Overview

overview

10

Static

static

setup.exe

windows10-1703-x64

10

setup.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/10/2022, 20:17

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    setup.exe

  • Size

    404KB

  • MD5

    06ea63090cfae8790783a50ce37267a0

  • SHA1

    dab9e846f8933328574d3c4eb34523a87101faee

  • SHA256

    40ff4949854e9668207abbae374cc429001191a3980707a49bae807a3b3066b5

  • SHA512

    8f5d0e367c8594adc99eaea963164d13ab68a91a9bc9e80b712959f8abedca1dc292e3f3a64dd973d8369689c07fd862839960cb2e9487be01de748edf2b91f5

  • SSDEEP

    12288:Yap32Ivj1QEHlxAfq2vimKrJ8uU3Ykt6d:Vp32Ivp7Afq2vimKN8lYv

Score
10/10
nymaimtrojan

Malware Config

Extracted

Family

nymaim

C2

208.67.104.97

85.31.46.167

Signatures

  • NyMaim

    NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    trojannymaim
  • Program crash 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\setup.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    PID:3584
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 620
      2⤵
      • Program crash
      PID:4848
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 888
      2⤵
      • Program crash
      PID:3868
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 904
      2⤵
      • Program crash
      PID:1496
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 904
      2⤵
      • Program crash
      PID:3496
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 888
      2⤵
      • Program crash
      PID:116
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 1048
      2⤵
      • Program crash
      PID:3652
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 1052
      2⤵
      • Program crash
      PID:2900
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 1204
      2⤵
      • Program crash
      PID:3044
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 892
      2⤵
      • Program crash
      PID:3620
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3584 -ip 3584
    1⤵
      PID:5052
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 3584 -ip 3584
      1⤵
        PID:4152
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 3584 -ip 3584
        1⤵
          PID:5072
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3584 -ip 3584
          1⤵
            PID:2612
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3584 -ip 3584
            1⤵
              PID:220
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 3584 -ip 3584
              1⤵
                PID:4388
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 3584 -ip 3584
                1⤵
                  PID:4632
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 3584 -ip 3584
                  1⤵
                    PID:2316
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3584 -ip 3584
                    1⤵
                      PID:4464

                    Network

                          MITRE ATT&CK Matrix

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • memory/3584-132-0x0000000000607000-0x0000000000638000-memory.dmp

                            Filesize

                            196KB

                            Download

                          • memory/3584-133-0x0000000001EE0000-0x0000000001F33000-memory.dmp

                            Filesize

                            332KB

                            Download

                          • memory/3584-134-0x0000000000400000-0x000000000046A000-memory.dmp

                            Filesize

                            424KB

                            Download

                          • memory/3584-135-0x0000000000607000-0x0000000000638000-memory.dmp

                            Filesize

                            196KB

                            Download

                          • memory/3584-136-0x0000000000400000-0x000000000046A000-memory.dmp

                            Filesize

                            424KB

                            Download