Overview

overview

8

Static

static

3

mmc-develop-win32.zip

windows10-1703-x64

1

MultiMC/MultiMC.exe

windows10-1703-x64

8

MultiMC/Qt5Core.dll

windows10-1703-x64

3

MultiMC/Qt5Gui.dll

windows10-1703-x64

3

MultiMC/Qt...rk.dll

windows10-1703-x64

3

MultiMC/Qt5Svg.dll

windows10-1703-x64

3

MultiMC/Qt...ts.dll

windows10-1703-x64

3

MultiMC/Qt5Xml.dll

windows10-1703-x64

3

MultiMC/ic...on.dll

windows10-1703-x64

1

MultiMC/im...if.dll

windows10-1703-x64

1

MultiMC/im...ns.dll

windows10-1703-x64

1

MultiMC/im...co.dll

windows10-1703-x64

1

MultiMC/im...eg.dll

windows10-1703-x64

1

MultiMC/im...vg.dll

windows10-1703-x64

1

MultiMC/im...mp.dll

windows10-1703-x64

1

MultiMC/ja...ck.jar

windows10-1703-x64

7

MultiMC/ja...ch.jar

windows10-1703-x64

7

MultiMC/li...ix.dll

windows10-1703-x64

3

MultiMC/li...++.dll

windows10-1703-x64

3

MultiMC/li....dll.a

windows10-1703-x64

3

MultiMC/li...ip.dll

windows10-1703-x64

3

MultiMC/li...ow.dll

windows10-1703-x64

3

MultiMC/libeay32.dll

windows10-1703-x64

1

MultiMC/li...-1.dll

windows10-1703-x64

3

MultiMC/libssp-0.dll

windows10-1703-x64

3

MultiMC/li...-6.dll

windows10-1703-x64

3

MultiMC/li...-1.dll

windows10-1703-x64

1

MultiMC/pl...ws.dll

windows10-1703-x64

1

MultiMC/qt.conf

windows10-1703-x64

3

MultiMC/ssleay32.dll

windows10-1703-x64

1

MultiMC/zlib1.dll

windows10-1703-x64

3

Analysis

  • max time kernel
    314s
  • max time network
    1620s
  • platform
    windows10-1703_x64
  • resource
    win10-20231020-es
  • resource tags

    arch:x64arch:x86image:win10-20231020-eslocale:es-esos:windows10-1703-x64systemwindows
  • submitted
    06/11/2023, 21:34

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    MultiMC/jars/JavaCheck.jar

  • Size

    1KB

  • MD5

    b1ea021a522920256af04f2770691d21

  • SHA1

    a873013577fdf73440081299fe6fbbfa95b5c6f1

  • SHA256

    03382aa4eb7a8e0989d445e7749dcd90fa9703620a24d384d8de2ddb789f9fe9

  • SHA512

    c2fb361b0958b0cc815d0a8abe0318e3cf22d7cfacf6b5a100a20b93387816e9f28ff4360e0dad54b6dd8490d51541597980daafe356831579c1dab36db823b2

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\MultiMC\jars\JavaCheck.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3908
    • C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      2⤵
      • Modifies file permissions
      PID:5100

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
          Filesize

          46B

          MD5

          9e8a7b6844d2ca6ee018c7b864628d93

          SHA1

          d9187872b4c1eb586cd75afbac0d9ec59146197b

          SHA256

          c8c79f55c7d5a6787afdc2821a25cc3179a4929e638e38ca8260497f7608776a

          SHA512

          847319809a6f957d26e27ee7917ec84d13399c93581b9fb6a1118b8735136b659765b8768ca855e02649d667bfe50e494d0e39143f05336d616a2baf30a772b9

          Download Submit

        • memory/3908-4-0x000002381FAF0000-0x0000023820AF0000-memory.dmp

          Filesize

          16.0MB

          Download

        • memory/3908-12-0x000002381FAD0000-0x000002381FAD1000-memory.dmp

          Filesize

          4KB

          Download