Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    233KB

  • Sample

    220930-27dshsgbam

  • MD5

    66434467c3e517ff2b658695389ad049

  • SHA1

    f057b1e4617eaccb9b10c41f1c5684f577df2a77

  • SHA256

    7875a44f2882e5189ee7a3196bca5384fa63f7a5d157432dcc0e289df76e50f6

  • SHA512

    58728baf12ee29af0a666bff19a2750e7153b641ace00681c133f61bc7af959cac5e84d227f7f9ecd18c1a04843cb2fbe88965fe4977fb8f0cc613bd8f4c3055

  • SSDEEP

    3072:7IAUyweDLPRt0dxETp67eptLMuf4P27lhHnAdnwOx1Tm2whPTm1w/a8K+YdAFd:+eD3dCIQV2BhHnAdwOxohPow/CAFd

Score
10/10
nymaimtrojan

Malware Config

Extracted

Family

nymaim

C2

208.67.104.97

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      233KB

    • MD5

      66434467c3e517ff2b658695389ad049

    • SHA1

      f057b1e4617eaccb9b10c41f1c5684f577df2a77

    • SHA256

      7875a44f2882e5189ee7a3196bca5384fa63f7a5d157432dcc0e289df76e50f6

    • SHA512

      58728baf12ee29af0a666bff19a2750e7153b641ace00681c133f61bc7af959cac5e84d227f7f9ecd18c1a04843cb2fbe88965fe4977fb8f0cc613bd8f4c3055

    • SSDEEP

      3072:7IAUyweDLPRt0dxETp67eptLMuf4P27lhHnAdnwOx1Tm2whPTm1w/a8K+YdAFd:+eD3dCIQV2BhHnAdwOxohPow/CAFd

    Score
    10/10
    nymaimtrojan

    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

      trojannymaim

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks