Overview

overview

3

Static

static

1

mmc-develop-win32.zip

windows10-1703-x64

1

MultiMC/MultiMC.exe

windows10-1703-x64

1

MultiMC/Qt5Core.dll

windows10-1703-x64

3

MultiMC/Qt5Gui.dll

windows10-1703-x64

3

MultiMC/Qt...rk.dll

windows10-1703-x64

3

MultiMC/Qt5Svg.dll

windows10-1703-x64

3

MultiMC/Qt...ts.dll

windows10-1703-x64

3

MultiMC/Qt5Xml.dll

windows10-1703-x64

3

MultiMC/ic...on.dll

windows10-1703-x64

1

MultiMC/im...if.dll

windows10-1703-x64

1

MultiMC/im...ns.dll

windows10-1703-x64

1

MultiMC/im...co.dll

windows10-1703-x64

1

MultiMC/im...eg.dll

windows10-1703-x64

1

MultiMC/im...vg.dll

windows10-1703-x64

1

MultiMC/im...mp.dll

windows10-1703-x64

1

MultiMC/ja...ck.jar

windows10-1703-x64

1

MultiMC/ja...ch.jar

windows10-1703-x64

1

MultiMC/li...ix.dll

windows10-1703-x64

3

MultiMC/li...++.dll

windows10-1703-x64

3

MultiMC/li....dll.a

windows10-1703-x64

3

MultiMC/li...ip.dll

windows10-1703-x64

3

MultiMC/li...ow.dll

windows10-1703-x64

3

MultiMC/libeay32.dll

windows10-1703-x64

1

MultiMC/li...-1.dll

windows10-1703-x64

3

MultiMC/libssp-0.dll

windows10-1703-x64

3

MultiMC/li...-6.dll

windows10-1703-x64

3

MultiMC/li...-1.dll

windows10-1703-x64

1

MultiMC/pl...ws.dll

windows10-1703-x64

1

MultiMC/qt.conf

windows10-1703-x64

3

MultiMC/ssleay32.dll

windows10-1703-x64

1

MultiMC/zlib1.dll

windows10-1703-x64

3

Analysis

  • max time kernel
    305s
  • max time network
    311s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    04-02-2023 13:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MultiMC/MultiMC.exe

  • Size

    8.7MB

  • MD5

    d3647145b55987c3ac96399aab41ad07

  • SHA1

    42c573391ac5c71dcb4a3b0ec2fdf9f76d6c75fc

  • SHA256

    7559f773f58b8e08b792553af346508c4327f14526b02a0c49f1227c54897ee1

  • SHA512

    8808064567365fb0b551f5645b90e79581c60cd5441eae7225b4e9fd74156bd955bb3f31d0dfacc1637abdd1a2e706fee1a9e35ed5d5cf01e64a3dd9bd92f2a5

  • SSDEEP

    196608:UVg0QLYZwthw9woY6C1KO6ATk2JztIUZQIweHCHy5aR4VhV/BjzVPVVDSwVADlVg:uzdjC1keiSVhV/BjzVPVVDSwVADlVVh0

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe
    "C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2388
    • C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
      "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Temp/MultiMC/jars/JavaCheck.jar
      2⤵
        PID:4060
      • C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe
        "C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Temp/MultiMC/jars/JavaCheck.jar
        2⤵
          PID:432
        • C:\ProgramData\Oracle\Java\javapath\javaw.exe
          javaw -jar C:/Users/Admin/AppData/Local/Temp/MultiMC/jars/JavaCheck.jar
          2⤵
            PID:1008
        • C:\Windows\system32\AUDIODG.EXE
          C:\Windows\system32\AUDIODG.EXE 0x3dc
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:4752
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe"
          1⤵
          • Suspicious use of WriteProcessMemory
          PID:4932
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe"
            2⤵
            • Checks processor information in registry
            • Modifies registry class
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:4828
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4828.0.1629306752\1940950275" -parentBuildID 20200403170909 -prefsHandle 1524 -prefMapHandle 1516 -prefsLen 1 -prefMapSize 219938 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4828 "\\.\pipe\gecko-crash-server-pipe.4828" 1616 gpu
              3⤵
                PID:1392
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4828.3.713485567\2138855736" -childID 1 -isForBrowser -prefsHandle 2276 -prefMapHandle 2272 -prefsLen 156 -prefMapSize 219938 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4828 "\\.\pipe\gecko-crash-server-pipe.4828" 2288 tab
                3⤵
                  PID:2232
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4828.13.1450270148\282602037" -childID 2 -isForBrowser -prefsHandle 3392 -prefMapHandle 3388 -prefsLen 6938 -prefMapSize 219938 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4828 "\\.\pipe\gecko-crash-server-pipe.4828" 3316 tab
                  3⤵
                    PID:1924

              Network

              MITRE ATT&CK Enterprise v6

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • memory/432-238-0x0000000000000000-mapping.dmp

                Download

              • memory/1008-239-0x0000000000000000-mapping.dmp

                Download

              • memory/1008-263-0x00000000032C0000-0x00000000042C0000-memory.dmp

                Filesize

                16.0MB

                Download

              • memory/1008-282-0x00000000032C0000-0x00000000042C0000-memory.dmp

                Filesize

                16.0MB

                Download

              • memory/2388-120-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-121-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-122-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-123-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-124-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-125-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-127-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-128-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-130-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-132-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-134-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-133-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-131-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-129-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-136-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-137-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-138-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-139-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-135-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-126-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-140-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-142-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-143-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-144-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-148-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-150-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-151-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-149-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-146-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-147-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-152-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-145-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-141-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-153-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-154-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-156-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-155-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-157-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-158-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-159-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-162-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-163-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-161-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-165-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-164-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-166-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-160-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-167-0x0000000001410000-0x0000000001985000-memory.dmp

                Filesize

                5.5MB

                Download

              • memory/2388-171-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-170-0x0000000000031000-0x0000000000033000-memory.dmp

                Filesize

                8KB

                Download

              • memory/2388-169-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-172-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-173-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-174-0x0000000001410000-0x0000000001985000-memory.dmp

                Filesize

                5.5MB

                Download

              • memory/2388-177-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

                Filesize

                252KB

                Download

              • memory/2388-176-0x0000000061740000-0x0000000061771000-memory.dmp

                Filesize

                196KB

                Download

              • memory/2388-175-0x0000000070940000-0x000000007095C000-memory.dmp

                Filesize

                112KB

                Download

              • memory/2388-178-0x0000000000400000-0x0000000000A0B000-memory.dmp

                Filesize

                6.0MB

                Download

              • memory/2388-179-0x0000000068880000-0x0000000068DAF000-memory.dmp

                Filesize

                5.2MB

                Download

              • memory/2388-182-0x0000000061740000-0x0000000061771000-memory.dmp

                Filesize

                196KB

                Download

              • memory/2388-184-0x0000000063400000-0x0000000063415000-memory.dmp

                Filesize

                84KB

                Download

              • memory/2388-185-0x0000000061DC0000-0x0000000062404000-memory.dmp

                Filesize

                6.3MB

                Download

              • memory/2388-183-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

                Filesize

                252KB

                Download

              • memory/2388-186-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-188-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-187-0x0000000000400000-0x0000000000A0B000-memory.dmp

                Filesize

                6.0MB

                Download

              • memory/2388-189-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-190-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-181-0x0000000070940000-0x000000007095C000-memory.dmp

                Filesize

                112KB

                Download

              • memory/2388-180-0x0000000001410000-0x0000000001985000-memory.dmp

                Filesize

                5.5MB

                Download

              • memory/2388-191-0x0000000077A00000-0x0000000077B8E000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2388-222-0x0000000068880000-0x0000000068DAF000-memory.dmp

                Filesize

                5.2MB

                Download

              • memory/2388-227-0x0000000063400000-0x0000000063415000-memory.dmp

                Filesize

                84KB

                Download

              • memory/2388-228-0x0000000061DC0000-0x0000000062404000-memory.dmp

                Filesize

                6.3MB

                Download

              • memory/2388-226-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

                Filesize

                252KB

                Download

              • memory/2388-225-0x0000000061740000-0x0000000061771000-memory.dmp

                Filesize

                196KB

                Download

              • memory/2388-229-0x0000000000400000-0x0000000000A0B000-memory.dmp

                Filesize

                6.0MB

                Download

              • memory/2388-224-0x0000000070940000-0x000000007095C000-memory.dmp

                Filesize

                112KB

                Download

              • memory/2388-223-0x0000000001410000-0x0000000001985000-memory.dmp

                Filesize

                5.5MB

                Download

              • memory/2388-283-0x00000000053E0000-0x00000000053F0000-memory.dmp

                Filesize

                64KB

                Download

              • memory/4060-236-0x0000000000000000-mapping.dmp

                Download