nymaim | 7d9b576a5a36115ac8e26b4da929062e7093a558d49a865789d68e848320aa31

General

Target

7d9b576a5a36115ac8e26b4da929062e7093a558d49a865789d68e848320aa31.exe
Size

345KB
MD5

d629e05a5c824d1b0d103832aaa7d018
SHA1

0278385611038ad4468ed265d12d731f1ca0dbe1
SHA256

7d9b576a5a36115ac8e26b4da929062e7093a558d49a865789d68e848320aa31
SHA512

2918f41114195eaad57dda249558529a9ae3195e9ea87704109918a22d081c05820e62b63767da46d1873d671228d76aea934fc7530338f17d2f7e36756fefca

Score

10^/10

nymaim trojan

Malware Config

Extracted

Family

nymaim

C2

45.141.237.3

31.210.20.149

212.192.241.16

Signatures

NyMaim
NyMaim is a malware with various capabilities written in C++ and first seen in 2013.
trojan nymaim
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 9 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
3568	4012	WerFault.exe	7d9b576a5a36115ac8e26b4da929062e7093a558d49a865789d68e848320aa31.exe
2552	4012	WerFault.exe	7d9b576a5a36115ac8e26b4da929062e7093a558d49a865789d68e848320aa31.exe
1844	4012	WerFault.exe	7d9b576a5a36115ac8e26b4da929062e7093a558d49a865789d68e848320aa31.exe
1288	4012	WerFault.exe	7d9b576a5a36115ac8e26b4da929062e7093a558d49a865789d68e848320aa31.exe
1096	4012	WerFault.exe	7d9b576a5a36115ac8e26b4da929062e7093a558d49a865789d68e848320aa31.exe
1564	4012	WerFault.exe	7d9b576a5a36115ac8e26b4da929062e7093a558d49a865789d68e848320aa31.exe
1804	4012	WerFault.exe	7d9b576a5a36115ac8e26b4da929062e7093a558d49a865789d68e848320aa31.exe
3832	4012	WerFault.exe	7d9b576a5a36115ac8e26b4da929062e7093a558d49a865789d68e848320aa31.exe
748	4012	WerFault.exe	7d9b576a5a36115ac8e26b4da929062e7093a558d49a865789d68e848320aa31.exe

C:\Users\Admin\AppData\Local\Temp\7d9b576a5a36115ac8e26b4da929062e7093a558d49a865789d68e848320aa31.exe
"C:\Users\Admin\AppData\Local\Temp\7d9b576a5a36115ac8e26b4da929062e7093a558d49a865789d68e848320aa31.exe"
1⤵
PID:4012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 528
2⤵
- Program crash
PID:3568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 792
2⤵
- Program crash
PID:2552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 852
2⤵
- Program crash
PID:1844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 904
2⤵
- Program crash
PID:1288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 980
2⤵
- Program crash
PID:1096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 1020
2⤵
- Program crash
PID:1564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 1144
2⤵
- Program crash
PID:1804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 1156
2⤵
- Program crash
PID:3832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 1264
2⤵
- Program crash
PID:748

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4012-118-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-119-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-120-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-121-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-122-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-123-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-124-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-125-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-126-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-127-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-128-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-129-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-130-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-131-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-132-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-133-0x0000000000B26000-0x0000000000B4C000-memory.dmp

Filesize
152KB

Download
memory/4012-134-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-135-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-136-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-137-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-138-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-139-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-140-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-141-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-142-0x0000000000A90000-0x0000000000B3E000-memory.dmp

Filesize
696KB

Download
memory/4012-143-0x00000000027C0000-0x00000000027FF000-memory.dmp

Filesize
252KB

Download
memory/4012-144-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-145-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-146-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-147-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-148-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-149-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-150-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-151-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-152-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-153-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-154-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-155-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-156-0x0000000000400000-0x0000000000A88000-memory.dmp

Filesize
6.5MB

Download
memory/4012-157-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-158-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-159-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-160-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-161-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-162-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-163-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-164-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-165-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-166-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-167-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-168-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-169-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-170-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-171-0x0000000077490000-0x000000007761E000-memory.dmp

Filesize
1.6MB

Download
memory/4012-172-0x0000000000A90000-0x0000000000B3E000-memory.dmp

Filesize
696KB

Download
memory/4012-173-0x00000000027C0000-0x00000000027FF000-memory.dmp

Filesize
252KB

Download
memory/4012-174-0x0000000000400000-0x0000000000A88000-memory.dmp

Filesize
6.5MB

Download

Analysis

Sharing