Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    130s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    12/05/2022, 16:39 UTC

General

  • Target

    ravmimail.exe

  • Size

    83KB

  • MD5

    770a0e86d4aaf01b05cc5ad5f65be323

  • SHA1

    e2502cf0bdf5274f6a38e72503490fdf4603ec8b

  • SHA256

    452d11af13fc17cfeac79c65d1fa0745b7ccde4f5470080c7fc5aae3b91d3471

  • SHA512

    acbfd84b57194493bcc1a3c067b0124f53dbe859b2afd2e894cdf3b8860114b92809bae3cb925592f11f05d0b86e6374eb9b20f733ab61fe8be444032af19e08

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ravmimail.exe
    "C:\Users\Admin\AppData\Local\Temp\ravmimail.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3560

Network

  • flag-us
    DNS
    106.89.54.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    106.89.54.20.in-addr.arpa
    IN PTR
    Response
  • 8.238.21.126:80
    322 B
    7
  • 93.184.220.29:80
    322 B
    7
  • 52.178.17.2:443
    322 B
    7
  • 104.110.191.140:80
    322 B
    7
  • 104.110.191.140:80
    322 B
    7
  • 104.110.191.140:80
    322 B
    7
  • 2.16.119.157:443
    tls
    92 B
    111 B
    2
    2
  • 2.16.119.157:443
    tls
    230 B
    293 B
    5
    5
  • 8.8.8.8:53
    106.89.54.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    106.89.54.20.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.