0c21133a8b332f0462ae88430a615fce1447cc49f8b18fee274baa64b6d0c8cd

Analysis

max time kernel
300s
max time network
305s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22/02/2024, 23:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

UltimMC/UltimMC.exe
Size

8.9MB
MD5

8b563b934a5121c406d590c858205cd1
SHA1

713089e35330a9afe46fd19744551994c56458dd
SHA256

bf64613efe878b1e6c60507e968ff46a46ca4fcab5e1275015de2114d1f882b5
SHA512

95f5dae04254f2235c9194ae1cb26d6d049c2b6773db7a30e937b7f2fd7d241b4ec7b200a1cb6b10c405ae0a11c180b14cff9011ae1d6e60cdaee3302ea40d86
SSDEEP

196608:RjNhiOU5FtwXi7F/7Xh2NE/yISdDWPDOyy8D2FBVkVBVioHYV3VV1aVq5gV5mVVC:sOgj7FYgOH7VkVBVioHYV3VV1aVq5gV5

Score

1^/10

Malware Config

Signatures

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
744	UltimMC.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
744	UltimMC.exe
744	UltimMC.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
744	UltimMC.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3896	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3896	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
744	UltimMC.exe
744	UltimMC.exe
744	UltimMC.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 744 wrote to memory of 3408	744	UltimMC.exe	95
PID 744 wrote to memory of 3408	744	UltimMC.exe	95
PID 744 wrote to memory of 3148	744	UltimMC.exe	96
PID 744 wrote to memory of 3148	744	UltimMC.exe	96
PID 744 wrote to memory of 3680	744	UltimMC.exe	97
PID 744 wrote to memory of 3680	744	UltimMC.exe	97

C:\Users\Admin\AppData\Local\Temp\UltimMC\UltimMC.exe
"C:\Users\Admin\AppData\Local\Temp\UltimMC\UltimMC.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:744
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Temp/UltimMC/jars/JavaCheck.jar
  2⤵
  PID:3408
- C:\Program Files\Java\jdk-1.8\bin\javaw.exe
  "C:\Program Files\Java\jdk-1.8\bin\javaw.exe" -jar C:/Users/Admin/AppData/Local/Temp/UltimMC/jars/JavaCheck.jar
  2⤵
  PID:3148
- C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
  javaw -jar C:/Users/Admin/AppData/Local/Temp/UltimMC/jars/JavaCheck.jar
  2⤵
  PID:3680

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x464 0x44c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\UltimMC\instances\1.20.4\instance.cfg

Filesize
666B

MD5
63396319cedaba055aa0d49ab1f37a5b

SHA1
3a448ce5e6547e4f0fc3a897cd18beb23d0d8b3b

SHA256
73746489e541e6e93527be1ca7aa8c1f3c0d9fda2000d0df87d38c089fbcb6e9

SHA512
4066a689ec4fcddf157c198b2bf1a078126a6f4e3d5338f82bbb01db79bab28058b337244258e38ad8afae8171a3b93ad04c70f56c4df4099f60e82bc37ceb45

Download Submit
C:\Users\Admin\AppData\Local\Temp\UltimMC\instances\1.20.4\instance.cfg.HSX744

Filesize
862B

MD5
d8ff92bc0f72db06548e1d4a90d29fc7

SHA1
9deebfc652e748d47b08db00efdd32bfbeac7270

SHA256
3f8631c098becb26d8a8e48e0fbef87c9eaf4c8bc5a2e27fd39b642de29033f3

SHA512
5d048c1b2754ace84d8868cc7a1d4823560f592a3d80cbf99579a9901f695f4b17099d785b78a55ca986c5e9cc82492fd34c325d288026b3a37581cea4c07475

Download Submit
C:\Users\Admin\AppData\Local\Temp\UltimMC\instances\1.20.4\instance.cfg.Mfy744

Filesize
743B

MD5
ef8432aaec5be1a54b52dca2ebf2ddf8

SHA1
f9b45dcfecbb70fa212ff6a64797505c4cb9fca2

SHA256
30176cc086a91c6f5e321a05aaa745963601b1b8e0aae08db6bdd5f6e31f38a2

SHA512
ffbc8d897ce1140ff8bd6fdeb54982a799cf40c6194709baade88a47bfa29de071ab4251afdde828a934c8d958031de384e3c01b4ab7bfda86a798e9013d54a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\UltimMC\instances\1.20.4\instance.cfg.TRE744

Filesize
1KB

MD5
6ed2cd338822f053c2dbd0c15300bc98

SHA1
08c7acc9a3794b3659e9db707617c77772b030f9

SHA256
3a8598e4f57495bf14380a6e97662763b13423423fcbcb51d5ad201424bfdcbc

SHA512
dc5683622e1061a2744acfc0f1e79bd296cf82587d9ae880c2dfd51ac6609c8b752b76c49931c0863a2bde6f23d8e121c9b2ad5f95bbff22448303e2a0513f9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\UltimMC\instances\1.20.4\instance.cfg.TuE744

Filesize
699B

MD5
aae48e7c8a1729937c47ac42d4693268

SHA1
4cf7f500f231115a4321f888604cb0fd3c06d0f7

SHA256
0caa0c4ba3c9db4b5337cf2c502870ad1c444054492eadf1a87dd21879c07d01

SHA512
a452eba2aa8728a21e00e9512595186113f9328d2646d71831884044831e6976f44dac7080fd850c92d182778732f08885a391409a4ba1e95d970e8da7bc50fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\UltimMC\instances\1.20.4\instance.cfg.UnL744

Filesize
765B

MD5
f2ad81fc27fbea5b037700c8d448b4e0

SHA1
a359014b77a95590c7f776645ee472deae1a0fbb

SHA256
cae9a40013fcd7609a2001d3f86e45c2eb29ccc340ac5f9498dde8eee34e2999

SHA512
8c57028f19d83afe6d0b25b2047807dd96da39ff896fe0898a2ece997df1e570f6a5db928e938342088e4f2a38c0242508caedaab5f4701192c919e442d94cb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\UltimMC\instances\1.20.4\instance.cfg.aYD744

Filesize
689B

MD5
33cb903ee6004f806f04403f4ccb3ffc

SHA1
67c24152b5670a2d88e1437cee261ea981f96b3c

SHA256
5ec890cc406b0923edc017d3c5e9598b8b3704cccbde1f6dcdad744a43f0b39e

SHA512
1a89153855e62220702cddc746b49b50a15afdbae4557be2b81c1320919c5d8f8d26f8e4cde21a590c35cd645037694d0eadd5d965b2f5db41011e3196e1b515

Download Submit
C:\Users\Admin\AppData\Local\Temp\UltimMC\instances\1.20.4\instance.cfg.jyB744

Filesize
1KB

MD5
4a5c1faa5da29f20064cf62809491b2b

SHA1
27d903359efe89a7cc3c5fad26b084dfc9c839db

SHA256
2b5175267c5532433e167fcc308db1928856b9e77402e37a13954910410f24e9

SHA512
7c4c4cdad5684b4c8871313fdde6cd62d5afd4ea770b8558730618e624e60ae926c26ba635682e4d88b7f5ff9310ca8df7cf52630a9781dd16d67ef573c25bf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\UltimMC\instances\1.20.4\instance.cfg.nwp744

Filesize
843B

MD5
2df3ea75c5320aec7408cb86d5141ee4

SHA1
e6cab391ec684fd39dca92bd41b893cfbdd8f14b

SHA256
5d0121455f002417fe6c2a1e42b366420b4f116881beb56363fd4068f8c22188

SHA512
397cb4837807ac368c31b74648f6b170323c4569d8de120c6c015268f965582b07113e633656dae8c2a026337fb8ef4022f83a86f51fe091f8e3e3b81efaae56

Download Submit
C:\Users\Admin\AppData\Local\Temp\UltimMC\instances\1.20.4\instance.cfg.rKe744

Filesize
734B

MD5
9a24ab1e4d064c27f00a05e10e125257

SHA1
49793951a512c11731ce832b839fa22f000dd5e9

SHA256
a349cc665d68f73ae82fb3879cdae67b662040ba9601018a8e3216519e4263d1

SHA512
08ba904f1fb44be71cfb3dccf74859b32abfcb30c11b3bec79b2843d7e6b9f48a5040b5d78a8833c79ead710bfc449f4ba7bfbcb1a19f83a95098d7e4d8dc2e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\UltimMC\ultimmc.cfg.TFp744

Filesize
1016B

MD5
97cad1599386312d09874bfa7d979379

SHA1
489abd41fb53550b5b59787f7f44077e72f8739b

SHA256
8f1aee09a9b82b7eb5785fd7efc3990ef7faccf27d9c3ffb97e3eef50e9a6a5c

SHA512
24259214bab8afc08fc8d429cddb820aea4562efb891d7c0d1b88e1c0e62b145f333187a2b88613ed7970637340fa00e0f4624854baa3e50dde359b7f7b2c905

Download Submit
C:\Users\Admin\AppData\Local\Temp\UltimMC\ultimmc.cfg.rHh744

Filesize
1KB

MD5
bc0dc7fd6f11ff6706f8d3d62dd7d396

SHA1
f0c867fbdf8fba163aed715e28ca548aed3b377e

SHA256
95333f322d2b88ceba1dbf3b2c25e1f2cc9fd7d1accadcd40598468a17464ca9

SHA512
6cb38a45fa39869b8ec8c6c8df4d16d2b0e63613fe150ac95b5ef8a961d6650b6e12ec3a7dc4c93c4fa40b96cb6619b182c15e0160c9683a3bc20d4547527368

Download Submit
C:\Users\Admin\AppData\Local\Temp\UltimMC\ultimmc.cfg.zVP744

Filesize
1KB

MD5
12092a29b23bda187cca31a70b25b680

SHA1
469b964d47a8617a4c8f84b1ade7e645517e02da

SHA256
e76ce727164eba825b0818428408e16a03fd6dfa538d3bd5f8963cd15e175c76

SHA512
613be4c1766d5788fae4d9e6ce281948918be271a6797b9f58412a07f1d1f4d6d2830c120fe71cae1b090bd8ff5482e4f0e65c1b8fa511d0b0343186d7dc4db2

Download Submit
memory/744-38-0x0000000001400000-0x0000000001975000-memory.dmp

Filesize
5.5MB

Download
memory/744-61-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/744-29-0x0000000063400000-0x0000000063415000-memory.dmp

Filesize
84KB

Download
memory/744-30-0x0000000061B80000-0x0000000061B98000-memory.dmp

Filesize
96KB

Download
memory/744-31-0x0000000069700000-0x0000000069894000-memory.dmp

Filesize
1.6MB

Download
memory/744-32-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/744-33-0x0000000066C00000-0x0000000066C3E000-memory.dmp

Filesize
248KB

Download
memory/744-34-0x0000000061DC0000-0x0000000062404000-memory.dmp

Filesize
6.3MB

Download
memory/744-35-0x000000006E940000-0x000000006E964000-memory.dmp

Filesize
144KB

Download
memory/744-36-0x000000006FC40000-0x000000006FD41000-memory.dmp

Filesize
1.0MB

Download
memory/744-37-0x0000000064940000-0x0000000064954000-memory.dmp

Filesize
80KB

Download
memory/744-0-0x0000000001400000-0x0000000001975000-memory.dmp

Filesize
5.5MB

Download
memory/744-39-0x0000000000D80000-0x0000000000D8C000-memory.dmp

Filesize
48KB

Download
memory/744-40-0x000000006A880000-0x000000006A9F6000-memory.dmp

Filesize
1.5MB

Download
memory/744-41-0x000000006E600000-0x000000006E674000-memory.dmp

Filesize
464KB

Download
memory/744-42-0x0000000005480000-0x0000000005692000-memory.dmp

Filesize
2.1MB

Download
memory/744-50-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/744-52-0x0000000061DC0000-0x0000000062404000-memory.dmp

Filesize
6.3MB

Download
memory/744-56-0x0000000001400000-0x0000000001975000-memory.dmp

Filesize
5.5MB

Download
memory/744-27-0x0000000061740000-0x0000000061771000-memory.dmp

Filesize
196KB

Download
memory/744-2-0x0000000001400000-0x0000000001975000-memory.dmp

Filesize
5.5MB

Download
memory/744-3-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/744-4-0x0000000070940000-0x000000007095C000-memory.dmp

Filesize
112KB

Download
memory/744-381-0x00000000012F0000-0x0000000001300000-memory.dmp

Filesize
64KB

Download
memory/744-477-0x00000000012F0000-0x0000000001300000-memory.dmp

Filesize
64KB

Download
memory/744-26-0x0000000070940000-0x000000007095C000-memory.dmp

Filesize
112KB

Download
memory/744-18-0x0000000005480000-0x0000000005692000-memory.dmp

Filesize
2.1MB

Download
memory/744-21-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

Filesize
252KB

Download
memory/744-19-0x0000000000400000-0x0000000000A27000-memory.dmp

Filesize
6.2MB

Download
memory/744-17-0x0000000061DC0000-0x0000000062404000-memory.dmp

Filesize
6.3MB

Download
memory/744-9-0x0000000000400000-0x0000000000A27000-memory.dmp

Filesize
6.2MB

Download
memory/744-10-0x0000000063400000-0x0000000063415000-memory.dmp

Filesize
84KB

Download
memory/744-7-0x0000000070940000-0x000000007095C000-memory.dmp

Filesize
112KB

Download
memory/744-8-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

Filesize
252KB

Download
memory/744-6-0x0000000061740000-0x0000000061771000-memory.dmp

Filesize
196KB

Download
memory/3148-277-0x0000018C3C420000-0x0000018C3C690000-memory.dmp

Filesize
2.4MB

Download
memory/3408-280-0x000001BE963A0000-0x000001BE96610000-memory.dmp

Filesize
2.4MB

Download
memory/3680-278-0x0000020F8F120000-0x0000020F8F390000-memory.dmp

Filesize
2.4MB

Download