Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    1.1MB

  • Sample

    230110-nmqdxsbf2y

  • MD5

    e017a9101fac8939f1d1b971ddaa3c8f

  • SHA1

    fd32375df7ebd2fed1348563a65662da7724129c

  • SHA256

    5827217b0ef69cc0fea71193e8e94b2633f18083b338e5736009f763a0e76d91

  • SHA512

    560ab1c6287fa7b02b5ef36ea824b52cceeb63b174405412dfe005563bb4e2802839a46606f673fad4b4be2814fb094c6c5b6118300158ff9df9f5fc0c525675

  • SSDEEP

    24576:R20U5zG6Idkmhh2A2BCFrFMXHe2qQW4mLOnyR4Skl5l/Hld:R2PzG6O7JNqXHl1WM7l5V

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.1MB

    • MD5

      e017a9101fac8939f1d1b971ddaa3c8f

    • SHA1

      fd32375df7ebd2fed1348563a65662da7724129c

    • SHA256

      5827217b0ef69cc0fea71193e8e94b2633f18083b338e5736009f763a0e76d91

    • SHA512

      560ab1c6287fa7b02b5ef36ea824b52cceeb63b174405412dfe005563bb4e2802839a46606f673fad4b4be2814fb094c6c5b6118300158ff9df9f5fc0c525675

    • SSDEEP

      24576:R20U5zG6Idkmhh2A2BCFrFMXHe2qQW4mLOnyR4Skl5l/Hld:R2PzG6O7JNqXHl1WM7l5V

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks