Analysis
-
max time kernel
143s -
max time network
145s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
07-07-2020 06:24
General
-
Target
TwitchTool.bin.exe
-
Size
601KB
-
MD5
9f7767588a1b1437461fffa851c96d3c
-
SHA1
e43fb2d6cec21d2da1f5dd82a6c450dcd3e18fc0
-
SHA256
d3922882bfee49abb72584b9d5918f3787221fa40b7f552c98d7bc0e55833234
-
SHA512
40f7bb6399faec990c818bfdd9413121a630a14d927a0809e2e2c0e6620e7f5b4d4d65cb8e267d236fba90b7f2bc944dc3296138ef0747eab40e488eb3243e6e
Score
8/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 6 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\TwitchTool.bin.exe"C:\Users\Admin\AppData\Local\Temp\TwitchTool.bin.exe"1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SYSTEM32\schtasks.exe"schtasks" /create /tn "Win32" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\TwitchTool.bin.exe" /rl HIGHEST /f2⤵
- Creates scheduled task(s)
-
C:\Users\Admin\AppData\Roaming\SubDir\Win32.exe"C:\Users\Admin\AppData\Roaming\SubDir\Win32.exe"2⤵
- Suspicious use of WriteProcessMemory
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SYSTEM32\schtasks.exe"schtasks" /create /tn "Win32" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Win32.exe" /rl HIGHEST /f3⤵
- Creates scheduled task(s)