Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file

  • Size

    284KB

  • Sample

    220924-k5vjtaahe7

  • MD5

    3d0492f0857e7a2e15dc884323b657fb

  • SHA1

    b2413272c098d7375df6966df1331c321f248730

  • SHA256

    02da2dfdd0d4b519490efb199c400bb1131a63c1fe95800dae143e843c657ccc

  • SHA512

    0c9787f7395b02f36ddc3c13e472ac150fd4dbf1260a8780fc5b88cca9804a51f016cc665d4b60dac5f13d58c24c360ee486c8c04b97f0e9e00b196eb00f4542

  • SSDEEP

    3072:MChcnLjqQByPtac851hByEJl9LN93WrNkDPlt8lXDA86C61PepW3lS/AbfQBWFIB:MRLjQPtazyEJLLNVW+DPlmlX6Cwcob

Score
10/10
nymaimtrojan

Malware Config

Extracted

Family

nymaim

C2

208.67.104.97

85.31.46.167

Targets

    • Target

      file

    • Size

      284KB

    • MD5

      3d0492f0857e7a2e15dc884323b657fb

    • SHA1

      b2413272c098d7375df6966df1331c321f248730

    • SHA256

      02da2dfdd0d4b519490efb199c400bb1131a63c1fe95800dae143e843c657ccc

    • SHA512

      0c9787f7395b02f36ddc3c13e472ac150fd4dbf1260a8780fc5b88cca9804a51f016cc665d4b60dac5f13d58c24c360ee486c8c04b97f0e9e00b196eb00f4542

    • SSDEEP

      3072:MChcnLjqQByPtac851hByEJl9LN93WrNkDPlt8lXDA86C61PepW3lS/AbfQBWFIB:MRLjQPtazyEJLLNVW+DPlmlX6Cwcob

    Score
    10/10
    nymaimtrojan

    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

      trojannymaim

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks