Overview

overview

6

Static

static

mmc-stable-win32.zip

windows10-1703-x64

1

MultiMC/MultiMC.exe

windows10-1703-x64

6

MultiMC/Qt5Core.dll

windows10-1703-x64

3

MultiMC/Qt5Gui.dll

windows10-1703-x64

3

MultiMC/Qt...rk.dll

windows10-1703-x64

3

MultiMC/Qt5Svg.dll

windows10-1703-x64

3

MultiMC/Qt...ts.dll

windows10-1703-x64

3

MultiMC/Qt5Xml.dll

windows10-1703-x64

3

MultiMC/ic...on.dll

windows10-1703-x64

1

MultiMC/im...if.dll

windows10-1703-x64

1

MultiMC/im...ns.dll

windows10-1703-x64

1

MultiMC/im...co.dll

windows10-1703-x64

1

MultiMC/im...eg.dll

windows10-1703-x64

1

MultiMC/im...vg.dll

windows10-1703-x64

1

MultiMC/im...mp.dll

windows10-1703-x64

1

MultiMC/ja...ck.jar

windows10-1703-x64

1

MultiMC/ja...ch.jar

windows10-1703-x64

1

MultiMC/li...ix.dll

windows10-1703-x64

3

MultiMC/li...++.dll

windows10-1703-x64

3

MultiMC/li....dll.a

windows10-1703-x64

3

MultiMC/li...ip.dll

windows10-1703-x64

3

MultiMC/li...ow.dll

windows10-1703-x64

3

MultiMC/libeay32.dll

windows10-1703-x64

1

MultiMC/li...-1.dll

windows10-1703-x64

3

MultiMC/libssp-0.dll

windows10-1703-x64

3

MultiMC/li...-6.dll

windows10-1703-x64

3

MultiMC/li...-1.dll

windows10-1703-x64

1

MultiMC/pl...ws.dll

windows10-1703-x64

1

MultiMC/qt.conf

windows10-1703-x64

3

MultiMC/ssleay32.dll

windows10-1703-x64

1

MultiMC/zlib1.dll

windows10-1703-x64

3

Analysis

  • max time kernel
    277s
  • max time network
    277s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-es
  • resource tags

    arch:x64arch:x86image:win10-20220812-eslocale:es-esos:windows10-1703-x64systemwindows
  • submitted
    29/12/2022, 09:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MultiMC/MultiMC.exe

  • Size

    8.6MB

  • MD5

    86ec72e400abe379ed8453af49bbef32

  • SHA1

    374abd6b7aa5687fc738ceee1df52be0994fd8bc

  • SHA256

    10e44003255706995674e8dfdd43ce8242ee5f8402cafc8ec01e614d7c93dfa7

  • SHA512

    846619daf0bce719aa8ce63962b5e68f498010a36608c842dd94f7235fa5ef36e35be77aba528169eb132f7971e4f6f6298b102cf49b0ed3a41e9dbbff98b4ae

  • SSDEEP

    196608:jSFXkbPNSzhxpI+nIrTGEhiKhxJunHR/OcdpIX9uVvVV5cVY7VjVMSrV4rNVVjVJ:aXWWwwdiYVvVV5cVY7VjVMSrV4rNVVj7

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 43 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe
    "C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe"
    1⤵
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2132
    • C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
      "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Temp/MultiMC/jars/JavaCheck.jar
      2⤵
        PID:3572
      • C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe
        "C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Temp/MultiMC/jars/JavaCheck.jar
        2⤵
          PID:3804
        • C:\ProgramData\Oracle\Java\javapath\javaw.exe
          javaw -jar C:/Users/Admin/AppData/Local/Temp/MultiMC/jars/JavaCheck.jar
          2⤵
            PID:4332
          • C:\ProgramData\Oracle\Java\javapath\javaw.exe
            javaw -Xms512m -Xmx1024m -jar C:/Users/Admin/AppData/Local/Temp/MultiMC/jars/JavaCheck.jar
            2⤵
              PID:3204
          • C:\Windows\system32\AUDIODG.EXE
            C:\Windows\system32\AUDIODG.EXE 0x3e8
            1⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:4560

          Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp
            Filesize

            50B

            MD5

            d449961a7c18206bcfc8251b79678a9d

            SHA1

            2766085da487fc2c34e1a6c08b52c304f53e73df

            SHA256

            1d3f357f71ee4d0371c65ae07e4ff32d5ed701f912caefa527860a16e49a8b2f

            SHA512

            9e4b28d2440fd8f9364fb720bce63de4cfc7fd2f1b303e93da5840cb0f59512b11040f1fe5f413515e3a1fa85630faaa8314716c7571c4c0b8dfb9a5fa3a5080

            Download Submit

          • C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp
            Filesize

            50B

            MD5

            c55c023258bc544680e2eefef0c9cdf2

            SHA1

            32808abca8814818a988efcae762cc4ef45d127a

            SHA256

            1ffeb506e4dc445a403edcca02fc0f0d13c8401f1d0a36f221f798c5c5093e1c

            SHA512

            02ff0d0abbfb6413d2be18b309c534d454a96c18bf360a4ccf5f448502b87004daba4284d7e4754c43b7acd326695d0f76f3ea4cec7c9b3404174246c306f9e3

            Download Submit

          • memory/2132-162-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-153-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-122-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-123-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-124-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-125-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-126-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-127-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-128-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-129-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-131-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-130-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-132-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-133-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-134-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-136-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-138-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-139-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-137-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-135-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-140-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-141-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-142-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-143-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-144-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-163-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-145-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-147-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-151-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-166-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-155-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-156-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-158-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-157-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-154-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-152-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-149-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-150-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-159-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-160-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-148-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-161-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-120-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-165-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-121-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-164-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-146-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-167-0x00000000013E0000-0x0000000001955000-memory.dmp

            Filesize

            5.5MB

            Download

          • memory/2132-169-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-170-0x0000000000031000-0x0000000000033000-memory.dmp

            Filesize

            8KB

            Download

          • memory/2132-171-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-172-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-173-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-174-0x00000000013E0000-0x0000000001955000-memory.dmp

            Filesize

            5.5MB

            Download

          • memory/2132-175-0x0000000070940000-0x000000007095C000-memory.dmp

            Filesize

            112KB

            Download

          • memory/2132-176-0x0000000061740000-0x0000000061771000-memory.dmp

            Filesize

            196KB

            Download

          • memory/2132-177-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

            Filesize

            252KB

            Download

          • memory/2132-178-0x0000000068880000-0x0000000068DAF000-memory.dmp

            Filesize

            5.2MB

            Download

          • memory/2132-179-0x00000000013E0000-0x0000000001955000-memory.dmp

            Filesize

            5.5MB

            Download

          • memory/2132-180-0x0000000070940000-0x000000007095C000-memory.dmp

            Filesize

            112KB

            Download

          • memory/2132-181-0x0000000061740000-0x0000000061771000-memory.dmp

            Filesize

            196KB

            Download

          • memory/2132-182-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

            Filesize

            252KB

            Download

          • memory/2132-183-0x0000000063400000-0x0000000063415000-memory.dmp

            Filesize

            84KB

            Download

          • memory/2132-184-0x0000000000400000-0x00000000009FB000-memory.dmp

            Filesize

            6.0MB

            Download

          • memory/2132-185-0x0000000061DC0000-0x0000000062404000-memory.dmp

            Filesize

            6.3MB

            Download

          • memory/2132-186-0x0000000000400000-0x00000000009FB000-memory.dmp

            Filesize

            6.0MB

            Download

          • memory/2132-187-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-188-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-189-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-190-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-191-0x00000000771E0000-0x000000007736E000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2132-193-0x0000000068880000-0x0000000068DAF000-memory.dmp

            Filesize

            5.2MB

            Download

          • memory/2132-198-0x0000000063400000-0x0000000063415000-memory.dmp

            Filesize

            84KB

            Download

          • memory/2132-197-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

            Filesize

            252KB

            Download

          • memory/2132-196-0x0000000061740000-0x0000000061771000-memory.dmp

            Filesize

            196KB

            Download

          • memory/2132-195-0x0000000070940000-0x000000007095C000-memory.dmp

            Filesize

            112KB

            Download

          • memory/2132-194-0x00000000013E0000-0x0000000001955000-memory.dmp

            Filesize

            5.5MB

            Download

          • memory/2132-200-0x0000000061DC0000-0x0000000062404000-memory.dmp

            Filesize

            6.3MB

            Download

          • memory/2132-201-0x0000000000400000-0x00000000009FB000-memory.dmp

            Filesize

            6.0MB

            Download

          • memory/2132-284-0x0000000004D70000-0x0000000004D80000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2132-283-0x0000000004D70000-0x0000000004D80000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3204-281-0x00000000032D0000-0x00000000042D0000-memory.dmp

            Filesize

            16.0MB

            Download

          • memory/3204-277-0x00000000032D0000-0x00000000042D0000-memory.dmp

            Filesize

            16.0MB

            Download

          • memory/3572-247-0x0000000002D70000-0x0000000003D70000-memory.dmp

            Filesize

            16.0MB

            Download

          • memory/3572-280-0x0000000002D70000-0x0000000003D70000-memory.dmp

            Filesize

            16.0MB

            Download