Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    3.7MB

  • Sample

    221205-l3cfwsdb4w

  • MD5

    e7fa81fb245b3897eadc1724cf439b7b

  • SHA1

    375b87cfeb71f8dbddcfa2169710add49501841c

  • SHA256

    e3a84dfbb3c7738d7cd178852094b341df4382c8dd180764f8be572b5d6bc734

  • SHA512

    7f1e4dc3df3fe3ba4f7d3bbd22810ae9a0e6bfd036129c8dc23e4ad6501061ef2d615b22983b8d280be1131aaa8443502f90b1afc73b2a60c1fc93dc309cc218

  • SSDEEP

    98304:w8UnghPfNuP37lWLb5Uq3WYE4BTH/wbRjcY/5:wgRfNu46q3b7TQRjcY/5

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      3.7MB

    • MD5

      e7fa81fb245b3897eadc1724cf439b7b

    • SHA1

      375b87cfeb71f8dbddcfa2169710add49501841c

    • SHA256

      e3a84dfbb3c7738d7cd178852094b341df4382c8dd180764f8be572b5d6bc734

    • SHA512

      7f1e4dc3df3fe3ba4f7d3bbd22810ae9a0e6bfd036129c8dc23e4ad6501061ef2d615b22983b8d280be1131aaa8443502f90b1afc73b2a60c1fc93dc309cc218

    • SSDEEP

      98304:w8UnghPfNuP37lWLb5Uq3WYE4BTH/wbRjcY/5:wgRfNu46q3b7TQRjcY/5

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks