ramnit | 0ef82d9f481f03f6695aeb60442b1793a30db4d7bc03110cd674d24246464f50

Analysis

max time kernel
118s
max time network
128s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15-11-2024 11:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-15_5865f46ebcb92267aea0c40edd13c402_icedid_ramnit_silence.exe
Size

2.1MB
MD5

5865f46ebcb92267aea0c40edd13c402
SHA1

3147d4a5fc3693fdaae61fd80158a6ce567e7537
SHA256

0ef82d9f481f03f6695aeb60442b1793a30db4d7bc03110cd674d24246464f50
SHA512

bee492139306788bcdd232c5da47868ac762646d661a97044a116fbfd2edca155af2c1e695a0502759c7730b3ce177de9c88fc504e2f3878d3f4c9b94d4ffa72
SSDEEP

49152:ipp5LM0nEKNapEJBk9Xe23eWyg4+5M7XHq18pqXuA600xuRA/T:iX5LM0nEKspEJme23elb+W7Xg8pqXs0k

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Ramnit family
ramnit

Executes dropped EXE 2 IoCs

pid	Process
1416	2024-11-15_5865f46ebcb92267aea0c40edd13c402_icedid_ramnit_silenceSrv.exe
352	DesktopLayer.exe

Loads dropped DLL 2 IoCs

pid	Process
276	2024-11-15_5865f46ebcb92267aea0c40edd13c402_icedid_ramnit_silence.exe
1416	2024-11-15_5865f46ebcb92267aea0c40edd13c402_icedid_ramnit_silenceSrv.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000b000000012259-2.dat	upx
behavioral1/memory/276-5-0x0000000000640000-0x000000000066E000-memory.dmp	upx
behavioral1/memory/1416-10-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/1416-9-0x0000000000240000-0x000000000024F000-memory.dmp	upx
behavioral1/memory/352-16-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/352-20-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/352-22-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/352-18-0x0000000000400000-0x000000000042E000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	2024-11-15_5865f46ebcb92267aea0c40edd13c402_icedid_ramnit_silenceSrv.exe
File opened for modification	C:\Program Files (x86)\Microsoft\pxDD93.tmp	2024-11-15_5865f46ebcb92267aea0c40edd13c402_icedid_ramnit_silenceSrv.exe
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	2024-11-15_5865f46ebcb92267aea0c40edd13c402_icedid_ramnit_silenceSrv.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-11-15_5865f46ebcb92267aea0c40edd13c402_icedid_ramnit_silence.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-11-15_5865f46ebcb92267aea0c40edd13c402_icedid_ramnit_silenceSrv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DesktopLayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CA138051-A344-11EF-9B14-7ED3796B1EC0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437831999"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
352	DesktopLayer.exe
352	DesktopLayer.exe
352	DesktopLayer.exe
352	DesktopLayer.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2252	iexplore.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
276	2024-11-15_5865f46ebcb92267aea0c40edd13c402_icedid_ramnit_silence.exe
2252	iexplore.exe
2252	iexplore.exe
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 276 wrote to memory of 1416	276	2024-11-15_5865f46ebcb92267aea0c40edd13c402_icedid_ramnit_silence.exe	31
PID 276 wrote to memory of 1416	276	2024-11-15_5865f46ebcb92267aea0c40edd13c402_icedid_ramnit_silence.exe	31
PID 276 wrote to memory of 1416	276	2024-11-15_5865f46ebcb92267aea0c40edd13c402_icedid_ramnit_silence.exe	31
PID 276 wrote to memory of 1416	276	2024-11-15_5865f46ebcb92267aea0c40edd13c402_icedid_ramnit_silence.exe	31
PID 1416 wrote to memory of 352	1416	2024-11-15_5865f46ebcb92267aea0c40edd13c402_icedid_ramnit_silenceSrv.exe	32
PID 1416 wrote to memory of 352	1416	2024-11-15_5865f46ebcb92267aea0c40edd13c402_icedid_ramnit_silenceSrv.exe	32
PID 1416 wrote to memory of 352	1416	2024-11-15_5865f46ebcb92267aea0c40edd13c402_icedid_ramnit_silenceSrv.exe	32
PID 1416 wrote to memory of 352	1416	2024-11-15_5865f46ebcb92267aea0c40edd13c402_icedid_ramnit_silenceSrv.exe	32
PID 352 wrote to memory of 2252	352	DesktopLayer.exe	33
PID 352 wrote to memory of 2252	352	DesktopLayer.exe	33
PID 352 wrote to memory of 2252	352	DesktopLayer.exe	33
PID 352 wrote to memory of 2252	352	DesktopLayer.exe	33
PID 2252 wrote to memory of 2172	2252	iexplore.exe	34
PID 2252 wrote to memory of 2172	2252	iexplore.exe	34
PID 2252 wrote to memory of 2172	2252	iexplore.exe	34
PID 2252 wrote to memory of 2172	2252	iexplore.exe	34

C:\Users\Admin\AppData\Local\Temp\2024-11-15_5865f46ebcb92267aea0c40edd13c402_icedid_ramnit_silence.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-15_5865f46ebcb92267aea0c40edd13c402_icedid_ramnit_silence.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:276
- C:\Users\Admin\AppData\Local\Temp\2024-11-15_5865f46ebcb92267aea0c40edd13c402_icedid_ramnit_silenceSrv.exe
  C:\Users\Admin\AppData\Local\Temp\2024-11-15_5865f46ebcb92267aea0c40edd13c402_icedid_ramnit_silenceSrv.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1416
- - C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:352
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2252
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2252 CREDAT:275457 /prefetch:2
        5⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:2172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
455b1ee6e2f72e44e9faf351d44ebdfd

SHA1
7939213e4ea27fda718f9f6470c787c3a7e3d194

SHA256
8f1f2be9cb7a9c42b088b1b00ea71cbcc2dfb9e8b17a1be7a62954b8e455f6dd

SHA512
25e606090788f6404e1e28352a98e99f7ff57cb45e47fd87240fd95d72a1abdac0a700e83b89f6f36d9bb5726c1df6fb2fbd3bb8a54825f713e7d1f77ef17722

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
248c6fd192135a441f855a970fe512d4

SHA1
da8bd876e4ad513b54e5f09517974f97692557b5

SHA256
58bce71599c80d6e1551160e4fbd6827d48141949b0ae0a444a04c1923c85c8e

SHA512
3234766cf025544353e4c0753a5013ec378f666fdddbc66d59a05e504051487e4be74ef11e6fa58a1af6a329b1856b4c42a3760fc9eeeead77cf3546291d4686

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
deae036268b99678026cc882121e6825

SHA1
cf4c16b0ccaa9d30e4d25ce7396bc532e0b33be3

SHA256
6c2dac67518443d1193809f2859c5e18fe3e9241811ec82cd81105a313243a39

SHA512
d433e8b71bf3938075a77a24facbf3951632968d3069763dfdb0e9174ab98504654beeab91a24095c1b7dd66930efb9a1c58516be6e85e0d18988556b71ad994

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f64637595b9d25f0a1714399a6ae21d7

SHA1
ccbb2495f82e0b3b2b950745a58eee63e79a25dc

SHA256
f6c2ae8f8b38b4da75276dcf4e68c8a4ca5a0fcf6d1744ce98c727dd0e7af208

SHA512
8e17ac4616abc3c42fa285fe28118246b15d7d783a9535cd211b7c37fa800ec324d7fc227bbe5b13fd620c45b703b1fbb5db5d429e80c0c0b381853ad9c55710

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c599fef49240d8d2870caa28b7e20afd

SHA1
a536962192f2328c7de5effa6025f76d2f29fe49

SHA256
e241cbecf910ad5eda9261115d9571c49c59ed7f4fbea3d6cb797e6ad37e195d

SHA512
ef23688d81b106e67068caea7a6bf80276d4770f889738864b5d5188ed0c4c97a0450b4874fcc0f624b07435aa2c046bcc00d77d3f15e441bb83ad6721265aa3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4373e761f0799ec1b25992975395eae5

SHA1
52873c05c03d48ab558965866df20e57c1b17cbe

SHA256
943378f915ecd9fee474e7181255be3228f80719dea400a3749fe22f3e3a8149

SHA512
5743e42c6c673c3a9fd4b177ca37d075395025b2697f4e581c96b7a5a364bba10bfa745dfc8068c7eee2d07b1758b85b26e4e6bf44c51642729607640601c648

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8ce86013be552f550d3821a19205f66

SHA1
d131cb5f4d15241fb8e883e377c560bbaf78c7e8

SHA256
08e9b30ba11281134e8211d497dc41fdc003bb582310fc44b5934d4b52abd2ff

SHA512
0db2c76b527bfcf8256836db35e592c2c3235c28434c9f7e26704786f8ce8c408d43d9ad01c667b43ba7ec0295306eff9d9c20eb8031f646bb68a44fb35c3750

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
36903a345e727d30355953d7718e0e55

SHA1
ba7cbb4892b1128f1569f9800e1fd25ad533d6a8

SHA256
cbb6ab78396ea685d8e7c9385891a89be52091a167459c836962be83e4ff1256

SHA512
be174169f29dd2c10e9a5b98791537269f7441b1cee22e3a2eb76ba8168256dbca5004833ea566c2aceb35bb1d2113d4dd88a7ef74fd9490b7c80e50384b39da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d293d378a06b3b955a03be5eddb75f19

SHA1
d47f6bb6cf2b93a3ee2937b4c16f4f51a7d34c37

SHA256
2578ccd3a03e56032f585309cb9b28abf3ece7d8d1e77936c2414ceaa499b048

SHA512
f22f746cc3f96a419c6b314f471e79e1212003ddfa838b7f9329c04f329fb8d87018f42c471eb36af516c672dbeea74ef370d30fca0b322d87930900fb8eb375

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8facbb91a63cd00341f19a9a51b9c603

SHA1
b86109c691739be2cbf96c5d3a4fab33fa1b4fb6

SHA256
eed7c9f15f9fd5727e56883f854e2e1c7dc04f0a81b7bf2b041ce9cdb36d9ddb

SHA512
c838419e68f25356e76dffcf3d94097511591b19c37d435ad215347f96ad8d1707ce952a551b0923b6afe9071ce95ae8a4628e5146b24e73ce6ee074a7429fd0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e1de9238eed0857737883bebde58b714

SHA1
53edf55af89b132ef742309c5018a35a4001518a

SHA256
32fc72a26ffc0e4ec547b907f9a727bd5d8a32f19ab833f3bf4a41395a3fddc0

SHA512
6e1ca4fcf3719b724ca71f14244c5368ca5fffd92b5249ae65a1f21082e9471987dbe51a7b387e22c9250be507cf9e81dc3c613acf696dfd2732b2d16a9333f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2e0fd7db662eed8814a1448b92e73f21

SHA1
149a8cd0d3c9a1155219886c30489bce7bfcd51a

SHA256
6b352c5f65469f3d9c03374ffc73a578424991749c1a2bd697b21a1fe38bce31

SHA512
96a3fb5ca8409b41fd4c98b7a77b43750d296591f910649555f286c82bfadcad79412b1e6a54ac75ea2158a6356b1a06eafcb13b25bac3d474aa5629ea1f76c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
511390904c79d26bf0acce135ea946ed

SHA1
01d980512548fc5eeba268251930bec0e2f473af

SHA256
e1f6b033914fac499de171fdbf6cdc3c8fba19eb755cefc45b02773c65b67d68

SHA512
ae0b0c5a64904026156b0a82004c0927db02f5ac31655b09d4143f123b12a31d0de1ef8485c1e4b7562a36f3242a8a13e428493b08eb6f4f35c4bba6a2a81552

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f20c2452eaade14505331e68ee023e7

SHA1
9f9ae4c3bb5752e49dd3ebaaf3f6fe50fa0385a1

SHA256
10612eec74ca0ee50a7a1d004e8eb48fa864f71f4f3ce92b1393682fb4951fd5

SHA512
10054aa6c9c8b5fef1afeff121fec56196ba625167ae2e4c1555b70dc96198432768f2b2e765259f027f746c5605fd0a5591b2fc7a653f93a6811352d4f9c93e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aaf9fb1f9500bd1821c818ce7c3864a3

SHA1
65f1cf1a6928c18a8331c9747b9734559b54b47d

SHA256
ad81c9d587d6da156026166cc0f07d743289251ef038e5ef760e9f1f1f9ab397

SHA512
1eb8992e2ae9f47d0f065e3904b9c23715ed5167887cb9b35fe693a1a83e043c3d53952b5d811b267f154422f94800f17da135cd5e39de453fe48d4cef3d788d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f2f14687b4ef6e85ae21a04941fa2c4

SHA1
4f474aa2f208c87f60e2f78650ea2869023898ff

SHA256
81ae6c137993e99203cdb9b891ca65696fb55c1833149e26a3a523c6116f0353

SHA512
bbcbf05ceedf5105276323e2f525482bd99e1ccfd5c9f5b8e55b200cb8cdc3a03425f9a008a6048bb6c410de7208d16f483f9c7235d681a03de488d73d36cbf6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
44df94ccd50d792db2970be3472b051a

SHA1
df2374546665da3fbb546fc5f039419266fb85c8

SHA256
d6bebd542b765aace257246938dc8a3f6471ccf498fc704f5f568c84a71e3976

SHA512
2e5b74602aa35d0d92951eb6aa990a793839f112b4d6c780a66625034d046b2171d2986e86f1484369bb7bdf0681dbd531794fd28cbc554f8e69be86c8905461

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6254078ca79670613a9b3c5901616d26

SHA1
21da0b2cf3485bcc54e2bce5d61d12fbfd6a07d2

SHA256
92c7dfdd659daae90f2c76400fb420a20eec171b1853c1ca9807276a691616a3

SHA512
0fde4c1de4c74ee97e4d02aa4c1ebe45c485a4e318a287bf3bd7edbb3e535ee75c94f07db4c26d1bab87293313000f9848db88fd2535295f6adf76c6d3880361

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFD64.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFE24.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Local\Temp\2024-11-15_5865f46ebcb92267aea0c40edd13c402_icedid_ramnit_silenceSrv.exe

Filesize
55KB

MD5
ff5e1f27193ce51eec318714ef038bef

SHA1
b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

SHA256
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

SHA512
c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

Download Submit
memory/276-5-0x0000000000640000-0x000000000066E000-memory.dmp

Filesize
184KB

Download
memory/276-25-0x0000000000400000-0x0000000000631000-memory.dmp

Filesize
2.2MB

Download
memory/276-24-0x0000000000640000-0x000000000066E000-memory.dmp

Filesize
184KB

Download
memory/276-23-0x0000000000400000-0x0000000000631000-memory.dmp

Filesize
2.2MB

Download
memory/276-0-0x0000000000400000-0x0000000000631000-memory.dmp

Filesize
2.2MB

Download
memory/352-18-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/352-20-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/352-16-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/352-22-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/352-19-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1416-9-0x0000000000240000-0x000000000024F000-memory.dmp

Filesize
60KB

Download
memory/1416-10-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download