1f1660d24e972308e913eb370633bfb83c2738237f193f501b0d05b09d065878

Resubmissions

08/07/2023, 05:53

230708-gla5aach75 3

08/07/2023, 05:48

230708-ghvdrach74 3

08/07/2023, 05:35

230708-gab77sch66 8

08/07/2023, 05:22

230708-f2qdgach59 8

Analysis

max time kernel
102s
max time network
95s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
08/07/2023, 05:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

UltimMC/UltimMC.exe
Size

8.8MB
MD5

dec33b921534bfefd0f06aee6af7291b
SHA1

0b6cfa43c79071272a865471f2927f62f6cc3d30
SHA256

499422dc9e9e33c685b93fb9bf5c90e03d7aa75af31fd1c05f152259a7bd8774
SHA512

b377aef7dfbab0aff7e706ada839dc4fb95a70024e98455c20a810de6bc872fc4a72c138b650e3f5ebc3dce23cc18ca771206f9e1af15f5882786c0c32af3bdc
SSDEEP

196608:1vEsCQdpPhdnaJjgDLEjixC9IDe4OHlnwd+PXHdiVzVsVKV4113VTVVxAVUVgVC2:QAO5gDhVA/YVsVKV4113VTVVxAVUVgV9

Score

1^/10

Malware Config

Signatures

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
468	UltimMC.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
468	UltimMC.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
468	UltimMC.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	2612	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2612	AUDIODG.EXE
Token: 33	2612	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2612	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
468	UltimMC.exe
468	UltimMC.exe
468	UltimMC.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 468 wrote to memory of 2196	468	UltimMC.exe	29
PID 468 wrote to memory of 2196	468	UltimMC.exe	29
PID 468 wrote to memory of 2196	468	UltimMC.exe	29
PID 468 wrote to memory of 2196	468	UltimMC.exe	29
PID 468 wrote to memory of 2432	468	UltimMC.exe	30
PID 468 wrote to memory of 2432	468	UltimMC.exe	30
PID 468 wrote to memory of 2432	468	UltimMC.exe	30
PID 468 wrote to memory of 2432	468	UltimMC.exe	30

C:\Users\Admin\AppData\Local\Temp\UltimMC\UltimMC.exe
"C:\Users\Admin\AppData\Local\Temp\UltimMC\UltimMC.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:468
- C:\Program Files\Java\jre7\bin\javaw.exe
  "C:\Program Files\Java\jre7\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Temp/UltimMC/jars/JavaCheck.jar
  2⤵
  PID:2196
- C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe
  "C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Temp/UltimMC/jars/JavaCheck.jar
  2⤵
  PID:2432

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\UltimMC\instances\1.20.1\instance.cfg.UgV468

Filesize
953B

MD5
9ac77540a214e670e373cccc7500a1cb

SHA1
55df21fc2d3c4a7c70e6548d67405390768a8e50

SHA256
a63e0ba821c598884d1513aee303600f1009fe268ce497f3b44e2914697ea85f

SHA512
11ddfb27fd61c504f7f450d759b0f0b72dd4046c5b6efe61fa88fe625dd36ef5396706e760462efcced2bc96bf8cbebead340fd2732620ec6d97f353314893b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\UltimMC\translations\index_v2.json

Filesize
15KB

MD5
64eb5323c137fde7680ed29a17c53d65

SHA1
03cb5da4bed79def57b15974129e9589d2f26763

SHA256
0ff7e6ca2aa7baff4b965125cda67310a80f061b4b6bfe3321960f8b24c7ab57

SHA512
b56056a586055957d7f4506328095e5e567dff8df6fe2142f365cebe14562fbf70c19642a3627e8d96e848142efe2990e85be8eb7eb2f7e0ad89b3176311650f

Download Submit
C:\Users\Admin\AppData\Local\Temp\UltimMC\ultimmc.cfg.oop468

Filesize
1KB

MD5
11af57a08fa469ca8d168642a874721e

SHA1
88a62ef6dc36ef53931748a4c8738f1ab97e0a04

SHA256
71df1ff9ccf8d0d26ebe9d8c90498c8d8d8a4ed97d9142d7579df8bd11cc307d

SHA512
eefecd0b8dd84b0fad873ff5afa0e6bf80e649731a4d142b8750e3140f4250b226c21c4bcc4b75ad58c94925a3a9fbe37153d586312bd1c14f5ef687204767eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\UltimMC\ultimmc.cfg.vOA468

Filesize
1KB

MD5
222d16d2b1f36ea81f88cc71a992ddd5

SHA1
2d6c54615a0836a47ff192c0bf6dab4a84a7a5a6

SHA256
515a40dad81cd87b516fd33961d3e348e07057b69d1700f44886d8cde64aeb5e

SHA512
4eef97c6cc8894e8a8b2193d42a6c2f7b7c4fe9cd36b53b647744b602f472c485742d3f4fa158cf16ce5024b368fd05cddf05fd35fd05fa6e6e0cdb9c80efab9

Download Submit
memory/468-90-0x0000000066C00000-0x0000000066C3E000-memory.dmp

Filesize
248KB

Download
memory/468-94-0x0000000004E60000-0x0000000005072000-memory.dmp

Filesize
2.1MB

Download
memory/468-59-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

Filesize
252KB

Download
memory/468-71-0x0000000004E60000-0x0000000005072000-memory.dmp

Filesize
2.1MB

Download
memory/468-76-0x0000000000400000-0x0000000000A23000-memory.dmp

Filesize
6.1MB

Download
memory/468-77-0x0000000070940000-0x000000007095C000-memory.dmp

Filesize
112KB

Download
memory/468-78-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/468-79-0x000000006E940000-0x000000006E964000-memory.dmp

Filesize
144KB

Download
memory/468-81-0x000000006FC40000-0x000000006FD41000-memory.dmp

Filesize
1.0MB

Download
memory/468-80-0x0000000064940000-0x0000000064954000-memory.dmp

Filesize
80KB

Download
memory/468-82-0x0000000061940000-0x0000000061EB5000-memory.dmp

Filesize
5.5MB

Download
memory/468-83-0x0000000000020000-0x000000000002C000-memory.dmp

Filesize
48KB

Download
memory/468-84-0x0000000061740000-0x0000000061771000-memory.dmp

Filesize
196KB

Download
memory/468-85-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

Filesize
252KB

Download
memory/468-86-0x0000000000330000-0x0000000000348000-memory.dmp

Filesize
96KB

Download
memory/468-87-0x0000000063400000-0x0000000063415000-memory.dmp

Filesize
84KB

Download
memory/468-88-0x0000000069700000-0x0000000069894000-memory.dmp

Filesize
1.6MB

Download
memory/468-89-0x0000000000F10000-0x0000000001554000-memory.dmp

Filesize
6.3MB

Download
memory/468-54-0x0000000000330000-0x0000000000348000-memory.dmp

Filesize
96KB

Download
memory/468-91-0x000000006A880000-0x000000006A9F6000-memory.dmp

Filesize
1.5MB

Download
memory/468-60-0x0000000000F10000-0x0000000001554000-memory.dmp

Filesize
6.3MB

Download
memory/468-93-0x000000006E600000-0x000000006E674000-memory.dmp

Filesize
464KB

Download
memory/468-62-0x0000000000400000-0x0000000000A23000-memory.dmp

Filesize
6.1MB

Download
memory/468-116-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/468-55-0x0000000000F10000-0x0000000001554000-memory.dmp

Filesize
6.3MB

Download
memory/468-122-0x000000006E940000-0x000000006E964000-memory.dmp

Filesize
144KB

Download
memory/468-133-0x0000000061940000-0x0000000061EB5000-memory.dmp

Filesize
5.5MB

Download
memory/468-140-0x0000000000F10000-0x0000000001554000-memory.dmp

Filesize
6.3MB

Download
memory/468-145-0x0000000061F00000-0x0000000061F11000-memory.dmp

Filesize
68KB

Download
memory/468-146-0x000000006C600000-0x000000006C615000-memory.dmp

Filesize
84KB

Download
memory/468-147-0x000000006E840000-0x000000006E852000-memory.dmp

Filesize
72KB

Download
memory/468-148-0x00000000626C0000-0x0000000062706000-memory.dmp

Filesize
280KB

Download
memory/468-149-0x0000000000BD0000-0x0000000000BE0000-memory.dmp

Filesize
64KB

Download
memory/468-150-0x0000000067740000-0x000000006779F000-memory.dmp

Filesize
380KB

Download
memory/468-151-0x0000000066AC0000-0x0000000066AD0000-memory.dmp

Filesize
64KB

Download
memory/468-154-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/468-158-0x0000000061940000-0x0000000061EB5000-memory.dmp

Filesize
5.5MB

Download
memory/468-240-0x00000000039A0000-0x00000000039B0000-memory.dmp

Filesize
64KB

Download
memory/468-308-0x00000000039A0000-0x00000000039B0000-memory.dmp

Filesize
64KB

Download
memory/468-58-0x0000000061740000-0x0000000061771000-memory.dmp

Filesize
196KB

Download
memory/468-57-0x0000000070940000-0x000000007095C000-memory.dmp

Filesize
112KB

Download
memory/2432-118-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download