File name:

mmc-cracked-win32.zip

Full analysis: https://app.any.run/tasks/b8dc2c84-b6ec-403c-a47a-eb204ff0284c
Verdict: Malicious activity
Analysis date: May 12, 2024, 10:01:44
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

4D69FCB6FF2CBAB6CFD2F93AEC09ADF8

SHA1:

4146B34C7CD529092A0A8517F1CF1E440680EEE9

SHA256:

23488A63F94A15EF5F92D4089754607E7F9AA9AA7E29E3F65A6E152B8C94D59A

SSDEEP:

98304:gLaQlaaQF5FjrDbFUeCjpdXRnBO8hIYi3tRz+DREIJ3p4crRtuj8iazdyVV1YW9L:O/7DMZYbamk9xicHJcWx

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3980)
      • UltimMC.exe (PID: 312)

  • SUSPICIOUS

    • Creates file in the systems drive root

      • WinRAR.exe (PID: 3980)

    • The process creates files with name similar to system file names

      • WinRAR.exe (PID: 3980)

    • Reads settings of System Certificates

      • UltimMC.exe (PID: 312)

    • Checks for Java to be installed

      • UltimMC.exe (PID: 312)
      • javaw.exe (PID: 692)
      • javaw.exe (PID: 1812)

  • INFO

    • Manual execution by a user

      • UltimMC.exe (PID: 312)
      • wmpnscfg.exe (PID: 2464)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3980)

    • Reads the computer name

      • UltimMC.exe (PID: 312)
      • wmpnscfg.exe (PID: 2464)

    • Reads the machine GUID from the registry

      • UltimMC.exe (PID: 312)

    • Checks supported languages

      • UltimMC.exe (PID: 312)
      • javaw.exe (PID: 616)
      • javaw.exe (PID: 692)
      • javaw.exe (PID: 1812)
      • wmpnscfg.exe (PID: 2464)
      • javaw.exe (PID: 1940)

    • Create files in a temporary directory

      • UltimMC.exe (PID: 312)
      • javaw.exe (PID: 616)
      • javaw.exe (PID: 1812)
      • javaw.exe (PID: 692)
      • javaw.exe (PID: 1940)

    • Creates files in the program directory

      • javaw.exe (PID: 692)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0008
ZipCompression: Deflated
ZipModifyDate: 2024:04:01 00:53:56
ZipCRC: 0xe2707840
ZipCompressedSize: 18501
ZipUncompressedSize: 45056
ZipFileName: UltimMC/iconengines/qsvgicon.dll
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
45
Monitored processes
8
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe ultimmc.exe javaw.exe no specs javaw.exe no specs icacls.exe no specs javaw.exe no specs javaw.exe no specs wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
312"C:\Users\admin\Desktop\mmc-cracked-win32\UltimMC\UltimMC.exe" C:\Users\admin\Desktop\mmc-cracked-win32\UltimMC\UltimMC.exe
explorer.exe
User:
admin
Company:
UltimMC Contributors
Integrity Level:
MEDIUM
Description:
A Minecraft Launcher
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\mmc-cracked-win32\ultimmc\ultimmc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\desktop\mmc-cracked-win32\ultimmc\liblauncher_iconfix.dll
c:\users\admin\desktop\mmc-cracked-win32\ultimmc\qt5core.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
616"C:\Program Files\Java\jre1.8.0_271\bin\javaw.exe" -jar C:/Users/admin/Desktop/mmc-cracked-win32/UltimMC/jars/JavaCheck.jarC:\Program Files\Java\jre1.8.0_271\bin\javaw.exeUltimMC.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
0
Version:
8.0.2710.9
Modules
Images
c:\program files\java\jre1.8.0_271\bin\javaw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
692javaw -jar C:/Users/admin/Desktop/mmc-cracked-win32/UltimMC/jars/JavaCheck.jarC:\Program Files\Common Files\Oracle\Java\javapath_target_52116515\javaw.exeUltimMC.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
0
Version:
8.0.2710.9
Modules
Images
c:\program files\common files\oracle\java\javapath_target_52116515\javaw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1812javaw -Xms512m -Xmx1024m -jar C:/Users/admin/Desktop/mmc-cracked-win32/UltimMC/jars/JavaCheck.jarC:\Program Files\Common Files\Oracle\Java\javapath_target_52116515\javaw.exeUltimMC.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
0
Version:
8.0.2710.9
Modules
Images
c:\program files\common files\oracle\java\javapath_target_52116515\javaw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1940"C:\Program Files\Common Files\Oracle\Java\javapath\javaw.exe" -jar C:/Users/admin/Desktop/mmc-cracked-win32/UltimMC/jars/JavaCheck.jarC:\Program Files\Common Files\Oracle\Java\javapath_target_52116515\javaw.exeUltimMC.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
0
Version:
8.0.2710.9
Modules
Images
c:\program files\common files\oracle\java\javapath_target_52116515\javaw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2068C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)MC:\Windows\System32\icacls.exejavaw.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\icacls.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
2464"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3980"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\AppData\Local\Temp\mmc-cracked-win32.zipC:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
6 244
Read events
6 215
Write events
29
Delete events
0

Modification events

(PID) Process:(3980) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3980) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3980) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3980) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3980) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3980) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(3980) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\mmc-cracked-win32.zip
(PID) Process:(3980) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3980) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3980) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
44
Suspicious files
67
Text files
77
Unknown types
0

Dropped files

PID
Process
Filename
Type
3980WinRAR.exeC:\Users\admin\Desktop\mmc-cracked-win32\UltimMC\imageformats\qico.dllexecutable
MD5:2C32188D9388B06EC91170E4461913AB
SHA256:63F7F73D9BD956CA55B80CE29D24C0A1DA1A126885D45473E5779CA78A709DCB
3980WinRAR.exeC:\Users\admin\Desktop\mmc-cracked-win32\UltimMC\imageformats\qgif.dllexecutable
MD5:67598FC68A992F106BFAD56B22CAC886
SHA256:000BBACC0FA451C61413E50B3EF63D3461DA422B3425404D8952A52182121B6D
3980WinRAR.exeC:\Users\admin\Desktop\mmc-cracked-win32\UltimMC\imageformats\qsvg.dllexecutable
MD5:7EB5B428DE2FD5CE7F361BBF3D6AADA4
SHA256:C818B37D77C84E3A9963A761BAE3EEFC73CCCD3485EE6CB1C085C670041E9C59
3980WinRAR.exeC:\Users\admin\Desktop\mmc-cracked-win32\UltimMC\imageformats\qicns.dllexecutable
MD5:3B48F732F811EA6EA4FCC18808A7DF1E
SHA256:5DA98AC16C329354B1B709B20FCF797F3FBDB8D3E834054568D2FF68E897851D
3980WinRAR.exeC:\Users\admin\Desktop\mmc-cracked-win32\UltimMC\libeay32.dllexecutable
MD5:CBF108307ADF8BD4BAB6B128D07B9DFD
SHA256:2F20C026052E5FA19CEF41FFE0EFCF24D8A0B72B111836B752C5A5233A3BBA24
3980WinRAR.exeC:\Users\admin\Desktop\mmc-cracked-win32\UltimMC\imageformats\qwbmp.dllexecutable
MD5:8E1EB9386572D0C7E62E0230A67FF987
SHA256:E7BDD9C34A62B3B46D8E7D224BE3F5F7607A27634A8A6FD4F85549869F2D1145
3980WinRAR.exeC:\Users\admin\Desktop\mmc-cracked-win32\UltimMC\jars\NewLaunch.jarjava
MD5:B299FDF27FF160EB7D3D7D941622D1D8
SHA256:8B6AEAFAD756DFF396A1A27691856A36D95F74144CE5B5C40AA24A1ADFF0E8A0
3980WinRAR.exeC:\Users\admin\Desktop\mmc-cracked-win32\UltimMC\libgcc_s_dw2-1.dllexecutable
MD5:FADDE43C97607E4445A6F924D851F04E
SHA256:F0614835136413217ED3BAEC9BA22AAAC4C37956AFCB0209F1F89B7676AE86BC
3980WinRAR.exeC:\Users\admin\Desktop\mmc-cracked-win32\UltimMC\imageformats\qjpeg.dllexecutable
MD5:C228C1486E203D48D9C7D84D0B631E15
SHA256:A55CB801A07932D263C980B14ABDB464ACD8150B9258260EFDF535634BFE9811
3980WinRAR.exeC:\Users\admin\Desktop\mmc-cracked-win32\UltimMC\iconengines\qsvgicon.dllexecutable
MD5:CBB708ACDBCFD89E1DE38E2C4AA9192A
SHA256:8CB93B212C02FD6D222E985E629DF698227323C43B7F0B71BE3649AA8CB3CC2F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
15
DNS requests
10
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
312
UltimMC.exe
104.21.5.18:443
files.multimc.org
CLOUDFLARENET
unknown
312
UltimMC.exe
13.107.213.45:443
session.minecraft.net
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown

DNS requests

Domain
IP
Reputation
files.multimc.org
  • 104.21.5.18
  • 172.67.132.190
unknown
multimc.org
  • 104.21.5.18
  • 172.67.132.190
whitelisted
meta.multimc.org
  • 104.21.5.18
  • 172.67.132.190
whitelisted
authserver.mojang.com
unknown
session.minecraft.net
  • 13.107.213.45
  • 13.107.246.45
unknown
textures.minecraft.net
  • 13.107.246.45
  • 13.107.213.45
whitelisted
api.mojang.com
  • 13.107.213.45
  • 13.107.246.45
whitelisted
libraries.minecraft.net
  • 13.107.213.45
  • 13.107.246.45
shared
piston-data.mojang.com
  • 13.107.213.45
  • 13.107.246.45
unknown
piston-meta.mojang.com
  • 13.107.213.45
  • 13.107.246.45
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
mmc-cracked-win32.zip