Overview
overview
10Static
static
10TwitchFoll...ks.exe
windows10-2004-x64
1TwitchFoll...pt.exe
windows10-2004-x64
1TwitchFoll...pt.exe
windows10-2004-x64
1TwitchFoll...er.exe
windows10-2004-x64
1TwitchFoll...ui.exe
windows10-2004-x64
7TwitchFoll...ce.exe
windows10-2004-x64
7TwitchFoll...er.exe
windows10-2004-x64
1TwitchFoll...er.exe
windows10-2004-x64
7Analysis
-
max time kernel
27s -
max time network
63s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
29/04/2023, 11:24
Behavioral task
behavioral1
Sample
TwitchFollowBotbyKuroCracks/Twitch Follow Bot by KuroCracks.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral2
Sample
TwitchFollowBotbyKuroCracks/appslocal/e3b0c442/SID8dd4cb65/engine/FastExecuteScript.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
TwitchFollowBotbyKuroCracks/appslocal/e3b0c442/SID8dd4cb65/engine/RemoteExecuteScript.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral4
Sample
TwitchFollowBotbyKuroCracks/appslocal/e3b0c442/SID8dd4cb65/engine/Scheduler.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
TwitchFollowBotbyKuroCracks/appslocal/e3b0c442/SID8dd4cb65/engine/Worker/SchedulerGui.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral6
Sample
TwitchFollowBotbyKuroCracks/appslocal/e3b0c442/SID8dd4cb65/engine/Worker/UserInterface.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
TwitchFollowBotbyKuroCracks/appslocal/e3b0c442/SID8dd4cb65/engine/Worker/Worker.exe
Resource
win10v2004-20230220-en
General
-
Target
TwitchFollowBotbyKuroCracks/Twitch Follow Bot by KuroCracks.exe
-
Size
587KB
-
MD5
7da2cd3d77e97f7701f01e9271a1cf10
-
SHA1
945e2a7f1de3a89265483cc94237b2b8d7c782a3
-
SHA256
a6b67e041d0e59b7f144fc4ff634669d377ba1898ecad4b77dc5663a31d8c5f4
-
SHA512
6dd828b9b9af928dc2fe5ae09e5c7200e4091b155d58d9dc06e70d14c1a6e7b5488b2075319906c5b54d4bc072c50a233cd52e4c0967bc52c188e939bc82bba3
-
SSDEEP
6144:QA+h3g9t8tK7/vAhguW/KRlMU7TB1x+Pnhm/3LOvMtUvT0BREFnqFe:Qvm9t8oy7b7THxy6e
Malware Config
Signatures
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 3076 Twitch Follow Bot by KuroCracks.exe 3824 FastExecuteScript.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3824 FastExecuteScript.exe 3824 FastExecuteScript.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 3824 FastExecuteScript.exe 3824 FastExecuteScript.exe -
Suspicious use of SendNotifyMessage 2 IoCs
pid Process 3824 FastExecuteScript.exe 3824 FastExecuteScript.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 3076 Twitch Follow Bot by KuroCracks.exe 3076 Twitch Follow Bot by KuroCracks.exe 3824 FastExecuteScript.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 3076 wrote to memory of 3824 3076 Twitch Follow Bot by KuroCracks.exe 87 PID 3076 wrote to memory of 3824 3076 Twitch Follow Bot by KuroCracks.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\Twitch Follow Bot by KuroCracks.exe"C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\Twitch Follow Bot by KuroCracks.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3076 -
C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\FastExecuteScript.exeappslocal\e3b0c442\SID8dd4cb65\engine\FastExecuteScript.exe2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3824
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\debug.txt
Filesize91KB
MD5d3d4f2a1b00070aa3e06e161d481b70b
SHA10a2a8dcb8c2c34ad92e8b0830723c8b415771a7f
SHA256f3b9edfca030cad80d47b72f5d4ed604aff409bd7e42cb72641da12be01a634e
SHA5125dcb4ec0303c9f5e55fd6205f19428c02dac2baaadb6e3d82a5cedf8b26d53c6f51dca843fe1113f780f411fbc4cf8c7528b621aee7aa9da0828ebf49d61be17
-
C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\modules\meta.json
Filesize242B
MD5c90acdedc14583f46b768d66add9af90
SHA17b1be3da438af1580aab89a2cbad6f35bc05c0c3
SHA2567b200efc3a653b859c23a661e7bcb66d641f0fc4b7230c11d7b6834f986db457
SHA512ca0fb91c3b2db75732d2371a042b7d00e8e16ef88cda0ce43790364ee18b00935f248c37f6bf760d34f1cd901a377da098f6f38b1a408158a5d2f19287686a3c
-
Filesize
5KB
MD575794dfc8cf9507d7ee444f58ff1f5b3
SHA15b2eba250ba37673c0cdd579074f2e49189d2cee
SHA256f63365fc8523067d35897fdd77d863d7bd54276b115a87f5fc586fea51b23e5d
SHA5124ff16cc83f091252dbf5e9cda83f45b0f6c49da16194fa32eed582f60ceeb578989440c4ecafc3f25b29af4b06fd97ae4d2935ebe478e591b2c067e95fbc63e4