Overview

overview

8

Static

static

1

mmc-develop-win32.zip

windows7-x64

1

mmc-develop-win32.zip

windows10-2004-x64

1

MultiMC/MultiMC.exe

windows7-x64

1

MultiMC/MultiMC.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    396s
  • max time network
    337s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    12-03-2023 00:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MultiMC/MultiMC.exe

  • Size

    8.8MB

  • MD5

    38c782c12952ecaeb3af973a7338790d

  • SHA1

    3167c8152fde81d9b3aebbb41d38a607ba5b48b7

  • SHA256

    4fc7abd9769e631fe1831b8b0da7b924322b77fee774dba6c5d0ccf6f69242f4

  • SHA512

    e72b69bee5cf6ca2c45d8b84f128126dd1c81f03e7dfae4d03e3d906f79bb7e1f9ecad6030e4447783657e59c75017df72f590ca786edcfd2996c88345542a1a

  • SSDEEP

    196608:LjeHzMAqhnF5SdEy/vgiBkxqSdXh9NWompJIwFsBEeVgVvV3rABVLVVkNWV+O8VU:OHOer/vAUpyRVgVvV3rABVLVVkNWV+On

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: AddClipboardFormatListener 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe
    "C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1988
    • C:\Program Files\Java\jre7\bin\javaw.exe
      "C:\Program Files\Java\jre7\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Temp/MultiMC/jars/JavaCheck.jar
      2⤵
        PID:732
      • C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe
        "C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Temp/MultiMC/jars/JavaCheck.jar
        2⤵
          PID:1764
        • C:\Program Files\Java\jre7\bin\javaw.exe
          "C:\Program Files\Java\jre7\bin\javaw.exe" -Xms512m -Xmx1024m -XX:PermSize=128m -jar C:/Users/Admin/AppData/Local/Temp/MultiMC/jars/JavaCheck.jar
          2⤵
            PID:1532
        • C:\Windows\system32\AUDIODG.EXE
          C:\Windows\system32\AUDIODG.EXE 0x574
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:1776
        • C:\Windows\system32\taskmgr.exe
          "C:\Windows\system32\taskmgr.exe" /4
          1⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:1364
        • C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe
          "C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe"
          1⤵
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious use of SetWindowsHookEx
          PID:1908
        • C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe
          "C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe"
          1⤵
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious use of SetWindowsHookEx
          PID:1296
        • C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe
          "C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC.exe"
          1⤵
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious use of SetWindowsHookEx
          PID:1656

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC-0.log
          Filesize

          35KB

          MD5

          51783c1ed7e90917ce6cafc9a5c0da13

          SHA1

          1a6f6efc0cb037bb109c290f47d12a24831d0fa7

          SHA256

          e8d2ddf3892af62a1745ce52bdcabf075cd09bedd9503e99f708441da90e3cb0

          SHA512

          3e23944d7dacf714d286014daca1daf4856ac5dbb73458fe4f57ffd3806a09661f4e2724add15c7d8cbe3e847df309a9c59e2244be8fa0f5557ad539c9a67b97

          Download Submit
        • C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC-1.log
          Filesize

          35KB

          MD5

          51783c1ed7e90917ce6cafc9a5c0da13

          SHA1

          1a6f6efc0cb037bb109c290f47d12a24831d0fa7

          SHA256

          e8d2ddf3892af62a1745ce52bdcabf075cd09bedd9503e99f708441da90e3cb0

          SHA512

          3e23944d7dacf714d286014daca1daf4856ac5dbb73458fe4f57ffd3806a09661f4e2724add15c7d8cbe3e847df309a9c59e2244be8fa0f5557ad539c9a67b97

          Download Submit
        • C:\Users\Admin\AppData\Local\Temp\MultiMC\MultiMC-2.log
          Filesize

          35KB

          MD5

          51783c1ed7e90917ce6cafc9a5c0da13

          SHA1

          1a6f6efc0cb037bb109c290f47d12a24831d0fa7

          SHA256

          e8d2ddf3892af62a1745ce52bdcabf075cd09bedd9503e99f708441da90e3cb0

          SHA512

          3e23944d7dacf714d286014daca1daf4856ac5dbb73458fe4f57ffd3806a09661f4e2724add15c7d8cbe3e847df309a9c59e2244be8fa0f5557ad539c9a67b97

          Download Submit
        • memory/1364-421-0x0000000140000000-0x00000001405E8000-memory.dmp
          Filesize

          5.9MB

          Download
        • memory/1364-477-0x0000000140000000-0x00000001405E8000-memory.dmp
          Filesize

          5.9MB

          Download
        • memory/1364-476-0x0000000140000000-0x00000001405E8000-memory.dmp
          Filesize

          5.9MB

          Download
        • memory/1364-422-0x0000000140000000-0x00000001405E8000-memory.dmp
          Filesize

          5.9MB

          Download
        • memory/1988-87-0x0000000000330000-0x0000000000348000-memory.dmp
          Filesize

          96KB

          Download
        • memory/1988-91-0x0000000066C00000-0x0000000066C3E000-memory.dmp
          Filesize

          248KB

          Download
        • memory/1988-78-0x0000000070940000-0x000000007095C000-memory.dmp
          Filesize

          112KB

          Download
        • memory/1988-79-0x0000000068880000-0x0000000068DAF000-memory.dmp
          Filesize

          5.2MB

          Download
        • memory/1988-80-0x000000006E940000-0x000000006E964000-memory.dmp
          Filesize

          144KB

          Download
        • memory/1988-81-0x0000000064940000-0x0000000064954000-memory.dmp
          Filesize

          80KB

          Download
        • memory/1988-82-0x000000006FC40000-0x000000006FD41000-memory.dmp
          Filesize

          1.0MB

          Download
        • memory/1988-83-0x0000000061940000-0x0000000061EB5000-memory.dmp
          Filesize

          5.5MB

          Download
        • memory/1988-84-0x0000000000020000-0x000000000002C000-memory.dmp
          Filesize

          48KB

          Download
        • memory/1988-85-0x0000000061740000-0x0000000061771000-memory.dmp
          Filesize

          196KB

          Download
        • memory/1988-86-0x000000006C8C0000-0x000000006C8FF000-memory.dmp
          Filesize

          252KB

          Download
        • memory/1988-54-0x0000000000330000-0x0000000000348000-memory.dmp
          Filesize

          96KB

          Download
        • memory/1988-88-0x0000000063400000-0x0000000063415000-memory.dmp
          Filesize

          84KB

          Download
        • memory/1988-89-0x0000000069700000-0x0000000069894000-memory.dmp
          Filesize

          1.6MB

          Download
        • memory/1988-90-0x0000000000E40000-0x0000000001484000-memory.dmp
          Filesize

          6.3MB

          Download
        • memory/1988-77-0x0000000000400000-0x0000000000A1E000-memory.dmp
          Filesize

          6.1MB

          Download
        • memory/1988-92-0x000000006A880000-0x000000006A9F6000-memory.dmp
          Filesize

          1.5MB

          Download
        • memory/1988-94-0x0000000004F90000-0x00000000051A2000-memory.dmp
          Filesize

          2.1MB

          Download
        • memory/1988-93-0x000000006E600000-0x000000006E674000-memory.dmp
          Filesize

          464KB

          Download
        • memory/1988-115-0x0000000068880000-0x0000000068DAF000-memory.dmp
          Filesize

          5.2MB

          Download
        • memory/1988-119-0x0000000061940000-0x0000000061EB5000-memory.dmp
          Filesize

          5.5MB

          Download
        • memory/1988-126-0x0000000000E40000-0x0000000001484000-memory.dmp
          Filesize

          6.3MB

          Download
        • memory/1988-326-0x0000000005860000-0x0000000005870000-memory.dmp
          Filesize

          64KB

          Download
        • memory/1988-72-0x0000000004F90000-0x00000000051A2000-memory.dmp
          Filesize

          2.1MB

          Download
        • memory/1988-62-0x0000000000400000-0x0000000000A1E000-memory.dmp
          Filesize

          6.1MB

          Download
        • memory/1988-60-0x0000000000E40000-0x0000000001484000-memory.dmp
          Filesize

          6.3MB

          Download
        • memory/1988-59-0x000000006C8C0000-0x000000006C8FF000-memory.dmp
          Filesize

          252KB

          Download
        • memory/1988-589-0x0000000005860000-0x0000000005870000-memory.dmp
          Filesize

          64KB

          Download
        • memory/1988-58-0x0000000061740000-0x0000000061771000-memory.dmp
          Filesize

          196KB

          Download
        • memory/1988-57-0x0000000070940000-0x000000007095C000-memory.dmp
          Filesize

          112KB

          Download
        • memory/1988-55-0x0000000000E40000-0x0000000001484000-memory.dmp
          Filesize

          6.3MB

          Download