Overview

overview

3

Static

static

3

fabric-ins....1.exe

windows7-x64

1

fabric-ins....1.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    156s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 00:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fabric-installer-0.11.1.exe

  • Size

    398KB

  • MD5

    da45bcd5144ef6bd312f455812b073eb

  • SHA1

    45b821b6605bf70403ff8c0f7881db2e05ee94a3

  • SHA256

    c577507a9388b5b4520a8f14474062293e4cd26dfc9421c5acc49c992011ffa6

  • SHA512

    61ebf916e2788e1d5aa81a1dcb2a39a5e857e7de3c41b6c94803dcafdf316f192e94d5cf75d6c7a50b7b2967f5d3a4e5fd3f34e8eeab2fd575c3911b106dda89

  • SSDEEP

    6144:XbOTF9+lw27APRw3zeFAO8X+KAWCJx6lTlNyVeV+cqtvwx7C4syabpAU:L+z+u9ZF6uKAWSYlJNyVs+tSQfp

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fabric-installer-0.11.1.exe
    "C:\Users\Admin\AppData\Local\Temp\fabric-installer-0.11.1.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1744
    • C:\ProgramData\Oracle\Java\javapath\javaw.exe
      "javaw.exe" "-version"
      2⤵
        PID:4024
      • C:\ProgramData\Oracle\Java\javapath\javaw.exe
        "javaw.exe" "-jar" "C:\Users\Admin\AppData\Local\Temp\fabric-installer-0.11.1.exe" "-fabricInstallerBootstrap" "true"
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:4200

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp
      Filesize

      50B

      MD5

      87536784445b4af6544d404fcef7ba40

      SHA1

      290638209fd72ce94a9f1f8dceecfd0fae560b03

      SHA256

      6346597e469199dd5d70b91abda293b438d01e8a79887ff3bb10950e3cd9ae1a

      SHA512

      09888219dc407fa6fd86e5eea703df4b9617a83a71854fb5876eadd7b5bad41028cedddc78bed552d40c8f6d8cad1fe664415e33587f0f571fc5e6a8a3f7ff89

      Download Submit

    • memory/4024-2-0x00000000025F0000-0x00000000035F0000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/4024-5-0x00000000025F0000-0x00000000035F0000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/4024-13-0x0000000002410000-0x0000000002411000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4200-19-0x0000000002990000-0x0000000003990000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/4200-26-0x0000000002650000-0x0000000002651000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4200-31-0x0000000002990000-0x0000000003990000-memory.dmp

      Filesize

      16.0MB

      Download

    • memory/4200-45-0x0000000002650000-0x0000000002651000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4200-46-0x0000000002650000-0x0000000002651000-memory.dmp

      Filesize

      4KB

      Download