Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    2.4MB

  • Sample

    221030-ebmdfsbghn

  • MD5

    4c11b9e111f2446b24c2521ce5ce21f8

  • SHA1

    0c9e990bdb6fcf644e22b49b7609a49590df6050

  • SHA256

    bc1a565d38179945379a88be3c1124090e72db026260b97290b21ab4b970caed

  • SHA512

    c70999c401398a2d76898927617705bd4acba65aed81d1aff17bb17ea3b2e91bdae1dcffac0ab0945d384c3568be2515b8964f9a6abb4a40ad1de85a3a636647

  • SSDEEP

    49152:Z2bcilxlTK5WAwoCf14oyYNkAzQ1QHH1pB4thzOYzxrzQjrlA5hq:MYMDdpboQ7qhzzVr8eDq

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.4MB

    • MD5

      4c11b9e111f2446b24c2521ce5ce21f8

    • SHA1

      0c9e990bdb6fcf644e22b49b7609a49590df6050

    • SHA256

      bc1a565d38179945379a88be3c1124090e72db026260b97290b21ab4b970caed

    • SHA512

      c70999c401398a2d76898927617705bd4acba65aed81d1aff17bb17ea3b2e91bdae1dcffac0ab0945d384c3568be2515b8964f9a6abb4a40ad1de85a3a636647

    • SSDEEP

      49152:Z2bcilxlTK5WAwoCf14oyYNkAzQ1QHH1pB4thzOYzxrzQjrlA5hq:MYMDdpboQ7qhzzVr8eDq

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks