jigsaw | 653f642b866f37fc6d149ee025a318bea8a53ff1a48caa5f2f3d53f08ccb3d71 | Triage

Submit
Reports

Overview

overview

Static

static

1

xerin-unpacker.zip

windows10-ltsc 2021-x64

Sharing

General

Target

xerin-unpacker.zip
Size

236KB
Sample

241029-t11dyaxamr
MD5

b651a3553ab3a5bcb7b214970d472b42
SHA1

be3260cd668dac8d35503ad4a99adfa5e742da76
SHA256

653f642b866f37fc6d149ee025a318bea8a53ff1a48caa5f2f3d53f08ccb3d71
SHA512

f4428046e0b4df072a3f6b690dfd1a64db4823af3482f128480444a4af7a4263c1104d0d0bba76dd2c0041e8e33bcf58aba2f38805ee36d1f1b639e58725b44e
SSDEEP

6144:tYt0q+BReFMTsYCccx596gyWBXcuYNoqOE6j:tYt+BReiTmca59ojgX

Score

10^/10

jigsaw persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

xerin-unpacker.zip

Resource

win10ltsc2021-20241023-en

jigsaw persistence ransomware

windows10-ltsc 2021-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  xerin-unpacker.zip
- Size
  
  236KB
- MD5
  
  b651a3553ab3a5bcb7b214970d472b42
- SHA1
  
  be3260cd668dac8d35503ad4a99adfa5e742da76
- SHA256
  
  653f642b866f37fc6d149ee025a318bea8a53ff1a48caa5f2f3d53f08ccb3d71
- SHA512
  
  f4428046e0b4df072a3f6b690dfd1a64db4823af3482f128480444a4af7a4263c1104d0d0bba76dd2c0041e8e33bcf58aba2f38805ee36d1f1b639e58725b44e
- SSDEEP
  
  6144:tYt0q+BReFMTsYCccx596gyWBXcuYNoqOE6j:tYt+BReiTmca59ojgX
Score

10^/10

jigsaw persistence ransomware
- Jigsaw Ransomware
  Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
  ransomware jigsaw
- Jigsaw family
  jigsaw
- Renames multiple (738) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

jigsawpersistenceransomware

© 2018-2024

Terms | Privacy