ee43202c469b4a0730a983e2fe6250c2319a5513ab207b6d399b6e19b51bc11e

Analysis

max time kernel
7s
max time network
0s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 16:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Twitch Drops Miner.exe
Size

15.9MB
MD5

d1ec87db12615251c92acafb9769a8a1
SHA1

be6aff26a5a3744d839117eabd5be8592f4df1b7
SHA256

ee43202c469b4a0730a983e2fe6250c2319a5513ab207b6d399b6e19b51bc11e
SHA512

95e841b18687f17d21c65f62298c657dbd52efaa77b472a6d0f3a8586c3eefa2af2842a7e8596323713cb870bd02aae63b97160bc03cc61aea4b88224594a9dc
SSDEEP

196608:mhWLe6zEqg0sKYu/PaQdXGnHvdwJp/OjmFwARxtYSHdK75o0W8/L54uUoSEJjQw/:1E9QdXGl+2KrpEW8M7wiLRQWFjeDB

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

Processes:

Twitch Drops Miner.exe

pid	process
580	Twitch Drops Miner.exe
580	Twitch Drops Miner.exe
580	Twitch Drops Miner.exe
580	Twitch Drops Miner.exe
580	Twitch Drops Miner.exe
580	Twitch Drops Miner.exe
580	Twitch Drops Miner.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI22762\python310.dll	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Twitch Drops Miner.exe

description	pid	process	target process
PID 2276 wrote to memory of 580	2276	Twitch Drops Miner.exe	Twitch Drops Miner.exe
PID 2276 wrote to memory of 580	2276	Twitch Drops Miner.exe	Twitch Drops Miner.exe
PID 2276 wrote to memory of 580	2276	Twitch Drops Miner.exe	Twitch Drops Miner.exe

C:\Users\Admin\AppData\Local\Temp\Twitch Drops Miner.exe
"C:\Users\Admin\AppData\Local\Temp\Twitch Drops Miner.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2276
- C:\Users\Admin\AppData\Local\Temp\Twitch Drops Miner.exe
  "C:\Users\Admin\AppData\Local\Temp\Twitch Drops Miner.exe"
  2⤵
  - Loads dropped DLL
  PID:580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI22762\api-ms-win-core-file-l1-2-0.dll

Filesize
13KB

MD5
fa6953700659b11c2d82fb521d2e8664

SHA1
07c7d14fdfd1686a424820f77733d1d4f3c75e31

SHA256
4dcc72554ffaa121decaf6e5bd3081198f017d735a07cc6d23d8a56b1383a61e

SHA512
1300c6ab6377e717dfac9e2f78c1218dee91e8fde25454f65ab32095a949c1be5b67aa3ed1c1d9f78d0c8bc9830f5c1dc0e6e01e91effec20ead6cdd9a3f639f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22762\api-ms-win-core-file-l2-1-0.dll

Filesize
13KB

MD5
621a34a36c202e4c4e59a6077c22cb5e

SHA1
ec696fd4e8e5935a722e88a551593593a12e882e

SHA256
746cde47f460ab4ef45a3158cbc038b166c86b03114c259ea5c759001692c079

SHA512
04e94784a70a576235d5bec58c57b8b3cfc01d7b292287f299deaf52523cef51c2790874116e666e5bc672453beafe173cf1afbe49a5f3076b83344298643ae0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22762\api-ms-win-core-localization-l1-2-0.dll

Filesize
15KB

MD5
2395f675152f25bdc501c1b698b3f70a

SHA1
829eb4dee9604330072c124b9bddf4a4e96a7c98

SHA256
4173e50962540ec0708930d7c456164d4e0fa96d49efb034621eb06e67ac0563

SHA512
7c0125e248387d268a337fa2a0090e6b8713e6205d22fb23a4ce9635fb0f5b79a0e3d28aab3050cc0445ef065632052c23341b1ac22dbd947ac4262fd63a1b51

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22762\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
13KB

MD5
81a255549e9b3467276810f94a67512d

SHA1
c3bf694f5d030d5a29ebb9ae70010be4571cec17

SHA256
8447c3c56f83e5a9407bf446cfc037d149b945611f03798f731e49145fca81c2

SHA512
05e6d83baa20b38d8710ed06c62ef8603c37d70fd0f6036f54a50ad041575d52f23c56bcebb12df8bf7cd9327c46522e59bcda47e2fcabfb0e5c11247708afa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22762\api-ms-win-core-timezone-l1-1-0.dll

Filesize
13KB

MD5
59f3aeb2eda80ffc000b99f27ec99d14

SHA1
2961c514b480424b3512d424dcd7d295477b243a

SHA256
e1c41c6525ed510aa75ec671f86d22a005ffd9a856a74dcf09bf3256e301a8ab

SHA512
ff1980c859c7a23ded484a51e596fd591df855e0266961c4620373d42190152f92df83683779a79561d46bd5d238d7d178cfa2952dee316a742a72835be44992

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22762\python310.dll

Filesize
1.4MB

MD5
4a6afa2200b1918c413d511c5a3c041c

SHA1
39ca3c2b669adac07d4a5eb1b3b79256cfe0c3b3

SHA256
bec187f608507b57cf0475971ba646b8ab42288af8fdcf78bce25f1d8c84b1da

SHA512
dbffb06ffff0542200344ea9863a44a6f1e1b783379e53df18580e697e8204d3911e091deb32a9c94b5599cdd54301b705b74e1f51104151cf13b89d57280a20

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22762\ucrtbase.dll

Filesize
987KB

MD5
637c17ad8bccc838b0cf83ffb8e2c7fd

SHA1
b2dd2890668e589badb2ba61a27c1da503d73c39

SHA256
be7368df484688493fb49fb0c4ad641485070190db62a2c071c9c50612e43fed

SHA512
f6b727c319ca2e85a9b5c5e0b9d8b9023f0cf4193fab983cfa26060923374c6abd6d11db1da2e524a8b04622a4e13beb4c48dc23f98886d4abb33eb09f3a0776

Download Submit
memory/580-1057-0x000007FEF5A70000-0x000007FEF5ED6000-memory.dmp

Filesize
4.4MB

Download