Overview

overview

3

Static

static

MultiMC/MultiMC.exe

windows10-1703-x64

3

MultiMC/Qt5Core.dll

windows10-1703-x64

3

MultiMC/Qt5Gui.dll

windows10-1703-x64

3

MultiMC/Qt...rk.dll

windows10-1703-x64

3

MultiMC/Qt5Svg.dll

windows10-1703-x64

3

MultiMC/Qt...ts.dll

windows10-1703-x64

3

MultiMC/Qt5Xml.dll

windows10-1703-x64

3

MultiMC/ic...on.dll

windows10-1703-x64

1

MultiMC/im...if.dll

windows10-1703-x64

1

MultiMC/im...ns.dll

windows10-1703-x64

1

MultiMC/im...co.dll

windows10-1703-x64

1

MultiMC/im...eg.dll

windows10-1703-x64

1

MultiMC/im...vg.dll

windows10-1703-x64

1

MultiMC/im...mp.dll

windows10-1703-x64

1

MultiMC/ja...ck.jar

windows10-1703-x64

1

MultiMC/ja...ch.jar

windows10-1703-x64

1

MultiMC/li...ix.dll

windows10-1703-x64

3

MultiMC/li...++.dll

windows10-1703-x64

3

MultiMC/li...ip.dll

windows10-1703-x64

3

MultiMC/li...ow.dll

windows10-1703-x64

3

MultiMC/libeay32.dll

windows10-1703-x64

1

MultiMC/li...-1.dll

windows10-1703-x64

3

MultiMC/libssp-0.dll

windows10-1703-x64

3

MultiMC/li...-6.dll

windows10-1703-x64

3

MultiMC/li...-1.dll

windows10-1703-x64

1

MultiMC/pl...ws.dll

windows10-1703-x64

1

MultiMC/ssleay32.dll

windows10-1703-x64

1

MultiMC/zlib1.dll

windows10-1703-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    146s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    05/01/2023, 01:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MultiMC/MultiMC.exe

  • Size

    8.6MB

  • MD5

    86ec72e400abe379ed8453af49bbef32

  • SHA1

    374abd6b7aa5687fc738ceee1df52be0994fd8bc

  • SHA256

    10e44003255706995674e8dfdd43ce8242ee5f8402cafc8ec01e614d7c93dfa7

  • SHA512

    846619daf0bce719aa8ce63962b5e68f498010a36608c842dd94f7235fa5ef36e35be77aba528169eb132f7971e4f6f6298b102cf49b0ed3a41e9dbbff98b4ae

  • SSDEEP

    196608:jSFXkbPNSzhxpI+nIrTGEhiKhxJunHR/OcdpIX9uVvVV5cVY7VjVMSrV4rNVVjVJ:aXWWwwdiYVvVV5cVY7VjVMSrV4rNVVj7

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 43 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe
    "C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe"
    1⤵
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:428
    • C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
      "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Temp/MultiMC/jars/JavaCheck.jar
      2⤵
        PID:3676
      • C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe
        "C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Temp/MultiMC/jars/JavaCheck.jar
        2⤵
          PID:4908
        • C:\ProgramData\Oracle\Java\javapath\javaw.exe
          javaw -jar C:/Users/Admin/AppData/Local/Temp/MultiMC/jars/JavaCheck.jar
          2⤵
            PID:4888
        • C:\Windows\system32\AUDIODG.EXE
          C:\Windows\system32\AUDIODG.EXE 0x3d4
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:4452

        Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/428-120-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-121-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-122-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-123-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-124-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-125-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-126-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-128-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-130-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-131-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-132-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-129-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-127-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-133-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-134-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-136-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-135-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-140-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-141-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-142-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-143-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-144-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-139-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-138-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-145-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-146-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-147-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-148-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-150-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-149-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-151-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-137-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-153-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-154-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-155-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-157-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-159-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-160-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-162-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-163-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-161-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-158-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-164-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-156-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-152-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-165-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-166-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-167-0x00000000015D0000-0x0000000001B45000-memory.dmp

          Filesize

          5.5MB

          Download

        • memory/428-170-0x0000000000031000-0x0000000000033000-memory.dmp

          Filesize

          8KB

          Download

        • memory/428-171-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-169-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-173-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-172-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-176-0x0000000061740000-0x0000000061771000-memory.dmp

          Filesize

          196KB

          Download

        • memory/428-177-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

          Filesize

          252KB

          Download

        • memory/428-175-0x0000000070940000-0x000000007095C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/428-174-0x00000000015D0000-0x0000000001B45000-memory.dmp

          Filesize

          5.5MB

          Download

        • memory/428-179-0x0000000068880000-0x0000000068DAF000-memory.dmp

          Filesize

          5.2MB

          Download

        • memory/428-178-0x0000000000400000-0x00000000009FB000-memory.dmp

          Filesize

          6.0MB

          Download

        • memory/428-180-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-182-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-185-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-184-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-186-0x0000000076FB0000-0x000000007713E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/428-187-0x0000000061740000-0x0000000061771000-memory.dmp

          Filesize

          196KB

          Download

        • memory/428-183-0x0000000070940000-0x000000007095C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/428-181-0x00000000015D0000-0x0000000001B45000-memory.dmp

          Filesize

          5.5MB

          Download

        • memory/428-188-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

          Filesize

          252KB

          Download

        • memory/428-190-0x0000000063400000-0x0000000063415000-memory.dmp

          Filesize

          84KB

          Download

        • memory/428-191-0x0000000000400000-0x00000000009FB000-memory.dmp

          Filesize

          6.0MB

          Download

        • memory/428-193-0x0000000061DC0000-0x0000000062404000-memory.dmp

          Filesize

          6.3MB

          Download

        • memory/428-228-0x0000000068880000-0x0000000068DAF000-memory.dmp

          Filesize

          5.2MB

          Download

        • memory/428-233-0x0000000063400000-0x0000000063415000-memory.dmp

          Filesize

          84KB

          Download

        • memory/428-232-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

          Filesize

          252KB

          Download

        • memory/428-234-0x0000000000400000-0x00000000009FB000-memory.dmp

          Filesize

          6.0MB

          Download

        • memory/428-231-0x0000000061740000-0x0000000061771000-memory.dmp

          Filesize

          196KB

          Download

        • memory/428-230-0x0000000070940000-0x000000007095C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/428-229-0x00000000015D0000-0x0000000001B45000-memory.dmp

          Filesize

          5.5MB

          Download

        • memory/428-235-0x0000000061DC0000-0x0000000062404000-memory.dmp

          Filesize

          6.3MB

          Download

        • memory/428-277-0x0000000006AF0000-0x0000000006B00000-memory.dmp

          Filesize

          64KB

          Download

        • memory/428-278-0x0000000006AF0000-0x0000000006B00000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4888-259-0x00000000026E0000-0x00000000036E0000-memory.dmp

          Filesize

          16.0MB

          Download

        • memory/4888-276-0x00000000026E0000-0x00000000036E0000-memory.dmp

          Filesize

          16.0MB

          Download