Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
130s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
12/05/2022, 16:39 UTC
General
-
Target
ravmimail.exe
-
Size
83KB
-
MD5
770a0e86d4aaf01b05cc5ad5f65be323
-
SHA1
e2502cf0bdf5274f6a38e72503490fdf4603ec8b
-
SHA256
452d11af13fc17cfeac79c65d1fa0745b7ccde4f5470080c7fc5aae3b91d3471
-
SHA512
acbfd84b57194493bcc1a3c067b0124f53dbe859b2afd2e894cdf3b8860114b92809bae3cb925592f11f05d0b86e6374eb9b20f733ab61fe8be444032af19e08
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ravmimail.exe"C:\Users\Admin\AppData\Local\Temp\ravmimail.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
-
DNS106.89.54.20.in-addr.arpaRemote address:8.8.8.8:53Request106.89.54.20.in-addr.arpaIN PTRResponse
-
8.238.21.126:80 -
93.184.220.29:80
-
52.178.17.2:443
-
104.110.191.140:80
-
104.110.191.140:80
-
104.110.191.140:80
-
2.16.119.157:443tls -
2.16.119.157:443tls
-
8.8.8.8:53106.89.54.20.in-addr.arpadns
DNS Request
106.89.54.20.in-addr.arpa