nymaim | aaf573b8c0de4337f0416878559ee18859fb41b58260f3704fabab0a3f653689

Analysis

max time kernel
136s
max time network
149s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 17:24

Target

6ae647b0e27a20007005e3d30e1539cb.exe
Size

352KB
MD5

6ae647b0e27a20007005e3d30e1539cb
SHA1

8874e02b962643da153321f207b68c38f5fca440
SHA256

aaf573b8c0de4337f0416878559ee18859fb41b58260f3704fabab0a3f653689
SHA512

4e7e27cbdcf43fb6345a4fa8b0aa4097bbd6e7efca23fe8b43da39ddd894c148b25bdaf25727ca31b8e9646caf35dfe1b8019bb8044b3b6a5601f78dcc0f1b24
SSDEEP

6144:NVVKuAL7qAqXbdKWNY352uo2adWHiBWsAgRPkt/ZEYuzbgwuawVf:NDKRfqvLNNY352uo6CBDZktBvunn

Score

10^/10

nymaim trojan

Family

nymaim

208.67.104.97

85.31.46.167

NyMaim
NyMaim is a malware with various capabilities written in C++ and first seen in 2013.
trojan nymaim

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1280	6ae647b0e27a20007005e3d30e1539cb.exe

C:\Users\Admin\AppData\Local\Temp\6ae647b0e27a20007005e3d30e1539cb.exe
"C:\Users\Admin\AppData\Local\Temp\6ae647b0e27a20007005e3d30e1539cb.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:1280

memory/1280-54-0x0000000075601000-0x0000000075603000-memory.dmp

Filesize
8KB

Download
memory/1280-56-0x0000000000250000-0x000000000028F000-memory.dmp

Filesize
252KB

Download
memory/1280-55-0x00000000005FC000-0x0000000000622000-memory.dmp

Filesize
152KB

Download
memory/1280-57-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download
memory/1280-58-0x00000000005FC000-0x0000000000622000-memory.dmp

Filesize
152KB

Download
memory/1280-59-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download