Overview

overview

3

Static

static

1

MultiMC/MultiMC.exe

windows10-1703-x64

1

MultiMC/Qt5Core.dll

windows10-1703-x64

3

MultiMC/Qt5Gui.dll

windows10-1703-x64

3

MultiMC/Qt...rk.dll

windows10-1703-x64

3

MultiMC/Qt5Svg.dll

windows10-1703-x64

3

MultiMC/Qt...ts.dll

windows10-1703-x64

3

MultiMC/Qt5Xml.dll

windows10-1703-x64

3

MultiMC/ic...on.dll

windows10-1703-x64

1

MultiMC/im...ds.dll

windows10-1703-x64

1

MultiMC/im...if.dll

windows10-1703-x64

1

MultiMC/im...ns.dll

windows10-1703-x64

1

MultiMC/im...co.dll

windows10-1703-x64

1

MultiMC/im...p2.dll

windows10-1703-x64

1

MultiMC/im...eg.dll

windows10-1703-x64

1

MultiMC/im...vg.dll

windows10-1703-x64

1

MultiMC/im...mp.dll

windows10-1703-x64

1

MultiMC/im...bp.dll

windows10-1703-x64

1

MultiMC/ja...ck.jar

windows10-1703-x64

1

MultiMC/ja...ch.jar

windows10-1703-x64

1

MultiMC/li...ic.dll

windows10-1703-x64

3

MultiMC/libeay32.dll

windows10-1703-x64

1

MultiMC/li...-1.dll

windows10-1703-x64

3

MultiMC/libnbt++.dll

windows10-1703-x64

3

MultiMC/li...ow.dll

windows10-1703-x64

3

MultiMC/libssl32.dll

windows10-1703-x64

1

MultiMC/li...-6.dll

windows10-1703-x64

3

MultiMC/li...-1.dll

windows10-1703-x64

1

MultiMC/pl...ws.dll

windows10-1703-x64

1

MultiMC/ssleay32.dll

windows10-1703-x64

1

MultiMC/updater.exe

windows10-1703-x64

1

MultiMC/zlib1.dll

windows10-1703-x64

3

Analysis

  • max time kernel
    151s
  • max time network
    149s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    14-02-2023 16:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MultiMC/MultiMC.exe

  • Size

    5.4MB

  • MD5

    528de01921c926aff6a759bc65fd923f

  • SHA1

    03893a37f9a7ebf29a5349c214dc9fe11820bfa8

  • SHA256

    38dbbcb9ebea0599a7419ca63a3cd8177b3b8ed12846e508e276fb60875ce3f7

  • SHA512

    f2a674d22493912cd6f0db0841cac02de9e76e5d9a7a30272f6a8e73d86676b4315a519898da7369618f2a309b07d4df0a0a0f5403cd7ee87fa79bc909ff9f16

  • SSDEEP

    49152:Vzpg4+3qtJyuFNpeF5hpFp97x3uhCZxDIjbsdrp0LcK:Vzl4qLxSF5hjrdbZxD9k

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 7 IoCs
  • Suspicious use of SendNotifyMessage 5 IoCs
  • Suspicious use of SetWindowsHookEx 31 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe
    "C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2972
    • C:\ProgramData\Oracle\Java\javapath\java.exe
      java -jar C:/Users/Admin/AppData/Local/Temp/MultiMC/jars/JavaCheck.jar
      2⤵
        PID:3380
      • C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe
        "C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Temp/MultiMC/jars/JavaCheck.jar
        2⤵
          PID:4676
        • C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
          "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Temp/MultiMC/jars/JavaCheck.jar
          2⤵
            PID:4652
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe"
          1⤵
          • Suspicious use of WriteProcessMemory
          PID:4272
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe"
            2⤵
            • Checks processor information in registry
            • Modifies registry class
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:4608
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4608.0.1460165462\920435722" -parentBuildID 20200403170909 -prefsHandle 1524 -prefMapHandle 1220 -prefsLen 1 -prefMapSize 220115 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4608 "\\.\pipe\gecko-crash-server-pipe.4608" 1616 gpu
              3⤵
                PID:3088
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4608.3.1561109328\838460589" -childID 1 -isForBrowser -prefsHandle 2184 -prefMapHandle 2180 -prefsLen 156 -prefMapSize 220115 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4608 "\\.\pipe\gecko-crash-server-pipe.4608" 2196 tab
                3⤵
                  PID:4800
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4608.13.109331958\72333363" -childID 2 -isForBrowser -prefsHandle 3396 -prefMapHandle 2672 -prefsLen 6938 -prefMapSize 220115 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4608 "\\.\pipe\gecko-crash-server-pipe.4608" 3412 tab
                  3⤵
                    PID:1436

              Network

              MITRE ATT&CK Enterprise v6

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • memory/2972-118-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-119-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-120-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-122-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-121-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-123-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-124-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-125-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-126-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-127-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-128-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-129-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-130-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-131-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-133-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-132-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-134-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-136-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-135-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-137-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-138-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-140-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-139-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-142-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-141-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-144-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-143-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-145-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-147-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-146-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-149-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-148-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-150-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-151-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-153-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-152-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-156-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-155-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-154-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-157-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-159-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-158-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-161-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-160-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-164-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-163-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-162-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-165-0x00000000010B0000-0x00000000016F5000-memory.dmp

                Filesize

                6.3MB

                Download

              • memory/2972-167-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-169-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-168-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-170-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-171-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-172-0x00000000010B0000-0x00000000016F5000-memory.dmp

                Filesize

                6.3MB

                Download

              • memory/2972-173-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-175-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-174-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-176-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-177-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-178-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-179-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-181-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-183-0x0000000068880000-0x0000000068DAE000-memory.dmp

                Filesize

                5.2MB

                Download

              • memory/2972-180-0x0000000077220000-0x00000000773AE000-memory.dmp

                Filesize

                1.6MB

                Download

              • memory/2972-188-0x0000000063100000-0x000000006314F000-memory.dmp

                Filesize

                316KB

                Download

              • memory/2972-192-0x00000000010B0000-0x00000000016F5000-memory.dmp

                Filesize

                6.3MB

                Download

              • memory/2972-187-0x0000000061940000-0x0000000061E60000-memory.dmp

                Filesize

                5.1MB

                Download

              • memory/2972-194-0x0000000000400000-0x00000000006C2000-memory.dmp

                Filesize

                2.8MB

                Download

              • memory/2972-193-0x0000000068040000-0x0000000068270000-memory.dmp

                Filesize

                2.2MB

                Download

              • memory/2972-253-0x0000000068880000-0x0000000068DAE000-memory.dmp

                Filesize

                5.2MB

                Download

              • memory/2972-254-0x0000000061940000-0x0000000061E60000-memory.dmp

                Filesize

                5.1MB

                Download

              • memory/2972-255-0x00000000010B0000-0x00000000016F5000-memory.dmp

                Filesize

                6.3MB

                Download

              • memory/2972-256-0x0000000068040000-0x0000000068270000-memory.dmp

                Filesize

                2.2MB

                Download

              • memory/2972-257-0x0000000000400000-0x00000000006C2000-memory.dmp

                Filesize

                2.8MB

                Download

              • memory/3380-233-0x0000000000000000-mapping.dmp

                Download

              • memory/4652-231-0x0000000000000000-mapping.dmp

                Download

              • memory/4652-252-0x0000000003050000-0x0000000004050000-memory.dmp

                Filesize

                16.0MB

                Download

              • memory/4652-258-0x0000000003050000-0x0000000004050000-memory.dmp

                Filesize

                16.0MB

                Download

              • memory/4676-232-0x0000000000000000-mapping.dmp

                Download