Report - Twitch x Loot Lab Event - 2025.msc

Antivirus ScreenShot KeyLogger AntiDebug AntiVM

ScreenShot

Info
Location map


Created	2024.09.09 09:56	Machine	s1_win7_x6401
Filename	Twitch x Loot Lab Event - 2025.msc
Type	XML 1.0 document, ASCII text, with CRLF line terminators
AI Score	Not founds	Behavior Score	3.0
ZERO API	file : clean
VT API (file)	22 detected (Dump, Kimsuky, Detected, ai score=88, ABApplication, Qwhl)
md5	41c656c497d7ec24de57a9927c13e81c
sha256	5042f64c0c5b1325964279106f0afa330fb2810416043784f5b4deeef0e93aa4
ssdeep	384:PLUWHwIvDfCbiiNPyVIB7nstz5R0iXV5qf:PDHfD6iiNPydzRJTqf
imphash
impfuzzy

Network IP location

Signature (7cnts)

Level	Description
warning	File has been identified by 22 AntiVirus engines on VirusTotal as malicious
watch	Resumed a suspended thread in a remote process potentially indicative of process injection
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice	Yara rule detected in process memory
info	Checks amount of memory in system
info	Collects information to fingerprint the system (MachineGuid

Rules (12cnts)

Level	Name	Description	Collection
watch	Antivirus	Contains references to security software	binaries (upload)
notice	KeyLogger	Run a KeyLogger	memory
notice	ScreenShot	Take ScreenShot	memory
info	anti_dbg	Checks if being debugged	memory
info	DebuggerCheck__GlobalFlags	(no description)	memory
info	DebuggerCheck__QueryInfo	(no description)	memory
info	DebuggerHiding__Active	(no description)	memory
info	DebuggerHiding__Thread	(no description)	memory
info	disable_dep	Bypass DEP	memory
info	SEH__vectored	(no description)	memory
info	ThreadControl__Context	(no description)	memory
info	win_hook	Affect hook table	memory

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

Similarity measure (PE file only) - Checking for service failure