Overview
overview
6Static
static
3qqkeybord1/Deamon.exe
windows7-x64
1qqkeybord1/Deamon.exe
windows10-2004-x64
1qqkeybord1/Defend.exe
windows7-x64
1qqkeybord1/Defend.exe
windows10-2004-x64
1qqkeybord1/Hook.dll
windows7-x64
1qqkeybord1/Hook.dll
windows10-2004-x64
1qqkeybord1...py.exe
windows7-x64
6qqkeybord1...py.exe
windows10-2004-x64
6下载说明.html
windows7-x64
1下载说明.html
windows10-2004-x64
1Analysis
-
max time kernel
149s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
11/06/2024, 15:07
Static task
static1
Behavioral task
behavioral1
Sample
qqkeybord1/Deamon.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
qqkeybord1/Deamon.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
qqkeybord1/Defend.exe
Resource
win7-20240419-en
Behavioral task
behavioral4
Sample
qqkeybord1/Defend.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
qqkeybord1/Hook.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
qqkeybord1/Hook.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
qqkeybord1/KeyboardSpy.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
qqkeybord1/KeyboardSpy.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
下载说明.html
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
下载说明.html
Resource
win10v2004-20240508-en
General
-
Target
qqkeybord1/Deamon.exe
-
Size
840KB
-
MD5
9bf2a4d14bf55b8802083b1531331008
-
SHA1
30fe2a380f333a004f94c73f9d04369e08aa997e
-
SHA256
83ee05b2743bbe9016a0a6288d712582112f8895268d6fb77591590a2787e5f3
-
SHA512
e27f78a00589a0248ff2008cc72b43f3c7c6fb77a42299606dbc32c4bd8b50afe5a2869d0a1618323201d357a0c7cc425240e854254fd392f805d8220cef74c6
-
SSDEEP
24576:tOJ168OJ6nGmQeoX+FUp9cTgZpeIfYNO8R3:jjTe0X9lS1p3
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2316 Deamon.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2316 wrote to memory of 1848 2316 Deamon.exe 28 PID 2316 wrote to memory of 1848 2316 Deamon.exe 28 PID 2316 wrote to memory of 1848 2316 Deamon.exe 28 PID 2316 wrote to memory of 1848 2316 Deamon.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\qqkeybord1\Deamon.exe"C:\Users\Admin\AppData\Local\Temp\qqkeybord1\Deamon.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2316 -
C:\Users\Admin\AppData\Local\Temp\qqkeybord1\Defend.dll"C:\Users\Admin\AppData\Local\Temp\qqkeybord1\Defend.dll"2⤵PID:1848
-