Overview
overview
10Static
static
10TwitchFoll...ks.exe
windows10-2004-x64
1TwitchFoll...pt.exe
windows10-2004-x64
1TwitchFoll...pt.exe
windows10-2004-x64
1TwitchFoll...er.exe
windows10-2004-x64
1TwitchFoll...ui.exe
windows10-2004-x64
7TwitchFoll...ce.exe
windows10-2004-x64
7TwitchFoll...er.exe
windows10-2004-x64
1TwitchFoll...er.exe
windows10-2004-x64
7Analysis
-
max time kernel
13s -
max time network
67s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
29/04/2023, 11:24
Behavioral task
behavioral1
Sample
TwitchFollowBotbyKuroCracks/Twitch Follow Bot by KuroCracks.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral2
Sample
TwitchFollowBotbyKuroCracks/appslocal/e3b0c442/SID8dd4cb65/engine/FastExecuteScript.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
TwitchFollowBotbyKuroCracks/appslocal/e3b0c442/SID8dd4cb65/engine/RemoteExecuteScript.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral4
Sample
TwitchFollowBotbyKuroCracks/appslocal/e3b0c442/SID8dd4cb65/engine/Scheduler.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
TwitchFollowBotbyKuroCracks/appslocal/e3b0c442/SID8dd4cb65/engine/Worker/SchedulerGui.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral6
Sample
TwitchFollowBotbyKuroCracks/appslocal/e3b0c442/SID8dd4cb65/engine/Worker/UserInterface.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
TwitchFollowBotbyKuroCracks/appslocal/e3b0c442/SID8dd4cb65/engine/Worker/Worker.exe
Resource
win10v2004-20230220-en
General
-
Target
TwitchFollowBotbyKuroCracks/appslocal/e3b0c442/SID8dd4cb65/engine/FastExecuteScript.exe
-
Size
685KB
-
MD5
f287b430c94436cfbf3ee8650e978f53
-
SHA1
dae639a219a61f3d6eb71141fe2d560872d3ff5e
-
SHA256
c79fe93aac664fc5aebf3d578ce70a37cef683948d65f388d8db469d1736b072
-
SHA512
e5617d5fd42ac21b046e2ae370fda2cd92ec6853f6586626daad0f9aa9089e5c84fabe081bf12875c45336d4eb49232b258766fe82849261d732277f6af5b57b
-
SSDEEP
6144:nhc5Ynl/SY59XYTXgBekleVAMYuLq03jxuUNYYNXO3:nhMYdv5OXg
Malware Config
Signatures
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 3580 FastExecuteScript.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3580 FastExecuteScript.exe 3580 FastExecuteScript.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 3580 FastExecuteScript.exe 3580 FastExecuteScript.exe -
Suspicious use of SendNotifyMessage 2 IoCs
pid Process 3580 FastExecuteScript.exe 3580 FastExecuteScript.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3580 FastExecuteScript.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\FastExecuteScript.exe"C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\FastExecuteScript.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3580
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\debug.txt
Filesize91KB
MD5d35883baea1ba66b2757acca0ca6665d
SHA153d643ad904177f1519f3a5c034f546095797681
SHA256ef33f11d29ad3b175abd9006856ac448aec5eecbd52c295c637b08b21e025be9
SHA512e69f47307922d2a056902bddb788fe8800c3a1749896139610ca923b55333f6cf2c76b54cce71e752edf47dc8f262d604507319a57582bab505c298160dbb0d9
-
C:\Users\Admin\AppData\Local\Temp\TwitchFollowBotbyKuroCracks\appslocal\e3b0c442\SID8dd4cb65\engine\modules\meta.json
Filesize242B
MD5c90acdedc14583f46b768d66add9af90
SHA17b1be3da438af1580aab89a2cbad6f35bc05c0c3
SHA2567b200efc3a653b859c23a661e7bcb66d641f0fc4b7230c11d7b6834f986db457
SHA512ca0fb91c3b2db75732d2371a042b7d00e8e16ef88cda0ce43790364ee18b00935f248c37f6bf760d34f1cd901a377da098f6f38b1a408158a5d2f19287686a3c