Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    hwid-window-spoofer-main.zip

  • Size

    8KB

  • Sample

    240811-e59qvazakg

  • MD5

    882e07f7aefe50ab756ab2f7e6c995f7

  • SHA1

    857afbf41b249cfdf2aaedb55f967c624e53f3d1

  • SHA256

    63de9048668784bad86afb5490d469bb5596170bfc528045e3c0272a1fdd3505

  • SHA512

    ace0154c090dde2869cc3e4333b7020291f827d1c1b051c2f3437ea79e1dca3d0286e35dd9c6c4961e75a04157a854600dc35b481e4223896be008532ad3b78a

  • SSDEEP

    192:V6mS4ShGbCpukqDe1pj1LdmFWwAblzuc9XBl137/n7rd:VGlAHDe1/osLT5t

Malware Config

Targets

    • Target

      hwid-window-spoofer-main/hwid_magic.bat

    • Size

      45KB

    • MD5

      a3ab5c1d3d86d27b3764d5ff39adde5e

    • SHA1

      ac8bdc4e94db981ccdb78d0b246f7925b56f7ac7

    • SHA256

      b4412cbb504063c9dff0f4c41f3efbdf836c0fa95a0d932de85cb80df51276d6

    • SHA512

      5fe3819d693745f8595b8b18fa1b3b94f69adbd1575fb2397889d65bfb2b9d70052016ac613365e2df9567b8e3a412bad609c9786e5991e0d08e019d6b17f474

    • SSDEEP

      384:57wK8+SMS8Sn16d/s16JijVAJ9OSU5RCn3I3k4L1oPunRz+eV5pK/F23aKVed+NE:5IKSBL1oP6Rz+Enfdh9YL8oPbT

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks