Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

fabric-ins....2.exe

windows7-x64

1

fabric-ins....2.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    133s
  • max time network
    108s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/03/2023, 05:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fabric-installer-0.10.2.exe

  • Size

    455KB

  • MD5

    542f292400579a171ac5bc10385d178c

  • SHA1

    1154d2f36ecfbd0a57c4b08c61b7c27d00402e94

  • SHA256

    da1f033a16381a3888c30846f6a91e2e663ca165add5c09e8f3cbd0d189a3284

  • SHA512

    d3ba3c674ac99f4f3e62db74cc189e78dd2291938d20d7733fcf6a61351f38e33b2e6f5d4c0a9115800ec24e155edd667d70d05a6a3c80720fc354817f123fbc

  • SSDEEP

    6144:OijIf0fdXQr3fXV8Dd73lOkoJ3tj0XpSYLLkOqSwVEPKIXnuerqh4syabpAyRo:OatADfXV2x/SfOhPKu0fu

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fabric-installer-0.10.2.exe
    "C:\Users\Admin\AppData\Local\Temp\fabric-installer-0.10.2.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:432
    • C:\ProgramData\Oracle\Java\javapath\javaw.exe
      "javaw" -version
      2⤵
        PID:940
      • C:\ProgramData\Oracle\Java\javapath\javaw.exe
        "javaw" -jar C:\Users\Admin\AppData\Local\Temp\fabric-installer-0.10.2.exe
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:2328

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp
      Filesize

      50B

      MD5

      2825efd43fd6570a580641b4cf3ed357

      SHA1

      9d1765084508a92bd76a44c0115bc8452183c9aa

      SHA256

      ab59adcebf42a99e91dc85d4676343a5b7fc5d0dc5076930d542e64c60cf4aec

      SHA512

      92055e2d62516c022187abaab4c7ad5c910788767b27898f8041ae02b91632642a130b2c0994ebfec9b5f1aeab47c8d0975098fb274159d0fccf3250bec560be

      Download Submit

    • memory/940-144-0x0000000002B50000-0x0000000002B51000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2328-156-0x0000000001280000-0x0000000001281000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2328-161-0x0000000001280000-0x0000000001281000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2328-187-0x0000000001280000-0x0000000001281000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2328-195-0x0000000001280000-0x0000000001281000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2328-196-0x0000000001280000-0x0000000001281000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2328-208-0x0000000001280000-0x0000000001281000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2328-225-0x0000000001280000-0x0000000001281000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2328-229-0x0000000001280000-0x0000000001281000-memory.dmp

      Filesize

      4KB

      Download