nymaim | b000347178c5645b8691fe97b3fab986fbac71012f2645898b7d6b315df41fea

Analysis

max time kernel
146s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2022, 00:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

340KB
MD5

c983bb337a13c4ef7fcf53519f730b45
SHA1

9481397fc3d2ec0f21dda2dc71bc71a446297967
SHA256

b000347178c5645b8691fe97b3fab986fbac71012f2645898b7d6b315df41fea
SHA512

3664e9a823fa2b4c6c1497fd1ecf830b14f8d14e821af82f7435c04aadca8be1ef54c933d9ebec99fc8332b101f3c5f7e6a062541f17184f980c8bd202c3a65b
SSDEEP

6144:IshwMLLKwLBt4hrddwm9djG70BXwFAmq9UzCh2/rONkfOR8Bqp:IshwMvLL49dLD6gBXAFqmzeNi3U

Score

10^/10

nymaim trojan

Malware Config

Extracted

Family

nymaim

208.67.104.97

85.31.46.167

Signatures

NyMaim
NyMaim is a malware with various capabilities written in C++ and first seen in 2013.
trojan nymaim

Program crash 7 IoCs

pid	pid_target	Process	procid_target
4224	3036	WerFault.exe	81
4956	3036	WerFault.exe	81
60	3036	WerFault.exe	81
3112	3036	WerFault.exe	81
756	3036	WerFault.exe	81
2064	3036	WerFault.exe	81
1304	3036	WerFault.exe	81

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3036	file.exe

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:3036
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 792
  2⤵
  - Program crash
  PID:4224
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 804
  2⤵
  - Program crash
  PID:4956
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 792
  2⤵
  - Program crash
  PID:60
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 804
  2⤵
  - Program crash
  PID:3112
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 948
  2⤵
  - Program crash
  PID:756
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 952
  2⤵
  - Program crash
  PID:2064
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 796
  2⤵
  - Program crash
  PID:1304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3036 -ip 3036
1⤵
PID:2960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 3036 -ip 3036
1⤵
PID:2204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 3036 -ip 3036
1⤵
PID:3064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3036 -ip 3036
1⤵
PID:1276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 3036 -ip 3036
1⤵
PID:1072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 3036 -ip 3036
1⤵
PID:3396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3036 -ip 3036
1⤵
PID:4924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 3036 -ip 3036
1⤵
PID:64

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3036-133-0x0000000000710000-0x0000000000763000-memory.dmp

Filesize
332KB

Download
memory/3036-132-0x00000000007BD000-0x00000000007EE000-memory.dmp

Filesize
196KB

Download
memory/3036-134-0x0000000000400000-0x00000000005B3000-memory.dmp

Filesize
1.7MB

Download
memory/3036-135-0x00000000007BD000-0x00000000007EE000-memory.dmp

Filesize
196KB

Download
memory/3036-136-0x0000000000710000-0x0000000000763000-memory.dmp

Filesize
332KB

Download
memory/3036-137-0x0000000000400000-0x00000000005B3000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads