Analysis

  • max time kernel
    27s
  • max time network
    63s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/04/2023, 11:24

General

  • Target

    TwitchFollowBotbyKuroCracks/Twitch Follow Bot by KuroCracks.exe

  • Size

    587KB

  • MD5

    7da2cd3d77e97f7701f01e9271a1cf10

  • SHA1

    945e2a7f1de3a89265483cc94237b2b8d7c782a3

  • SHA256

    a6b67e041d0e59b7f144fc4ff634669d377ba1898ecad4b77dc5663a31d8c5f4

  • SHA512

    6dd828b9b9af928dc2fe5ae09e5c7200e4091b155d58d9dc06e70d14c1a6e7b5488b2075319906c5b54d4bc072c50a233cd52e4c0967bc52c188e939bc82bba3

  • SSDEEP

    6144:QA+h3g9t8tK7/vAhguW/KRlMU7TB1x+Pnhm/3LOvMtUvT0BREFnqFe:Qvm9t8oy7b7THxy6e

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\Twitch Follow Bot by KuroCracks.exe
    "C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\Twitch Follow Bot by KuroCracks.exe"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3076
    • C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\FastExecuteScript.exe
      appslocal\e3b0c442\SID8dd4cb65\engine\FastExecuteScript.exe
      2⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:3824

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\debug.txt

          Filesize

          91KB

          MD5

          d3d4f2a1b00070aa3e06e161d481b70b

          SHA1

          0a2a8dcb8c2c34ad92e8b0830723c8b415771a7f

          SHA256

          f3b9edfca030cad80d47b72f5d4ed604aff409bd7e42cb72641da12be01a634e

          SHA512

          5dcb4ec0303c9f5e55fd6205f19428c02dac2baaadb6e3d82a5cedf8b26d53c6f51dca843fe1113f780f411fbc4cf8c7528b621aee7aa9da0828ebf49d61be17

        • C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\modules\meta.json

          Filesize

          242B

          MD5

          c90acdedc14583f46b768d66add9af90

          SHA1

          7b1be3da438af1580aab89a2cbad6f35bc05c0c3

          SHA256

          7b200efc3a653b859c23a661e7bcb66d641f0fc4b7230c11d7b6834f986db457

          SHA512

          ca0fb91c3b2db75732d2371a042b7d00e8e16ef88cda0ce43790364ee18b00935f248c37f6bf760d34f1cd901a377da098f6f38b1a408158a5d2f19287686a3c

        • C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\data\debug.txt

          Filesize

          5KB

          MD5

          75794dfc8cf9507d7ee444f58ff1f5b3

          SHA1

          5b2eba250ba37673c0cdd579074f2e49189d2cee

          SHA256

          f63365fc8523067d35897fdd77d863d7bd54276b115a87f5fc586fea51b23e5d

          SHA512

          4ff16cc83f091252dbf5e9cda83f45b0f6c49da16194fa32eed582f60ceeb578989440c4ecafc3f25b29af4b06fd97ae4d2935ebe478e591b2c067e95fbc63e4

        • memory/3824-142-0x000000005C370000-0x000000005C8B2000-memory.dmp

          Filesize

          5.3MB

        • memory/3824-143-0x00007FFEBA060000-0x00007FFEBA61F000-memory.dmp

          Filesize

          5.7MB