Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f4054cff11bed4262ce7f99fd3cb69c3358102cf3543ddc4428742b73745fde9

  • Size

    4.1MB

  • Sample

    221011-jc4rcacdfk

  • MD5

    c9c871c8f3b28b0ebc3c9055226fa0e0

  • SHA1

    49931a0f0c180edcf3533faab83e95cf23acb71f

  • SHA256

    f4054cff11bed4262ce7f99fd3cb69c3358102cf3543ddc4428742b73745fde9

  • SHA512

    4678872dfddbb0cafe38efa8a856ea8e234b1b96d14c08d642fd905fc3400957c0190ee629e21150238ac6dac4e82b526a30d39209947a97d142550dc3295b54

  • SSDEEP

    98304:EkwrtA7QIme6a4TVFUW+lFwNXOs7QHBmKgwNKBpr/WC6qhh/G2:9gR5e6TkW+I9t0H0KgyA/WC6qhh/L

Score
8/10

Malware Config

Targets

    • Target

      HRSword-main/Drivers/hrwfpdrv.sys

    • Size

      114KB

    • MD5

      a1046e14d0b388304b55d36898665d96

    • SHA1

      ccc5a579a58a0ab730d168caaafee98827fd8cfd

    • SHA256

      b09c9751ac0151d06d9dc39caf35cee7f07457867c9f23dac164bf830a498681

    • SHA512

      067e312457b2885593a756d96907c7173aaf61389ea58a21049697ac23dbf45c254f11455dd22b9428731c07de068eb39a7f2c36c0a3087b6f51b7071107b95d

    • SSDEEP

      3072:7usLCBAkordKZExYaPNKumDwb8Z9XRvjlDCk:7usLPY+kUwZRRJ

    Score
    1/10
    • Target

      HRSword-main/Drivers/hrwfpdrv_win10.sys

    • Size

      124KB

    • MD5

      d8e2b5db012dbaf02475492cd227399b

    • SHA1

      c0ce1bfae16da5aa675d639eb8c94ec20f9ba997

    • SHA256

      8fe4ab0f563cce9f8d4bc0eb5072ccc857a22b737109d002139edc25f770f04e

    • SHA512

      2d056cc12dccbaa6b982fb8b9ac9ff6cb5373e861daefe76f87ab0daec7d8198e5019538e984e8c91dd6918f6390c19270cce3eee52b9d06bdfd7836b97b0dc0

    • SSDEEP

      3072:MusLCBAkordKZExYaPNKumDwb8Z9XRvGBtF/x:MusLPY+kUwZRROXFJ

    Score
    1/10
    • Target

      HRSword-main/Drivers/sysdiag.sys

    • Size

      380KB

    • MD5

      46059934e0daa6244dd2880afd03b25d

    • SHA1

      dbf97587fb3d2c4d724645764d56899e4ae78eec

    • SHA256

      41ce3a34cc03e27b8fde258d89f7c62aa2acf019b14c08ffec54ab614ddd7e27

    • SHA512

      26c67f8d1b71944a720169fa7e75435b229ab701d6960114760275182dc8d0c518eb067bb1ea6354cdc24c89cf77d39a30d0956c0b25a2d61be76acd7b8605bd

    • SSDEEP

      6144:Q1k26QgF3qZsZm6q9pkkKbJk9NXsWym3c4yg/yHYVTMI3hbNKe:Q1gJFaGmX98kQWM4yP4VJhT

    Score
    1/10
    • Target

      HRSword-main/Drivers/sysdiag_win10.sys

    • Size

      391KB

    • MD5

      84ee73ab5074449c1f732508b259ec49

    • SHA1

      0db80f225d165f54fb20305e5265aae5215dfd0e

    • SHA256

      418689701aa8a13564cc4d7437fbd24e47f36ea079d4aa655174de24a94a8171

    • SHA512

      cfc1af32030caf94733958e26c7963341055b245a402ae8960d94a4b4e94f8d692bc647a5515c7c46cf835b413e4a5e57ac014fc7ddcd27afac2805ac4ad7934

    • SSDEEP

      6144:K1k26QgF3qZsZm6q9pkkKbJk9NXsWym3c4yg/yHYVTMI3hbNK4P:K1gJFaGmX98kQWM4yP4VJhL

    Score
    1/10
    • Target

      HRSword-main/Drivers/usysdiag.exe

    • Size

      466KB

    • MD5

      688b0846b658ebd759081323366efb34

    • SHA1

      67ce9b7274ca69897ad2b5dfd6f46f12f15107dd

    • SHA256

      d12869ec57e27e5297e1397c01acd885056f91a6d4d4ccb37325487bc79725ff

    • SHA512

      c8b812432b6decbf071edc0ea4a90b6941dd30b1903dd0295af60d4d07a2e341ab9c9b94b3196519ac4f4f6d0abeab335655a7c53e095ba9d266bfd0382695c2

    • SSDEEP

      12288:Q1jHBYrZzfqbm8ACkONXIdtO7GMctLFebzZFG:YBYrZzybWONXIdtO7GDtLwbzZFG

    Score
    1/10
    • Target

      HRSword-main/DuiLib.dll

    • Size

      1018KB

    • MD5

      75881db475bef8ba732e15b4f140d53d

    • SHA1

      10260d9c4dab6cece6f446c8786898f5d0217525

    • SHA256

      c0d1608793012a5c2da2645802c144e010688da60ca5525f97068707fbf952c8

    • SHA512

      22a14fc84f1a5b2de0c10b9a7e979d75b690bf067f9a255a20d66fe0ce8629c31c559d39f556de6e1c36ed2971b0c138d3dff30f723ee610bec2c339482668e6

    • SSDEEP

      12288:eRCGCO+18Cj6SHQNYhsoGRf/1cWWl5Jc/C+SH7gnv7imjD/jt7a1nW7+Im6xb1X:e3Je86efdhic/C+SIjo9kp

    Score
    3/10
    • Target

      HRSword-main/HRSword.exe

    • Size

      1.9MB

    • MD5

      916c298f538625fb37e08d01c22d2ea4

    • SHA1

      925bf071f481425c37e625c0516a40dcd085cbce

    • SHA256

      d2fff815db8941a025e956eca5d6346a2b3c8f4c2b8f34427f15cfe43cdbc842

    • SHA512

      45f3cbdc114041dbdc1729ef619718cca637587fe8f2efdd000f793b2f5a6732c6ed900db4867d944dfcbd2e3c6cc0e3d887a3ff2beb34e40224f1c5b46434a9

    • SSDEEP

      49152:jIPFxcRj55DwPW3IeN+rjKtQp2r33OfMbA7UKpB1obg5TYA+Dj1YwycrVQRx:mx4j55EPWYeN+rjKtQpA33OfMbA7UK7N

    Score
    1/10
    • Target

      HRSword-main/behavior.dll

    • Size

      329KB

    • MD5

      d96cf66116bccec9c06e5c9d0f18a0c7

    • SHA1

      21d02f2f418a02a62aa48c8045501f955a707a58

    • SHA256

      57d7504837a7a39eeb1c0ed3840a67e282d84d5ad7fb40e7581a2f84a914384c

    • SHA512

      15a8d4ab92171e5a707aa3d30fe032dae8fd7f52206d09edda52dc3ab8833cf1d8265985d163a5a6959d5ad6a469286c5dab0e040daa934c740d654f9fb3a813

    • SSDEEP

      6144:ZC8O33S5vYia+dZVTBrwkTNUhXzIRN2j1f2GUahSzIg1coFy3:I8OHWYiDdHT5dajIRNqf2Va8I8FS

    Score
    1/10
    • Target

      HRSword-main/daemon.dll

    • Size

      411KB

    • MD5

      0a5953205c4d824cca92870707e568e9

    • SHA1

      109afdffb6e4f6ebd5549ae36ffc4c91ab1429a8

    • SHA256

      ac9eda0ff6dbe0d5868afa0a14dcb9a10379eb042f5b09749c4dcfb36c4dc0ba

    • SHA512

      47f2c7532b5c4f5aa25c28da7bef32bff031e655ea75dfc6555b2c4585704cdcf1d3db29f543d8437906cfea722af0ee56767f27dd213d230da95997f2f1d051

    • SSDEEP

      12288:C4jNg/cV4lMXjcRszkOAnKu3/kPCd3WnmlVnmSiRlTMve5n3sFoWQA:C4jNg/cVWMXIyoOKWnmlVnmSulTMhFoI

    Score
    3/10
    • Target

      HRSword-main/libcodecs.dll

    • Size

      1.8MB

    • MD5

      d26d00c7b3783d265ee335c861d9d64f

    • SHA1

      a07eb34a9e1f0c5152bd55888ed6e52ab48cf312

    • SHA256

      29d1949704de77f97c2d2bc5e1b683fef0f2cc6c2b0ee7fe0b281f916c2052c6

    • SHA512

      7269f1bee27ae896afe64e0f389956aa582dee90b4068c2edbf73c9fb4e219adf6450a50084c2386e9d661c0d8ecd691c196c2e50fb6a79cb65507c03c7a0107

    • SSDEEP

      49152:f323SX+j0ZSq7Bg8kKeNrIZCj/XfFtsaLMXhi:fJ+wZSKBglKeNrIZC4aLN

    Score
    1/10
    • Target

      HRSword-main/libxsse.dll

    • Size

      1.0MB

    • MD5

      1596d83172ed295d82eaec2ac9b017aa

    • SHA1

      f2bf36522daf0732ac3a14430d88b678c365a5c4

    • SHA256

      856bccfbb5c6873e5c730ce09527a984149920895fc5142947a715510ee7c8fa

    • SHA512

      a23e903d3808c26cfd78a404ec85dba6285792fb3358062588c41d3ad33f6b733d5f93b22b81e9049f8da91e4c8b61acc4cb30a4148d94535a05e9133e9f915d

    • SSDEEP

      24576:3lZgmq9CF7yRgzrcvTErZldffRljGsz6lT+iFAzR:1CY7yO8wr9Blj9zIT+iFAzR

    Score
    1/10
    • Target

      HRSword-main/selfprot.dll

    • Size

      83KB

    • MD5

      6d03e280a1a8357ce5faedf9f638a7ff

    • SHA1

      01bc5b8b7259fa0165144c01a4ffc017c5f15679

    • SHA256

      01c9d2d83b6e1ef9246f24ff171fa4b2c36217cb8f55c4859c62de1fefbc7c06

    • SHA512

      a63191c015f3aafa5dd37c3997e39265cbf171566280f5cb9f341c30ba0ad08a61e96d97eb4f9cd541daad30e8a71582a6aa4d5057e7fbc0d56d41a398d1b55d

    • SSDEEP

      1536:b36Fn3QFTmMddn/SV2r9GNFDIQ47DAsWScdS2SS30mvYDr7wA/9AoQ+8iAW:b36W3agW21+SNS38fwzDW

    Score
    1/10
    • Target

      HRSword-main/uactmon.dll

    • Size

      381KB

    • MD5

      91753ecb7a58e18e6b9efe7f21dafac9

    • SHA1

      86f74f9355d3e35fa7fdaa023d2151a7d885fd5a

    • SHA256

      2c3adb060107024c1caef9f4e983ad589bf7246acc5b94ead2f2956ef0662461

    • SHA512

      32e7c2b000ba593e643e254657448d5ab97ff81f455a842dea9b2e7422f418b7a0ee1089d018049c100c3c87d96894f28a0269fde6354cf1c63710d9c418db81

    • SSDEEP

      6144:Q9TlrggXheT8zcZyXgfrR7/VOiOm8Pquk+8zcoFGBPr3sQ4:4TlB8T8zSy0rRnOJPUDfFsPr3l4

    Score
    1/10
    • Target

      HRSword-main/usysdiag.dll

    • Size

      538KB

    • MD5

      4d49267fcd49e696bca5873e88e147d8

    • SHA1

      6a8dd859a757036664fe0596f3a0f1faa0a919fb

    • SHA256

      c8fbde2a38f24158b5d3d1e2a9c45d419ed5d255804071baa73a93a7d1869200

    • SHA512

      01888920e0d522a191538025182becef7d56ac1336212e27de7b94127b71fd84947bfe8a3ee304c0c1bd432f247e91fb7c7560defb0c8e72cf5585a8e6ffa5b0

    • SSDEEP

      12288:HDwC/3LEoOjNJ5R+Ne3TeO71ShhHaS84kQpqqg14MhFsPGYCRFLp:O7K8khbSyMhFDYMF9

    Score
    1/10
    • Target

      HRSword-main/win10初始化.bat

    • Size

      1KB

    • MD5

      5b53acdf4ec5d7362e3c5f355cfde55f

    • SHA1

      8f4af3169478d310f4329b6198833685f08625cf

    • SHA256

      55d308565b647c2633c34b57eee58294579ee029949023a454171bb5e65668ba

    • SHA512

      c1cb9bcfa382774f071c7cd3aaecbc84ea7725c324f66f748ad9ca26e5f7cef02c7311edd043a897a4a66cd7874e725fd7975e1e1e9b475e2efc28648c3a2211

    Score
    8/10
    • Creates new service(s)

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Target

      HRSword-main/win7初始化.bat

    • Size

      1KB

    • MD5

      547509b22fe8c715019bd7a278c561c0

    • SHA1

      32d3f64e00e5d37f61f7d3694c3eaf8a1230e8cd

    • SHA256

      253c0ece38ec4b0fa9b22cd2aefcbdc412ea47a44e55c235d09b481d5c596210

    • SHA512

      cd0485ea27b1fa261e309b87c392f94a90a1833b8a48eda64044f41f2e4d226ae32b731882b2ea87637770c3afb0df8fe0b8d5d68cb79a5bafca79f729c3f4db

    Score
    8/10
    • Creates new service(s)

    • Drops file in Drivers directory

    • Sets service image path in registry

MITRE ATT&CK Enterprise v6

Tasks

static1

Score
N/A

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

persistence
Score
8/10

behavioral30

persistence
Score
8/10

behavioral31

persistence
Score
8/10

behavioral32

persistence
Score
8/10