Overview

overview

10

Static

static

3

60741f2c4e...b4.exe

windows7-x64

10

60741f2c4e...b4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    60s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    29-10-2024 19:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    60741f2c4ef30ca4dfda69a549cdd20a2edb402b02c4bbe4a8d65e538e52f6b4.exe

  • Size

    5.4MB

  • MD5

    4171108985acf10ed305458034045917

  • SHA1

    696e0d48b0395a328655e4149edea73a0bdd3bbd

  • SHA256

    60741f2c4ef30ca4dfda69a549cdd20a2edb402b02c4bbe4a8d65e538e52f6b4

  • SHA512

    4348fcb4b2835d16deca4668f933349c41e0f56f3f5297331b1e9891ba5fbb04a3953411b11cdbaa2975671c6d0ef719f011931efdd3e7b232301d501313e4f0

  • SSDEEP

    12288:7fu5cCT7yYlWi8kTfMLJTOAZiYSXjyqX:725cKlWi

Score
10/10
jigsawpersistenceransomware

Malware Config

Signatures

  • Jigsaw Ransomware

    Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

    ransomwarejigsaw
  • Jigsaw family
    jigsaw
  • Renames multiple (327) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\60741f2c4ef30ca4dfda69a549cdd20a2edb402b02c4bbe4a8d65e538e52f6b4.exe
    "C:\Users\Admin\AppData\Local\Temp\60741f2c4ef30ca4dfda69a549cdd20a2edb402b02c4bbe4a8d65e538e52f6b4.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:432
    • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
      "C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\60741f2c4ef30ca4dfda69a549cdd20a2edb402b02c4bbe4a8d65e538e52f6b4.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:2772

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
    Filesize

    5.4MB

    MD5

    4171108985acf10ed305458034045917

    SHA1

    696e0d48b0395a328655e4149edea73a0bdd3bbd

    SHA256

    60741f2c4ef30ca4dfda69a549cdd20a2edb402b02c4bbe4a8d65e538e52f6b4

    SHA512

    4348fcb4b2835d16deca4668f933349c41e0f56f3f5297331b1e9891ba5fbb04a3953411b11cdbaa2975671c6d0ef719f011931efdd3e7b232301d501313e4f0

    Download Submit

  • C:\Users\Admin\Documents\ReceiveRemove.xlsx.fun
    Filesize

    12KB

    MD5

    92cb9a3cbba38323e146e38e51a90a35

    SHA1

    c42c0cb7afa01fde1af54e473ea431f2bf1d41d2

    SHA256

    f7ede2a856bd1dbae2ec5ac283c8f7dd668cd46acf07ff1d83da8a394fc9dc72

    SHA512

    35e47552fdbdaad5586a218b9e07443115add5868c1a50270f0e922aa14ae95e9a956763e6e1964ab530d4b53180cd39da167623e9007933572fca0296ae1a57

    Download Submit

  • memory/432-0-0x000007FEF68AE000-0x000007FEF68AF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/432-1-0x0000000000370000-0x00000000003A8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/432-4-0x000007FEF65F0000-0x000007FEF6F8D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/432-9-0x000007FEF65F0000-0x000007FEF6F8D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/432-12-0x000007FEF65F0000-0x000007FEF6F8D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2772-11-0x000007FEF65F0000-0x000007FEF6F8D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2772-10-0x000007FEF65F0000-0x000007FEF6F8D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2772-13-0x000007FEF65F0000-0x000007FEF6F8D000-memory.dmp

    Filesize

    9.6MB

    Download