Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    2.5MB

  • Sample

    221102-yan1fadgfn

  • MD5

    a530d5d39b6ce0d2482976be86658ee7

  • SHA1

    bc479b3e87ceeb82299d0aa96adaf897d886e201

  • SHA256

    bbf64d0a989e32b724b7eb4c43fbb037ebd2ed8b04aef5a3516b61e87de379fb

  • SHA512

    45d23a559402eadeaf0013fc10890ffc65a06752252a5d59995405928b4faa9a23099a8771332fccb8ac211e6be01507acd035a7a2451dd4b92b6c63e65762e5

  • SSDEEP

    49152:Z2aFCDWL7WvD1jRySgK1LLhnfUvDCqdstyKpQD0lZl1BtPR4FBnDyA5hq:McCD7vD1dgWZ4ReyKH1rROBtDq

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.5MB

    • MD5

      a530d5d39b6ce0d2482976be86658ee7

    • SHA1

      bc479b3e87ceeb82299d0aa96adaf897d886e201

    • SHA256

      bbf64d0a989e32b724b7eb4c43fbb037ebd2ed8b04aef5a3516b61e87de379fb

    • SHA512

      45d23a559402eadeaf0013fc10890ffc65a06752252a5d59995405928b4faa9a23099a8771332fccb8ac211e6be01507acd035a7a2451dd4b92b6c63e65762e5

    • SSDEEP

      49152:Z2aFCDWL7WvD1jRySgK1LLhnfUvDCqdstyKpQD0lZl1BtPR4FBnDyA5hq:McCD7vD1dgWZ4ReyKH1rROBtDq

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks