Overview
overview
6Static
static
3qqkeybord1/Deamon.exe
windows7-x64
1qqkeybord1/Deamon.exe
windows10-2004-x64
1qqkeybord1/Defend.exe
windows7-x64
1qqkeybord1/Defend.exe
windows10-2004-x64
1qqkeybord1/Hook.dll
windows7-x64
1qqkeybord1/Hook.dll
windows10-2004-x64
1qqkeybord1...py.exe
windows7-x64
6qqkeybord1...py.exe
windows10-2004-x64
6下载说明.html
windows7-x64
1下载说明.html
windows10-2004-x64
1Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
11/06/2024, 15:07
Static task
static1
Behavioral task
behavioral1
Sample
qqkeybord1/Deamon.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
qqkeybord1/Deamon.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
qqkeybord1/Defend.exe
Resource
win7-20240419-en
Behavioral task
behavioral4
Sample
qqkeybord1/Defend.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
qqkeybord1/Hook.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
qqkeybord1/Hook.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
qqkeybord1/KeyboardSpy.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
qqkeybord1/KeyboardSpy.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
下载说明.html
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
下载说明.html
Resource
win10v2004-20240508-en
General
-
Target
qqkeybord1/Defend.exe
-
Size
48KB
-
MD5
c68a6ec79d0e3f2221898d645c38449e
-
SHA1
9ef9cd0f8e1f835bf2897b5d9084c378ababf736
-
SHA256
ad4376dfc806c2f3c017f488e200a0fc7040c3045c30cf63d9ac7be27f497fae
-
SHA512
69cc9d34d6fed9d709cce473b770416e243cd647722ec5e163751c0a24e9025b54d649a6632877eb1da33c3cd7665ecbd062896ddb086f8d668b803f6789ebc2
-
SSDEEP
384:dLoqlBFR78M7itUUA1qsImADQ5+1uiLj6zXqRevhD+q4KRpPdOJaTXOuKUWzUqEd:dLJTR5DUAwWAD+iyzP54cPCa+zzQEt0
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 208 Deamon.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2320 wrote to memory of 208 2320 Defend.exe 83 PID 2320 wrote to memory of 208 2320 Defend.exe 83 PID 2320 wrote to memory of 208 2320 Defend.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\qqkeybord1\Defend.exe"C:\Users\Admin\AppData\Local\Temp\qqkeybord1\Defend.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2320 -
C:\Users\Admin\AppData\Local\Temp\qqkeybord1\Deamon.exe"C:\Users\Admin\AppData\Local\Temp\qqkeybord1\Deamon.exe"2⤵
- Suspicious use of SetWindowsHookEx
PID:208
-