Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    367KB

  • Sample

    221005-pgln8aeedj

  • MD5

    d465834946d95c701ae1fddd8deddd5c

  • SHA1

    69f3b9367326f3b18aa91cf5e204d7e5d38fabb5

  • SHA256

    e033f064dd36020f20138bbda42ea90096562216230e1d393edc7d588668efb9

  • SHA512

    89d50618ddcd7d1403905507826b606d8ddb811c69a5355adfb8b9cabf1006b3c96665320e95011213dcec7596715393bf55a891f195ead3a9de67696a7e59be

  • SSDEEP

    6144:sz7kqjLTCNIpwVdHGX26viuSHW6W8S+EsOop6Tuzbgwu+kwVfU:szQqj3CNIeVd1H59lZuunn5s

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

208.67.104.97

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      367KB

    • MD5

      d465834946d95c701ae1fddd8deddd5c

    • SHA1

      69f3b9367326f3b18aa91cf5e204d7e5d38fabb5

    • SHA256

      e033f064dd36020f20138bbda42ea90096562216230e1d393edc7d588668efb9

    • SHA512

      89d50618ddcd7d1403905507826b606d8ddb811c69a5355adfb8b9cabf1006b3c96665320e95011213dcec7596715393bf55a891f195ead3a9de67696a7e59be

    • SSDEEP

      6144:sz7kqjLTCNIpwVdHGX26viuSHW6W8S+EsOop6Tuzbgwu+kwVfU:szQqj3CNIeVd1H59lZuunn5s

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

MITRE ATT&CK Enterprise v6

Tasks