Overview

overview

10

Static

static

7

BitchTits ...P].exe

windows7-x64

7

WannaFartCry.exe

windows7-x64

3

Wannashiturself.exe

windows7-x64

10

big FAT ti...RE.exe

windows7-x64

10

big fat se...re.exe

windows7-x64

1

bitch man ...re.exe

windows7-x64

8

bro what t...at.dll

windows7-x64

7

cocksucker...L].exe

windows7-x64

7

fart poopy...re.exe

windows7-x64

7

fart weewe...re.exe

windows7-x64

10

farting po...re.exe

windows7-x64

10

farty poo ...re.exe

windows7-x64

10

fuck you.exe

windows7-x64

7

large peni...24.exe

windows7-x64

niggaware ...29.exe

windows7-x64

10

pee poo pi...re.exe

windows7-x64

10

retard ransomware.exe

windows7-x64

1

Analysis

  • max time kernel
    1800s
  • max time network
    1559s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    20-07-2024 14:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fuck you.exe

  • Size

    370KB

  • MD5

    b8d68920aeadab481011b4f4519a8d39

  • SHA1

    6284d4a622115d6721678e1204e7f4477575e2ae

  • SHA256

    0159d20f5ea1df6d03d6cff8729b7e90e064ceb7caf05b6c0ce220d8bbdf38b2

  • SHA512

    a03a3e6a6426aa472c71b605a57868a40119fa6dd5bbcee8100133b07995fcd7d364c5fc671f6b4e6cac77ebda4f8a1078b91d174946424404370f8358d1db9f

  • SSDEEP

    6144:v0hwqmfHn/RN16uuToftAMs62LCkDnQ0eDQjizMVCiEzlc7R/0AnwWOwbITaxoSa:vwmP/xETSm1DhQeiiEzW/tvVwCoSa

Score
7/10
persistenceupx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 24 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 23 IoCs
  • Suspicious use of SendNotifyMessage 22 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fuck you.exe
    "C:\Users\Admin\AppData\Local\Temp\fuck you.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1040
    • C:\ProgramData\cE02400JbPbP02400\cE02400JbPbP02400.exe
      "C:\ProgramData\cE02400JbPbP02400\cE02400JbPbP02400.exe" "C:\Users\Admin\AppData\Local\Temp\fuck you.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:2764

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\cE02400JbPbP02400\cE02400JbPbP02400
    Filesize

    192B

    MD5

    5db34f99ae8d4f141276596593889629

    SHA1

    b5cdc0859d99b3f3f9376e8b65ba9c3f72851b70

    SHA256

    4ff7a522f41ba8d55537a6b0252884bc6ec645ff7d68dfed103efff2e7ac2ada

    SHA512

    898245249477d69045161ffc00b11b08a267b48152f2b3974baef2082f3dfee5f6e9aecd7112680aee6a97daac687f9e565f452db1b0a61ed3d1744b39586c6d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\tC246.tmp
    Filesize

    3.5MB

    MD5

    a37e474789756594bdaf689e3f9c0a87

    SHA1

    7a2f47142666a30d4995c3b5419f0621e567e347

    SHA256

    1ee797d0747101c3683336f2ccb145b540583f1a884ef18218651592159e473a

    SHA512

    437603036ebb17be28b85617903cb2ae3c3ccdf4894323100f28f5127134815c0282ec75f1bba6745af474f8e235da7453252882af69ec52313f6de3f3433375

    Download Submit

  • \ProgramData\cE02400JbPbP02400\cE02400JbPbP02400.exe
    Filesize

    370KB

    MD5

    268f7a5fe1a75960c8f738937001f8d2

    SHA1

    9a98144997f8690757cf4d7d26f7fbe7768f6f90

    SHA256

    21f985e22da852adc2e19c474cd35332bb0850d6f1bb45a1a028b8d048dd6a9e

    SHA512

    7c833c72ba8c4acd5a981ff6e6ebdb2d4fe859963e994ca5847b28a2f7a4368f4d808e6d6b248ae3e7bc20dfa9b5445efc145fb36c90e6e8225bb9e8fd37b30b

    Download Submit

  • memory/1040-20-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1040-2-0x0000000000290000-0x00000000002E3000-memory.dmp

    Filesize

    332KB

    Download

  • memory/1040-1-0x00000000025B0000-0x0000000002655000-memory.dmp

    Filesize

    660KB

    Download

  • memory/1040-8-0x0000000000400000-0x00000000004BF000-memory.dmp

    Filesize

    764KB

    Download

  • memory/1040-16-0x0000000002AB0000-0x0000000002B7D000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1040-0-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/1040-21-0x0000000000400000-0x00000000004BF000-memory.dmp

    Filesize

    764KB

    Download

  • memory/2764-70-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/2764-92-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/2764-31-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/2764-40-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/2764-19-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/2764-76-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/2764-82-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/2764-90-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/2764-91-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/2764-22-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/2764-93-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/2764-94-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/2764-95-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/2764-96-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/2764-97-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/2764-98-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/2764-99-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download

  • memory/2764-17-0x0000000000400000-0x00000000004CD000-memory.dmp

    Filesize

    820KB

    Download