Overview

overview

3

Static

static

1

fabric-ins....1.exe

windows7-x64

3

fabric-ins....1.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    127s
  • max time network
    162s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    01-04-2023 01:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fabric-installer-0.11.1.exe

  • Size

    398KB

  • MD5

    da45bcd5144ef6bd312f455812b073eb

  • SHA1

    45b821b6605bf70403ff8c0f7881db2e05ee94a3

  • SHA256

    c577507a9388b5b4520a8f14474062293e4cd26dfc9421c5acc49c992011ffa6

  • SHA512

    61ebf916e2788e1d5aa81a1dcb2a39a5e857e7de3c41b6c94803dcafdf316f192e94d5cf75d6c7a50b7b2967f5d3a4e5fd3f34e8eeab2fd575c3911b106dda89

  • SSDEEP

    6144:XbOTF9+lw27APRw3zeFAO8X+KAWCJx6lTlNyVeV+cqtvwx7C4syabpAU:L+z+u9ZF6uKAWSYlJNyVs+tSQfp

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fabric-installer-0.11.1.exe
    "C:\Users\Admin\AppData\Local\Temp\fabric-installer-0.11.1.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:920
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://fabricmc.net/wiki/player:tutorials:java:windows
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:292
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:292 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:340

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    40f126d9b5b3c5a57f27812abd91945a

    SHA1

    bfe4e457b2a4a13169f1a4fce916afb381e46d0d

    SHA256

    8e9e9d14b3be81509c6f818a6119f2f5141489d46f20b51685e754636883ba83

    SHA512

    4729c899f6bf5670ad958b83daea045194b938135ac878a831a22df72de6416226995a5998464533e8dcb8ea71b6ae7f363f634adb3b2cb7c2aa7f138d2fffe9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    468e48560b70f1c668af29ede065cb2a

    SHA1

    99d226ff65d495488c2a565e0d8049cf384e4746

    SHA256

    c3eb01b698920a2413f47c126ae13a2611105636f1108b034383497c3524388c

    SHA512

    04b3b97074870c2f842e1d4eb82a471b12d4e2401ec144ab13c990c84d6272bd48ee36104db91f176f3c6daa70059bb6bb33b6f8e14e759760889b5c07f1228d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    c39bc5dc6ace428f387b1c51d5fca4de

    SHA1

    76ac4ea6f38364ae896b5fbca50ed981a1f433e9

    SHA256

    7dcd9a65f5c9b2f60ea658606320bbd1459f3f5a6826f5373f0edc98cd7b066c

    SHA512

    ea50c7fbcb780d71d6cd5a4d84335430932b7026ab657006e4db75b61cd2615f7f018f07c4bf395a017e8c0114cc7a9c39ca3c97d6d35eb4c03a86088f020d57

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    021f2f8db3e38449e2717a1e4a42f4fe

    SHA1

    854034894ba502c577d39ac2ec19670f9b8bcc06

    SHA256

    7d6168387b092c0adc91de32c19901f485ff5d61ed82c9166a9ae0dcad8556aa

    SHA512

    22faabb336bf59da5ba8704f35524976085365525377ebf0e72af254f82d37adc77f8039a9b0f4acc3872b1e3b2ed12ca8f35cf5a213d233eee000007bc8b364

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    b708257db172f4187766b070ba4efcde

    SHA1

    5e6cdcc5c4e7602fac58d0c98c8559159c0360dc

    SHA256

    f87d53c61db84cab93c8fd545f31fbc9d8cbd8e1076d9ceaac68564f5778a07f

    SHA512

    121ae656950f8e9cc0186397a491b16727ae25454546ecd5004e832da7d69262a8ff952dc27c168b87e6bf1f616573c12836c90f8e395eed14f8a78770dbf2d2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    d51978155db52c599ce17b3b83dee165

    SHA1

    e171828f01071d63cf35e7419c0f4e6be574c602

    SHA256

    583ded7fb54cc09d7bb7be6254b41bef3571c87638258da69be691f1f6dd21bd

    SHA512

    91aadeaea465bc3c2e16ca56da93b4709403470810c1c57f2b451ccb5417a23c62e0aecda6bc6bf5ac899cc832d02e7bf17da1181fa0b4eaa016f7dafac50e67

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    19f19020224fb59262c67fd5ca0fbd62

    SHA1

    ef0cd7a740eba887b553bfc7a3aec2b2215be055

    SHA256

    154d63e60a3662223d3c849298effd297d4f5241d3471e63b87ddd167a5a76b1

    SHA512

    ae8a39f7c089f84ff14b9910372b77db70fe21135a0166212c853137878d158f96bdd0d216ae54f3effc6cb87f16ff58879e8b80bd24abf3b5d74c4621029291

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    60d449cd69e3a264a9922463fc62c6bf

    SHA1

    8ba581505ee7e9d4fcbcb1960ead3898711ca5eb

    SHA256

    bd6bb10e2d13a14987d85cb5e63719497fb091b6799f60332944d32c2f084886

    SHA512

    28d3cbe5f197522f8728430a632e5bac738c46c6100e923c4ae191c7230198d0677ec4f0f1d1325d1dcfdcab9eb5aeb50052e8955260f69f5a773a8f70769636

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    ec53b262463ccd1855d82978fe7bab99

    SHA1

    019c1ea84483906de44555050c397fe9a59a944b

    SHA256

    1c1a6101a19e04ef4d59b51a118bdca0aabb1c3de2be92d7cd780533e3c47a24

    SHA512

    70d2bda6b498830897e331b78e8b4dd3ab0b11ea8afb3a697e42c175da4b9f1cac6211ea39c14a230b75058e464d2747dadc7cb25c9310c13301474dc97acba7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    c829fdb8d8bdf81ae788c61a3e36abf3

    SHA1

    9c0dbba434604391f32b2f1683cc7dd34dbb429f

    SHA256

    f443d31a7a542ff9524e9d68a73bbc73ca74b22f879aa6379c40f86b631ac365

    SHA512

    5a912c7a9171210fe78f1124611783ed52f18825480a4de4e3c30f0c0451bc542c2cd4776e0e8be4c632c56520569afb81b3a160c0ad4f088b45f27a9a5cfa66

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    8ebde587ea6add95d56bc441f4e62919

    SHA1

    36315310de7b149f4834f58be496e94068dd525b

    SHA256

    e5734a066efbb2dc6b56f316d05b25cc3d8150c98383213d2194f16443031ca6

    SHA512

    490f939e4db7b0362faa89787aba7cdff7b0572ba995d5a6a46b373f8c38680bf0fbb864ab21fc1fe75a2564b9560c04b98847934ee86991d13a703b0756e607

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    f41767a357c0fe3bd12eefa2e1eb228c

    SHA1

    9b88edf6b91aa358fc0e288c35bd9e0f09fe08cf

    SHA256

    829f7cec4cc83a327c79acb105ec3955542a127ec8c77146b7925a508650dfcf

    SHA512

    9ee2b51e02a48a0fd5faf96afeb1c542d5d0ec3f1bd2df8a5eb5104d62e5e40db76fb165933a5e8a0e631162b90f39f544a330576f35ef7a03162452414bade4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    588ae89f3ae147f515241e0a2174fb21

    SHA1

    288fc50855522449a0dc4ec1cb95a20dd825d987

    SHA256

    d8e01b83957b2d641d3c843e178db42bcbd6319484c848c1b99f5da238b71148

    SHA512

    dd870d032a9236514e6618b14e963ff64079b524b52d0e9958e191d5187bcf6128e389f4903b5f99d4519b12ed1354d86df06794604ca6f954db353fcfd377ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    ef473f17d42d2c36af943513720759a9

    SHA1

    c52a9711914ab9da4d2fbb668183132cbaffdcaa

    SHA256

    b4f0d53f50b7ba4c5ba0b39dac72dc17a2e1e64ff35e0e9d10f75fa7e14dcc98

    SHA512

    938a4b003caea299e7587d1d7f029799b34db0572a220c6fa7404cd4469d453d5c349efc0fada7de656c038b9fabfab9e15285703d5b95fb41bf32a415c63dbd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    cd6a32ab4aad2b240644745e70acd30f

    SHA1

    dd0039b1d84b4532a0d205afd9f826c2f47c6ede

    SHA256

    35eef784e67af3e580ca2d06b686c59baae0c13df456d72109e7993e11a7b014

    SHA512

    5ccbd629e78e96e52d2545c656cf56620d43c9a10afbb61a0094241ce8c6a021d5bc353121ca4d007c21be6699688300677c921a1bcd914aa32d75a9d999c248

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    92c28f32fc7b6ba781c4e10acd916b8a

    SHA1

    43d0d9f14b025a3a37bda222082f775214355653

    SHA256

    d80d95f4746e858f15760d00c47e6af21cd4367a8e00c2dc2974ffe96626715a

    SHA512

    f505a5759e910716fb37c7effe79c077248fd532c8fc8ea67d4d448a0293b803342d3341aad7e0964d04b511e15eed97f348af1b2271b64e46ef026b12d42892

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\idyde9r\imagestore.dat
    Filesize

    102KB

    MD5

    283566eecbc008c26ae59512743d3541

    SHA1

    7489d63ad5192129af543fd430f56dd79505db80

    SHA256

    be0fcb0d3d0f9f5c9a6c50426c53794e211ab42b124d8830673079373bff309d

    SHA512

    10c01b04b450f39275582ee1058535bedda5b432b3333d425fa87027710925449b9ba5af0735c2a346e989199545aaa7528f88d23a8d2393e6b6b339144f153a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\idyde9r\imagestore.dat
    Filesize

    103KB

    MD5

    43a2c3cc2354af9286692ca85ab886eb

    SHA1

    a184d5e639861ce0f50b859360e89bca4e8eff21

    SHA256

    4076a5b1e8e6588fc34244ec57b27e5cb57f77773749bb912b46ad5aa74a428b

    SHA512

    7ae4d37905f3210607355017ea1ae48c160fb4905f2fae10664976a90fe6b442ba56aa3b416ba1b2f578e6ad87fef09b87af86757ccafa25e86cca25e2b79109

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACT9UUKV\favicon[1].ico
    Filesize

    98KB

    MD5

    94bed0e172b2d893f1a2e046ed9a9baf

    SHA1

    050d1b4d6752dd973ddb31beca55815e300180b7

    SHA256

    ad44b5a49faee0d955620c627d1710e662893688522e7051dfdae10b42984a27

    SHA512

    515e21806859deee755e617bf1ddb28b363b34e65b4cb6853764e6f53014d405184b6fdf333ae33722d8e7a69b8c93f401c5cacce0e217013237ffa475994fd7

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACT9UUKV\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5E87.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6246.tmp
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\0YE9RTQR.txt
    Filesize

    599B

    MD5

    908be45e90005eba9acfa6aeffd79406

    SHA1

    279fd1e5ca66d7b146aef354cf65b51fc1a98d0d

    SHA256

    fd708e0ba73370fab4f220d7a70e3751b046013a613429ce17859bad32bdbad4

    SHA512

    771c96d6dfc912cf9e477922441d559429ddc4d426ee07de58b662303592d1e3fde814a052d8085b6321ca08dd547e3af1705e71a7c9c6ab79c749f9ada31a1d

    Download Submit