ramnit | 0ad1a7314a29fd29e936ffb136d14849e1d7892507eeff2f03d5b9d76259142a

Analysis

max time kernel
120s
max time network
128s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21-01-2025 03:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnit.exe
Size

916KB
MD5

9e8efb29d94674532f94277ec4babdd2
SHA1

66d66dcec4610399111ffd89bdc2f1b4533b71bf
SHA256

0ad1a7314a29fd29e936ffb136d14849e1d7892507eeff2f03d5b9d76259142a
SHA512

9034593ed9e51c56c291acc7d978209d62905d0abfd89af871532b495b3a35e75f9f41ea794ed6ecee501787a95f88a130e54a4475b266b12fd38a6d48bfac49
SSDEEP

24576:Q7hS4HUTHTbhT8CN5fUGnyOa8Kpg/v6T1XP:QkT/N1UtQKpg/o1

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Ramnit family
ramnit

Executes dropped EXE 2 IoCs

pid	Process
2408	2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnitSrv.exe
2728	DesktopLayer.exe

Loads dropped DLL 2 IoCs

pid	Process
2664	2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnit.exe
2408	2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnitSrv.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000b00000001225f-2.dat	upx
behavioral1/memory/2408-7-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2408-10-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2728-21-0x0000000000400000-0x000000000042E000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\pxE1D7.tmp	2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnitSrv.exe
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnitSrv.exe
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnitSrv.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnitSrv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DesktopLayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnit.exe

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "443590422"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{29A106D1-D7A4-11EF-B4E2-F64010A3169C} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2728	DesktopLayer.exe
2728	DesktopLayer.exe
2728	DesktopLayer.exe
2728	DesktopLayer.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2724	iexplore.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2664	2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnit.exe
2724	iexplore.exe
2724	iexplore.exe
2592	IEXPLORE.EXE
2592	IEXPLORE.EXE
2592	IEXPLORE.EXE
2592	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2664 wrote to memory of 2408	2664	2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnit.exe	31
PID 2664 wrote to memory of 2408	2664	2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnit.exe	31
PID 2664 wrote to memory of 2408	2664	2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnit.exe	31
PID 2664 wrote to memory of 2408	2664	2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnit.exe	31
PID 2408 wrote to memory of 2728	2408	2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnitSrv.exe	32
PID 2408 wrote to memory of 2728	2408	2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnitSrv.exe	32
PID 2408 wrote to memory of 2728	2408	2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnitSrv.exe	32
PID 2408 wrote to memory of 2728	2408	2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnitSrv.exe	32
PID 2728 wrote to memory of 2724	2728	DesktopLayer.exe	33
PID 2728 wrote to memory of 2724	2728	DesktopLayer.exe	33
PID 2728 wrote to memory of 2724	2728	DesktopLayer.exe	33
PID 2728 wrote to memory of 2724	2728	DesktopLayer.exe	33
PID 2724 wrote to memory of 2592	2724	iexplore.exe	34
PID 2724 wrote to memory of 2592	2724	iexplore.exe	34
PID 2724 wrote to memory of 2592	2724	iexplore.exe	34
PID 2724 wrote to memory of 2592	2724	iexplore.exe	34

C:\Users\Admin\AppData\Local\Temp\2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnit.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnit.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2664
- C:\Users\Admin\AppData\Local\Temp\2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnitSrv.exe
  C:\Users\Admin\AppData\Local\Temp\2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnitSrv.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2408
- - C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2728
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2724
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2724 CREDAT:275457 /prefetch:2
        5⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:2592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4f56f88e66e14f1f8099751ed179eae6

SHA1
3f040d48e33ed3a6f0187dabca2b94034a99af1f

SHA256
87baeb673c64c7e2057c0f8be37bf53b57754b0f47b3e2038c8203831cb4f7bf

SHA512
291e6400d025008e7720d78889af0745cdc7bc268b6c91ad0fee07373c975eb8dbc9338fd10c35fbaf95da396755438edab7923dc92d50af9fdb06f37935064a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0507f5856773be413d532026d9b4382c

SHA1
9b703c5e1398e32ed0455fa22bbe388516e3ce25

SHA256
5b0ecf966d00a36854c821f557d27bce3f3d0717127ad5e62d3a770c29d45399

SHA512
555b3d65167c9e934f42975571ea703025b282757e4c5e0326d552ec9d41752a08ccc7301c61e0ca53f58636b01108b309d7d0a7f0c2cec6e25940d41be0a60b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d7362d26f651659b124e7a3c4942dbab

SHA1
940c7b2794aef01597b4c7b2f256f6beb4ae4d7f

SHA256
76f1899438dac32b215d6828728b98741472fa4ce2dbea8961af9d0abbfc4159

SHA512
345edbddb074bfbef58df7afb65e379efef6c280be9de62db4a1c383279c5c557cc80f686751f75cc8f4e9ddfe3ac7b0d5d8ce5146c4a3f4638423c4d41b7652

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20b158e34362265464a6b3284d90957b

SHA1
38c8f185c578feeaa837e7d43e5f6de4e52dd25e

SHA256
0a7b7f40291aee951bc4d62f706f6a6d8733f19410e77c159084b6e5cfe81cfb

SHA512
1a21a4590f3114415743d763faf41ef6a18b6c296f10b684d9de33de9d8db67d7d5354e3d0667a611581622412c13c24053b1081a855c3d53ccd45c98c6b70ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
25f2852bfa6e74c531f868e2c2396c99

SHA1
4e7112f583d4f5ed7f3e21838215f7744388ec79

SHA256
c8ba04ae2cf4ab24d7854f1f9db0bd2afa82e292db0a7b37a536734dc92629b7

SHA512
89a428047f3c93f2fb90fe4cb4900e465c61893fe45e30a4cb95d3443a0c2aebfa9257ce7dbdf29baf6f59624f7afcb38c09a0a95d70ff650801642781395c3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb91b71f6f8f00f485aa8c5e9186933d

SHA1
46718241c6cfd15f2d77c81c7d76af898d54fdb1

SHA256
0262f5fb3807ce2e7f00eaa6f4be11e07e0e4f134bbbd558df31dc72c93750ed

SHA512
0f31b47c6b7cd768ef2f04b633c8be439c9d86a595f3a3499dbca6f7ba76cef3a788b1dce50b763cd2af12a261e574550f8571708c4faec1e419201c7a8f90ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2769f3172382381f98f36fa2293215f0

SHA1
aecb67b7d42a49a5877ce8cd5533f02c7aac1b2c

SHA256
bda0de323399caa9a0f78a32c295a90ff45662f57488df2ec9d65839b78a7b97

SHA512
de774f014cb5922a98cac02b6715772771b6f0bf5e4156728c9fe6c7fa542d91fb4a48dd4c04becfe5df048bb92b283aaed97231b3e63442e24676a9af4335ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
54d228bff2ceab67a8b2e3e4c521f9df

SHA1
7e72e1a903cfb5fb622b49c05cd3687b20831153

SHA256
5af89773ed0b1e448b6f4f80fc5fc621bdbe72edc3d47e719fa784969fd27f83

SHA512
a9a2d9f7233c7cd4be0abb47f1cb4592560804bae6fceb4b2cf0fb8e6ee17508ce59dcde2dca216c530aa2bce3062264973445bf3a671152b2c8dd01a4a8a995

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
032e592a74ca04427674509bd2229424

SHA1
a8bab5ff2d400074ec3b8b4860724a084ad7f2f0

SHA256
6687b580f37113cb8ccb55b83093f91cb37a230e2641c8b80afdcf0e5aa00462

SHA512
f5c2691131c38d30afc8d439b1f5dd4983fe78217d7e857f707361bc505984b375246b932e44ebc740ec97fd4dbaecb8bba78f11a34953fc4bce2d0f12d0a942

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
775c085bdcf34c4e5297f6d1b8df942f

SHA1
dc8c5bc2f176e0631fb624171c92fb81fa456128

SHA256
df6a878b54677e5225cb05f4bd1e8c50cb06aefe3548747e73651f8c89ff35c5

SHA512
ca40124c100f2ef65d445e5ba2d80441b19af0908a6f94646cf9e96f120669125f6e636661d2bcbe12908d71a0d5232113cef6d68d6d83663c766443615dfa93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d855d5cffd7f04280bf17b0a76c102da

SHA1
6e042d9ce9bc8fa9ae44f23b95c1050d7fa3821b

SHA256
c1b29aaf3b98ea4b994f68e615545781d5d28e507be060a920d84508796bde7c

SHA512
443d2d668a2526e7f964e740d35b2a8b0a4672e15cb1515e6ca7ba189b0bda3fee653db1b0371d5bdbedfc22ba473ac77908310119f5314d98027a2af51435c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
095ca2d543e1080a5782b58477e5231b

SHA1
087e81b75e14b507254af9fc8e2266a89cb52201

SHA256
81d499fc1f6ceea9f5e0c6ddc3045a547dae0f99e680658060c5f94eddd4c8c7

SHA512
4ccdef4663ab731c132655367c49a5291befeece5d9d87babb537c9e490d9e734f4063712cd4be7832ae7ad5a15c4cc984115d659cd9d8c8a6a7c459cb6f3611

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5fa48bba320bf85a10dbb849821bddc8

SHA1
90ca5629341611b4f75dbef8a3c7cf24ccd9172b

SHA256
a4d0b0531ffd83f8fbf64495507518225f31e4cc30b90af7c7e0a6aaec972d6a

SHA512
202b2abee031978f855181e3a2650f0fe73922cb4ed7864b7b0ae27d4d4afe8aa18b0d51b52b6997b54e2a4a529b7ff4884771ff5c51d938eaca42d571642456

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f507a01c2f98a2ce280f942b227dcbc

SHA1
51ca5bdf9e10be990c319b868a4a4bbd8670ee7d

SHA256
2592d79b2e2783268d7257788b5ce5b578451a3047917a75842d491a4abd3cb7

SHA512
7e6893e8f5a43b6fa8e259cfb6cf20d7ca227d39dddeb800e98dc1014e8c837a0310f366b5e567710c997b2e94a98576e4dd1ad0999c1f1b18eea3b65f04d7d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1faea62e8462c27415706feaf1722229

SHA1
7831bcc95d67904dea877684db24b3ceec02fb69

SHA256
96a2b5400feaf5b4179c64a431ecba495805c1f7ce6747080c3e5621c9ac0d8a

SHA512
f65c2eed3b79114d8362c010821d5229b94faec0bdbb18ad4a0f9fd375c9346bfefb1286de270675ade326281e33fa7585e9340636e9d69f8aa53c7692dfba60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a504220308cac5586d45bb4d521a7ac0

SHA1
4ca633a31dc497bbd0fdf0d6e51ade91b3184381

SHA256
7ccb88057b9431a1142c5411cf1597668da613f6c2cf69bfa03b08c8ee2187d3

SHA512
ef024addde9a16266116880bf8294bc72a8d0498738eddd877fefd66cf6d6a033a49feb1a46131b573e49a40ce0cb012db553e5c188d9324e76301437887ae2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
249eddd3d66e177771fc1aaea4a4b0ac

SHA1
f3f0497bebc4e347f8bb5c15a03485c290e96bc3

SHA256
5d4423f02bac050414734038d5abe933e05ef89db047cce3300cb982f1138276

SHA512
a8b638ad0f8f109bedfddc0ffb37dccba4a4651625fcf957577fc6a0e8c2b7ec6887f4e7b9d93df2e8103204c33817c40a76b653c6a7f4c96bc38bf89b56d7b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be864557e367967f67464a9bcb1a0eff

SHA1
1e76bdb290d241d24bfcf49abfac4e947c9ab5d5

SHA256
7a987f729c2f13050aecdaa5f4cc49c573f70962a3cd1a9bad42e0e409398ff8

SHA512
63d7833c416d76d4fd1fc4870a5c82dc098ff748fc60a5bf2fb6047e26dd4b7e830f0066199c2e2df096991cf56b912afeeed474f6b7a673663a1322ffa32bcf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea3fb6eabb119085284637519d41003f

SHA1
a1e6f409ffbcf9d823b843a3f5120dd796c02647

SHA256
8ea8bc4482b2b1fe250d3f03aad9cc6bffa1660a17f73f4c04117868962b47fa

SHA512
3492d1d30265236f095cd69c425256b2f0522f92069da9e608ccaf0e76aa98e1d297ffbd938eec481796b8a77e38d77440436e34933bfac1912b1ec8753a2429

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF8E3.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF991.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Local\Temp\2025-01-21_9e8efb29d94674532f94277ec4babdd2_icedid_ramnitSrv.exe

Filesize
55KB

MD5
ff5e1f27193ce51eec318714ef038bef

SHA1
b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

SHA256
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

SHA512
c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

Download Submit
memory/2408-7-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2408-10-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2408-9-0x0000000000230000-0x000000000023F000-memory.dmp

Filesize
60KB

Download
memory/2408-15-0x0000000000240000-0x000000000026E000-memory.dmp

Filesize
184KB

Download
memory/2664-452-0x0000000000400000-0x00000000004EB000-memory.dmp

Filesize
940KB

Download
memory/2664-4-0x0000000000230000-0x000000000025E000-memory.dmp

Filesize
184KB

Download
memory/2664-0-0x0000000000400000-0x00000000004EB000-memory.dmp

Filesize
940KB

Download
memory/2664-22-0x0000000000400000-0x00000000004EB000-memory.dmp

Filesize
940KB

Download
memory/2664-23-0x0000000000230000-0x000000000025E000-memory.dmp

Filesize
184KB

Download
memory/2728-21-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2728-19-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download