File name:

Twitch_Bots-1.rar

Full analysis: https://app.any.run/tasks/6360366d-a71e-47ee-a29f-91796884a82f
Verdict: Malicious activity
Analysis date: November 29, 2020, 20:41:53
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

FCE7F6708727C612E65AAFE80D34425A

SHA1:

74CF0FB3C2876A46A9DDC450E7CFF4F53DB3687C

SHA256:

C22E594C012DC7BC7E2A6EB6AF328808AA3ECFE0E1760F1CD670E07A2A36117B

SSDEEP:

49152:KpKMdViPqw3TbcEGfyuty2C9sCrWd4O4Z2DiIpGUKgNAMoEA2vxCUXtusZ53aMVU:MQqHE/j2C9RW6dAkUKrM4AxLFRmN

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • dottwitch.exe (PID: 2108)

    • Loads dropped or rewritten executable

      • dottwitch.exe (PID: 2108)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2936)

    • Drops a file with too old compile date

      • WinRAR.exe (PID: 2936)

    • Drops a file that was compiled in debug mode

      • WinRAR.exe (PID: 2936)

  • INFO

    • Dropped object may contain Bitcoin addresses

      • WinRAR.exe (PID: 2936)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
drop and start start winrar.exe dottwitch.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2108"C:\Users\admin\AppData\Local\Temp\Rar$EXa2936.39265\Twitch Bots\Twitch Follow Bot\dottwitch.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2936.39265\Twitch Bots\Twitch Follow Bot\dottwitch.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Description:
dotTwitch
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa2936.39265\twitch bots\twitch follow bot\dottwitch.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2936"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Twitch_Bots-1.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
454
Read events
441
Write events
13
Delete events
0

Modification events

(PID) Process:(2936) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2936) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2936) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\13B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2936) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Twitch_Bots-1.rar
(PID) Process:(2936) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2936) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2936) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2936) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2936) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2936) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
Executable files
11
Suspicious files
0
Text files
4
Unknown types
1

Dropped files

PID
Process
Filename
Type
2936WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2936.39265\Twitch Bots\Twitch Chat Bot\WebSocket4Net.dllexecutable
MD5:A9347266E1679E90C5DA2B3C1E5A45EE
SHA256:AD2E17F110CDE9BC5609589CD89B4BF3A1D0249E3075597862B8A358D7E15EB2
2936WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2936.39265\Twitch Bots\Twitch Chat Bot\Newtonsoft.Json.dllexecutable
MD5:F33CBE589B769956284868104686CC2D
SHA256:973FD70CE48E5AC433A101B42871680C51E2FEBA2AEEC3D400DEA4115AF3A278
2936WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2936.39265\Twitch Bots\Twitch Chat Bot\TwitchLib.dllexecutable
MD5:A405D3838F5228964514C4F30471CAAC
SHA256:8BDED35BC773E693898F4B13664CB81A4DB799F25ACD73B4DF13019B31EB1FCE
2936WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2936.39265\Twitch Bots\Twitch Chat Bot\SuperSocket.ClientEngine.dllexecutable
MD5:BCA39F02EA86AB13E44B17A2028CDAF0
SHA256:30C619D93D05612253901F829977196D803AB68C04B19EC87358ADC2C572E683
2936WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2936.39265\Twitch Bots\Twitch Follow Bot\Colorful.Console.dllexecutable
MD5:5F3D2CFBC21591B8FEEF1EFA3E59A4D0
SHA256:F31D4FD7E729FC6CF4ECAB972B6B1EE897918A325B1CA572030966F831E768FB
2936WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2936.39265\Twitch Bots\Twitch Follow Bot\dottwitch.exeexecutable
MD5:7E06F89C370AE02A6E88EB5DCAEC7CAB
SHA256:5338757B851CE35E52A6ADFC46087249A8DDFD53947E6FFC7CA5F271BDE6DC00
2936WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2936.39265\Twitch Bots\Twitch Chat Bot\ATWITCHBC.exe.configxml
MD5:EF0181DE18EF3951806C0AD63B897BA4
SHA256:E8DECC96235B5494880083EB79C22C84C6D9EF312828BAF9490BEE7782C350EC
2936WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2936.39265\Twitch Bots\Twitch Chat Bot\Newtonsoft.Json.xmlxml
MD5:2866A8E5449957C9B303AD800E55BF04
SHA256:42A557F912E050E91F255942C6E6948F6AE3AE5928000AD1DCEF88666BB77A2F
2936WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2936.39265\Twitch Bots\Twitch Chat Bot\ATWITCHBC.pdbpdb
MD5:A2C8093CA7B1D937234A259203D20C78
SHA256:D8507596F0E02A0817A0F38282DA7487EF0156D25966A38CE8D7D9CE629450DC
2936WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2936.39265\Twitch Bots\msg.txttext
MD5:BBC7D61E0E526A3A198EFB96F5499713
SHA256:46179AC2FCFB395845D7103BF76E7744ADBDD515E081EB3550C8C322FD275683
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Twitch_Bots-1.rar