Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d40e885372f07f3cb35ebbc99ac3dbba5d0f34c6ad58d461dbf37505be04d67d.exe

  • Size

    2.5MB

  • Sample

    221104-vt9jpshbb8

  • MD5

    0b574da38976aa6e63c774d3dd07af18

  • SHA1

    1550f2775795e0f1eefcb431fc1651be8c17375e

  • SHA256

    d40e885372f07f3cb35ebbc99ac3dbba5d0f34c6ad58d461dbf37505be04d67d

  • SHA512

    14744f9d075e5509780dc318607c90bc6b36c9cf2f9b0c5d62bd15f49746e01db90339b9d622093a72d4b96e14452901a6dca0ed39a779fd0bec3b8137418134

  • SSDEEP

    49152:Z2ymeb9E9Rhh6Nxil9cw7lvSK+3Um/2F496Zix1ONApK3t9+U5in8zA5hq:MGUfq2dlK3UBFC6QpKv+UwzDq

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      d40e885372f07f3cb35ebbc99ac3dbba5d0f34c6ad58d461dbf37505be04d67d.exe

    • Size

      2.5MB

    • MD5

      0b574da38976aa6e63c774d3dd07af18

    • SHA1

      1550f2775795e0f1eefcb431fc1651be8c17375e

    • SHA256

      d40e885372f07f3cb35ebbc99ac3dbba5d0f34c6ad58d461dbf37505be04d67d

    • SHA512

      14744f9d075e5509780dc318607c90bc6b36c9cf2f9b0c5d62bd15f49746e01db90339b9d622093a72d4b96e14452901a6dca0ed39a779fd0bec3b8137418134

    • SSDEEP

      49152:Z2ymeb9E9Rhh6Nxil9cw7lvSK+3Um/2F496Zix1ONApK3t9+U5in8zA5hq:MGUfq2dlK3UBFC6QpKv+UwzDq

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks