Analysis

  • max time kernel
    13s
  • max time network
    67s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/04/2023, 11:24

General

  • Target

    TwitchFollowBotbyKuroCracks/appslocal/e3b0c442/SID8dd4cb65/engine/FastExecuteScript.exe

  • Size

    685KB

  • MD5

    f287b430c94436cfbf3ee8650e978f53

  • SHA1

    dae639a219a61f3d6eb71141fe2d560872d3ff5e

  • SHA256

    c79fe93aac664fc5aebf3d578ce70a37cef683948d65f388d8db469d1736b072

  • SHA512

    e5617d5fd42ac21b046e2ae370fda2cd92ec6853f6586626daad0f9aa9089e5c84fabe081bf12875c45336d4eb49232b258766fe82849261d732277f6af5b57b

  • SSDEEP

    6144:nhc5Ynl/SY59XYTXgBekleVAMYuLq03jxuUNYYNXO3:nhMYdv5OXg

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\FastExecuteScript.exe
    "C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\FastExecuteScript.exe"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:3580

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\debug.txt

          Filesize

          91KB

          MD5

          d35883baea1ba66b2757acca0ca6665d

          SHA1

          53d643ad904177f1519f3a5c034f546095797681

          SHA256

          ef33f11d29ad3b175abd9006856ac448aec5eecbd52c295c637b08b21e025be9

          SHA512

          e69f47307922d2a056902bddb788fe8800c3a1749896139610ca923b55333f6cf2c76b54cce71e752edf47dc8f262d604507319a57582bab505c298160dbb0d9

        • C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\modules\meta.json

          Filesize

          242B

          MD5

          c90acdedc14583f46b768d66add9af90

          SHA1

          7b1be3da438af1580aab89a2cbad6f35bc05c0c3

          SHA256

          7b200efc3a653b859c23a661e7bcb66d641f0fc4b7230c11d7b6834f986db457

          SHA512

          ca0fb91c3b2db75732d2371a042b7d00e8e16ef88cda0ce43790364ee18b00935f248c37f6bf760d34f1cd901a377da098f6f38b1a408158a5d2f19287686a3c

        • memory/3580-133-0x000000005C9F0000-0x000000005CF32000-memory.dmp

          Filesize

          5.3MB

        • memory/3580-134-0x00007FFB454D0000-0x00007FFB45A8F000-memory.dmp

          Filesize

          5.7MB