Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Trojan.Ran...us.exe

windows10-2004-x64

3

Trojan.Ran...us.exe

windows7-x64

3

Trojan.Ran...aw.exe

windows10-2004-x64

10

Trojan.Ran...aw.exe

windows7-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Desktop.zip

  • Size

    770KB

  • Sample

    250309-a6e6eawk17

  • MD5

    45d7b26c64c4cf6380a85371a26ffb45

  • SHA1

    39504aa4617d5dd2c2a790c1eb5a651577bc7770

  • SHA256

    3cdad5d046d056559562601efd1f2e0eb14285303abbb43f148b76070f498534

  • SHA512

    5012907355a8b0b3d9973a3c468d90860687d6af0ff3b18316f87b0efe286a5bfa2237a0ae7f23259dcd009c181fa819502b8a64a678bd0168cba710076a347c

  • SSDEEP

    12288:xeE0t09aEHHFJySS4ii2biK71J0oHH/upHOcmpfq41OYDwu:xeEorQvySStuK7UoHH/quce1OYN

Score
10/10
jigsawdiscoverypersistenceransomware

Malware Config

Targets

    • Target

      Trojan.Ransom.CoronaVirus.exe

    • Size

      1.0MB

    • MD5

      055d1462f66a350d9886542d4d79bc2b

    • SHA1

      f1086d2f667d807dbb1aa362a7a809ea119f2565

    • SHA256

      dddf7894b2e6aafa1903384759d68455c3a4a8348a7e2da3bd272555eba9bec0

    • SHA512

      2c5e570226252bdb2104c90d5b75f11493af8ed1be8cb0fd14e3f324311a82138753064731b80ce8e8b120b3fe7009b21a50e9f4583d534080e28ab84b83fee1

    • SSDEEP

      24576:FRYz/ERA0eMuWfHvgPw/83JI8CorP9qY0:FE/yADMuYvgP93JIc2

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      Trojan.Ransom.Jigsaw.exe

    • Size

      283KB

    • MD5

      2773e3dc59472296cb0024ba7715a64e

    • SHA1

      27d99fbca067f478bb91cdbcb92f13a828b00859

    • SHA256

      3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7

    • SHA512

      6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262

    • SSDEEP

      6144:7fukPLPvucHiQQQ4uuy9ApZbZWxcZt+kTfMLJTOAZiYSXjjeqXus:7fu5cCT7yYlWi8kTfMLJTOAZiYSXjyqX

    Score
    10/10
    jigsawpersistenceransomware

    • Jigsaw Ransomware

      Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

      ransomwarejigsaw

    • Jigsaw family

      jigsaw

    • Renames multiple (221) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks