Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

2025-03-22...ys.exe

windows7-x64

10

2025-03-22...ys.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    22/03/2025, 21:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-03-22_11440d40b4dcfc3cf8383f9097433bb8_amadey_icedid_ramnit_rhadamanthys.exe

  • Size

    1.9MB

  • MD5

    11440d40b4dcfc3cf8383f9097433bb8

  • SHA1

    f0f69363ebceee5c5945f44867ab7feb7ea2f57b

  • SHA256

    377031a94559fef772cda1593232a3b2c7fa6ac7ec57dc44a37cacef3cfa2c06

  • SHA512

    36c10cdcd318638aab437a4bdd9e3088d5194dea1359786a960f1d595727f734349104c02cd5fab5258d95591a990ef9e1ec113958e1c81f27eff020b1f1feeb

  • SSDEEP

    24576:87ZGy9+Acpjdv+K3eqA6dj6YU1s20UPxXMP2Wk4AX:+/Sp5AyAXtWk1

Score
10/10
ramnitbankerdiscoveryspywarestealertrojanupxworm

Malware Config

Signatures

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Drops file in Drivers directory 2 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • Drops file in System32 directory 28 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Drops file in Windows directory 8 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 51 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-03-22_11440d40b4dcfc3cf8383f9097433bb8_amadey_icedid_ramnit_rhadamanthys.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-03-22_11440d40b4dcfc3cf8383f9097433bb8_amadey_icedid_ramnit_rhadamanthys.exe"
    1⤵
    • Drops file in Drivers directory
    • Loads dropped DLL
    • Drops file in System32 directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2776
    • C:\Users\Admin\AppData\Local\Temp\2025-03-22_11440d40b4dcfc3cf8383f9097433bb8_amadey_icedid_ramnit_rhadamanthysSrv.exe
      C:\Users\Admin\AppData\Local\Temp\2025-03-22_11440d40b4dcfc3cf8383f9097433bb8_amadey_icedid_ramnit_rhadamanthysSrv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2848
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2736
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2916
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2916 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2636
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{4a165462-b6df-70ba-6436-9064480eac09}\Rockey4.inf" "9" "6281a14cb" "0000000000000568" "WinSta0\Default" "000000000000049C" "208" "C:\Windows\Temp"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1764
    • C:\Windows\system32\rundll32.exe
      rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{44af5af3-9e6a-28f9-19fc-e007f1d15e09} Global\{022be8d9-4a6c-65df-c303-a0467216502e} C:\Windows\System32\DriverStore\Temp\{78bf13b3-c77a-6284-3f60-670319f82d0b}\Rockey4.inf C:\Windows\System32\DriverStore\Temp\{78bf13b3-c77a-6284-3f60-670319f82d0b}\Rockey4.cat
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2844
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2808
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005E8" "00000000000005E4"
    1⤵
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:3020

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    71KB

    MD5

    83142242e97b8953c386f988aa694e4a

    SHA1

    833ed12fc15b356136dcdd27c61a50f59c5c7d50

    SHA256

    d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

    SHA512

    bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3b9cf17a2c8cdf6c9706b4f039ad037e

    SHA1

    441e033a122f2f0bfc7f745d270991cf7d55cdd8

    SHA256

    f78a6ee986e3082bce9525e068b424d3a8d05a7bc075b8635398f40e0163d093

    SHA512

    c3711a5f270362df8bc52ddad835883d510caa32d7256386ef8cd1119c87569eea12516cc4fd99243ef21f55f9ef7fea215ac79377388c773a03630548c6eef3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b601a85c70601782a96b0a239c2a0494

    SHA1

    e7433a85d2decfd718947386b440b803488bedb3

    SHA256

    3524ca3c0f46f911f4f1c5a9ce544e6b683469f6c87f33350358b6203236a02a

    SHA512

    c554e6da7d5db98da2b1bda12904cdae355a2a009dbad8805c38a711383a909b45af7eae8086249653e1b9cc98f7e5ddb5140e87df9c5304b8a974aa24a79d07

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6eb740f35b8eba5d3d8bb0b57262455f

    SHA1

    2b211cb80d8cee8cde8ecb43c048c67f153804a3

    SHA256

    49628659d391972fb2209216023e5f853f1574a0e0e0be92211bb3c177e7e889

    SHA512

    1ca9567cb3a17afe2b16841a2536fbe4b4834ecc4b78005966c8ae0a8285a03603a696b068abb1f98e1b5c8a26b6276bb13e736611c8624d2c6cf15d7c2b2612

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8d6340c61db0051b9b48e25fd633e52c

    SHA1

    03e671ed3c72825278aa180c41aab3d4578ea207

    SHA256

    1f4464a8e076e69e317b0affeb2353642330ed21aea1ac044e70224759d0162f

    SHA512

    a25f1aff158bc6b7a2f712c1e82b20847aeae9a9737add39b854a2ca5171d13507b1d3b07c3fef4300b8353b3ba9f723ae643d9f86237eb002dd0637878f49cc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0e8e006bcd1c260e1ecc1bc2590c0f7f

    SHA1

    63e27aa5f2821f2125291a91005c6b1839170cbc

    SHA256

    20e72ccc8d80c9cd05ac63845c5367a68c993ab890e3ff5c62cdbf34560dc6c8

    SHA512

    5373418f0b2fe887da60dc35ed218f1ded7c55a45925065cf8a26e06ca3447d299fb11b0ecf0106b3b7b3b892828689a308fd3cbd8db3a05386ed1c9c430de5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    52c236d51b496d982ae1758cb8112fa9

    SHA1

    fb9ec2337fb034e6ee1efd21bc054a4d7f7e293c

    SHA256

    0b806c1c779014adecc69313827ea2d716483c1bb173bc85ba842ee5b0efd96e

    SHA512

    ef3ecf8b91726927b088e7284bafe16ea2035ab7908f0cc9a25a6d7735a190d54f48049c6207872a8c2f779a76d20e59412141747e5db20e0cd66d78e97cbc65

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0a2714110cae39fed7ff9d76d6720e23

    SHA1

    8abf0372c4eef4a75c3a44cde056a16d2e19dcfa

    SHA256

    b2bc2391396dbaaf180d64e4086b9ac39489ff241cdc5b153c7af65cf91647a2

    SHA512

    6fe25218ba46f417c48d7fb9e5206509ae368199433522182b86ee9b5e8b55d4e4c18da8b7b051d3b559084fb1a76d9cd64604e706c5a689a5dd78d3ddf731b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    38a2e18e982d450670ad0d4f4e37a045

    SHA1

    abe89d614b07aed91a15641e139ac8fd3e5f8a62

    SHA256

    e13d1d59d68c59b8240ea411548e39308105a4c16258b2ec8f827d4cbd22f559

    SHA512

    5b87b081aab01eb8e7e98db8efd93ace36b0fae1c061045e623606a2ca51b9bbdc2fa0c2ae5b9356c21cc1825ceccf81fd4545d378ad297cc2be55db76a82613

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    406d10c75a9028a87a4d16a5a09fd4bc

    SHA1

    d8e2c023c9848b7e442744021250c9377dc5c13a

    SHA256

    54d5ad72edb266ef42552a3b60806ecb4fd1bd4f36cf702a9d70d02a084ff802

    SHA512

    71d32c840feb1999115a64b612154006e33b895b3f1ffa97e312e2b8f25d69bd5f45232bdc28ce9c958112120115c17e1045bad9566ae0ab997dc0a80bde70e9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    993e7ea80909c4d19ed0f016233dcc6b

    SHA1

    6d558d90e7a0b9e57db45f5aa07fcb91eb3da47a

    SHA256

    881dd76fc589226599ef8e65da0af2d44cdf7653b5c5629be3e6eb82164f2f03

    SHA512

    08c06b45214a5f3f2bfaec2bf9ed2aa8471db108762be586769b44072bfb24c1c3621d57098f04a77b40f9d8e17d08ac8c8c4e37f7282fc4b98420f2be6ec2d2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f96061e4c0062b6cf76b11c366524b49

    SHA1

    f0c3af208c0b1cbe6e8d8811c669f3351a326494

    SHA256

    61fe444b98ae0fe4a83e66bc94f36bfc2951be19f37852026cf3f2c641848b76

    SHA512

    cec5ae701a834db3f5fc0f9fa4e5174a38605ee3a467e078343450b556af9ef5508cdc1c233e6e89b3a9f1e5287a1846c7178e59fb4e93cedbb32e7a3aae94b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ec179f7349f3275414d89cd19839a288

    SHA1

    7823b16e85cb15c2c35a13fca319274c2485b265

    SHA256

    8dedd9aae84c4da83f96817f7f9670691bf4953a7e542b9d01a10f50e57bb0be

    SHA512

    31249dee272c7703b919203cce3c64a246047c9f48b5887cd89c2a3f033e3e30d8b29ee1e66da0a55841778a51765c836fe1a83aafcfe74e1261f11beee7a523

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    14cbdfaf58ac21e4db7d56f503526ff7

    SHA1

    1b24e2d59d8a6a7766d3e21e81224f6b30a14fe1

    SHA256

    a2332412012379fb496aa7531357fa2d5ccbe4cb31f0d9b5e3ae6b758427d491

    SHA512

    6076aef3ce6cf8df2661053a36134ac82c9426e29ae1dbb3bd31babadcc76966ebba8c2469ed965fa01559b3be47b28a9e9d21a677deaa5f76e9db70afaa99fb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    625fa4642e7923c428704c6a5682bcee

    SHA1

    7beb4de0b0b68fb14efae52302b30cba3d26e08b

    SHA256

    c97c47e8e590602e61ee4339479f09d30362e7efb3ce6827a2065e2629da5150

    SHA512

    a87d3556917365947b3791dad997678269d35f9667bd0cb7ffffdc85a540a9f1a4042bfc1fb0e3d7fbbaa96e964841953ee8d3db420e074eb2a95c57b06f6059

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    adfcea723dbaf482602979f298053b6a

    SHA1

    6bf04eca9e95f47628b4126e5d3fe845c977126d

    SHA256

    757286b1448681213c2010f3d0fcdd4cf4a34f62c7c63c72558f2f8d6e0b40da

    SHA512

    77fd8f2c54ac8ffa99071598cb37d62fb317c4d529097d6cfe3e9f4d7a27831f071380b8256e0cc662517e2f43bbf30609c0d296498bc90c42a59cbedc866cbf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4ee143824e59db3503703f19590f081e

    SHA1

    c1b5e6f5f608a2165725187d479d8f9d77c95397

    SHA256

    7c5e65cdd7d18375d60b6f2d7a11e3e4efa43a37ffa39579bd22c5edb53edd39

    SHA512

    0098b6a45911759e28dc6cd969fdea5d8221afab33645561093057ae9e57a6f252e2c7f40257c4a2020f17e4732776c30a133b22de689d6688578af88ed8a1fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6a408b2ac6f0ca39fe52b93ecc7d97e3

    SHA1

    d57fb59003cde7629513fcd49a6ea81a462e1629

    SHA256

    49229da547848c49cefd5161c8b8b5cef3877530856b40a78c5ffcd616309895

    SHA512

    b700e447e93da62836365134f903fcaf155767b135d33574db3f1956d112530fae6b43042fbbfb5958480ed03d18bcdce37a76477ed063356ad313a344282431

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7781650e2a35f115cd881e3fb5bb753a

    SHA1

    681403d2cc149928df1f021a4786f0a1fc11dedf

    SHA256

    18f4200a5fbee676d408fb1485ea9b6a6884c0706cddef2af32259356982c2b2

    SHA512

    7a0f9befa4c3a38260c4a5c1cdea2f4e6ed76d79de4669af228112b5c7c5e47ffbc7003c9b2d3c643e19a3b66aa33dd9543c461ab0f3d69f12ad627d5c37ed65

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    68d16489862bbeb1159f9aca18d6f00f

    SHA1

    e3faf263b6c3372bbe9eee1d5ee218177d92306b

    SHA256

    146c5fe8388f9dbe3e0a2abd113141e5f997d87ca0febcfa12028b644cd16831

    SHA512

    f05f7e049b51b41a227a11fcc894a35d3f016b13bdc574c59e4c0e157b6fad1ec3d9636a26fa94f2731449e8cad5bf81ffef4484ff30b801605d8545957c3ffc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab52D4.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar5471.tmp
    Filesize

    183KB

    MD5

    109cab5505f5e065b63d01361467a83b

    SHA1

    4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

    SHA256

    ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

    SHA512

    753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

    Download Submit

  • C:\Windows\Temp\Cab99D1.tmp
    Filesize

    29KB

    MD5

    d59a6b36c5a94916241a3ead50222b6f

    SHA1

    e274e9486d318c383bc4b9812844ba56f0cff3c6

    SHA256

    a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53

    SHA512

    17012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489

    Download Submit

  • C:\Windows\Temp\Rockey4.inf
    Filesize

    3KB

    MD5

    3ce2e5aeef01fa93d94868953406856b

    SHA1

    10d56292d022f39d8ceefded624f8522f5bdccfd

    SHA256

    8cf87f05e75dd558eac842ea3eeda9cafe675d4c6d1eaa211c403b7de2e599cb

    SHA512

    ffeb48efa4254d11d398eb6197ec1a8c0ae398d0bd3dd1cd7d3f66fd8f8e252e726b8adcf651c6e2f2bd9a78023151ca2103349bb63f788aef306010f6f983fc

    Download Submit

  • C:\Windows\Temp\Rockey4.sys
    Filesize

    29KB

    MD5

    6b9b088f4921b5114f7916a1cfa90f51

    SHA1

    be3d21cf1a9eae23ff0464f2ee19d60891ba8777

    SHA256

    a3fbfe4c4c5195524107d1127e8165d53319f306e07647022a6557750f0b2c29

    SHA512

    961c9e56bb62098989d55a951da4b05db56d15ca26ca85f9413139f24ae3624056c33d16d711819f1cac97469fa456578fedcd30dde773d87523a29cb337a98d

    Download Submit

  • C:\Windows\Temp\Rockey4USB.sys
    Filesize

    20KB

    MD5

    a215e31da7fc0369e315132303582b5b

    SHA1

    3dbb87e75c01ad93845a6c90602bdcd49f5e1882

    SHA256

    a55c1b52240efb612b0771f35797f2aa68b249be7f7da930a0ee5d8212c7f7a7

    SHA512

    c5d132725c3f41357b517341a28220cf205cba4c49376908b03e8780c6c456db70724f48b3ce89f90edb9e865308a607a41db0571e8e871c503e0ff251ce76a2

    Download Submit

  • C:\Windows\Temp\Ry4CoInst.dll
    Filesize

    6KB

    MD5

    5d1e774106c240e330e7384f8bd2835c

    SHA1

    0e6bfc62067d52540eb84852eb1e160fb646e4d5

    SHA256

    fab2055534c54c8c8d3df3065a481fb8b2d1bc052c29ac500634ba63f32fea09

    SHA512

    48c4d2ac25e8e3f128201cc0503de7cdb952ad849fe760c112bf32ff0e9df96da16fa356ab99f64cb45eb3a4314fc3bfdc852e06a1263c4cd681c7b42b9df578

    Download Submit

  • C:\Windows\Temp\Tar9AED.tmp
    Filesize

    81KB

    MD5

    b13f51572f55a2d31ed9f266d581e9ea

    SHA1

    7eef3111b878e159e520f34410ad87adecf0ca92

    SHA256

    725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15

    SHA512

    f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c

    Download Submit

  • C:\Windows\Temp\rockey4.cat
    Filesize

    9KB

    MD5

    f5e17a72ecbe8f0556423e796124f785

    SHA1

    60b887c365c0541e0aa1518ac687bc3eb7e60a4c

    SHA256

    d0e390cbe3a1313d0b4348bfdc9da947616fc7dda4ecc414468b5f2151f5b60f

    SHA512

    4f85087d92b2b6494cb2a1d281c34bb72fa6bd9f31d3369aa9729ba12d320618836f2d25dc92dcec18b1c9cfa0f3977bff809d179a988ddacaf67acfe06ea9c4

    Download Submit

  • \Users\Admin\AppData\Local\Temp\2025-03-22_11440d40b4dcfc3cf8383f9097433bb8_amadey_icedid_ramnit_rhadamanthysSrv.exe
    Filesize

    55KB

    MD5

    ff5e1f27193ce51eec318714ef038bef

    SHA1

    b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

    SHA256

    fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

    SHA512

    c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

    Download Submit

  • \Windows\SysWOW64\InstDll.dll
    Filesize

    412KB

    MD5

    28777af4daf84f9ad4145f7105e02477

    SHA1

    f2100f4812007a253134d4e134e6208a78263a2c

    SHA256

    7e0f6280add4c6000d6bf548402e849b83047b960ad89be067ae87e4dc103b77

    SHA512

    543e81509693ed6b75f9dbce536ab15f1bcac5f1fc71646b53ac2bafd2af5859add9acf21b247719e2cf6d2974c3c8552a1fb2f13d3f3be428099fc62e62dcad

    Download Submit

  • memory/2736-17-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2736-26-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2736-23-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2736-22-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2736-24-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2776-0-0x0000000000400000-0x00000000005F5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2776-28-0x00000000002A0000-0x00000000002CE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2776-4-0x00000000002A0000-0x00000000002CE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2776-27-0x0000000000400000-0x00000000005F5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2848-9-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2848-10-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download