Overview

overview

10

Static

static

7

BitchTits ...P].exe

windows7-x64

7

WannaFartCry.exe

windows7-x64

3

Wannashiturself.exe

windows7-x64

10

big FAT ti...RE.exe

windows7-x64

10

big fat se...re.exe

windows7-x64

1

bitch man ...re.exe

windows7-x64

8

bro what t...at.dll

windows7-x64

7

cocksucker...L].exe

windows7-x64

7

fart poopy...re.exe

windows7-x64

7

fart weewe...re.exe

windows7-x64

10

farting po...re.exe

windows7-x64

10

farty poo ...re.exe

windows7-x64

10

fuck you.exe

windows7-x64

7

large peni...24.exe

windows7-x64

niggaware ...29.exe

windows7-x64

10

pee poo pi...re.exe

windows7-x64

10

retard ransomware.exe

windows7-x64

1

Analysis

  • max time kernel
    1797s
  • max time network
    1560s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    20-07-2024 14:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fart weewee ransomware.exe

  • Size

    135KB

  • MD5

    9086042b51122885883c927e612a5191

  • SHA1

    98dbe208dc906f5dcc17b66aa8fde46a711c6715

  • SHA256

    e0b0694554714b0f33f4e5fa6014d5419ff92831812390f840b0f75efd3b0ef0

  • SHA512

    d3a9d532ca2e578cd277ee452f05800e748cec5864a0d67b9c2ce876be45c9929d2c14bca2c0da9c1df10737b9d9cab4b4002c22930e62004f2ee15d8e375253

  • SSDEEP

    3072:HH6/kaUyjMV8VTBXz7q/DcNymNtqJ75rjQQwpFtlfhj9A5Sb:nm1jMer2VmNz/FLJj96

Score
10/10
defense_evasionpersistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Impair Defenses: Safe Mode Boot 1 TTPs 3 IoCs
    defense_evasion
  • Modifies WinLogon 2 TTPs 1 IoCs
    persistence
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fart weewee ransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\fart weewee ransomware.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Impair Defenses: Safe Mode Boot
    • Modifies WinLogon
    • Suspicious use of WriteProcessMemory
    PID:2696
    • C:\Windows\SysWOW64\Explorer.exe
      Explorer http://xyecoc.net/
      2⤵
        PID:2748
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2684
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://xyecoc.net/
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2804
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2804 CREDAT:275457 /prefetch:2
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2880

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Persistence

    Boot or Logon Autostart Execution

    2
    T1547

    Winlogon Helper DLL

    2
    T1547.004

    Privilege Escalation

    Boot or Logon Autostart Execution

    2
    T1547

    Winlogon Helper DLL

    2
    T1547.004

    Defense Evasion

    Modify Registry

    3
    T1112

    Impair Defenses

    1
    T1562

    Safe Mode Boot

    1
    T1562.009

    Credential Access

    Discovery

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      87ddb78d6b7423c22406b81946f9fdfa

      SHA1

      2396c3f262414afca47f9ca103d9ab75615e4e32

      SHA256

      3e2fc323b9156f5b03aa184898a62527a31a386f227bf451002737ede6a0ac54

      SHA512

      6a4f7b23b1e08288853c5a8ee63b65afd415d0da52aaf69c0be9f2af9c92cdeec7b3b82ed00f1321a5737e16c6faa26e305f25bc6916223f6c16fa6f404f310e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      33af238b6ae008a31ea68cebefed3451

      SHA1

      abd64ac33a3d3648cb3777cb8bc1a35e1baabe58

      SHA256

      b974e75133471d9871c1d1b0c55f2c7797731931329fbde94ec13547f290596b

      SHA512

      a77fb697d84763e0d4881337a6e4c8e384e393305c273c26eb7ff83fd086aab72006a3903c2cef2a9de955e3111cfa0653137cc30d1d80ad53a5724fdd8fb7a7

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9f8e326d294f6ec8dfa3cbde10077dc2

      SHA1

      69d8dade2ba2e934929551c750c3f1058b64b7ae

      SHA256

      e52e8a63190fcbde8f2a2419b0eb2d1489f0d3ba71aa7e3ec4eb3e09d4b739a0

      SHA512

      fb002e9e8eb08b255d4a7d1ec8ec376e546d6b8f764ef9548a2178ba5fdd18a4563554f2fb78c58b05bfe78f1dd630aa0acd32867c93fa269f8f7e4a999c276c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5e70c83ad3e580e88fab0f09306b9eae

      SHA1

      39aea09887e79f38bd6cafa11f3a8c9211e6517d

      SHA256

      a4b0b7d661cc9937aa5e608e4a849fb63e327d0ff3234cf74923d40b75a8b2b1

      SHA512

      e1b0710d39b85284603640f0ef96513172ffc21617e37aa97ebef6805474bb21765735bc170228e539f011f0bcb69a069fa6f141a464b4c2ce34b86038491cdf

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      192a43d99d7f3cc6e633107697ffe4ee

      SHA1

      a60a9c644269d22b139c8f13a0778a090bbdc156

      SHA256

      b49e9d75c105faded61d6fafad0ddef73c7e74cd15dcab6dd101519597e0c5d4

      SHA512

      448e4cf70be427644b09f729719c83ab5450c4b2c2792e4a3351539bb73bb43483976aceed9fe47242b3112df6c57832cdecb2b0cafab62daf967ea6505877ab

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b1d9a6f161380f956436337ea3e02897

      SHA1

      4f88aded5ef7d346c304815da475dc7f5c131b4e

      SHA256

      650a9ba69865c53b646baf90ae0c791dd54846721cca4c7d64e27d3e4e5b70da

      SHA512

      628579d212bf8d989b3a59479c4db677ca830750f70b9d0936a9d377fce73a7cbe307d6edcc2daed2e36ed580804cd9c6b309045e253f79a348c5fec7592a68f

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      48efb5a80d2a3d8b031e36a09e2043d8

      SHA1

      5e99b092f1f76eb40d4db0de856bfe11a9c1c9ea

      SHA256

      8da6f2f006bdd7c7ffae25e031ecf7c746c9e8566fff8bc51c9e59ee7d358eb9

      SHA512

      2fbd28764a0703d07b69de59eefdc298f1fb15d2347b54cea1e46ba01396ae431e983385521bd0fe744478705c69d851efa33336f528adc48cd4ab45b465b176

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c39a42d10bb7a23c33ad7b09eb6f10df

      SHA1

      3c5bb99fb9d31912b181f0914f2a0aa3e0052e9f

      SHA256

      e54dc9c54d88a8afce7f2151668d71e1ab01841ed5993a6f664d46b5fb85a116

      SHA512

      e2aff16c73e8882fdf477eb527856d706ee16a7609d74cbd7803c4839929c0d9ee0ff79e588c78d4002cf0c23d38a0e0796db4ec1cd6db5cac2f1a327a891e13

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6a05903452bd7de54f2934ac64c09812

      SHA1

      97c682615fb2533e2ef2866ef3e654bd2d3deb25

      SHA256

      927604c7af2bd8089d263ca0f2c6305791f826254ab3d5948203ffb5e2d53fa6

      SHA512

      f540ca1ba59de995bc1fdb40dbbace6bf45b2df6c9007d6ca1afb46473d98479245710de73ec44b3e779e45b6b1460e038ba815e7f1fa7e59865eac14057a2e7

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5ff72bcc71da1cac247f4dfc34789e09

      SHA1

      08cfa7fd24360318ced645c45fd7e85e1d4d6644

      SHA256

      75a5a60217cd793c6b8da2eb633ad4309239e1bde815e41ffef78e146cef05ce

      SHA512

      e8426882527440de596aedbe7a6eeb9fec38a1c51a3ebdb908d1d7821c6751a9822baac587ebbee47b466e5a2387c73c0663d998988800cbf8afd9939ae202cf

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2109c5747c3d877694150911efdc806d

      SHA1

      c49d18223a4a0abf4d097179ab8ef5cdebf472fb

      SHA256

      d436024f1945b3d31262d5207bb05d99984b6c3d1bb53425c84a5c325dadf859

      SHA512

      47becd0447473293c8767fbc240b9afab8f121ac115e73ec93f62b8096f89854c8017c770795150c0ead024925fffaf4dc9dee9cb4f1b9e4ae78524e54daf0ec

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bb562fe9ad4f42a7b4e769328b1e2a48

      SHA1

      8e14092c7f78d6908f54b91894a34ed9219c0516

      SHA256

      cd4f21f97d008110596f0d9b4bb37a2248787f1bfabb4b3acbf5895879402c86

      SHA512

      01ec3f0607e1f1c8cc73258af191a5a9b554b3d74d30fb8368ce881a1733309a35cea3f56759e21ac43b79f08c9cb0f08db97b14d6673e9a1bd9c564043947af

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ff4b9cd483313803ca7db8df49df93b2

      SHA1

      22daf540e857b361750fef15bc9900ccaa1f65f4

      SHA256

      238b38e0fa0185d61e107ecc8b998206c6d0310547dc7b8e79664eed6bc43e61

      SHA512

      053934e66b267a7eea6665a5aea282a2719fbdf6cf494d720d1afd7d1157e3e2a629eed6639042143ed64ea0f030ea2a6eb9ef103157452cffe5d3885e4a4660

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7c3475c389657e5f168743d9df35e174

      SHA1

      910f94d65810fb87508ebc65807f30efd3274d45

      SHA256

      110a2b391782a945ab19b9cbf675c4c41c11f4ec2a69813692ad101e24ba598d

      SHA512

      13fcf2160b365c6dc21c90996cf9cd650b1a2b5fe5df6a8b20556518b3f5150a23a572a38deb916f215d3299bceb0e55b0445e85206c48d2d5ef2a279e5c1a41

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c5173c7ca6c4ed4e3944133b74028c46

      SHA1

      0e9e0ff8996a8c88674ae1da343cc41fcc550ddb

      SHA256

      706e3bdd4c3fd906d056330f246f772c7cc7fd7044baee18ce0f350ede56d05d

      SHA512

      dbe08c7d548cfc2c38b01dcb512028a9de134f1b13ad86b020c806785e3b0990f2b3d14e42cc7a16c1b6b33ef4439e3820c833ef22456f9746bc77220b550890

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6f4b87797ab316d5899a38cc3f345c75

      SHA1

      cd93f7c7c90c575dfd25bc1f2190dc1e4482dbc7

      SHA256

      090b1d860d5cedb65de03fd0fdad662ad0f63a470d4812eabab19747ab526efb

      SHA512

      d44ffee093de8f1fe606bd923bfaddd53b2b7878588e63ab6e35c66f1df680c0d20284fd7445282cdb6cd438db74db7880f840cccc11e992ba9e7b1264ef5d23

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b4473902792bbc52dde8845c3bc691ca

      SHA1

      4c1987f17c6f1ba4d1d569786e31488aae7f76f6

      SHA256

      8402d5317ec5e760fa9be3763cb5ce99ce08adddcf234ce14b2cae1684c1686d

      SHA512

      51179f5fe3e6f8cdfe0be187118fc66705676ed669d338ab884d2556f195c641b420d4914f4d690c62467da225121fb1d10a9548be9d801f1a1c8b4859b090d1

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bab84cd040666ab8835e5288aea2c113

      SHA1

      cfcf83cc6fb3c2e530f64e87d42f274641aa3e0b

      SHA256

      31c4a605d8b40ae6543901f4ae128a76cc87ed295f2e063148acfb3769244053

      SHA512

      02ad74b1780749b2f883e86f71796b61a8471f3d1cb120510121b9d22eaa0c112cbb82c91341714d2cc7c7f22a57d1fe7df84f09cc5d9c335fd2477209f384b7

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ac1ec5f65bd230acbae9ad82ec4a6f53

      SHA1

      be177e4c504bbc443ff6e7a3b1ceef23a4ab646f

      SHA256

      93fca2b76f75afe34db2ccd7c26a285388093d62d00c22ab43402fd361e9d21c

      SHA512

      d15cf8e9e262574dd6c130abfaf1d2a9283ee4742f7d2bb61c89b908589673fa6156ad0e9779502c204b8e18d68c2f064bb7c8949abab52ab1b8f758bb3791b5

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab1BED.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar1C8C.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • memory/2696-423-0x0000000000400000-0x0000000000427000-memory.dmp
      Filesize

      156KB

      Download