Overview
overview
10Static
static
7BitchTits ...P].exe
windows7-x64
7WannaFartCry.exe
windows7-x64
3Wannashiturself.exe
windows7-x64
10big FAT ti...RE.exe
windows7-x64
10big fat se...re.exe
windows7-x64
1bitch man ...re.exe
windows7-x64
8bro what t...at.dll
windows7-x64
7cocksucker...L].exe
windows7-x64
7fart poopy...re.exe
windows7-x64
7fart weewe...re.exe
windows7-x64
10farting po...re.exe
windows7-x64
10farty poo ...re.exe
windows7-x64
10fuck you.exe
windows7-x64
7large peni...24.exe
windows7-x64
niggaware ...29.exe
windows7-x64
10pee poo pi...re.exe
windows7-x64
10retard ransomware.exe
windows7-x64
1Analysis
-
max time kernel
1800s -
max time network
1559s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
20-07-2024 14:23
Behavioral task
behavioral1
Sample
BitchTits Ransomware [VIP].exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
WannaFartCry.exe
Resource
win7-20240704-en
Behavioral task
behavioral3
Sample
Wannashiturself.exe
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
big FAT tits RANSOMWARE.exe
Resource
win7-20240704-en
Behavioral task
behavioral5
Sample
big fat sexy dildo poop ransomware.exe
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
bitch man ransomware.exe
Resource
win7-20240708-en
Behavioral task
behavioral7
Sample
bro what the fuckkk ur seriously beliving that.dll
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
cocksucker ransomware [COOL].exe
Resource
win7-20240704-en
Behavioral task
behavioral9
Sample
fart poopy ransowmare.exe
Resource
win7-20240705-en
Behavioral task
behavioral10
Sample
fart weewee ransomware.exe
Resource
win7-20240708-en
Behavioral task
behavioral11
Sample
farting poop sex ransomware.exe
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
farty poo poo ransomware.exe
Resource
win7-20240705-en
Behavioral task
behavioral13
Sample
fuck you.exe
Resource
win7-20240705-en
Behavioral task
behavioral14
Sample
large penis ransomware 2024.exe
Resource
win7-20240704-en
Behavioral task
behavioral15
Sample
niggaware ransomware in 2029.exe
Resource
win7-20240704-en
Behavioral task
behavioral16
Sample
pee poo piss piss ransomware rare.exe
Resource
win7-20240705-en
Behavioral task
behavioral17
Sample
retard ransomware.exe
Resource
win7-20240705-en
General
-
Target
niggaware ransomware in 2029.exe
-
Size
396KB
-
MD5
6bea20141f31c1f027e325d631dd7416
-
SHA1
306060f6d99d2d39dccbca0877725cc88a098651
-
SHA256
54924abbcd3589b5758a4efb30be4e910488365230f24a97b2d642e699ff4fdc
-
SHA512
00fb5f0fd5c746edf5441f7e6eddb7dff3fd04b4886c4e0a1349af8be76fced72658a48d96962a3de22612b87fb9b126b5429f0d527a12db7709428a8cdb9bc3
-
SSDEEP
12288:TfTkNEWWcfMjzcR8eN565iIfhEl08V6pCo:jTkuQMDecG0cZo
Malware Config
Signatures
-
Processes:
niggaware ransomware in 2029.exe043A6A5B00014973000ABB91B4EB2331.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallOverride = "1" niggaware ransomware in 2029.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" 043A6A5B00014973000ABB91B4EB2331.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" 043A6A5B00014973000ABB91B4EB2331.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallOverride = "1" 043A6A5B00014973000ABB91B4EB2331.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" niggaware ransomware in 2029.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride = "1" niggaware ransomware in 2029.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" niggaware ransomware in 2029.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" niggaware ransomware in 2029.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride = "1" 043A6A5B00014973000ABB91B4EB2331.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" 043A6A5B00014973000ABB91B4EB2331.exe -
Disables taskbar notifications via registry modification
-
Deletes itself 1 IoCs
Processes:
043A6A5B00014973000ABB91B4EB2331.exepid process 2336 043A6A5B00014973000ABB91B4EB2331.exe -
Executes dropped EXE 1 IoCs
Processes:
043A6A5B00014973000ABB91B4EB2331.exepid process 2336 043A6A5B00014973000ABB91B4EB2331.exe -
Loads dropped DLL 4 IoCs
Processes:
niggaware ransomware in 2029.exe043A6A5B00014973000ABB91B4EB2331.exepid process 1968 niggaware ransomware in 2029.exe 1968 niggaware ransomware in 2029.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe -
Processes:
niggaware ransomware in 2029.exe043A6A5B00014973000ABB91B4EB2331.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" niggaware ransomware in 2029.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" niggaware ransomware in 2029.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" 043A6A5B00014973000ABB91B4EB2331.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" 043A6A5B00014973000ABB91B4EB2331.exe Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\svc 043A6A5B00014973000ABB91B4EB2331.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride = "1" niggaware ransomware in 2029.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Security Center\svc niggaware ransomware in 2029.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallOverride = "1" 043A6A5B00014973000ABB91B4EB2331.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Security Center\svc 043A6A5B00014973000ABB91B4EB2331.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" niggaware ransomware in 2029.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride = "1" 043A6A5B00014973000ABB91B4EB2331.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" 043A6A5B00014973000ABB91B4EB2331.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallOverride = "1" niggaware ransomware in 2029.exe Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\svc niggaware ransomware in 2029.exe -
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
043A6A5B00014973000ABB91B4EB2331.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\043A6A5B00014973000ABB91B4EB2331 = "C:\\ProgramData\\043A6A5B00014973000ABB91B4EB2331\\043A6A5B00014973000ABB91B4EB2331.exe" 043A6A5B00014973000ABB91B4EB2331.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
niggaware ransomware in 2029.exe043A6A5B00014973000ABB91B4EB2331.exepid process 1968 niggaware ransomware in 2029.exe 1968 niggaware ransomware in 2029.exe 1968 niggaware ransomware in 2029.exe 1968 niggaware ransomware in 2029.exe 1968 niggaware ransomware in 2029.exe 1968 niggaware ransomware in 2029.exe 1968 niggaware ransomware in 2029.exe 1968 niggaware ransomware in 2029.exe 1968 niggaware ransomware in 2029.exe 1968 niggaware ransomware in 2029.exe 1968 niggaware ransomware in 2029.exe 1968 niggaware ransomware in 2029.exe 1968 niggaware ransomware in 2029.exe 1968 niggaware ransomware in 2029.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 1968 niggaware ransomware in 2029.exe 1968 niggaware ransomware in 2029.exe 1968 niggaware ransomware in 2029.exe 1968 niggaware ransomware in 2029.exe 1968 niggaware ransomware in 2029.exe 1968 niggaware ransomware in 2029.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 1968 niggaware ransomware in 2029.exe 1968 niggaware ransomware in 2029.exe 1968 niggaware ransomware in 2029.exe 1968 niggaware ransomware in 2029.exe 1968 niggaware ransomware in 2029.exe 1968 niggaware ransomware in 2029.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe -
Suspicious use of FindShellTrayWindow 13 IoCs
Processes:
043A6A5B00014973000ABB91B4EB2331.exepid process 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
043A6A5B00014973000ABB91B4EB2331.exepid process 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
043A6A5B00014973000ABB91B4EB2331.exepid process 2336 043A6A5B00014973000ABB91B4EB2331.exe 2336 043A6A5B00014973000ABB91B4EB2331.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
niggaware ransomware in 2029.exedescription pid process target process PID 1968 wrote to memory of 2336 1968 niggaware ransomware in 2029.exe 043A6A5B00014973000ABB91B4EB2331.exe PID 1968 wrote to memory of 2336 1968 niggaware ransomware in 2029.exe 043A6A5B00014973000ABB91B4EB2331.exe PID 1968 wrote to memory of 2336 1968 niggaware ransomware in 2029.exe 043A6A5B00014973000ABB91B4EB2331.exe PID 1968 wrote to memory of 2336 1968 niggaware ransomware in 2029.exe 043A6A5B00014973000ABB91B4EB2331.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\niggaware ransomware in 2029.exe"C:\Users\Admin\AppData\Local\Temp\niggaware ransomware in 2029.exe"1⤵
- Windows security bypass
- Loads dropped DLL
- Windows security modification
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1968 -
C:\ProgramData\043A6A5B00014973000ABB91B4EB2331\043A6A5B00014973000ABB91B4EB2331.exe"C:\ProgramData\043A6A5B00014973000ABB91B4EB2331\043A6A5B00014973000ABB91B4EB2331.exe" "C:\Users\Admin\AppData\Local\Temp\niggaware ransomware in 2029.exe"2⤵
- Windows security bypass
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2336
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
396KB
MD56bea20141f31c1f027e325d631dd7416
SHA1306060f6d99d2d39dccbca0877725cc88a098651
SHA25654924abbcd3589b5758a4efb30be4e910488365230f24a97b2d642e699ff4fdc
SHA51200fb5f0fd5c746edf5441f7e6eddb7dff3fd04b4886c4e0a1349af8be76fced72658a48d96962a3de22612b87fb9b126b5429f0d527a12db7709428a8cdb9bc3