Overview

overview

7

Static

static

3

fabric-ins....0.exe

windows7-x64

1

fabric-ins....0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    38s
  • max time network
    43s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-03-2024 05:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fabric-installer-1.0.0.exe

  • Size

    437KB

  • MD5

    861e96fa83437f147809f4fafbb07f86

  • SHA1

    7a6dbd8c6f5300fe89a481832d3bb7244eb253eb

  • SHA256

    3863f9491bdc39a5f036c56fba310757779b616bdfb9b13e0748af2a4937a143

  • SHA512

    aac75fddcce15c9a2564112f1ea71ae616bea24a15593b0ce522def6a289dd6b2ddc4f2d23c323a9d71456918283fec97a7bb8a2bfe6f5794209f3cbdf691d81

  • SSDEEP

    6144:1AqhQt8C1lu3lRrszNnDthJNV/6KC5TfcAXok5OWgIhvpxH1K4syabpAM:48C1lu3TynwKC5TEAXRvhvpxHOfv

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fabric-installer-1.0.0.exe
    "C:\Users\Admin\AppData\Local\Temp\fabric-installer-1.0.0.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4532
    • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
      "javaw.exe" "-version"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3960
      • C:\Windows\system32\icacls.exe
        C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
        3⤵
        • Modifies file permissions
        PID:4216
    • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
      "javaw.exe" "-jar" "C:\Users\Admin\AppData\Local\Temp\fabric-installer-1.0.0.exe" "-fabricInstallerBootstrap" "true"
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:1992

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
    Filesize

    46B

    MD5

    06fdf9b6c0671783d626b135537c81e0

    SHA1

    f4d1b26673924e413eacde7ae581d8298384d5db

    SHA256

    96f7a72d94097797f4de2460842d402b0b1762ccfc823517ac83b21324bd4009

    SHA512

    10d21785c9490ff797867bd293fdf54016238d81e5efcc2624dba3b4389ae0db2fa8b5d152508c5c38976a97a5a4b64b8e9cb242a3c11e952e02aab6a61b7475

    Download Submit

  • memory/1992-18-0x0000022CC1FD0000-0x0000022CC2FD0000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/1992-25-0x0000022CC07D0000-0x0000022CC07D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1992-31-0x0000022CC07D0000-0x0000022CC07D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1992-34-0x0000022CC07D0000-0x0000022CC07D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3960-2-0x000002310F840000-0x0000023110840000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/3960-13-0x000002310F820000-0x000002310F821000-memory.dmp

    Filesize

    4KB

    Download