Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    230106-1dletsca39

  • MD5

    d9be361b1f8bb4936005a74914fbe6f5

  • SHA1

    f537cd6a48c521499193c8278e1f84fc3f8ac9f7

  • SHA256

    e028ab3888d547deb1fc53fabd694a15d735f28bf68ac36b23d67ae9d2bb25d6

  • SHA512

    124ea8ab60b5d34de7694ff67483f78f3161fa9efd62cda6a07832c84a39498567a23884a65f4f321ac29d0f28957db55b1c50c300ee44c67de2009cede21de6

  • SSDEEP

    49152:Aixz0zjpivo4sD1FcflzKv1sBUpwci8Ptk4VRAlNpi:AixSiQFDbccdsBeVtao

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      d9be361b1f8bb4936005a74914fbe6f5

    • SHA1

      f537cd6a48c521499193c8278e1f84fc3f8ac9f7

    • SHA256

      e028ab3888d547deb1fc53fabd694a15d735f28bf68ac36b23d67ae9d2bb25d6

    • SHA512

      124ea8ab60b5d34de7694ff67483f78f3161fa9efd62cda6a07832c84a39498567a23884a65f4f321ac29d0f28957db55b1c50c300ee44c67de2009cede21de6

    • SSDEEP

      49152:Aixz0zjpivo4sD1FcflzKv1sBUpwci8Ptk4VRAlNpi:AixSiQFDbccdsBeVtao

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks