86f230bb45d82b823ebd68cb8e192fa95abe4381002adbcfb0b3f6d9b47be4e0

Analysis

max time kernel
602s
max time network
502s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
28-03-2023 09:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Twitch Downloader/TwitchDownloader.exe
Size

167.3MB
MD5

3b2898f78f58e1f8dc1d964da259a310
SHA1

db07105a32d0274539e65aa3446895db2cced3c4
SHA256

1c37015cfcd62b08c997815aca821dedd221908a4de0c0ff7c2b393d7e3b1084
SHA512

ef990f17e2574871e0e385082629abf2bc457a5f5a7fd4c73e75d1d4ef255f99158356ad43c9c0b7f04967233d733276c2d3bd70e9873edab9dcfc0e78d9c404
SSDEEP

786432:0pe24RRx7jChNQNt/ZYLy/pGyjOy5l7y953zV3TtLwSTRpf4P1wT1XKTi1GOg8BT:0k2ExfWNQNt/ZL3+jEbh9HBaR9HBp

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

TwitchDownloader.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	TwitchDownloader.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

TwitchDownloader.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\TwitchDownloader.exe = "11001"	TwitchDownloader.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

TwitchDownloader.exe

description pid process

Token: SeDebugPrivilege 4408 TwitchDownloader.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

TwitchDownloader.exe

pid process

4408 TwitchDownloader.exe
4408 TwitchDownloader.exe

description	pid	process
Token: SeDebugPrivilege	4408	TwitchDownloader.exe

pid	process
4408	TwitchDownloader.exe
4408	TwitchDownloader.exe

C:\Users\Admin\AppData\Local\Temp\Twitch Downloader\TwitchDownloader.exe
"C:\Users\Admin\AppData\Local\Temp\Twitch Downloader\TwitchDownloader.exe"
1⤵
- Checks computer location settings
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4408

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Font Awesome 5 Free-Solid-900.otf
Filesize
577KB

MD5
8d531d92051cddac77556d0734b701f8

SHA1
6c18555a587ded41634d4229b6b63a8406f7c786

SHA256
3fd1f8e855a002e563bff4a88e7be224da1a3543648e742543dcb7c3c94aa8e2

SHA512
5992c7ac8937450e031c1688152463c5960ffe3b762474a19cd4d280acb03ecb16da2539b8e3850b999170db8cf13a9955f462c34cc93b048ab20822b8cfd6c9

Download Submit
C:\Users\Admin\AppData\Local\TwitchDownloaderWPF\TwitchDownloader_Path_btwjnab541o2kknj2knrxiv1q5hlyjnk\1.40.4.0\1fs50dmy.newcfg
Filesize
1KB

MD5
225e445fb678d8cdf02abdcd687ea3fa

SHA1
957f3de44004dec7bc116efb5de64360b6768891

SHA256
17151776dedcfef1fd2b2f42f6a30d3036cc87e152f065300bf07e74bddda1a8

SHA512
12cf211db2a563d2d14c4350429910c49a8584ce672307b5dc195ebbe3ae3340920457e9436f37f5b952c443b6c7262cd26b124ed3348a6d00f7893f4886552f

Download Submit
C:\Users\Admin\AppData\Local\TwitchDownloaderWPF\TwitchDownloader_Path_btwjnab541o2kknj2knrxiv1q5hlyjnk\1.40.4.0\1roocjkd.newcfg
Filesize
1KB

MD5
28333c844fe137ec3c77caf8dc829865

SHA1
a5d0d3d7b7ae25d1669bb2962315f893da596c3c

SHA256
b15f424298f8384f60476d1a0a686df047c2590b5eee6e6fbda7ba09ee15d3e0

SHA512
80d3830da2d7d48f88e5debd07c3e808b33539e97454c7de26a10c72fd4b6e63d529ee40c33313bdea3fdde1e563296c9eaaede2d736e8a6da9e7a22d3505dd1

Download Submit
C:\Users\Admin\AppData\Local\TwitchDownloaderWPF\TwitchDownloader_Path_btwjnab541o2kknj2knrxiv1q5hlyjnk\1.40.4.0\ak3a4dnn.newcfg
Filesize
816B

MD5
75817e0f129aa95834a42b178047785e

SHA1
59201d09edfe245ce225cb872e1bfe538aedf503

SHA256
f8d4583334e4db7ea1730d5d12dd06c804ac347647b83441490719ed77353241

SHA512
d3ff8adcecd9a5c765eb3474faeb9ba73f7fce0c36da2897be3de5eb0fe88c4abe7589b8185f585e9fc9460935430b8f4f7ab45aff59fbfc5dee4b94066b8e94

Download Submit
C:\Users\Admin\AppData\Local\TwitchDownloaderWPF\TwitchDownloader_Path_btwjnab541o2kknj2knrxiv1q5hlyjnk\1.40.4.0\g1g5pger.newcfg
Filesize
936B

MD5
bd1f1da59ae86c58cc7ce14fc67fd34f

SHA1
e2de803218bac4fa75338ced26cbe8e0cc5c509b

SHA256
1967851ff75c950b3457a8d5767f44700eecf1cc20f28902b663e816a16a17b9

SHA512
430237cc20d3886b4a3d75d9af59f54d5eaf1dfce4cbbfd4e0fbcb4c1ca8b0fef21fdcbece2b2a43a1a7642edfe765812fcda04c776dacab5408f38bb998e8d5

Download Submit
C:\Users\Admin\AppData\Local\TwitchDownloaderWPF\TwitchDownloader_Path_btwjnab541o2kknj2knrxiv1q5hlyjnk\1.40.4.0\g5vdhcfw.newcfg
Filesize
696B

MD5
df7fdbefad4fe24bc4705537951c6ecb

SHA1
81bfc6190f84340b94bc3de164dd44bb11f2fff1

SHA256
762eb9be150a11486b20410b6e3717b97965ed6e28c6aa137283646ee42e06da

SHA512
167fea32f97dddcb5f32c031b4ffbd02cf11653b47374f428d6366637613ffc3c4a32b534426dccfcea0a29b412e7d00c67a80f90a17e67e682cfa8ac1523dd4

Download Submit
C:\Users\Admin\AppData\Local\TwitchDownloaderWPF\TwitchDownloader_Path_btwjnab541o2kknj2knrxiv1q5hlyjnk\1.40.4.0\nrdbjt1d.newcfg
Filesize
456B

MD5
fd770ffc211b13e62d2b7e5f44bd8f6c

SHA1
89819f1b9cd2dde31cb52f5ad1f228b61fe3753b

SHA256
8b9910760f5c7874ca5902947d9c50069a837f62aeea23305324c86ba3126281

SHA512
69116dd9b497d7f2c54d0441bb2a832c7708922e18e216b757c52a1c09111954fab6cdefd0a5ae9df4cf0fc382bb58e13e9a3f9d0ddd1da8783cf7b99b11c8ba

Download Submit
C:\Users\Admin\AppData\Local\TwitchDownloaderWPF\TwitchDownloader_Path_btwjnab541o2kknj2knrxiv1q5hlyjnk\1.40.4.0\q2fhkxn2.newcfg
Filesize
578B

MD5
3354ad6784c7e133aa372c11796d094a

SHA1
1a0d365246060f4ebe9e152b5604c7ac0869f1b2

SHA256
eda56c4e0a15c90fe5c39973053b1e2718a70db2d83208b9605bede9d05dd8b3

SHA512
be219697d6697224aab8b3937ea37d29092625bb110c65e650b2559e5cb21b56e378318cf7dab1cf091f2324a2dbc1c0995e02f6fdcbb3a88683c3f1f9b0757e

Download Submit
C:\Users\Admin\AppData\Local\TwitchDownloaderWPF\TwitchDownloader_Path_btwjnab541o2kknj2knrxiv1q5hlyjnk\1.40.4.0\user.config
Filesize
334B

MD5
204e83e97a94f56139f43f8d526c9097

SHA1
a228a54ceb225fd892b6ee811e732c554dccd3ae

SHA256
dd30c462a029887e2bf3a3a8a8cba2ac5aaa5159fb981dde00a81b7c1d3a0e80

SHA512
9c1cc835325ded1b1f00399101a1cbe4dab97a465fdc425ce66bae7d8602ff300b2cb31100a313372ce0c1882fb918389c5b9e9f07feabdaaa2e7f4167944731

Download Submit
memory/4408-175-0x000001CD29350000-0x000001CD29390000-memory.dmp

Filesize
256KB

Download
memory/4408-193-0x000001CD28EA0000-0x000001CD28ECA000-memory.dmp

Filesize
168KB

Download
memory/4408-166-0x000001CD08750000-0x000001CD08757000-memory.dmp

Filesize
28KB

Download
memory/4408-169-0x000001CD28E80000-0x000001CD28E99000-memory.dmp

Filesize
100KB

Download
memory/4408-172-0x000001CD28E60000-0x000001CD28E76000-memory.dmp

Filesize
88KB

Download
memory/4408-133-0x0000000180000000-0x0000000180A23000-memory.dmp

Filesize
10.1MB

Download
memory/4408-178-0x000001CD28F50000-0x000001CD28F68000-memory.dmp

Filesize
96KB

Download
memory/4408-181-0x000001CD28F70000-0x000001CD28F82000-memory.dmp

Filesize
72KB

Download
memory/4408-184-0x000001CD294A0000-0x000001CD29594000-memory.dmp

Filesize
976KB

Download
memory/4408-187-0x000001CD28DE0000-0x000001CD28DE8000-memory.dmp

Filesize
32KB

Download
memory/4408-190-0x000001CD293E0000-0x000001CD29427000-memory.dmp

Filesize
284KB

Download
memory/4408-163-0x000001CD28E40000-0x000001CD28E53000-memory.dmp

Filesize
76KB

Download
memory/4408-196-0x000001CD2D750000-0x000001CD2DF6C000-memory.dmp

Filesize
8.1MB

Download
memory/4408-160-0x000001CD06D60000-0x000001CD06D65000-memory.dmp

Filesize
20KB

Download
memory/4408-157-0x000001CD08720000-0x000001CD0872D000-memory.dmp

Filesize
52KB

Download
memory/4408-154-0x000001CD28ED0000-0x000001CD28F4F000-memory.dmp

Filesize
508KB

Download
memory/4408-151-0x000001CD2ACC0000-0x000001CD2B503000-memory.dmp

Filesize
8.3MB

Download
memory/4408-148-0x000001CD28E00000-0x000001CD28E3E000-memory.dmp

Filesize
248KB

Download
memory/4408-145-0x000001CD28D90000-0x000001CD28DD4000-memory.dmp

Filesize
272KB

Download
memory/4408-142-0x000001CD291F0000-0x000001CD2934E000-memory.dmp

Filesize
1.4MB

Download
memory/4408-139-0x000001CD28FC0000-0x000001CD291E8000-memory.dmp

Filesize
2.2MB

Download
memory/4408-136-0x000001CD29D30000-0x000001CD2ACB6000-memory.dmp

Filesize
15.5MB

Download