c577507a9388b5b4520a8f14474062293e4cd26dfc9421c5acc49c992011ffa6

Analysis

max time kernel
153s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01-04-2023 01:27

Target

fabric-installer-0.11.1.exe
Size

398KB
MD5

da45bcd5144ef6bd312f455812b073eb
SHA1

45b821b6605bf70403ff8c0f7881db2e05ee94a3
SHA256

c577507a9388b5b4520a8f14474062293e4cd26dfc9421c5acc49c992011ffa6
SHA512

61ebf916e2788e1d5aa81a1dcb2a39a5e857e7de3c41b6c94803dcafdf316f192e94d5cf75d6c7a50b7b2967f5d3a4e5fd3f34e8eeab2fd575c3911b106dda89
SSDEEP

6144:XbOTF9+lw27APRw3zeFAO8X+KAWCJx6lTlNyVeV+cqtvwx7C4syabpAU:L+z+u9ZF6uKAWSYlJNyVs+tSQfp

Score

1^/10

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3620	javaw.exe
3620	javaw.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3760 wrote to memory of 4460	3760	fabric-installer-0.11.1.exe	82
PID 3760 wrote to memory of 4460	3760	fabric-installer-0.11.1.exe	82
PID 3760 wrote to memory of 3620	3760	fabric-installer-0.11.1.exe	83
PID 3760 wrote to memory of 3620	3760	fabric-installer-0.11.1.exe	83

C:\Users\Admin\AppData\Local\Temp\fabric-installer-0.11.1.exe
"C:\Users\Admin\AppData\Local\Temp\fabric-installer-0.11.1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3760
- C:\ProgramData\Oracle\Java\javapath\javaw.exe
  "javaw.exe" "-version"
  2⤵
  PID:4460
- C:\ProgramData\Oracle\Java\javapath\javaw.exe
  "javaw.exe" "-jar" "C:\Users\Admin\AppData\Local\Temp\fabric-installer-0.11.1.exe" "-fabricInstallerBootstrap" "true"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3620

C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

Filesize
50B

MD5
181b05c55b2776b86c35d973b75ed2ec

SHA1
578f14e616a44b8d8dc998070ee3c18e9a28f98b

SHA256
0e3ab9c814958c9cb82d25cf4fc31c040d83a28904453e2cfabcec09d567a331

SHA512
bd295d9051b473f2a10c1a25e6e7e16789b7c51f0c9401a795623e8424f39ecfaa4706557211ef7e3366413b7b747eff3bb65d2bbe8d6f4af936dacc0be6a755

Download Submit
memory/3620-168-0x0000000001170000-0x0000000001171000-memory.dmp

Filesize
4KB

Download
memory/3620-156-0x0000000001170000-0x0000000001171000-memory.dmp

Filesize
4KB

Download
memory/3620-161-0x0000000001170000-0x0000000001171000-memory.dmp

Filesize
4KB

Download
memory/3620-162-0x0000000001170000-0x0000000001171000-memory.dmp

Filesize
4KB

Download
memory/3620-167-0x0000000001170000-0x0000000001171000-memory.dmp

Filesize
4KB

Download
memory/3620-198-0x0000000001170000-0x0000000001171000-memory.dmp

Filesize
4KB

Download
memory/3620-200-0x0000000001170000-0x0000000001171000-memory.dmp

Filesize
4KB

Download
memory/3620-209-0x0000000001170000-0x0000000001171000-memory.dmp

Filesize
4KB

Download
memory/3620-211-0x0000000001170000-0x0000000001171000-memory.dmp

Filesize
4KB

Download
memory/3620-217-0x0000000001170000-0x0000000001171000-memory.dmp

Filesize
4KB

Download
memory/3620-224-0x0000000001170000-0x0000000001171000-memory.dmp

Filesize
4KB

Download
memory/4460-144-0x0000000002E90000-0x0000000002E91000-memory.dmp

Filesize
4KB

Download