Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    mmm.exe

  • Size

    6.9MB

  • Sample

    221020-aydbvafcbr

  • MD5

    c2b5692d7461c63215d8d13031094e1a

  • SHA1

    383c835bbc904152fedb7910d2028d518278d578

  • SHA256

    85569470b1bacc8146eb41de3e46cefd826a13cac3f97e5a5ca65ec14be5ec5c

  • SHA512

    b89eeff2ecec12d3243266fce3ee2dd1c766e4bbbad6067d453b65d276b6d7ef2f18116703b4546399f7430ffe49c83e526d216c4b842c3c69bd4bf0f052c14f

  • SSDEEP

    196608:MrAev3AuJzPokWeb+loYC4uzHD/N6arTdeS/4mzlWc6L:SlBPoeeSbN6and3/4cH6L

Score
10/10

Malware Config

Targets

    • Target

      mmm.exe

    • Size

      6.9MB

    • MD5

      c2b5692d7461c63215d8d13031094e1a

    • SHA1

      383c835bbc904152fedb7910d2028d518278d578

    • SHA256

      85569470b1bacc8146eb41de3e46cefd826a13cac3f97e5a5ca65ec14be5ec5c

    • SHA512

      b89eeff2ecec12d3243266fce3ee2dd1c766e4bbbad6067d453b65d276b6d7ef2f18116703b4546399f7430ffe49c83e526d216c4b842c3c69bd4bf0f052c14f

    • SSDEEP

      196608:MrAev3AuJzPokWeb+loYC4uzHD/N6arTdeS/4mzlWc6L:SlBPoeeSbN6and3/4cH6L

    Score
    10/10
    • Modifies security service

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Stops running service(s)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks