Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    1.7MB

  • Sample

    221224-1mmn9adh4t

  • MD5

    99838b7b07ad40e555b779128b2b512c

  • SHA1

    81549fe5c484886e3265b1c09c27df29bbad7484

  • SHA256

    b2f330125f6a09ebd5eaa88e5dcc582a34de1f3fb6997d1299180d678532b8a5

  • SHA512

    c06562a1861dedb05e9f2226fd974f180520ccb02d535f365763d146251f2f0d8237f1e9fe36d4fb693e35dbeeb3e89c83301d1cd27b67dc459e8ec2cb2861f9

  • SSDEEP

    49152:yiFXjLacmNJqXzfEsLSejK61els8CeFZaR:yiFzLacmNU4YSeHL8vFMR

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.7MB

    • MD5

      99838b7b07ad40e555b779128b2b512c

    • SHA1

      81549fe5c484886e3265b1c09c27df29bbad7484

    • SHA256

      b2f330125f6a09ebd5eaa88e5dcc582a34de1f3fb6997d1299180d678532b8a5

    • SHA512

      c06562a1861dedb05e9f2226fd974f180520ccb02d535f365763d146251f2f0d8237f1e9fe36d4fb693e35dbeeb3e89c83301d1cd27b67dc459e8ec2cb2861f9

    • SSDEEP

      49152:yiFXjLacmNJqXzfEsLSejK61els8CeFZaR:yiFzLacmNU4YSeHL8vFMR

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks