Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
mmm.exe
-
Size
6.9MB
-
Sample
221020-aydbvafcbr
-
MD5
c2b5692d7461c63215d8d13031094e1a
-
SHA1
383c835bbc904152fedb7910d2028d518278d578
-
SHA256
85569470b1bacc8146eb41de3e46cefd826a13cac3f97e5a5ca65ec14be5ec5c
-
SHA512
b89eeff2ecec12d3243266fce3ee2dd1c766e4bbbad6067d453b65d276b6d7ef2f18116703b4546399f7430ffe49c83e526d216c4b842c3c69bd4bf0f052c14f
-
SSDEEP
196608:MrAev3AuJzPokWeb+loYC4uzHD/N6arTdeS/4mzlWc6L:SlBPoeeSbN6and3/4cH6L
Behavioral task
behavioral1
Sample
mmm.exe
Resource
win7-20220901-en
Malware Config
Targets
-
-
Target
mmm.exe
-
Size
6.9MB
-
MD5
c2b5692d7461c63215d8d13031094e1a
-
SHA1
383c835bbc904152fedb7910d2028d518278d578
-
SHA256
85569470b1bacc8146eb41de3e46cefd826a13cac3f97e5a5ca65ec14be5ec5c
-
SHA512
b89eeff2ecec12d3243266fce3ee2dd1c766e4bbbad6067d453b65d276b6d7ef2f18116703b4546399f7430ffe49c83e526d216c4b842c3c69bd4bf0f052c14f
-
SSDEEP
196608:MrAev3AuJzPokWeb+loYC4uzHD/N6arTdeS/4mzlWc6L:SlBPoeeSbN6and3/4cH6L
-
Modifies security service
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-