analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

Twitch_Bots-1.rar

Full analysis: https://app.any.run/tasks/82a6f9ac-3108-4ff4-8671-9970814085a8
Verdict: Malicious activity
Analysis date: November 29, 2020, 20:43:41
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

FCE7F6708727C612E65AAFE80D34425A

SHA1:

74CF0FB3C2876A46A9DDC450E7CFF4F53DB3687C

SHA256:

C22E594C012DC7BC7E2A6EB6AF328808AA3ECFE0E1760F1CD670E07A2A36117B

SSDEEP:

49152:KpKMdViPqw3TbcEGfyuty2C9sCrWd4O4Z2DiIpGUKgNAMoEA2vxCUXtusZ53aMVU:MQqHE/j2C9RW6dAkUKrM4AxLFRmN

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • dottwitch.exe (PID: 3596)

    • Application was dropped or rewritten from another process

      • dottwitch.exe (PID: 3596)

  • SUSPICIOUS

    • Drops a file with too old compile date

      • WinRAR.exe (PID: 2640)

    • Drops a file that was compiled in debug mode

      • WinRAR.exe (PID: 2640)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2640)

  • INFO

    • Dropped object may contain Bitcoin addresses

      • WinRAR.exe (PID: 2640)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
3
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
drop and start start winrar.exe dottwitch.exe notepad.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2640"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Twitch_Bots-1.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.60.0
3596"C:\Users\admin\AppData\Local\Temp\Rar$EXa2640.47335\Twitch Bots\Twitch Follow Bot\dottwitch.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2640.47335\Twitch Bots\Twitch Follow Bot\dottwitch.exe
WinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Description:
dotTwitch
Exit code:
3762504530
Version:
1.0.0.0
2972"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Temp\Rar$DIa2640.49440\follow.txtC:\Windows\system32\NOTEPAD.EXEWinRAR.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Total events
470
Read events
457
Write events
0
Delete events
0

Modification events

No data
Executable files
11
Suspicious files
0
Text files
5
Unknown types
1

Dropped files

PID
Process
Filename
Type
2640WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2640.47335\Twitch Bots\Twitch Chat Bot\Newtonsoft.Json.dllexecutable
MD5:F33CBE589B769956284868104686CC2D
SHA256:973FD70CE48E5AC433A101B42871680C51E2FEBA2AEEC3D400DEA4115AF3A278
2640WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2640.47335\Twitch Bots\Twitch Chat Bot\TwitchLib.dllexecutable
MD5:A405D3838F5228964514C4F30471CAAC
SHA256:8BDED35BC773E693898F4B13664CB81A4DB799F25ACD73B4DF13019B31EB1FCE
2640WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2640.47335\Twitch Bots\Twitch Follow Bot\Colorful.Console.dllexecutable
MD5:5F3D2CFBC21591B8FEEF1EFA3E59A4D0
SHA256:F31D4FD7E729FC6CF4ECAB972B6B1EE897918A325B1CA572030966F831E768FB
2640WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2640.47335\Twitch Bots\Twitch Follow Bot\Leaf.xNet.dllexecutable
MD5:B5CB88DE9FE40B6645496F9543CE8E26
SHA256:A91293829D0A4A0F2F34787FC1BA13B9D3AA4F640D0FCA652B24A88F464BC343
2640WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2640.47335\Twitch Bots\Twitch Follow Bot\Newtonsoft.Json.dllexecutable
MD5:D827DD8A8C4B2A2CFA23C7F90F3CCE95
SHA256:B66749B81E1489FCD8D754B2AD39EBE0DB681344E392A3F49DC9235643BDBD06
2640WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2640.47335\Twitch Bots\Twitch Chat Bot\ATWITCHBC.exeexecutable
MD5:E723EE7C3A84C44FA4646111A3B2FB82
SHA256:9962E85530591CE5AF72F705F810F5C8F4D825F908056AC060BF812E662610B9
2640WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2640.47335\Twitch Bots\Twitch Chat Bot\SuperSocket.ClientEngine.dllexecutable
MD5:BCA39F02EA86AB13E44B17A2028CDAF0
SHA256:30C619D93D05612253901F829977196D803AB68C04B19EC87358ADC2C572E683
2640WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2640.47335\Twitch Bots\Twitch Chat Bot\Newtonsoft.Json.xmlxml
MD5:2866A8E5449957C9B303AD800E55BF04
SHA256:42A557F912E050E91F255942C6E6948F6AE3AE5928000AD1DCEF88666BB77A2F
2640WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2640.47335\Twitch Bots\Twitch Follow Bot\KoiVM.Runtime.dllexecutable
MD5:F70CEAAA1AC1509C76C6635C92E6B5C2
SHA256:EBBF490E21B1E64F5EF63EB777766055D94DB1382D3877ED40EAD8EBDF8CA82E
2640WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2640.47335\Twitch Bots\Twitch Follow Bot\Figgle.dllexecutable
MD5:ED1AEDEA86660974B02CB8DFDFB80DCB
SHA256:AC1A8E26E4369D4CCB8BAC78B4F3D69C48EDC7B3761984DDE834C3B4A99C5C95
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Twitch_Bots-1.rar