Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    275KB

  • Sample

    220923-2dmtbsbebm

  • MD5

    795c64cb86bb41b400ef54d253b0ea89

  • SHA1

    c467e9b37e8554e9a8882d3eb1e2796bf387412f

  • SHA256

    2f45b8aae288b3abbbb7ed8d9ecfa3ae435920d295480b537e2fd6a00a144d21

  • SHA512

    3f0581fe8cb910eafe58bb75cc09014955d810fb80255337eac6437e80ed6021397ba04016743f1d295e0c5b3739e4c6564635fedb56b0892a5074868420e083

  • SSDEEP

    3072:z+M8SsL6u3IIE75ixwGsvn9rT7sUnWThyILYSxRbBJAD7LFsylNoChrXOBfeE/P:0L7E41svhT7s0WYI9xRb+7maoCdXKe

Score
10/10
nymaimtrojan

Malware Config

Extracted

Family

nymaim

C2

208.67.104.97

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      275KB

    • MD5

      795c64cb86bb41b400ef54d253b0ea89

    • SHA1

      c467e9b37e8554e9a8882d3eb1e2796bf387412f

    • SHA256

      2f45b8aae288b3abbbb7ed8d9ecfa3ae435920d295480b537e2fd6a00a144d21

    • SHA512

      3f0581fe8cb910eafe58bb75cc09014955d810fb80255337eac6437e80ed6021397ba04016743f1d295e0c5b3739e4c6564635fedb56b0892a5074868420e083

    • SSDEEP

      3072:z+M8SsL6u3IIE75ixwGsvn9rT7sUnWThyILYSxRbBJAD7LFsylNoChrXOBfeE/P:0L7E41svhT7s0WYI9xRb+7maoCdXKe

    Score
    10/10
    nymaimtrojan

    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

      trojannymaim

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks