Overview

overview

8

Static

static

3

fuckwindows.exe

windows7-x64

8

fuckwindows.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fuckwindows.exe

  • Size

    1.2MB

  • Sample

    240801-zqw7eszhpd

  • MD5

    7bbf03a8110563760b4f917582065eff

  • SHA1

    7ccc7ba96720bd81a4a7ef59bd77c9dd49326653

  • SHA256

    6b3063c244e8e32cc39e8d8d267f865fb943afbb92196db04cc272a2c68aaad5

  • SHA512

    393644875afb67e88c4ee79e916bdeceb4bf4e188c1211f14a91626fbbd7f88f3c967aef84be86a8c455ea791c8ca2a51c619d49a343e66f341273037f5b7d7f

  • SSDEEP

    24576:oQnZkrl1PGVuyhd9tBDgYW9sVTHzw9ulgUTYqwQ4co+y8BrVRHKV9OuVGawkU5dY:PTYYD4Hw

Score
8/10
defense_evasiondiscoveryevasionexploitransomware

Malware Config

Targets

    • Target

      fuckwindows.exe

    • Size

      1.2MB

    • MD5

      7bbf03a8110563760b4f917582065eff

    • SHA1

      7ccc7ba96720bd81a4a7ef59bd77c9dd49326653

    • SHA256

      6b3063c244e8e32cc39e8d8d267f865fb943afbb92196db04cc272a2c68aaad5

    • SHA512

      393644875afb67e88c4ee79e916bdeceb4bf4e188c1211f14a91626fbbd7f88f3c967aef84be86a8c455ea791c8ca2a51c619d49a343e66f341273037f5b7d7f

    • SSDEEP

      24576:oQnZkrl1PGVuyhd9tBDgYW9sVTHzw9ulgUTYqwQ4co+y8BrVRHKV9OuVGawkU5dY:PTYYD4Hw

    Score
    8/10
    defense_evasiondiscoveryevasionexploitransomware

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Possible privilege escalation attempt

      exploit

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

      discovery

    • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

      defense_evasion

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks