Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    2.9MB

  • Sample

    221104-nmpsdsefg8

  • MD5

    01d6e9421896e8763e89bebbc75865b4

  • SHA1

    bdf5625dc7e94e0845c1b2aed08184ae9389099c

  • SHA256

    05d039aca24c564f72119b2ebc8b81827a98094bafb248a088d0406a10ed7aa3

  • SHA512

    97b2832470f0f11a75162718b7f46f71ab1802e36afb78d1be4bee17508f07c65f05e40e3a1fd5423451a80a1630c75d0ec2f8f9848b5991613f884e8e096b7f

  • SSDEEP

    49152:Z2S1A8Q/jxC8GPXJYdOFfLvI3vsNAZyykq7uSboCCzenB9wRdMM18/q16+Tm9v3D:MSi8Q/9C8mzFfTfNAZS1SoA9w7OqU+aT

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.9MB

    • MD5

      01d6e9421896e8763e89bebbc75865b4

    • SHA1

      bdf5625dc7e94e0845c1b2aed08184ae9389099c

    • SHA256

      05d039aca24c564f72119b2ebc8b81827a98094bafb248a088d0406a10ed7aa3

    • SHA512

      97b2832470f0f11a75162718b7f46f71ab1802e36afb78d1be4bee17508f07c65f05e40e3a1fd5423451a80a1630c75d0ec2f8f9848b5991613f884e8e096b7f

    • SSDEEP

      49152:Z2S1A8Q/jxC8GPXJYdOFfLvI3vsNAZyykq7uSboCCzenB9wRdMM18/q16+Tm9v3D:MSi8Q/9C8mzFfTfNAZS1SoA9w7OqU+aT

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks