Overview

overview

10

Static

static

3

2024-12-28...it.exe

windows7-x64

10

2024-12-28...it.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    28-12-2024 15:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-12-28_c7935b7adb3e3a1f605c43f4a677c362_mafia_ramnit.exe

  • Size

    475KB

  • MD5

    c7935b7adb3e3a1f605c43f4a677c362

  • SHA1

    3a40eb380afb34d7fdd7b0d8c2af1d67cdc05091

  • SHA256

    55102f91cee46c5717d73ddf7c5897247e9e92a15d89534463d8318661632281

  • SHA512

    dd10b85a985071cfdee3cb64e2f69d17c66a2a29ea5cbadb60efbd2267eaf24f3cdd3f8dd7af16b5fcfbaaf07da69e308334f6e52dd0216209196535c6400f9d

  • SSDEEP

    6144:b4QyDFmyRm0N2A5a5k10iI5nQartTn16fmui+domLBf0dJ5TTBZbspom7bXq:0Qt0D52k1e7rtT1n+dHN0VTTbM/6

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious behavior: MapViewOfSection 27 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\csrss.exe
    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
    1⤵
      PID:388
    • C:\Windows\system32\wininit.exe
      wininit.exe
      1⤵
        PID:384
        • C:\Windows\system32\services.exe
          C:\Windows\system32\services.exe
          2⤵
            PID:476
            • C:\Windows\system32\svchost.exe
              C:\Windows\system32\svchost.exe -k DcomLaunch
              3⤵
                PID:592
                • C:\Windows\system32\wbem\wmiprvse.exe
                  C:\Windows\system32\wbem\wmiprvse.exe
                  4⤵
                    PID:1728
                  • C:\Windows\system32\DllHost.exe
                    C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                    4⤵
                      PID:792
                  • C:\Windows\system32\svchost.exe
                    C:\Windows\system32\svchost.exe -k RPCSS
                    3⤵
                      PID:668
                    • C:\Windows\System32\svchost.exe
                      C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                      3⤵
                        PID:748
                      • C:\Windows\System32\svchost.exe
                        C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                        3⤵
                          PID:808
                          • C:\Windows\system32\Dwm.exe
                            "C:\Windows\system32\Dwm.exe"
                            4⤵
                              PID:1172
                          • C:\Windows\system32\svchost.exe
                            C:\Windows\system32\svchost.exe -k netsvcs
                            3⤵
                              PID:836
                              • \\?\C:\Windows\system32\wbem\WMIADAP.EXE
                                wmiadap.exe /F /T /R
                                4⤵
                                  PID:2200
                              • C:\Windows\system32\svchost.exe
                                C:\Windows\system32\svchost.exe -k LocalService
                                3⤵
                                  PID:960
                                • C:\Windows\system32\svchost.exe
                                  C:\Windows\system32\svchost.exe -k NetworkService
                                  3⤵
                                    PID:268
                                  • C:\Windows\System32\spoolsv.exe
                                    C:\Windows\System32\spoolsv.exe
                                    3⤵
                                      PID:300
                                    • C:\Windows\system32\svchost.exe
                                      C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                                      3⤵
                                        PID:1072
                                      • C:\Windows\system32\taskhost.exe
                                        "taskhost.exe"
                                        3⤵
                                          PID:1108
                                        • C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
                                          "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
                                          3⤵
                                            PID:1580
                                          • C:\Windows\system32\svchost.exe
                                            C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                                            3⤵
                                              PID:2988
                                            • C:\Windows\system32\sppsvc.exe
                                              C:\Windows\system32\sppsvc.exe
                                              3⤵
                                                PID:2192
                                            • C:\Windows\system32\lsass.exe
                                              C:\Windows\system32\lsass.exe
                                              2⤵
                                                PID:492
                                              • C:\Windows\system32\lsm.exe
                                                C:\Windows\system32\lsm.exe
                                                2⤵
                                                  PID:500
                                              • C:\Windows\system32\winlogon.exe
                                                winlogon.exe
                                                1⤵
                                                  PID:432
                                                • C:\Windows\Explorer.EXE
                                                  C:\Windows\Explorer.EXE
                                                  1⤵
                                                    PID:1212
                                                    • C:\Users\Admin\AppData\Local\Temp\2024-12-28_c7935b7adb3e3a1f605c43f4a677c362_mafia_ramnit.exe
                                                      "C:\Users\Admin\AppData\Local\Temp\2024-12-28_c7935b7adb3e3a1f605c43f4a677c362_mafia_ramnit.exe"
                                                      2⤵
                                                      • Loads dropped DLL
                                                      • Drops file in Windows directory
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      • Suspicious behavior: MapViewOfSection
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      • Suspicious use of WriteProcessMemory
                                                      PID:2480
                                                      • C:\Users\Admin\AppData\Local\Temp\2024-12-28_c7935b7adb3e3a1f605c43f4a677c362_mafia_ramnitmgr.exe
                                                        C:\Users\Admin\AppData\Local\Temp\2024-12-28_c7935b7adb3e3a1f605c43f4a677c362_mafia_ramnitmgr.exe
                                                        3⤵
                                                        • Executes dropped EXE
                                                        • System Location Discovery: System Language Discovery
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        • Suspicious use of WriteProcessMemory
                                                        PID:2524
                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                          4⤵
                                                          • Modifies Internet Explorer settings
                                                          • Suspicious use of FindShellTrayWindow
                                                          • Suspicious use of SetWindowsHookEx
                                                          PID:2316
                                                          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2316 CREDAT:275457 /prefetch:2
                                                            5⤵
                                                            • System Location Discovery: System Language Discovery
                                                            • Modifies Internet Explorer settings
                                                            • Suspicious use of SetWindowsHookEx
                                                            PID:2972
                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                          4⤵
                                                          • Modifies Internet Explorer settings
                                                          • Suspicious use of FindShellTrayWindow
                                                          • Suspicious use of SetWindowsHookEx
                                                          PID:2332
                                                          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2332 CREDAT:275457 /prefetch:2
                                                            5⤵
                                                            • System Location Discovery: System Language Discovery
                                                            • Modifies Internet Explorer settings
                                                            • Suspicious use of SetWindowsHookEx
                                                            PID:2780

                                                  Network

                                                  MITRE ATT&CK Enterprise v15

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                    Filesize

                                                    342B

                                                    MD5

                                                    8d244b3e59808456d54d67fd78cd7ccc

                                                    SHA1

                                                    a0b51cb01e7feea76c1ec7877ee2361c44b442c8

                                                    SHA256

                                                    0c2ec8fb22490599d595bc780e5a726d62de591d901630885da2421a4eb74fcd

                                                    SHA512

                                                    e7b808deb50bcf441453e75d19746b3d0ee8415a827ee86ca8ba44b565b8494ee8781fb85d21a965c2e0379f577446b2d2d6e5ec316f219db14189836a51d8b7

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                    Filesize

                                                    342B

                                                    MD5

                                                    9f1a2f008efad36c687fb6ad4c81fd7c

                                                    SHA1

                                                    d61545554a40ac6e3e116318c1816842d3c24889

                                                    SHA256

                                                    0cfe67091facb4af7026f53564141c4e5dbc931f6f1826050736c706a266ea01

                                                    SHA512

                                                    f4f6454bb256bd051093ca4863ae2ec9f61f6f586ead42be877cbdff45bbcd64730dfc883be65840aa2a61f51db26de28eb0c8fc1e0f05416919b532e1a0d49b

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                    Filesize

                                                    342B

                                                    MD5

                                                    45326239066cddb89588cd032a860b9b

                                                    SHA1

                                                    b4194d26a257bfa4872a249fe3ca712944130286

                                                    SHA256

                                                    717d81d434c87629e5aa02d2ef804d9b9b1825aa769f3d34ef25d0622d67d561

                                                    SHA512

                                                    638129209b35633e9f4c4f193b236bc0a552074397506169ca4e080fffd7f52ef5f37d8768999f874d467bce3b90adc3972723482c98db00b1d31868b20592fb

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                    Filesize

                                                    342B

                                                    MD5

                                                    e231d17cc84bca33171f5aabb22d498a

                                                    SHA1

                                                    f7698356b865b9c51ba25fd8b5ffdfb2856cfc0a

                                                    SHA256

                                                    6dfce57cebf2137495647e343f8af763345b89a2e0e7f92b02be7ddf1fcf1cc4

                                                    SHA512

                                                    6537a9bbdecc08e5ade4959cdec61d22ed0fd800d707ca648ac2c7b75d9246f1f40cf4706f32feacc83cca459afe5cc4ebdd1ff6a6a763c089d4d77ac771a51c

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                    Filesize

                                                    342B

                                                    MD5

                                                    68c9c6a08d4c26998b62bfcb971a7e78

                                                    SHA1

                                                    3e712fc5e7a1fa3b65086dbbde3ba23d88f0814a

                                                    SHA256

                                                    7e010b2b3b398a3e79ec0372ca394d613bc3ae4c73222e3cfd1970c8cd837371

                                                    SHA512

                                                    0e78cccba3377cec724cce074fe21bc0c67e42e4444c9d5ed5bbb6590f77ef88e3714125930da3ebf359c6844f5d17aaf35d201aef532681d7178992b12977d1

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                    Filesize

                                                    342B

                                                    MD5

                                                    e9dec150b72fb0294447dd7283311524

                                                    SHA1

                                                    745d0233cf6fc7133d9e40c5bb3072f7de01e9ac

                                                    SHA256

                                                    f4720f02e9468a4a7a445398b56cd0527988df14e5027d92138a14dd5364a89d

                                                    SHA512

                                                    8859489a16352935eaff861af3969f6c19a3e41a9d4ced4805732b2707da7a19d2c6989f21662f650ce695922a26404af360189ed502f1c39b521e82bb101ec8

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                    Filesize

                                                    342B

                                                    MD5

                                                    8e638e4b46e3ee1702440bb4167a5a51

                                                    SHA1

                                                    65cbf7894b2fa18e322e81e5a9f31cd0e63ad51b

                                                    SHA256

                                                    6115237c30adb3e0a25175c0ed89c5842af54a8f5259d56078eeca5621d5f151

                                                    SHA512

                                                    bb1d382e453fde28e8a14b98fea60a24a5c8799e70d136627743fc623378eb4b40a6e34c0ac2e6d780680a99890b107b6c1dce556a45a6d0ea86f45f459f5c25

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                    Filesize

                                                    342B

                                                    MD5

                                                    21da096d93d0e38b7d9f2eb60135b032

                                                    SHA1

                                                    5480f0836baa3cfa36d1d7aa103802dd2f119ed5

                                                    SHA256

                                                    e27a325ce5ec9c33c14209e714748da26230f01feb432ff96183e723cf292fb3

                                                    SHA512

                                                    8f6dba14dfc73b62beb379c62b14eec851cc4a7bf8defa20a6a6bf251d030759d48bdcb28a9513060c2da485cab935187f72f38e8996a01518af0d996ea4b1fc

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                    Filesize

                                                    342B

                                                    MD5

                                                    850e42663d1621f69a59b94cc27ae55e

                                                    SHA1

                                                    d290422e7b129f9e0f60db54709442df8c67ddf9

                                                    SHA256

                                                    05e05a5123f01387dd7ea33cd6f34bf74aeefcbbd7541b81da1f1ddff9741b3c

                                                    SHA512

                                                    99983d924dc053d8c588b497254d47bece47dfee0403971126614cd1fca99c195879a58611f55a8bdab04d5c326bba4051e2540511439df3e65a42c31f706c2e

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                    Filesize

                                                    342B

                                                    MD5

                                                    977d3cd77cb3b485dafe4e423171cc68

                                                    SHA1

                                                    f1f66783c1c9c585dd3018178fe8ad836ce359ba

                                                    SHA256

                                                    b754cb66f39543a7ee45a241ca2a7be4de2e40f8929f41f9fdc74e488f49fae8

                                                    SHA512

                                                    2b111209a41217ddfe98c5657638079dfb29d14a4b5d3fb6f5396157e95a03f563ca69ad8ce897842e029cce8f0b761ea02ac227e1d52d5cae8da7122abb65ba

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                    Filesize

                                                    342B

                                                    MD5

                                                    085a6f864b3a4a602cff160b7103d52c

                                                    SHA1

                                                    e93f68817bdf518dd4977461ce73d131ab2b4d14

                                                    SHA256

                                                    63fec91d59261a28a4fdfc3c97d98cd9231b513c2029d0b33a7445f6fe7b458c

                                                    SHA512

                                                    3ddae24a27330cb80ff8b066ba46e32bedc129cd5a2b264c6b0c1ed6cb017ae07d62222eec25bd788257f8cb80268fb77e0fbb4ec3a4132a3c940191898f614d

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                    Filesize

                                                    342B

                                                    MD5

                                                    dccaf921f34c80c8e16d55bbf477347e

                                                    SHA1

                                                    d3799b86a28846016464cd4f704353ac0dc97884

                                                    SHA256

                                                    38ce6e405da5c90e2055b0bad4444c1a258cb6d9c4b83b3d131163c3c3aed469

                                                    SHA512

                                                    9ae86244125ecc297f0a24f168021d5d51ffc14c85205f4fb5df7b014c9cbb03621e279ce546812bb56494f90c8a9f0a68188cea909f84d31feb821ad4be529a

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                    Filesize

                                                    342B

                                                    MD5

                                                    b18ff247d6c2abc6468f9c459ac14ebe

                                                    SHA1

                                                    c9e42a7734ac4c04eece195d35fbcb47faa5a454

                                                    SHA256

                                                    12f21bbec081de820fe7b4f747842355019c85089ec463c77d5661c719998d8c

                                                    SHA512

                                                    11b0c09cddb4937129d13fb2354cd1f39f884ad823dcdefb5963dff05803fe7d1adee5a9866ccb6ff3d8de7c3078409280d838662c4863dde7824992dbcfdc78

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                    Filesize

                                                    342B

                                                    MD5

                                                    b3d17dc06af1b5a1748d721f5ca68b5c

                                                    SHA1

                                                    c5f75fdca2df7633d11136d48bf3178d55ad0988

                                                    SHA256

                                                    e1337d7da8968a9b3f86e8335081c93b996d290c0a01e66769ad565a28c51ba3

                                                    SHA512

                                                    daf1ecb052ae13c3282ebc2a20c2fe61602ff58073fde6e0438e6f50bae6c0e28e0897d04da18263583a7791108486eedfb7fd96b0117f345e00ae78bb26513c

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                    Filesize

                                                    342B

                                                    MD5

                                                    c09d900ed4ab02b159c39dda195ec389

                                                    SHA1

                                                    780e58b67eb016edea21501142fe5d36fdc1ab7c

                                                    SHA256

                                                    dffe3f287347a1e6a7a11f87e98427814b78623e49246efbb77400a05c99e9d0

                                                    SHA512

                                                    03e0a57202589c5d19f6b979eb6959bc232357137b354427773985c57f6a927b6cec4ce3fcd71df7c69804680c0877ca66f079698c894b361d8582a4818ff81c

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                    Filesize

                                                    342B

                                                    MD5

                                                    7801671303cad4385362e27342cda91b

                                                    SHA1

                                                    4ea843b7dc70fbe480800befacf4ce7457382642

                                                    SHA256

                                                    53d4ea903577954e26c8081a212b5d55c986e52e195aa28798d0e2a2bebf3958

                                                    SHA512

                                                    a01b2a2581d62023215747bb18f7f558ef2c89bb27206b131c337aa0c7c5da20e429edb2409c1f6180cc41d98724a985d9e6dba1973d58e2f92faa8d4f89effc

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                    Filesize

                                                    342B

                                                    MD5

                                                    64c48f1ebcf7c464c23e2c9187894ca5

                                                    SHA1

                                                    178add248e2e99aa3e72b7ea3416149c7432ac08

                                                    SHA256

                                                    8f11a680b96949baed2890c6af38e8f536e75fca4f5edd6abaade95484e8d537

                                                    SHA512

                                                    54e1b04ec6741d6c12174f2d2a298bcff118224bbebcccaf19cafef0447c843c8cd253805eeb664b48b90fee0d6a5a2c2d811c60e195ab666f1e5fa5e1980656

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                    Filesize

                                                    342B

                                                    MD5

                                                    5a292fdee6d82daec2f9ce44b273887f

                                                    SHA1

                                                    aa68f1e2787c96c19378c042e5f5df77a3d6dc39

                                                    SHA256

                                                    7b1deb4fd7935a554cf1d1fc98311ef6d270cae4b4f0c961d71a499f512cdb9f

                                                    SHA512

                                                    b296c1c315649d892215e6c14ffef02a679336d80ed389e85b878d9297e642d938e5d90371de661385cbcead7f8e710ca66e426a4568ab202f0f346c157fae9a

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{872D52E1-C52F-11EF-88C4-7A9F8CACAEA3}.dat
                                                    Filesize

                                                    5KB

                                                    MD5

                                                    b52ec8c2909ee0fe622ac01d8af08b6f

                                                    SHA1

                                                    929bae39a0e2d2eb1dfdbde52f48fd9f489378fc

                                                    SHA256

                                                    2e4d9f7a28d6a327ff67a56613f3509a4f598bd1cdbaebe40f384f1dc5f6d0fd

                                                    SHA512

                                                    d1ae42ecdadcd62c0df6eb7eac20b61f0054e513ce851ac34fbd2285a98b44b613c30f2579ffa12302415879df8f12286dba0825e8bea376ce96fe1e4d0ee208

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{872D79F1-C52F-11EF-88C4-7A9F8CACAEA3}.dat
                                                    Filesize

                                                    4KB

                                                    MD5

                                                    be61f55c75898c07fcf336e6062033ee

                                                    SHA1

                                                    fc4cb11f4cf99fe0eda2d29f240732953f277294

                                                    SHA256

                                                    ab2394987885687ba0ad2e4baaa2c3dd490a119f00633d0e221728d11f222e31

                                                    SHA512

                                                    7774135c7d246299234bda2071de8ade05897c8e1e41b3242b96c381c674e9932407355d647746e7882b4e68ceb521a52a6280fd64c0d869a98ea0227587e9b1

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Temp\2024-12-28_c7935b7adb3e3a1f605c43f4a677c362_mafia_ramnitmgr.exe
                                                    Filesize

                                                    159KB

                                                    MD5

                                                    8703c6aeb2e62da71e50db9698d91e35

                                                    SHA1

                                                    cafceda794c5b1976b46a5d39949137aba8dc9e6

                                                    SHA256

                                                    c3a332de99e2b195bbb3e5927f8ee4217f968bc373f8c499db45db0b3388d47d

                                                    SHA512

                                                    48e45868929fcacfa06c5078de2e54d32cfab80e5dd00036b37f3d55b33269f0ee82f46b68e7a6adc2ec9aecad8672393a77602c1b995133876c2c4e6d15229a

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Temp\CabF22F.tmp
                                                    Filesize

                                                    70KB

                                                    MD5

                                                    49aebf8cbd62d92ac215b2923fb1b9f5

                                                    SHA1

                                                    1723be06719828dda65ad804298d0431f6aff976

                                                    SHA256

                                                    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

                                                    SHA512

                                                    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Temp\TarF28F.tmp
                                                    Filesize

                                                    181KB

                                                    MD5

                                                    4ea6026cf93ec6338144661bf1202cd1

                                                    SHA1

                                                    a1dec9044f750ad887935a01430bf49322fbdcb7

                                                    SHA256

                                                    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

                                                    SHA512

                                                    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

                                                    Download Submit

                                                  • memory/2480-17-0x0000000000400000-0x0000000000481000-memory.dmp

                                                    Filesize

                                                    516KB

                                                    Download

                                                  • memory/2480-0-0x0000000000400000-0x0000000000481000-memory.dmp

                                                    Filesize

                                                    516KB

                                                    Download

                                                  • memory/2480-9-0x0000000000220000-0x0000000000284000-memory.dmp

                                                    Filesize

                                                    400KB

                                                    Download

                                                  • memory/2480-11-0x0000000000220000-0x0000000000284000-memory.dmp

                                                    Filesize

                                                    400KB

                                                    Download

                                                  • memory/2524-21-0x0000000000400000-0x0000000000464000-memory.dmp

                                                    Filesize

                                                    400KB

                                                    Download

                                                  • memory/2524-15-0x0000000000400000-0x0000000000464000-memory.dmp

                                                    Filesize

                                                    400KB

                                                    Download

                                                  • memory/2524-14-0x00000000001B0000-0x00000000001B1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/2524-12-0x00000000002C0000-0x00000000002C1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/2524-13-0x0000000000400000-0x0000000000464000-memory.dmp

                                                    Filesize

                                                    400KB

                                                    Download

                                                  • memory/2524-10-0x00000000001F0000-0x00000000001F1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download