ramnit | 0ad1a7314a29fd29e936ffb136d14849e1d7892507eeff2f03d5b9d76259142a

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-01-2025 02:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnit.exe
Size

916KB
MD5

9e8efb29d94674532f94277ec4babdd2
SHA1

66d66dcec4610399111ffd89bdc2f1b4533b71bf
SHA256

0ad1a7314a29fd29e936ffb136d14849e1d7892507eeff2f03d5b9d76259142a
SHA512

9034593ed9e51c56c291acc7d978209d62905d0abfd89af871532b495b3a35e75f9f41ea794ed6ecee501787a95f88a130e54a4475b266b12fd38a6d48bfac49
SSDEEP

24576:Q7hS4HUTHTbhT8CN5fUGnyOa8Kpg/v6T1XP:QkT/N1UtQKpg/o1

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Ramnit family
ramnit

Executes dropped EXE 2 IoCs

pid	Process
2700	2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnitSrv.exe
2956	DesktopLayer.exe

Loads dropped DLL 2 IoCs

pid	Process
2076	2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnit.exe
2700	2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnitSrv.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000a000000012280-1.dat	upx
behavioral1/memory/2700-8-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2956-16-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2956-20-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2956-19-0x0000000000400000-0x000000000042E000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\pxF2A8.tmp	2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnitSrv.exe
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnitSrv.exe
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnitSrv.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnitSrv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DesktopLayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CF60CC61-D7A2-11EF-BBA4-FA59FB4FA467} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "443589841"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2956	DesktopLayer.exe
2956	DesktopLayer.exe
2956	DesktopLayer.exe
2956	DesktopLayer.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2772	iexplore.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2076	2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnit.exe
2772	iexplore.exe
2772	iexplore.exe
1152	IEXPLORE.EXE
1152	IEXPLORE.EXE
1152	IEXPLORE.EXE
1152	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 2700	2076	2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnit.exe	30
PID 2076 wrote to memory of 2700	2076	2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnit.exe	30
PID 2076 wrote to memory of 2700	2076	2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnit.exe	30
PID 2076 wrote to memory of 2700	2076	2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnit.exe	30
PID 2700 wrote to memory of 2956	2700	2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnitSrv.exe	31
PID 2700 wrote to memory of 2956	2700	2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnitSrv.exe	31
PID 2700 wrote to memory of 2956	2700	2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnitSrv.exe	31
PID 2700 wrote to memory of 2956	2700	2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnitSrv.exe	31
PID 2956 wrote to memory of 2772	2956	DesktopLayer.exe	32
PID 2956 wrote to memory of 2772	2956	DesktopLayer.exe	32
PID 2956 wrote to memory of 2772	2956	DesktopLayer.exe	32
PID 2956 wrote to memory of 2772	2956	DesktopLayer.exe	32
PID 2772 wrote to memory of 1152	2772	iexplore.exe	33
PID 2772 wrote to memory of 1152	2772	iexplore.exe	33
PID 2772 wrote to memory of 1152	2772	iexplore.exe	33
PID 2772 wrote to memory of 1152	2772	iexplore.exe	33

C:\Users\Admin\AppData\Local\Temp\2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnit.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnit.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Users\Admin\AppData\Local\Temp\2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnitSrv.exe
  C:\Users\Admin\AppData\Local\Temp\2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnitSrv.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2700
- - C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2956
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2772
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2772 CREDAT:275457 /prefetch:2
        5⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:1152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee3a7bf44cdd68afecde9355e2a35ce4

SHA1
1c6783d0872e7fbece75b3c09bd012895f4d7ba2

SHA256
c400771af05633547c5599a76a1c6fc6069487a8e6388f2f02ad4c95666886be

SHA512
4595f96bf282e8b91b7051f074f1a2e91b0cdcc1d9cf3394b6422adc5a962ec1b5eef1237d7d048209f7fcfe15fe1bf83d57aa669962c2c049d2a3aa89116747

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8b2370dce5a3f3b99a96a0a7653c5f60

SHA1
2dfd4e3ef990d37e60f7d5dc385671aeee147b22

SHA256
8fa7b263e946666d372723019fd3c39d14eee2cd8e69f07ef63778ce8c5ae390

SHA512
58e600a7d7a72b9b95c2c4b630b456aa0f95f001dae5d684360b0071fc0f9f59a4f727db03c339b33d4ec0423ea2fa840a5fd7e900567c344dfb597e518dfdff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d3d656af352fae208e2367defbc38fcc

SHA1
9e42f632ddd474d41424505cf5a287610a80ac4f

SHA256
c3d54ac6f8a3896d2ff50597267a4d22f3ea9734736533836003a41f5dd6b5f3

SHA512
24e28792b7026016886ae818ab29afb6ea4675d3e84334e7c97103577c66a3fc125ef36b1bd220235c458fe1f6ca9e51d463bda089f7836fa0d26f5068f305f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
882814532153a3bc2deac37c3fb4eb33

SHA1
3e1eb19c1e3346fb8e5342fd17f151b74dfaeda2

SHA256
89e7b29b1f8b4e779df2e13d11bb83ae16df8b46505308a66ff0f9ff2b5168dc

SHA512
b48d3e63235e31e771dd472da77ba018b964287412434fa71f615bee218a3fbf9b59a13989d51a991909d9dd8a1238c46e97e7b750513d50c58a2df6ccd8fe83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
052a3aa10a175c14bab6967976771598

SHA1
cd4ce634db48e4e51c6c96637b4ecf30275c094c

SHA256
239ec4b61cd540ba65e40c97eea89cfb1a6731b0da62a0d07f45389d1e514cf5

SHA512
48a046b74fd137b748b4a8923f673fcdfeacce52e12c5623f78bc0c28f0d7709283b9e5dc4c15c80da1707cf4e192a00a89e056cb271c77810cb9f6ae9d6a7f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa7a2f7e3a5daab563f7ac74c6f99cdc

SHA1
d67f9c39ff0156184850c4bae7c6115a65644f73

SHA256
5ce94f06f61f16f42d604b2a80deb0240b199995e48fe5b59f5db18b393b0548

SHA512
d267240f2899a4ab9cf101ff850f0f2063ae83b83ebbeb0a058686cd3529a9848aade80a0ef8c3c505ccc327353895e90cba0f3c2bbcee5808e24b469f456a01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
97befc9ac22a4e546fa80919d9211362

SHA1
7f37e02b4206634d2af7b832b69ba6508587c983

SHA256
254193dc8f8e44a186f0ddb970ba7ec75300d77eb838d167c6710703c76b9b7c

SHA512
6cb6a12acf2c03d8e9b2b0fdb111a66add4acee29d2838fbe05459c1389d04016512a478e5f11fa0e6186e19e9dcb18034eda0bbb52a2a58c772a719bc868d36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af9a94e475d624d6667324d98111f2eb

SHA1
6a840990725734d5fdfa459ff8987947960d8eb1

SHA256
c3388416e9af094491c7ae0e8351118bcfee0eb2f5a92ce786675cebdba0bfa9

SHA512
904beb4b3f02101a51ef8548c1a16af7573174cf6f18b2d57d22c80b8aafc38448da8d9291f5513a339eb360ca7d0bd6ad83bee70cb9381e39bb5c08dfdceaea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
302620eb5a1b8ac1fdcf78920e1b9973

SHA1
790999e5ae536708bd375049e80094841f6e84eb

SHA256
4b470374292fa8b21675f9be6854e156d1c25e9ce35ca1d515afec232b7aa2cd

SHA512
e485b2701de2bd9af859bcb003c11035e3cb96154cb833e8dee28db2eaf54f4ea0ac7310d53e608cec57708b464069440c93cad0566a4514ae299eee7ec53039

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
44c7f7e16f130228fdc9032f0c736c26

SHA1
00e08e472a563d46bd96b2a9ec8688420f196790

SHA256
d1ecc7233755b3a4fd8258676a4a82c160eb08928ade4b81fbdfb1ee32f4ccc2

SHA512
8ddf2c482f0abaefa09ca9f956c3958c538fd27651f3794e4fa30eb01dac411f7bf74bc8c18e795e6095df84d7bded669309a574f1ffe9f91261d55f8883c2c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c2e7665e4b2317d5b6d6a9bfd54ff100

SHA1
54e3faa1d4d8b1a909e6ccd9f920e53783429094

SHA256
e1aca082c4ccdd9195b71e5fd2b4bd5b560a0ace683749e2fa8c01fee1ea1c8d

SHA512
49109a495b767b59f64d994f3a13ea7fbc62f63d3ccf1942c4e53eacd6ba0fe400ec562fb5efacb647f54e7fad10bcfa34039eceaccf152d6dc49596fba86214

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
577138dc3bbb7643bc15e7bb156e4ed6

SHA1
0a39c4dcfa61532e2d68c5c94888d6a20385c5ba

SHA256
68a6bbc7fff8420f38125693915e969a2059c1e7d6ccf2ec1e5fce5048f01d39

SHA512
9c00241b95b763f38ec1d2abdcfacd2482d75083bd31eced474742293507f1543f7acc268542b9448823635e8c93ba1387cfc294df910532c1fb80e4b3386e5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a9fec582bf940395972d1aaafd2e826a

SHA1
b1f8b5df894c9711fb081bdce8e0b3d4a26879d0

SHA256
b474e5f9344f979d36aae988c5532cb5ab20abf3b11166f6d2baa88894c4070e

SHA512
ac8a1d4f84d9adc694ce11bcdd06544849c81a514adac57a33be41a63b133b5980d4a656d448a4f8aa5af39e5657cc4f823a1e1f51f56a1c1167deed5f870d8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b213267a23d1d355eed4acef2c2bd438

SHA1
d35f206746d02c51c3555c96f125075b5d3e4b12

SHA256
d68d58ef8ba261eb23c36dbc103ba8bc54df6c1020d2ccf17509f3691d784bda

SHA512
68ef308579e68b50398a55aeda82d9c7b2ff604be43cbb18031ab4fb93f4c0bcc94009727abbe7c2211718d4893c9b0b714b845d909a64759e756326e041db44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f2eafffeb48f5b59dc045ae88e018988

SHA1
bf875ff5d93859772533ccfa001fb84e9492ad5a

SHA256
a4a9543f61197047a0f47662d255ac1149926ac853483c0440c9a3b6ecad245c

SHA512
e05ccae9db298db9c44cc788b99759c136f6a8fb87cd35b6e4c460df44b5342ceb3f30092188746c6f79ba9f4b3d28d9fd5b22f4c71d3c0768a9fa4a1c226b7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ea80a989efbfffa2b89b5ad46fc4b54

SHA1
620a862991be9a32f975a331c79292cad2055015

SHA256
1f6ced9a6eb5ee0ed22668a7b31751e304b6dc1a57ebff8722bc6f7a6341a0f7

SHA512
2e9ae67cea17e44e15adc7504bb3a29da2e8fb6a65867dca8b17d45d5348cd272800ae3ac01832149ed98835c3f1ae6b20af578aecae689545d46add13421329

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
707558f6709114b85d1ae2436de4d916

SHA1
fac5479ee05020b3efd422eea45a192099954ea4

SHA256
48aa9bf51d6c0adbcb78ce1d0fab5a940f8a7ab622427711ec9d477a3c0e8d42

SHA512
8ffdd035cf569ce94b316583794dee1d3f3329f3c3071dec3a1aa401bd9f2158b575d48a509ddbed456e246917ade638e1362fe53629da640a1ce37486277d6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
993c0b3a28502bd0f6093ef99c03a962

SHA1
ff14d97cf02e655d4dbf7df5975b47fc5aaa28f3

SHA256
b4d5ba083df7a5309ef3d53619e9a5fe9fb3e1146bd796a694172db68beb79d1

SHA512
489dcbdd95429d5b89fe4611e1e50322cce374b9319c6e9ba39af3dbe3bea46c82778b5e90b6a93a18164d76d9450608edfd0e94982eef6dc30f7ff0b55d949b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e49f79ec80e66ab00406980df2e61c89

SHA1
49f4781ae317b84d7644e1a8fc5598650c160312

SHA256
33409da2f2761c47a9f2c43be4c239c175fe3a1eb2777b57c39bda240284b18d

SHA512
58adebbbe2853144c2077673ec76973b703cdee6982831d5938acae0b9a8b6eddfd8b996cb655c6f8f661dae3581dbdf8c98b711130cc297bffb5331cef66235

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab145D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar14CE.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Local\Temp\2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnitSrv.exe

Filesize
55KB

MD5
ff5e1f27193ce51eec318714ef038bef

SHA1
b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

SHA256
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

SHA512
c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

Download Submit
memory/2076-5-0x0000000001C20000-0x0000000001C4E000-memory.dmp

Filesize
184KB

Download
memory/2076-4-0x0000000000400000-0x00000000004EB000-memory.dmp

Filesize
940KB

Download
memory/2076-453-0x0000000000400000-0x00000000004EB000-memory.dmp

Filesize
940KB

Download
memory/2076-24-0x0000000001C20000-0x0000000001C4E000-memory.dmp

Filesize
184KB

Download
memory/2076-23-0x0000000000400000-0x00000000004EB000-memory.dmp

Filesize
940KB

Download
memory/2700-8-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2700-10-0x0000000000230000-0x000000000023F000-memory.dmp

Filesize
60KB

Download
memory/2700-15-0x0000000000240000-0x000000000026E000-memory.dmp

Filesize
184KB

Download
memory/2956-19-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2956-16-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2956-18-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2956-20-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download