Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    221229-kv19lsfh2t

  • MD5

    071aebba968d25448940c3637bc8a091

  • SHA1

    d7ab4e55e612643d041f0f76e2cd7ad41e42256d

  • SHA256

    b14d9aa6555326ad929a388142716af4fc31a875d3b7db6456e08fe2478e6088

  • SHA512

    6bae7bbdbd3c717ba3a38f38163633f23d62e5307b3e6fc9c0a720b69cd9db18d5ada6bd4009aece8d7b587d11c2e311ff290f3d58770b8228e2ae7621da237c

  • SSDEEP

    24576:Spni2EWgo03X+B6Va614YXOs5n6C3clGoljRgT7ym8yZj9Jwf2ERHZlTp3H:QibvfY64YXl56C3kPljRgT7bJg2ENN3

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      071aebba968d25448940c3637bc8a091

    • SHA1

      d7ab4e55e612643d041f0f76e2cd7ad41e42256d

    • SHA256

      b14d9aa6555326ad929a388142716af4fc31a875d3b7db6456e08fe2478e6088

    • SHA512

      6bae7bbdbd3c717ba3a38f38163633f23d62e5307b3e6fc9c0a720b69cd9db18d5ada6bd4009aece8d7b587d11c2e311ff290f3d58770b8228e2ae7621da237c

    • SSDEEP

      24576:Spni2EWgo03X+B6Va614YXOs5n6C3clGoljRgT7ym8yZj9Jwf2ERHZlTp3H:QibvfY64YXl56C3kPljRgT7bJg2ENN3

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks