Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file

  • Size

    233KB

  • Sample

    221006-dg8yzagdfl

  • MD5

    ccd6d61afefa2537852078ec885c1347

  • SHA1

    edc0ca9b0899a73cfe60d257546a94ed4d52925d

  • SHA256

    5de800d4d3d6e34f79664306615eab7d3db7d25a232747b05c745cc3499fc138

  • SHA512

    3bd8760f1b06c522ec460960d043183968fd39ea2c7ab4ed8766d0ebdf278d7b1593cafd74b0c8e65652c53f0a5c3b054d2f249261f141767eb57d5790f9f44c

  • SSDEEP

    3072:fRprnKCiphfMBAqDGMPPd0JASOOfwVbH2HYopr6pSpRkgqnzJEH4fjpO:JQCig+MPPdIASOOfwVb6Gsdqn+H47p

Score
10/10
nymaimtrojan

Malware Config

Extracted

Family

nymaim

C2

208.67.104.97

85.31.46.167

Targets

    • Target

      file

    • Size

      233KB

    • MD5

      ccd6d61afefa2537852078ec885c1347

    • SHA1

      edc0ca9b0899a73cfe60d257546a94ed4d52925d

    • SHA256

      5de800d4d3d6e34f79664306615eab7d3db7d25a232747b05c745cc3499fc138

    • SHA512

      3bd8760f1b06c522ec460960d043183968fd39ea2c7ab4ed8766d0ebdf278d7b1593cafd74b0c8e65652c53f0a5c3b054d2f249261f141767eb57d5790f9f44c

    • SSDEEP

      3072:fRprnKCiphfMBAqDGMPPd0JASOOfwVbH2HYopr6pSpRkgqnzJEH4fjpO:JQCig+MPPdIASOOfwVb6Gsdqn+H47p

    Score
    10/10
    nymaimtrojan

    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

      trojannymaim

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks