Overview

overview

10

Static

static

7

BitchTits ...P].exe

windows7-x64

7

WannaFartCry.exe

windows7-x64

3

Wannashiturself.exe

windows7-x64

10

big FAT ti...RE.exe

windows7-x64

10

big fat se...re.exe

windows7-x64

1

bitch man ...re.exe

windows7-x64

8

bro what t...at.dll

windows7-x64

7

cocksucker...L].exe

windows7-x64

7

fart poopy...re.exe

windows7-x64

7

fart weewe...re.exe

windows7-x64

10

farting po...re.exe

windows7-x64

10

farty poo ...re.exe

windows7-x64

10

fuck you.exe

windows7-x64

7

large peni...24.exe

windows7-x64

niggaware ...29.exe

windows7-x64

10

pee poo pi...re.exe

windows7-x64

10

retard ransomware.exe

windows7-x64

1

Analysis

  • max time kernel
    1800s
  • max time network
    1443s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    20/07/2024, 14:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    pee poo piss piss ransomware rare.exe

  • Size

    418KB

  • MD5

    afe081816b33e7d8bdff7f7291fa3718

  • SHA1

    b05d2d80f846e95d70463b3096e7412575c5ce54

  • SHA256

    acee7b1fe33cae78353a100855e4da887599a504833f47c185373ed079529374

  • SHA512

    91604a604d3acccddbbec61854bba80756aea78341c098a66982a4c4c6c0ac3bdf09132b527caaaedceedb4f70539c6df7cc2dd7f029bb1ccb0695c535397c72

  • SSDEEP

    12288:I8y5iDtzoYgveS30QRuWlG9GDnH+9XUmwP:IDcCvegHEymw

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 2 IoCs
    persistence
  • Drops file in System32 directory 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\pee poo piss piss ransomware rare.exe
    "C:\Users\Admin\AppData\Local\Temp\pee poo piss piss ransomware rare.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    PID:1740
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
      PID:2452

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1740-0-0x0000000000220000-0x0000000000221000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1740-3-0x0000000000400000-0x000000000046F000-memory.dmp

      Filesize

      444KB

      Download

    • memory/1740-4-0x0000000000400000-0x000000000046F000-memory.dmp

      Filesize

      444KB

      Download

    • memory/1740-5-0x0000000000220000-0x0000000000221000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1740-6-0x0000000000400000-0x000000000046F000-memory.dmp

      Filesize

      444KB

      Download

    • memory/1740-9-0x0000000000400000-0x000000000046F000-memory.dmp

      Filesize

      444KB

      Download

    • memory/1740-14-0x0000000000400000-0x000000000046F000-memory.dmp

      Filesize

      444KB

      Download

    • memory/1740-15-0x0000000000400000-0x000000000046F000-memory.dmp

      Filesize

      444KB

      Download

    • memory/1740-22-0x0000000000400000-0x000000000046F000-memory.dmp

      Filesize

      444KB

      Download

    • memory/1740-25-0x0000000000400000-0x000000000046F000-memory.dmp

      Filesize

      444KB

      Download

    • memory/1740-28-0x0000000000400000-0x000000000046F000-memory.dmp

      Filesize

      444KB

      Download

    • memory/1740-30-0x0000000000400000-0x000000000046F000-memory.dmp

      Filesize

      444KB

      Download

    • memory/1740-49-0x0000000000400000-0x000000000046F000-memory.dmp

      Filesize

      444KB

      Download

    • memory/1740-50-0x0000000000400000-0x000000000046F000-memory.dmp

      Filesize

      444KB

      Download

    • memory/1740-51-0x0000000000400000-0x000000000046F000-memory.dmp

      Filesize

      444KB

      Download

    • memory/1740-55-0x0000000000400000-0x000000000046F000-memory.dmp

      Filesize

      444KB

      Download

    • memory/1740-59-0x0000000000400000-0x000000000046F000-memory.dmp

      Filesize

      444KB

      Download

    • memory/1740-62-0x0000000000400000-0x000000000046F000-memory.dmp

      Filesize

      444KB

      Download

    • memory/1740-65-0x0000000000400000-0x000000000046F000-memory.dmp

      Filesize

      444KB

      Download

    • memory/1740-66-0x0000000000400000-0x000000000046F000-memory.dmp

      Filesize

      444KB

      Download