Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    1.2MB

  • Sample

    221124-bxdfwsdc8v

  • MD5

    6160873f40577e48246558b10ab40395

  • SHA1

    e6f652e10360142635df490a01d9f28ee5d639c1

  • SHA256

    a193466d36b1797b5397927bbbabbb4ac219263f52a7d204532163eaa6425101

  • SHA512

    575570f55cad1d0ebd30ce963bfd4fd3fa93774948747b3afa7d70e1f3af1c2740e1052d5f9c66b71d4c81e27c8aece83914b38076bb30f4c2e75717156fc962

  • SSDEEP

    24576:RizuC7C/43xeuW7Wo0gyS+Tz/XCo0x41+tv1NHPZySa4igZIY7eCLxYiL:6uQ8C3Magr+TGvLZzNeViL

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.2MB

    • MD5

      6160873f40577e48246558b10ab40395

    • SHA1

      e6f652e10360142635df490a01d9f28ee5d639c1

    • SHA256

      a193466d36b1797b5397927bbbabbb4ac219263f52a7d204532163eaa6425101

    • SHA512

      575570f55cad1d0ebd30ce963bfd4fd3fa93774948747b3afa7d70e1f3af1c2740e1052d5f9c66b71d4c81e27c8aece83914b38076bb30f4c2e75717156fc962

    • SSDEEP

      24576:RizuC7C/43xeuW7Wo0gyS+Tz/XCo0x41+tv1NHPZySa4igZIY7eCLxYiL:6uQ8C3Magr+TGvLZzNeViL

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks