ramnit | b856be4654e62b6faa5f4a81f6d6a4ea9d79a7d930c46e3d94afbc9a403796d3

Analysis

max time kernel
134s
max time network
128s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22/01/2025, 02:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_0c487ce5916b8baeb7b233a3776f24ef_luca-stealer_magniber_ramnit.exe
Size

1.6MB
MD5

0c487ce5916b8baeb7b233a3776f24ef
SHA1

612a8f233bb6365859fd036c77e22ee25902081d
SHA256

b856be4654e62b6faa5f4a81f6d6a4ea9d79a7d930c46e3d94afbc9a403796d3
SHA512

c53b089cba0789030110ce368570033b8a0b625a1424de632fd80b02f8e59d4e1d37c05c72cf0bfa779cb525e13a2c5d36bc5e2a381cdd6ca54981998d13cf1c
SSDEEP

49152:/oTfSbJYz+fgs5W7xBJmMcBXyP1EnbHWNu3n:Qk8JmMcNHnbHx

Score

10^/10

ramnit banker discovery spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Ramnit family
ramnit

Executes dropped EXE 2 IoCs

pid	Process
2480	2025-01-22_0c487ce5916b8baeb7b233a3776f24ef_luca-stealer_magniber_ramnitSrv.exe
2328	DesktopLayer.exe

Loads dropped DLL 2 IoCs

pid	Process
2096	2025-01-22_0c487ce5916b8baeb7b233a3776f24ef_luca-stealer_magniber_ramnit.exe
2480	2025-01-22_0c487ce5916b8baeb7b233a3776f24ef_luca-stealer_magniber_ramnitSrv.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2096-3-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/files/0x000b000000012281-2.dat	upx
behavioral1/memory/2480-9-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2480-8-0x0000000000230000-0x000000000023F000-memory.dmp	upx
behavioral1/memory/2328-17-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2328-18-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/2328-20-0x0000000000400000-0x000000000042E000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\pxD75B.tmp	2025-01-22_0c487ce5916b8baeb7b233a3776f24ef_luca-stealer_magniber_ramnitSrv.exe
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	2025-01-22_0c487ce5916b8baeb7b233a3776f24ef_luca-stealer_magniber_ramnitSrv.exe
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	2025-01-22_0c487ce5916b8baeb7b233a3776f24ef_luca-stealer_magniber_ramnitSrv.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-01-22_0c487ce5916b8baeb7b233a3776f24ef_luca-stealer_magniber_ramnit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-01-22_0c487ce5916b8baeb7b233a3776f24ef_luca-stealer_magniber_ramnitSrv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DesktopLayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "443673314"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{291698D1-D865-11EF-9FA9-EA7747D117E6} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2328	DesktopLayer.exe
2328	DesktopLayer.exe
2328	DesktopLayer.exe
2328	DesktopLayer.exe
2096	2025-01-22_0c487ce5916b8baeb7b233a3776f24ef_luca-stealer_magniber_ramnit.exe
2096	2025-01-22_0c487ce5916b8baeb7b233a3776f24ef_luca-stealer_magniber_ramnit.exe
2096	2025-01-22_0c487ce5916b8baeb7b233a3776f24ef_luca-stealer_magniber_ramnit.exe
2096	2025-01-22_0c487ce5916b8baeb7b233a3776f24ef_luca-stealer_magniber_ramnit.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2840	iexplore.exe
2096	2025-01-22_0c487ce5916b8baeb7b233a3776f24ef_luca-stealer_magniber_ramnit.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2840	iexplore.exe
2840	iexplore.exe
1976	IEXPLORE.EXE
1976	IEXPLORE.EXE
1976	IEXPLORE.EXE
1976	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2096 wrote to memory of 2480	2096	2025-01-22_0c487ce5916b8baeb7b233a3776f24ef_luca-stealer_magniber_ramnit.exe	31
PID 2096 wrote to memory of 2480	2096	2025-01-22_0c487ce5916b8baeb7b233a3776f24ef_luca-stealer_magniber_ramnit.exe	31
PID 2096 wrote to memory of 2480	2096	2025-01-22_0c487ce5916b8baeb7b233a3776f24ef_luca-stealer_magniber_ramnit.exe	31
PID 2096 wrote to memory of 2480	2096	2025-01-22_0c487ce5916b8baeb7b233a3776f24ef_luca-stealer_magniber_ramnit.exe	31
PID 2480 wrote to memory of 2328	2480	2025-01-22_0c487ce5916b8baeb7b233a3776f24ef_luca-stealer_magniber_ramnitSrv.exe	32
PID 2480 wrote to memory of 2328	2480	2025-01-22_0c487ce5916b8baeb7b233a3776f24ef_luca-stealer_magniber_ramnitSrv.exe	32
PID 2480 wrote to memory of 2328	2480	2025-01-22_0c487ce5916b8baeb7b233a3776f24ef_luca-stealer_magniber_ramnitSrv.exe	32
PID 2480 wrote to memory of 2328	2480	2025-01-22_0c487ce5916b8baeb7b233a3776f24ef_luca-stealer_magniber_ramnitSrv.exe	32
PID 2328 wrote to memory of 2840	2328	DesktopLayer.exe	33
PID 2328 wrote to memory of 2840	2328	DesktopLayer.exe	33
PID 2328 wrote to memory of 2840	2328	DesktopLayer.exe	33
PID 2328 wrote to memory of 2840	2328	DesktopLayer.exe	33
PID 2840 wrote to memory of 1976	2840	iexplore.exe	34
PID 2840 wrote to memory of 1976	2840	iexplore.exe	34
PID 2840 wrote to memory of 1976	2840	iexplore.exe	34
PID 2840 wrote to memory of 1976	2840	iexplore.exe	34

C:\Users\Admin\AppData\Local\Temp\2025-01-22_0c487ce5916b8baeb7b233a3776f24ef_luca-stealer_magniber_ramnit.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_0c487ce5916b8baeb7b233a3776f24ef_luca-stealer_magniber_ramnit.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2096
- C:\Users\Admin\AppData\Local\Temp\2025-01-22_0c487ce5916b8baeb7b233a3776f24ef_luca-stealer_magniber_ramnitSrv.exe
  C:\Users\Admin\AppData\Local\Temp\2025-01-22_0c487ce5916b8baeb7b233a3776f24ef_luca-stealer_magniber_ramnitSrv.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2480
- - C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2328
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2840
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2840 CREDAT:275457 /prefetch:2
        5⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:1976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ffadd3f53a348218d3ac9ead173844e9

SHA1
bbf7ca00d9ecad1dc1ff315c00acf82fb9d414da

SHA256
a0132abe543ace18f3a10aaeae874928f6156d6590498fcc7da72eb316529f4b

SHA512
540a32f77e3a2df59bbdda0b2b675859a0d1c13cf42ea64608fc2abf46b74798e03051c9f75196bd13e63704c2ea8e8668befb2dcc8cf5a74663ef652ed96cb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f483437ea22a6aeaa09671c0bdf5c21b

SHA1
4a0785f5ab6d5ac1305eba36ea3a47d13216662d

SHA256
c9cc3f4bb33d5e073c0c7b40ba794f8def89c26547cf220bfdad36f8bd013b90

SHA512
1c2002e036449d5809063faa3f3bfaa1ecf9b6d6578b4fc1f58749c6f453d29e3d3eb59a147c75ce170ae9577b2e5c397a54c747da08b08e3bee4b64f23d4edd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea349fd243c91dd32fccc6ba4399fe71

SHA1
304bce15715c5fa5f4e3b0e45c4abc1f1a4ddb22

SHA256
15731665f08c0174f367f59375c34ba8cdaf2e35e5440ee30492b074d2d4367a

SHA512
7b740809e70fdffc0119974e9d204b4ba78e2c8ad0b4b53cb38af045a95c9946f840855935f054067da30f739b149536e662f7b05caf1f79f5f06d78fd6c7f3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
839b9f718b93deff167cd784cf697394

SHA1
f9028b74df7d3fd74f773865c2e86fba159025dd

SHA256
6b64c4055421c6fae6acf4278448e4fa2788ae833d6322e602d4fd8bfbfbb6f9

SHA512
f297cdeea57365a94a8d7b69d237bf9b662ae1d6ad8e404627fd9f42fc44e6318ae20b2ff41ff18a7186fb3d2da539d49a910d08e7f5070e7efc4b23069b200d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a296b4f4032395982bccedda85f0bfc3

SHA1
cf392e27f426e8427941d6c090c964761587b875

SHA256
9bb2c2091f19002187076aff3b2e0271111f1f60ce1079096e03b5078e41e00f

SHA512
23fe45b416f58b36456982cd518cde338399e7b16855a51f156fae35cdcab0b1fac69afd320080eb6ebb2ecd67814b322ef25ffe525f95ce13fe0a5a836f7fd0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
99e76d9b62ab39932c7739791702afad

SHA1
ce6cedf85523e853493ee5de8e6e5a3242612fd4

SHA256
6dc9ebd2b01cb6bef4d46e8a4503b04b1148b8dd6126df3094cf78d1697faf4e

SHA512
b3e0e1f5592541c9b31373a274b20d35df7bd768bfc083ed52638cdaa248c0398238e2111814889d053cfe55eadd8697b5afa3e4ad12a17058a4f149e55866b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
18bea68aafda580e20fa92824c1a8d69

SHA1
486aecae19470c6be4b78f69e263c2fe9c482408

SHA256
dc7cd484ff2751fa9548ca521f97050615ee53f5fec3ecfc573b8ec62f7503ac

SHA512
2d92eb61c0762bb0e3cef3673b1f51891b185410379bf38842cecfd9de63f172b8b336389fc67328dbd6bc6952ddbe357cf3aeabd22422f0c62444982dce92c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f17203a71c7159f7fb1704f6985a46ab

SHA1
7bd56d18a4566972a3a57c8c8ff09e240951d60d

SHA256
a865cff32ba2844c997ae6179eeeb5ffa901d3f509be0e3aac9f1c4ffd57f590

SHA512
cf7cb019d7676b262a65c8334fb99d11458d83867b97754ce33316f1bbc214764e85b74955da3768d6890a280e63fcfbb561a17353cfa3a2689ddc4016466647

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e4eef571ce4dbd13fbdb55d1df52c759

SHA1
81074bce81521da1e3497c7035f6c7845ff9dc38

SHA256
1833ed5107a834d67ed68b0be0656762c80ee512627781d2952a49e06e366bc3

SHA512
29ce3ba5e2f421e4b25b73ebc9ff559eb92054e55ea8fb18db2641df1b1087a9746e9ad05a3bf6daca8b33b9dfc5f27a1d65bbeae13ed9a693259f3826375ff5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a2fc36b9720a2ba7465b3d1766dd814

SHA1
c7386450bfd82870ad7cb0c92890c39c5bf7f216

SHA256
683365e7ed2ebad08ccf86abb7a97e12777f1785f49b8e7778d05e5539edad0f

SHA512
45d2e2421f7549bd87fb32df11c4faf877a2b384994c113b4cb12a6b8266ac570f1c8e526f471196fec5920ee74b7dd479b74fce1b3186d4a174daa59c1035e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d967584b721c8df4b5a141f16d370a19

SHA1
b901df4a2910389bb6c3f489bddfb3ef6c8f0096

SHA256
955332de472922a09601b4b7f56a2654a00ba563f0fc8186d82764566028f72b

SHA512
c687f3c3be1bb15cd4311dcbee80df44edb18579f4726493ef15b18e14e1bf469c18bfa60b3bcf78bfac75fab361eab2193493a7bf378d0f80f375884f05913e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2230be51495cb613e6c87a80b1e9982c

SHA1
0de689f3055f8be4e53d8277301d916b9420012d

SHA256
c82c050fa7f508232e8fc0a67128e657c8e66da505eefe0241f531af176f2cf5

SHA512
530c7bcca2013287ffcfd7430a4d4d65d397fb4fa61e15eea18e004d496f909458aa436dc17d62c328a2bdc749a51d2a0d84cfce090ea210f7197625500ffd24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dff71e56143735d4ef00dcd3b79f3188

SHA1
acb75e5240257be8a916abb2556c9c3ffb6e6042

SHA256
4084373249ce59bc2102696b2bd84f468d206bb6de8812b6c7dea6207c1b418a

SHA512
18b45c290d4a9d07de81a7726f7adb67ce793b08e7ee082c6d3627447cee7427c559ceac90f503d4da52e75f4ee374192cfba993fef1c579bb4d87544dcbde5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
133301067a20f885515b6957b6ada830

SHA1
adf0f0d5ff6126f5455fb46293fdbca6fed39d07

SHA256
e7090ceb237a44ae5ecbf011f0b176e2b3c507f9f62ea1a37769e5dc3994d114

SHA512
93bc24418d2ba98f2d0f5f69a72d87cb4874d1f2719de747ca09cc43c1ace436a5e7a49e05e6a67349e191ba2d288bfdc06814d74ba4013d2505881b1589e986

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
205c71637492d99251c59ae7e0d546b5

SHA1
f89449ee4ee8133befff81ee2e26db902d410996

SHA256
14acda565b42319a44c630e756726cfd8c3e87cdbab7f64f9b8aeb9bae3b58e3

SHA512
5f00a7a5c78aaad4b4cf30ce5c14f1882e42eb498d74cd18d344cc784daef8911c682dce71940e283a8506f44b20a3055310bf0e19782b5f3860045e3883431e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1c71065d17edb42cd4ec11ab5dc5134f

SHA1
3f06bde74021643df810b9d15f1bcb5ee73de331

SHA256
dbea6fde9b00f2010017ab05d72791c3bfe96f010f7eac7b5837ae5c954cac5c

SHA512
c597680377313909f05c6caf31a44c7bec141fac461a17a75c24d2c9df7155dcbdf6db6389fc3e6859b6c8882ef40cea1d69f30d005d86e07fcf6ebdecfeb80d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2e7b828e18612c4ae4000765745bb5e6

SHA1
37bb9eb12654661576ad90b2f9bf0a98fae42059

SHA256
0a358ff626d39403eb5bed76de64a5581f68760d9b9fa3c1f13ad862093b11b0

SHA512
8d55f0e9697a05337db7417b21fed72cd24e4e8d88ad695f0cfb443c523bd40e3daeb8487999e168bad1c641f650919e89956fee13afa4b273f52d8625c107f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70ea402f5ebc533327502c12bd074dd7

SHA1
51a74c9bc95a05db1a428ecca06a80ab9af147b1

SHA256
83bbbba8f18f7a469a0d8e4d7e45a4e9f8f4daf98e3c33297858aa93033b2415

SHA512
a43aa11af595d9c7a739e948b017d17ce81b9c29ee1ed6da144b8d2cfebc922fd89ef5bd1f4cce6389bc48d9dc48ca3046a8398cde678713f8a212d664a1ebd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
66db06808bd455e0db838727737bc4ef

SHA1
f29540b1c97e46669a15fec457df536250bc3328

SHA256
68a58acf19900cb80ee6b17c93b7ad4b7c7b6baf740bb19487c402d79c1f7de5

SHA512
1b81001562ccd8bd13a0676be67f01c087d85f6736f981dcff408484a88b24f84b033cab382947e2eca3da8392dff623728d482cb5483dc7ebe11adbd167287e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF76C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF81B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Local\Temp\2025-01-22_0c487ce5916b8baeb7b233a3776f24ef_luca-stealer_magniber_ramnitSrv.exe

Filesize
55KB

MD5
ff5e1f27193ce51eec318714ef038bef

SHA1
b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

SHA256
fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

SHA512
c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

Download Submit
memory/2096-451-0x0000000001060000-0x0000000001267000-memory.dmp

Filesize
2.0MB

Download
memory/2096-3-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2096-0-0x0000000001060000-0x0000000001267000-memory.dmp

Filesize
2.0MB

Download
memory/2096-22-0x0000000001060000-0x0000000001267000-memory.dmp

Filesize
2.0MB

Download
memory/2328-20-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2328-17-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2328-19-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/2328-18-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2480-9-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2480-8-0x0000000000230000-0x000000000023F000-memory.dmp

Filesize
60KB

Download