Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    32d0cb38965478a627d55420c97c6bc4ac69e0a7bdf010ddc2991f23c6e72cf5.exe

  • Size

    2.3MB

  • Sample

    221219-2ds1cabd6t

  • MD5

    1ccf89699954b4eeb912215a74f2e569

  • SHA1

    f2fc990392503a4acabce5829a1bbbd4c343449a

  • SHA256

    32d0cb38965478a627d55420c97c6bc4ac69e0a7bdf010ddc2991f23c6e72cf5

  • SHA512

    2bbbe8c171ad0aed6280c08fb3d765ce565b29751887f8108a397262fa231cdf28649bc2bb8f43c793dab69cf4ebed141ed5bd58f0f40f3e6f2ac1b88382ccea

  • SSDEEP

    49152:Z0PBT0MNvq4c+SuMOTmo2X5AZjsaKobSkxAjlVIJ7O/d3Hx:Z0PBT0MFXvXdLjAobrNJQR

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      32d0cb38965478a627d55420c97c6bc4ac69e0a7bdf010ddc2991f23c6e72cf5.exe

    • Size

      2.3MB

    • MD5

      1ccf89699954b4eeb912215a74f2e569

    • SHA1

      f2fc990392503a4acabce5829a1bbbd4c343449a

    • SHA256

      32d0cb38965478a627d55420c97c6bc4ac69e0a7bdf010ddc2991f23c6e72cf5

    • SHA512

      2bbbe8c171ad0aed6280c08fb3d765ce565b29751887f8108a397262fa231cdf28649bc2bb8f43c793dab69cf4ebed141ed5bd58f0f40f3e6f2ac1b88382ccea

    • SSDEEP

      49152:Z0PBT0MNvq4c+SuMOTmo2X5AZjsaKobSkxAjlVIJ7O/d3Hx:Z0PBT0MFXvXdLjAobrNJQR

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks