Overview
overview
7Static
static
3Tools/Colo...rs.exe
windows7-x64
1Tools/Colo...rs.exe
windows10-2004-x64
1Tools/FSCa...re.exe
windows7-x64
3Tools/FSCa...re.exe
windows10-2004-x64
3Tools/FSCa...lp.chm
windows7-x64
1Tools/FSCa...lp.chm
windows10-2004-x64
1Tools/FSCa...ir.exe
windows7-x64
1Tools/FSCa...ir.exe
windows10-2004-x64
1Tools/FSCa...us.exe
windows7-x64
1Tools/FSCa...us.exe
windows10-2004-x64
1Tools/FSCa...er.exe
windows7-x64
3Tools/FSCa...er.exe
windows10-2004-x64
3Tools/Hotk...yP.exe
windows7-x64
6Tools/Hotk...yP.exe
windows10-2004-x64
6Tools/Hotk...lp.chm
windows7-x64
1Tools/Hotk...lp.chm
windows10-2004-x64
1Tools/Hotk...ok.dll
windows7-x64
3Tools/Hotk...ok.dll
windows10-2004-x64
1Tools/Hotk...64.dll
windows7-x64
1Tools/Hotk...64.dll
windows10-2004-x64
1Tools/Hotk...64.exe
windows7-x64
1Tools/Hotk...64.exe
windows10-2004-x64
1Tools/HotkeyP/spy.exe
windows7-x64
1Tools/HotkeyP/spy.exe
windows10-2004-x64
1Tools/Mous...nc.exe
windows7-x64
3Tools/Mous...nc.exe
windows10-2004-x64
3Tools/Note...d2.bat
windows7-x64
3Tools/Note...d2.bat
windows10-2004-x64
7Tools/Note...d2.exe
windows7-x64
1Tools/Note...d2.exe
windows10-2004-x64
1Tools/ScreenToGif.exe
windows7-x64
1Tools/ScreenToGif.exe
windows10-2004-x64
1Analysis
-
max time kernel
122s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
03-10-2023 16:50
Static task
static1
Behavioral task
behavioral1
Sample
Tools/Colors/Colors.exe
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral2
Sample
Tools/Colors/Colors.exe
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Tools/FSCapture/FSCapture.exe
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral4
Sample
Tools/FSCapture/FSCapture.exe
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Tools/FSCapture/FSCaptureHelp.chm
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral6
Sample
Tools/FSCapture/FSCaptureHelp.chm
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Tools/FSCapture/FSCrossHair.exe
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral8
Sample
Tools/FSCapture/FSCrossHair.exe
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Tools/FSCapture/FSFocus.exe
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral10
Sample
Tools/FSCapture/FSFocus.exe
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Tools/FSCapture/FSRecorder.exe
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral12
Sample
Tools/FSCapture/FSRecorder.exe
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Tools/HotkeyP/HotkeyP.exe
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral14
Sample
Tools/HotkeyP/HotkeyP.exe
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Tools/HotkeyP/help.chm
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral16
Sample
Tools/HotkeyP/help.chm
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Tools/HotkeyP/hook.dll
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral18
Sample
Tools/HotkeyP/hook.dll
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Tools/HotkeyP/hook64.dll
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral20
Sample
Tools/HotkeyP/hook64.dll
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Tools/HotkeyP/hook64.exe
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral22
Sample
Tools/HotkeyP/hook64.exe
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Tools/HotkeyP/spy.exe
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral24
Sample
Tools/HotkeyP/spy.exe
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Tools/MouseInc/MouseInc.exe
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral26
Sample
Tools/MouseInc/MouseInc.exe
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Tools/Notepad2/Notepad2.bat
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral28
Sample
Tools/Notepad2/Notepad2.bat
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Tools/Notepad2/Notepad2.exe
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral30
Sample
Tools/Notepad2/Notepad2.exe
Resource
win10v2004-20230915-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Tools/ScreenToGif.exe
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral32
Sample
Tools/ScreenToGif.exe
Resource
win10v2004-20230915-en
windows10-2004-x64
General
-
Target
Tools/HotkeyP/spy.exe
-
Size
20KB
-
MD5
f8b82d9eaf3abc3379bb37e119ef55f6
-
SHA1
e0d04d3d8f276522a43cadaf0f3bbe7d2407898f
-
SHA256
9443c379cfa94f264473f2bb44e2e7d10543c27baccd303532e08f966ec0963e
-
SHA512
99329df75f96149973d1f73654c43572db447d659d73ade7913a96df92eb1a25f6c488e445a085571e1f6f20dfc87ab990595fd5c3b0658a85b9a4ceaedb70b9
-
SSDEEP
192:ZzvaLO7BeH4Iw2b69bTHz9zlD3AmM412PBkP1oynMVMc2:JaLrH4D9bTT9BDHEc1fc2
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 308 spy.exe 308 spy.exe 2220 hook64.exe 2220 hook64.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 308 wrote to memory of 2220 308 spy.exe 28 PID 308 wrote to memory of 2220 308 spy.exe 28 PID 308 wrote to memory of 2220 308 spy.exe 28 PID 308 wrote to memory of 2220 308 spy.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\Tools\HotkeyP\spy.exe"C:\Users\Admin\AppData\Local\Temp\Tools\HotkeyP\spy.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:308 -
C:\Users\Admin\AppData\Local\Temp\Tools\HotkeyP\hook64.exehook64.exe -s2⤵
- Suspicious use of SetWindowsHookEx
PID:2220
-