Overview

overview

10

Static

static

3

2025-01-14...it.exe

windows7-x64

10

2025-01-14...it.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    14-01-2025 16:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-01-14_f0f3b0cd2f79f5793e9af47cc4ef6a44_bkransomware_ramnit.exe

  • Size

    2.2MB

  • MD5

    f0f3b0cd2f79f5793e9af47cc4ef6a44

  • SHA1

    7cc4e8161e05205e6c92e84c95813bc2310f38cc

  • SHA256

    906738fbeeb9b033d43752b8d27117db06c878d0dcad36075bbb9b48c04ad5ff

  • SHA512

    27bbb6dc44f941133e1d7f71856f8e9ec162c68a99668cca98d85b9703bc1c8227aee519d6c2ea8e458345e3252b7467c8fa51917929903989a5e0627fb1da15

  • SSDEEP

    49152:nbheJOlYsHxaVwS2/jCcV9XuKw7iK1dtKmPBNsto2z/cXfGl0:wu5HxaV72rCyXuKDK1dMuNsto2z/c

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 4 IoCs
  • UPX packed file 10 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 8 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 40 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-01-14_f0f3b0cd2f79f5793e9af47cc4ef6a44_bkransomware_ramnit.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-01-14_f0f3b0cd2f79f5793e9af47cc4ef6a44_bkransomware_ramnit.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2336
    • C:\Users\Admin\AppData\Local\Temp\2025-01-14_f0f3b0cd2f79f5793e9af47cc4ef6a44_bkransomware_ramnitSrv.exe
      C:\Users\Admin\AppData\Local\Temp\2025-01-14_f0f3b0cd2f79f5793e9af47cc4ef6a44_bkransomware_ramnitSrv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2600
      • C:\Users\Admin\AppData\Local\Temp\2025-01-14_f0f3b0cd2f79f5793e9af47cc4ef6a44_bkransomware_ramnitSrvSrv.exe
        C:\Users\Admin\AppData\Local\Temp\2025-01-14_f0f3b0cd2f79f5793e9af47cc4ef6a44_bkransomware_ramnitSrvSrv.exe
        3⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:3028
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2944
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2944 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2804
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2236
        • C:\Program Files (x86)\Microsoft\DesktopLayerSrv.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayerSrv.exe"
          4⤵
          • Executes dropped EXE
          • Drops file in Program Files directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:3008
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2972
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2972 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:1384
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2868
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2868 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2816

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ba77f70baf994caa23adf0e53348c19d

    SHA1

    cd0bfc7f393c5e60b28e69aaeee851518626933e

    SHA256

    cc634d1b5a1c9c74b2873a9f448040a2f924130870b65dd65a1f6e43a976ee26

    SHA512

    99b8b7669c38952d2dcddb3d1bf8408d050d7897b18b21a5d54cf3d54e55a1b5f5cd6f62b3140302fd310adf5451fcd30972b20e22cfbf8a47577e4eafa1295a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e777d799195eaf178c62ed8940deed3c

    SHA1

    39ae109b89bce40e8d7c245a1b9fb8c93efdeaa7

    SHA256

    06269184532d33ec70750adde338c7694deb05c402490a25adb786f261c3823e

    SHA512

    83e30d3d6101d0b1b58fa3d1760da99a7e2994778cb9a465bd12213a5c9a1ed396b5ef23d9c9e2b07f1b31f3aefe0f5251384aadf8cd7f1c91e7a83159373bc7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dba4112d159d83f73ae11cb1cb0412ff

    SHA1

    97dc3dbcb6faf5468592f729e9fd48cc7ddf5a7a

    SHA256

    50f449e5b6a594159dd135d36aad9df15297f62fd3316c42a4d4c478170d66d3

    SHA512

    dbb7b25681f2f63da1e130ada3b4bd346da446e60d6f2118356aa83a030db96cac65eeec9d571f03efb0cd49b4823e49515c1c3480ab3c143882333f2e98e7f1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    182d58387c1097f34f1d7eac4e718458

    SHA1

    cb93a0970071e3c716f4a3135c9f1bfc8835ce50

    SHA256

    978f7d901779c7bc46490abf789fd5ceecf6dedbabafeeb45f7d2a89205658a8

    SHA512

    ff4790ee6f20feaba90c0d03fd92ad1b2fa6751f71ade02d041e5025bfa891030dd6dc262312c00dd9f0a145b5bb7e572a078c4b17500ed0d22669dabcc0bdd6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6ebcb99b6ecdc0db49337018dee94d0d

    SHA1

    a5b87aab756a6b1428b6b6bc9cdc0c1d424445ef

    SHA256

    a865ef751cc2a5bfe693009ad5e42476f0d2dbf0ac66428eda1428eb93d90470

    SHA512

    92e012192ed78da80f52c2bdcd64e15912ea62c4b6478bd3f856186b0028c2065829f9b682baca06de6475c726750812e654694990d58bd836cac53b6188e1f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    14e17deecbc35ec05569a2eb56e49523

    SHA1

    79b1eb4b3aec363e6f2635a92ec7c0f604f912f8

    SHA256

    0b9ad2372d97e66b6316bd9b1b6ba5a707e66783f25fdfbb4dcc6ea1c82db627

    SHA512

    70d54c65e1cf1f71929e02e8803ad6772fb9ed008e6192b0e47aa1e15dd1a57926976e3e1124981b2bd09e61046ed4c8834a42ab0718ff8e917581fda1e3e651

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6551a9f38d52f4b1ca573ec75ac10120

    SHA1

    2229fadc3241466c62f36766a95c99939e069520

    SHA256

    f8ec5f50309bdceaf5fb16260b7ee9f139f7c4ec3aefdf829e5e7478b0d99f58

    SHA512

    adf09da2a975afffd89c17e85e7c9f1458458328f8738f4cbe577d47de139b374bbde2e837da9930853af1cdf5c74f44b5b4600d04f855e8597c9b0a42bab47e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5dd51021ff645f184455de69505bd6ab

    SHA1

    82755a34b1fa6b8a751788bbed707c5489ab9e62

    SHA256

    004cfeef51998ebb8ef33e8c9223ec3fe92d82ed62d7bb67e3374318b3e4fd46

    SHA512

    69a600dc1dbeff034ba807d9852b50368fa591579271a5e60cd3fd1786fa13b8d0c8da23fb8d988f45c7d0316fa0a575e22a865691476336fb392b5e3104e1fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    46c99b705a75ca4fb11b5530b35d217b

    SHA1

    08a274b9d8228bdb7db92507d68097c482ec795d

    SHA256

    426920f21eaa9efbff093334f665b98ab238470fc6aa74af234ee8a72cf4c3bd

    SHA512

    cf1560be03ed963ad94531cf868d0d15bf9d783ca601a81544c17bd398b87dbab438e866ea00641f2493859a563440017a2aa25c2f4bc70c41fd419772759147

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a6a530c389a7921689840a632d427a97

    SHA1

    9b857df381352cb03096391d2bb5ae9cadc1d6bf

    SHA256

    d48e642e3f2de6feb69aa11e9eea1916a7224dc2b25b3409be292489b724f9a6

    SHA512

    de326247812265df02d5b2a55d380f5593a2ffa8c868387b57e61b44120fd05d4a19ea51f2673f051f620c94aac8cf9a20dc3c184ced7dfad8a13c7670e6b420

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cee786f145c3799f0a8e01b41fe756f0

    SHA1

    e278c4a683b94186afee09ad3ac5b02afd20b97c

    SHA256

    4b40defb5a6dc837dee0682a91b19ca5e25b64e67c74fed1eeb417c014493ca2

    SHA512

    f9f722cc8a335c9148f70058a223022d2cf52d6f87705d86180d39c4b3fedd3b41e0ea4ef053c9beafe27cd43d7a312b31eb1116f4d4e43edf276170739c9d05

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    228efed3e70287701cc2dc7b4a2a9084

    SHA1

    bb89e259c88411a273ec850d49485e029f09afd4

    SHA256

    048dee8c1919f809280b0c4f2b92cccdee920d4cf81514af2cf390bf29f11e65

    SHA512

    b1b8fa76f14d9e93233a7fdb482435b7dd6311f946eb85b7ce4f5a80531e766b58319703ad11940a440d40810872d64967af2ef02a5250a0423a24a808d4695c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    facc02e47e4948f8aed12ca097962c9b

    SHA1

    aac3a536e95f2959f8f96c1201d161e2f80312d4

    SHA256

    98937189808f8fd0a682ae86c58da4579db8dab350d209d89ee8635052933bc0

    SHA512

    f4fb63deb4cc2cf9d81cccdaa8f62278183179b8f09ebb34802d540a77567256e1b6399b94cd156ca937de62a677b281a54e11d9c50ff91babff4115144579fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    21f958f2f4223f4c0145985b66899dba

    SHA1

    2924d09051164553f4366dac4f05f8bfc206d703

    SHA256

    67d77484a50820dcf22c9d2bf7a6d772ba7a5c421ad0882c2e2874ed698ce34f

    SHA512

    20473ea196fa5a84715ab598e2363b16e6746962d1b4bea5d7a6716b237f36d9c96a3d39affab8bed288c5b800dc1cb95bf7f4478cd66ce7c1290e38a0af9449

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2a10b8bd120026ce230eabf490339172

    SHA1

    1e734650917a419c74a5eae8e9c1bafe68010e06

    SHA256

    cd377272396af33f48df7f8ca5428b975870a5e8e770fb8585f1635c893ef724

    SHA512

    96acc97b4bfcc02d76728fdbba398fa9c974e573aa5e23ce7f3c9b489e00d8c0d9526e81ddbab0df9f54e3bc189ab5047f94fd1497c8c889aa11ed75811e8e3c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cbaac5819285d53385605524f2dfc705

    SHA1

    10067702b8e63672ae8df0f71117bd2cee2f8b07

    SHA256

    36945df90df704aa79e5605efd421ea9f4047568894d01b94d642aa989fe664d

    SHA512

    2a40b07dc3abc5066c19379212fc55054f61a64d48baf2e5884270ac1c48c2578c155ad62a1ec081632a8e6ee8f5800fa549b3382109ea283a8dbe8a0a01da97

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ff0f7ef3c8a384a522d534a7f14641bb

    SHA1

    0d476947e2b702c096a403ced356e7c322747e90

    SHA256

    138f43262016ce56b1e480b483dbcf78415c3c0181f6ddab4fc2d6c0949ba180

    SHA512

    b7ec6fbab4530bfd69be06eb08d87c9ce6692a307697a7d78f1d93bc793c9f464967b49626e49c5dbcb9075f614b31669c908288daa73b2b8851d478a2181332

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    68adbe5859aa5342703539e8e3a07ec9

    SHA1

    90df5fb18249f04370f7d27349f6d446f060b200

    SHA256

    3f8a533ad44ea0b39ab5348879001e179f1021a3a80c9159c134ffe2bdcbf88b

    SHA512

    8f209dee6236c36811699404f07a41969697ad62da9d5f9c2576b8e0983941598f313e4a82db896f024c61b82daf2a1b2c5475e1ccb83a0832aab1662c77e9af

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b772262782a328b665ee42c7bc82f43d

    SHA1

    fa762f8e2dd3fe5e1c8867ce7e7de7287bfefee8

    SHA256

    707387793cb75e4284a319a98fb5fa6ad3ce537f63fb7c124c2a338334f22376

    SHA512

    8f7bf693191c143f1f5118e621ae43cab53c2fc447698680677546841441475b0b1ff8e4236ce9fd78adc0a7439ce9b9994e1cd951839dc5a5c2075935f1dec2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6ddb400470fb03a7ad46603edecf4e8c

    SHA1

    e5b19356259b2bf3cd7c92d9c728eeffbf2198ae

    SHA256

    be3b690191bc60fab96df395ab3068990f488ba72667925a981e8516f8493be7

    SHA512

    c2766e1df3887d2539ef8a698d2650906c1a235c8ceb79ee650165ae253dce8698954a8f0b30fdf5c9e72d13b37eba80d001913fd52c62eeff03623fb492abd2

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DB4ACAF1-D296-11EF-911E-C2ED954A0B9C}.dat
    Filesize

    5KB

    MD5

    5ba77be745a9ed1a8de9cb1fb4305ace

    SHA1

    f7cb1627fa739553f794243c4494567f7db9a156

    SHA256

    6f6abbf4ed77c5f1b33534513fc53adcbddf3b99a42900fa3c791a7c3fef5b17

    SHA512

    cf11640a91c01b5498f9e4b67cd65ebb44c3a3d1494aecd5b4b4eeeb032a0060fa4de54779823a5363166d603b25146a2b0e122a38fa0e08cf9e179429ef2aeb

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DB4ACAF1-D296-11EF-911E-C2ED954A0B9C}.dat
    Filesize

    5KB

    MD5

    c8bb9f3d5342d89113384c087bc98166

    SHA1

    3382f554d8d31810937e9e21fa3719ebd5a86f59

    SHA256

    b0634bf0bb9e31ebdb0daff7f89f9ec1432047068922f1fa6c492db1486b8db9

    SHA512

    9ddd5ea38a0fc25620752bdaa162321262943635af19fb28166b402f5d7521f9b37920503f99e8a856c974b943d002a3694bcd9cc970954ceed8fc994b9bdd4a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DB5DAEE1-D296-11EF-911E-C2ED954A0B9C}.dat
    Filesize

    4KB

    MD5

    94977c598eca9d07010c5dc702fc46b1

    SHA1

    2435cfb726ee84e95fa76c9fbde0986026e09352

    SHA256

    25305d75d2fdcfba9adf56b62daf320e1d0f3afeeb463f39bfe736e71b053d11

    SHA512

    0b2725ae603a06d7f96a27af6d13ce406f3a3b4ffa3675cfc37d4277de2b6ef2cc34619ad4f3059b4e174c7b19c140c08ee8549c55fb654abb24ae025a8f7475

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA9D.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB6C.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\2025-01-14_f0f3b0cd2f79f5793e9af47cc4ef6a44_bkransomware_ramnitSrv.exe
    Filesize

    111KB

    MD5

    e653763c494bc3fa2c1639171c972822

    SHA1

    2eb89e91740ea872878085d0b9f4df01a9bdf522

    SHA256

    daeaf797e1bc249957d708974aec45fbb7d844208025badd8235693ab268add9

    SHA512

    d23b0410bd95a368d28f8ff2136fed143e5312e905eb32486b39779dd48026eb64aa5f0054f78128a2d92f461c29f38da0d7b266d7c8fd32d363f9fd52cbbf1a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\2025-01-14_f0f3b0cd2f79f5793e9af47cc4ef6a44_bkransomware_ramnitSrvSrv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • memory/2236-36-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2236-29-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2336-45-0x0000000000780000-0x00000000007BD000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2336-40-0x0000000000E70000-0x00000000010B7000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2336-5-0x0000000000780000-0x00000000007BD000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2336-0-0x0000000000E70000-0x00000000010B7000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2600-11-0x00000000001C0000-0x00000000001EE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2600-18-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2600-16-0x00000000001C0000-0x00000000001CF000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2600-7-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/3008-41-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3028-17-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3028-24-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3028-28-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download