Report - rammichael.com/downloads/7tt

Report Overview

Visitedpublic

2025-04-03 16:10:56

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
rammichael.com	379267	2007-04-07	2012-07-25	2025-03-29	506 B	1.9 MB	35.239.72.72
ramensoftware.com	unknown	2021-04-11	2021-12-04	2025-03-31	536 B	1.9 MB	104.21.74.253

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

ramensoftware.com/wp-content/uploads/downloads/2025/03/7tt_setup.exe

IP / ASN

104.21.74.253

#13335 CLOUDFLARENET

File Overview

File TypePE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections

Size1.9 MB (1863136 bytes)

MD598db6bcf822e87d93db98b3e5a739fb8

SHA1284aee2c4703e56535a4d07d074d3c6967bd2566

SHA2560e5e335f954dfa71b3393981741c1f9c2759bb13cc803d50d58f66dd81977aeb

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/72

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

GET rammichael.com/downloads/7tt_setup.exe

35.239.72.72

302 Found

1.9 MB

URL

rammichael.com/downloads/7tt_setup.exe

IP / ASN

35.239.72.72

#396982 GOOGLE-CLOUD-PLATFORM

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605970

Size1.9 MB (1863136 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectrammichael.com

Fingerprint32:90:A4:39:A4:7B:44:FF:92:CE:15:8C:71:65:CA:8E:41:64:77:0A

ValidityThu, 06 Feb 2025 06:38:50 GMT - Wed, 07 May 2025 06:38:49 GMT

HTTP Headers

GET /downloads/7tt_setup.exe HTTP/1.1
Host: rammichael.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Thu, 03 Apr 2025 16:10:34 GMT
Server: Apache/2.4.41 (Ubuntu)
Location: https://ramensoftware.com/wp-content/uploads/downloads/2025/03/7tt_setup.exe
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET ramensoftware.com/wp-content/uploads/downloads/2025/03/7tt_setup.exe

104.21.74.253

200 OK

1.9 MB

URL

ramensoftware.com/wp-content/uploads/downloads/2025/03/7tt_setup.exe

IP / ASN

104.21.74.253

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections

First Seen2025-04-03

Last Seen2025-04-27

Times Seen2

Size1.9 MB (1863136 bytes)

MD598db6bcf822e87d93db98b3e5a739fb8

SHA1284aee2c4703e56535a4d07d074d3c6967bd2566

SHA2560e5e335f954dfa71b3393981741c1f9c2759bb13cc803d50d58f66dd81977aeb

Certificate Info

IssuerGoogle Trust Services

Subjectramensoftware.com

FingerprintF1:3E:21:16:6A:8C:A2:31:22:C9:F3:C0:C4:E0:13:97:CC:0F:82:8B

ValiditySun, 23 Mar 2025 04:55:01 GMT - Sat, 21 Jun 2025 05:52:45 GMT

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/72

HTTP Headers

GET /wp-content/uploads/downloads/2025/03/7tt_setup.exe HTTP/1.1
Host: ramensoftware.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 03 Apr 2025 16:10:34 GMT
content-type: application/x-msdos-program
content-length: 1863136
last-modified: Sun, 02 Mar 2025 11:43:15 GMT
etag: "1c6de0-62f5a8b9829ff"
accept-ranges: bytes
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qMHqzXZ0D1KADhND%2B%2F%2FWS7V%2B64umWbqPrWDyvYMKKrJDdsrzBgp20Z7ty66AliT9S9kTXkLspqD1XylsUkHHMsOg6GdvNTrS%2B5qvAmteMDB7SpML5RBLdPNZqxkkH0xJvaKLSw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92a9d63d6d195691-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=6110&min_rtt=634&rtt_var=10756&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3291&recv_bytes=1291&delivery_rate=5233734&cwnd=254&unsent_bytes=0&cid=31ffe7d83c35f291&ts=488&x=0"
X-Firefox-Spdy: h2