Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Hjqq_V3.6.1_crsky.exe

windows7-x64

7

Hjqq_V3.6.1_crsky.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Config.exe

windows7-x64

1

Config.exe

windows10-2004-x64

1

Hujiao.dll

windows7-x64

1

Hujiao.dll

windows10-2004-x64

1

SonicUI.dll

windows7-x64

1

SonicUI.dll

windows10-2004-x64

1

msimg32.dll

windows7-x64

1

msimg32.dll

windows10-2004-x64

1

patcher.exe

windows7-x64

1

patcher.exe

windows10-2004-x64

1

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

QQ.exe

windows7-x64

1

QQ.exe

windows10-2004-x64

1

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    20/04/2024, 19:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Hjqq_V3.6.1_crsky.exe

  • Size

    3.4MB

  • MD5

    84b2fc1a9b64cbf797dd779b2e623f52

  • SHA1

    7745fbef89fd0a3c03479f4640a0ad658da24188

  • SHA256

    df9fb4c8efa15ad3cbb11163451c8a13a14cb87d1912baeb64c84c205f524d21

  • SHA512

    edd263821e3ffee9fc1d8d2c948fd42c53639a117825ea5d7c226cddf9f45828239f59830c18af4ef226cd5cfc7c3b2472b80bcf67927feff1261df7c72f5970

  • SSDEEP

    49152:fcGtLN+9lrGyzMuViLDrDbLoIdzTJ+p8sqjdCP3qMowzhtkzemReRx1nJKTwtJW:fcGX+l1RVErDbLoK/JjTjd63U6oD+TrW

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Hjqq_V3.6.1_crsky.exe
    "C:\Users\Admin\AppData\Local\Temp\Hjqq_V3.6.1_crsky.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1712

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsd19D8.tmp\ioSpecial.ini
    Filesize

    701B

    MD5

    1260c4ca41ecdd1f5a347b0c1603b071

    SHA1

    1364ae6e5dc107d5308417cc147a95a621159145

    SHA256

    fc09ff20fa1f9838b2753caf3e085d65b67a486f2570565f00b082310cb910a4

    SHA512

    175e5fc06620dfb2db292aca823925a756f429073e09a5abfd3dcbe69838e85b645fd4c3c75ac2a39053f089ed425198fcc08e9e50456f1ff6a7228e91f7a1f3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd19D8.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    32aa6334fc543e70ef0f792bb9a0c45a

    SHA1

    54be1f5004f7e5afe7c9ba160495076ea2a4d60c

    SHA256

    610e54bcfc2831d4f9d7030ceb16d35ee33006403d842f01b6e75bebea0083e2

    SHA512

    ac92116821a032de8df64bf9aea9c6ba4040467eebaa4e028c2bf031f1c81bb69531288b9d89d951b952fe0b4ecccade874a5ae76d04db8b4dee2d13c486f9ae

    Download Submit