407c3e0632b887_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1464
    • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
      "C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\e5dce3d5e39a5e790a407c3e0632b887_JaffaCakes118.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:1448

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\invalid32x32.gif.popcorn
    Filesize

    160B

    MD5

    000e8c41d4a15fb34d0be0dbb56e3778

    SHA1

    00c4eae64ee6239d7c65d819c6ce1ac329224f8c

    SHA256

    8bdfa6a5b7de345cf0d4fe0e9c17d8b0e9db26d58b05b1b2ebbb3a05a068ff28

    SHA512

    775d832eb8ab73e4a93789917dca69edb6c91fbb426e02acf7c6e213ffb4575776187209d1c471fbf57c4621ea3c23d9850f6dfc2770d62c17de9d66710800af

    Download Submit

  • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
    Filesize

    266KB

    MD5

    e5dce3d5e39a5e790a407c3e0632b887

    SHA1

    8aa120b9b284744ea45ce5368a64b979e4a19ed4

    SHA256

    61a9ddcb15f0845bd89f2c4ca454e7d8f0a0b7a478ec2d980ae4fa333c1b4dd2

    SHA512

    9fb695d9b51f909a9c467f8f6dd2a0b6aa3379120b51d0a1eba308650e71f6dc330ea9ddcb9ec01e6097c1ef245bd3705f741a5b43d24237219a4be1d4150ea9

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DNTException\container.dat.popcorn
    Filesize

    16B

    MD5

    cfdae8214d34112dbee6587664059558

    SHA1

    f649f45d08c46572a9a50476478ddaef7e964353

    SHA256

    33088cb514406f31e3d96a92c03294121ee9f24e176f7062625c2b36bee7a325

    SHA512

    c260f2c223ecbf233051ac1d6a1548ad188a2777085e9d43b02da41b291ff258e4c506f99636150847aa24918c7bbb703652fef2fe55b3f50f85b5bd8dd5f6e3

    Download Submit

  • C:\Users\Admin\Documents\WatchWait.xlsx.popcorn
    Filesize

    12KB

    MD5

    96718789bb121117ecade555f36b068c

    SHA1

    08f0191dc6da32609a0133c429a783d997d7e563

    SHA256

    3f5554dbd1413f62c0d4a1767a1e5ad079b83916a57491010d3941e7962550ce

    SHA512

    2b1b328d2bd10c1fb8dac41476eeddb8af5f8f72512e463bddc43d078ef5d498cc156220fa4247bf73f86a7c8ec298ed136204f58dea89dc027e55aaf91ab6e6

    Download Submit

  • memory/1448-10-0x000007FEF4E70000-0x000007FEF580D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1448-11-0x000007FEF4E70000-0x000007FEF580D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1448-12-0x000007FEF4E70000-0x000007FEF580D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1448-13-0x000007FEF4E70000-0x000007FEF580D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1448-2046-0x000007FEF4E70000-0x000007FEF580D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1448-2049-0x000007FEF4E70000-0x000007FEF580D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1464-9-0x000007FEF4E70000-0x000007FEF580D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1464-0-0x000007FEF512E000-0x000007FEF512F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1464-5-0x000007FEF4E70000-0x000007FEF580D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1464-4-0x000007FEF4E70000-0x000007FEF580D000-memory.dmp

    Filesize

    9.6MB

    Download