163edff5aec2819e87bde2bbb4369bef309bc395aaf0e5610235152844967631

Analysis

max time kernel
134s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20221111-es
resource tags

arch:x64arch:x86image:win10v2004-20221111-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
07/02/2023, 16:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

MultiMC/MultiMC.exe
Size

8.8MB
MD5

b140f2eddebb8f56f15148d64c762c2e
SHA1

966df1c26fc4f42657549cc35ce5012b9feb09ab
SHA256

798898fa1695d4144930e58d06529c76235248fd4912531224f57709e2b9466a
SHA512

e81588e459c9557e5b8b37d57b0b1b9b48b969b390891d7b709271c4161b1dcb3ed03b6210ec8a82a19047e27bab791804b243709369cbebefd5e045b4b7717c
SSDEEP

196608:F/cYoNpdLZMSv80t/HC+ReI3MhcdyyVfzxXz+5EoAT+SZpVJV0V8eJiVPVVOSBVs:+3XoM/H9FXz+6gkVJV0V8eJiVPVVOSBe

Score

1^/10

Malware Config

Signatures

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3724	MultiMC.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3724	MultiMC.exe
3724	MultiMC.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3724	MultiMC.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3724	MultiMC.exe
3724	MultiMC.exe
3724	MultiMC.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3724 wrote to memory of 864	3724	MultiMC.exe	88
PID 3724 wrote to memory of 864	3724	MultiMC.exe	88
PID 3724 wrote to memory of 2744	3724	MultiMC.exe	89
PID 3724 wrote to memory of 2744	3724	MultiMC.exe	89
PID 3724 wrote to memory of 1124	3724	MultiMC.exe	90
PID 3724 wrote to memory of 1124	3724	MultiMC.exe	90

C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe
"C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3724
- C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
  "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Temp/MultiMC/jars/JavaCheck.jar
  2⤵
  PID:864
- C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe
  "C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Temp/MultiMC/jars/JavaCheck.jar
  2⤵
  PID:2744
- C:\ProgramData\Oracle\Java\javapath\javaw.exe
  javaw -jar C:/Users/Admin/AppData/Local/Temp/MultiMC/jars/JavaCheck.jar
  2⤵
  PID:1124

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x150 0x2ec
1⤵
PID:2616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

Filesize
50B

MD5
499090aef058fc5f5d4dfb08c5351439

SHA1
ad5d8deb0cfbe00f461910355f734a56a9f7eb58

SHA256
8290ce1d75d5753b95376877456ef3c84315a9b27143cb6fb52f1649df2d7266

SHA512
a82a0ac5959f3fd54bc3bb3418b653cfdbdd7bc0891ec8fb968ea43ae6af18328664038708cc50bdcf656ee6f678c702f4af403bdabaee0834c4d00835d3fe99

Download Submit
memory/1124-183-0x0000000002A80000-0x0000000003A80000-memory.dmp

Filesize
16.0MB

Download
memory/3724-141-0x00000000013B0000-0x0000000001925000-memory.dmp

Filesize
5.5MB

Download
memory/3724-152-0x0000000070940000-0x000000007095C000-memory.dmp

Filesize
112KB

Download
memory/3724-140-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/3724-132-0x00000000013B0000-0x0000000001925000-memory.dmp

Filesize
5.5MB

Download
memory/3724-142-0x0000000070940000-0x000000007095C000-memory.dmp

Filesize
112KB

Download
memory/3724-143-0x0000000061740000-0x0000000061771000-memory.dmp

Filesize
196KB

Download
memory/3724-144-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

Filesize
252KB

Download
memory/3724-145-0x0000000063400000-0x0000000063415000-memory.dmp

Filesize
84KB

Download
memory/3724-146-0x0000000061DC0000-0x0000000062404000-memory.dmp

Filesize
6.3MB

Download
memory/3724-147-0x0000000000400000-0x0000000000A1D000-memory.dmp

Filesize
6.1MB

Download
memory/3724-148-0x0000000005440000-0x0000000005652000-memory.dmp

Filesize
2.1MB

Download
memory/3724-150-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/3724-151-0x00000000013B0000-0x0000000001925000-memory.dmp

Filesize
5.5MB

Download
memory/3724-139-0x0000000000400000-0x0000000000A1D000-memory.dmp

Filesize
6.1MB

Download
memory/3724-153-0x0000000061740000-0x0000000061771000-memory.dmp

Filesize
196KB

Download
memory/3724-154-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

Filesize
252KB

Download
memory/3724-155-0x0000000061DC0000-0x0000000062404000-memory.dmp

Filesize
6.3MB

Download
memory/3724-138-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

Filesize
252KB

Download
memory/3724-136-0x0000000070940000-0x000000007095C000-memory.dmp

Filesize
112KB

Download
memory/3724-137-0x0000000061740000-0x0000000061771000-memory.dmp

Filesize
196KB

Download
memory/3724-159-0x0000000000D70000-0x0000000000D81000-memory.dmp

Filesize
68KB

Download
memory/3724-135-0x00000000013B0000-0x0000000001925000-memory.dmp

Filesize
5.5MB

Download
memory/3724-134-0x0000000001931000-0x0000000001933000-memory.dmp

Filesize
8KB

Download
memory/3724-189-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/3724-191-0x0000000070940000-0x000000007095C000-memory.dmp

Filesize
112KB

Download
memory/3724-190-0x00000000013B0000-0x0000000001925000-memory.dmp

Filesize
5.5MB

Download
memory/3724-192-0x0000000061DC0000-0x0000000062404000-memory.dmp

Filesize
6.3MB

Download
memory/3724-193-0x0000000000400000-0x0000000000A1D000-memory.dmp

Filesize
6.1MB

Download