Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    233KB

  • Sample

    221001-gwfshsfed4

  • MD5

    dd237b2a867f583cfb1d28680de4b270

  • SHA1

    92857237c3b520ad24940784c54830c79e891e88

  • SHA256

    084ae7065e16af47442376b693822c3e158f451c4e8ff6717a32b4769c67b0f8

  • SHA512

    8411185cc72dc1a6f244f3aac9fc33913805c8c14f721ede81fc218d568769eea52ad6791c1ed5aea1ba6a24d9a251a525a8e28fab4e27318234bea359820538

  • SSDEEP

    3072:MsoUeNegfPRAfLRc/OJfmiV6H83ayvo+GaEU4BqItVW9Kgzi2VI32lXS/:wQgA6qbVv3aDUEUutVW9Ke2eXS/

Score
10/10
nymaimtrojan

Malware Config

Extracted

Family

nymaim

C2

208.67.104.97

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      233KB

    • MD5

      dd237b2a867f583cfb1d28680de4b270

    • SHA1

      92857237c3b520ad24940784c54830c79e891e88

    • SHA256

      084ae7065e16af47442376b693822c3e158f451c4e8ff6717a32b4769c67b0f8

    • SHA512

      8411185cc72dc1a6f244f3aac9fc33913805c8c14f721ede81fc218d568769eea52ad6791c1ed5aea1ba6a24d9a251a525a8e28fab4e27318234bea359820538

    • SSDEEP

      3072:MsoUeNegfPRAfLRc/OJfmiV6H83ayvo+GaEU4BqItVW9Kgzi2VI32lXS/:wQgA6qbVv3aDUEUutVW9Ke2eXS/

    Score
    10/10
    nymaimtrojan

    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

      trojannymaim

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks