Analysis

  • max time kernel
    152s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/06/2024, 15:07

General

  • Target

    qqkeybord1/KeyboardSpy.exe

  • Size

    1.0MB

  • MD5

    1817697245fcdba7627772779bc55027

  • SHA1

    8420edf2ef7d0a3ea26a2c0ebb8b41d3499f640d

  • SHA256

    2c23b25ec67fad9c4552c32a4328ce01a00f66f9158d73904102209344a75156

  • SHA512

    bad8eed7903ce322b516b9bcf0d358d3fbca64e37e3838b803e6fd59b1e6ab4cf2df6b1c40432b18fbedac5881adb1f18f043751a0e7667dedc4d9704e93cdc0

  • SSDEEP

    24576:2V4SP46Xqzo5/ITt8o5tzDBt6iBlfuxNqVg0:8V5wTyeDzTCL0

Score
6/10

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\qqkeybord1\KeyboardSpy.exe
    "C:\Users\Admin\AppData\Local\Temp\qqkeybord1\KeyboardSpy.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1196
    • C:\Users\Admin\AppData\Local\Temp\qqkeybord1\Deamon.exe
      "C:\Users\Admin\AppData\Local\Temp\qqkeybord1\Deamon.exe"
      2⤵
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4344
      • C:\Users\Admin\AppData\Local\Temp\qqkeybord1\Defend.dll
        "C:\Users\Admin\AppData\Local\Temp\qqkeybord1\Defend.dll"
        3⤵
          PID:1132
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2232 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:1276

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Windows\Pairsmsg.dll

              Filesize

              16KB

              MD5

              7074c66a9c4779f11fd300ccf1fc4a26

              SHA1

              d76d0687ad3feb29074c777e159989b7fdaad7f2

              SHA256

              43e3e65d3813935910df34adb6b237e42c36822a879e88a2ef3e2fa05f924b54

              SHA512

              06ee0ad5a481f0a1aaf6ffaeaa9f4c0d8c4ffbb2c2cc1cf8e3776810336e14c028fc7f7b6014a2a489b1603f2ee2ec92091cc63c9ddfc6855d1bde5da645fd2a

            • memory/1196-0-0x0000000000400000-0x000000000050C000-memory.dmp

              Filesize

              1.0MB