Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    3.7MB

  • Sample

    221206-jcdvxsad3y

  • MD5

    b31a5624749d5ad40cb622fce2f36047

  • SHA1

    33073473cf03c8dbfa3a7abbaa01bba2bd06af09

  • SHA256

    614046c3410cd7f94a95008420a3b6ddc66b96ecf693644820461f0d50254e82

  • SHA512

    31f675c7b71e51d349c32c3eb6152d8d071936697dfc8f04f25079385278abb7db38cf92b461ef6b3a3d9bc780a2475c8d4b1380f96ecf1c7ac515057375f70f

  • SSDEEP

    98304:aDs2pEnN2Cm7rWM+/S9aU3vnbykVaXAglqs2UdWDiyne:QsIEnMCSCh/luPbtQA+JY2ye

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      3.7MB

    • MD5

      b31a5624749d5ad40cb622fce2f36047

    • SHA1

      33073473cf03c8dbfa3a7abbaa01bba2bd06af09

    • SHA256

      614046c3410cd7f94a95008420a3b6ddc66b96ecf693644820461f0d50254e82

    • SHA512

      31f675c7b71e51d349c32c3eb6152d8d071936697dfc8f04f25079385278abb7db38cf92b461ef6b3a3d9bc780a2475c8d4b1380f96ecf1c7ac515057375f70f

    • SSDEEP

      98304:aDs2pEnN2Cm7rWM+/S9aU3vnbykVaXAglqs2UdWDiyne:QsIEnMCSCh/luPbtQA+JY2ye

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks