62edf170bdcc41edea85d33acf3eb85474258699b3d41f9418d286c836cb088d

Analysis

max time kernel
1067s
max time network
1597s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
27/05/2024, 19:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fabric-installer-1.0.1.jar
Size

193KB
MD5

ae3b61867b3397ac509998a4640eae0f
SHA1

1e6cc158b29e3744104bdb0b782c4981a657de63
SHA256

62edf170bdcc41edea85d33acf3eb85474258699b3d41f9418d286c836cb088d
SHA512

6e77702af63d9eb6e83adb01aa96a6e057811f524a7787ae48519cd85352f142c30a35f9d9c7794164726eb11e12ce664da6c3a40c8ada3e0294063f38f4636b
SSDEEP

3072:2QeXHvPZppn79P5u7HrhmIAaGQgnAwO4vbecx74w7uJJQbA2kn/NrLRavJ:+ZpP5OLhmsGpAiXx74syabpA+J

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1988	icacls.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4988	java.exe
4988	java.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4988 wrote to memory of 1988	4988	java.exe	73
PID 4988 wrote to memory of 1988	4988	java.exe	73

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\fabric-installer-1.0.1.jar
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4988
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:1988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
872b9942a4a18811ef54488d3248954a

SHA1
599a285c502c0fc0467567417cbc30126ef9b028

SHA256
0cb9f174012f8a85f6a430508df3025bed50f340936c56f41204c4db6d388422

SHA512
554d513bfbc9b8a6a1e45b11dfd69f1c5ba53eb32d358a7aa17c56b0ade5f3c7782058a0f754dfa42f018a49e2c462a404de269c0ae878a73bb6d7d269783971

Download Submit
memory/4988-2-0x000002599D2A0000-0x000002599D510000-memory.dmp

Filesize
2.4MB

Download
memory/4988-11-0x000002599B9C0000-0x000002599B9C1000-memory.dmp

Filesize
4KB

Download
memory/4988-16-0x000002599B9C0000-0x000002599B9C1000-memory.dmp

Filesize
4KB

Download
memory/4988-19-0x000002599D510000-0x000002599D520000-memory.dmp

Filesize
64KB

Download
memory/4988-21-0x000002599D520000-0x000002599D530000-memory.dmp

Filesize
64KB

Download
memory/4988-23-0x000002599D530000-0x000002599D540000-memory.dmp

Filesize
64KB

Download
memory/4988-25-0x000002599D540000-0x000002599D550000-memory.dmp

Filesize
64KB

Download
memory/4988-27-0x000002599D550000-0x000002599D560000-memory.dmp

Filesize
64KB

Download
memory/4988-30-0x000002599D560000-0x000002599D570000-memory.dmp

Filesize
64KB

Download
memory/4988-31-0x000002599D570000-0x000002599D580000-memory.dmp

Filesize
64KB

Download
memory/4988-33-0x000002599D580000-0x000002599D590000-memory.dmp

Filesize
64KB

Download
memory/4988-36-0x000002599D590000-0x000002599D5A0000-memory.dmp

Filesize
64KB

Download
memory/4988-38-0x000002599D5A0000-0x000002599D5B0000-memory.dmp

Filesize
64KB

Download
memory/4988-37-0x000002599D2A0000-0x000002599D510000-memory.dmp

Filesize
2.4MB

Download
memory/4988-41-0x000002599D5B0000-0x000002599D5C0000-memory.dmp

Filesize
64KB

Download
memory/4988-40-0x000002599D510000-0x000002599D520000-memory.dmp

Filesize
64KB

Download
memory/4988-44-0x000002599D5C0000-0x000002599D5D0000-memory.dmp

Filesize
64KB

Download
memory/4988-43-0x000002599D520000-0x000002599D530000-memory.dmp

Filesize
64KB

Download
memory/4988-46-0x000002599D530000-0x000002599D540000-memory.dmp

Filesize
64KB

Download
memory/4988-47-0x000002599D5D0000-0x000002599D5E0000-memory.dmp

Filesize
64KB

Download
memory/4988-50-0x000002599D5E0000-0x000002599D5F0000-memory.dmp

Filesize
64KB

Download
memory/4988-49-0x000002599D540000-0x000002599D550000-memory.dmp

Filesize
64KB

Download
memory/4988-54-0x000002599D5F0000-0x000002599D600000-memory.dmp

Filesize
64KB

Download
memory/4988-53-0x000002599D550000-0x000002599D560000-memory.dmp

Filesize
64KB

Download
memory/4988-57-0x000002599D600000-0x000002599D610000-memory.dmp

Filesize
64KB

Download
memory/4988-56-0x000002599D560000-0x000002599D570000-memory.dmp

Filesize
64KB

Download
memory/4988-60-0x000002599D610000-0x000002599D620000-memory.dmp

Filesize
64KB

Download
memory/4988-63-0x000002599D620000-0x000002599D630000-memory.dmp

Filesize
64KB

Download
memory/4988-62-0x000002599D590000-0x000002599D5A0000-memory.dmp

Filesize
64KB

Download
memory/4988-61-0x000002599D580000-0x000002599D590000-memory.dmp

Filesize
64KB

Download
memory/4988-59-0x000002599D570000-0x000002599D580000-memory.dmp

Filesize
64KB

Download
memory/4988-64-0x000002599B9C0000-0x000002599B9C1000-memory.dmp

Filesize
4KB

Download
memory/4988-68-0x000002599D640000-0x000002599D650000-memory.dmp

Filesize
64KB

Download
memory/4988-67-0x000002599D630000-0x000002599D640000-memory.dmp

Filesize
64KB

Download
memory/4988-71-0x000002599D650000-0x000002599D660000-memory.dmp

Filesize
64KB

Download
memory/4988-70-0x000002599D5A0000-0x000002599D5B0000-memory.dmp

Filesize
64KB

Download
memory/4988-76-0x000002599D660000-0x000002599D670000-memory.dmp

Filesize
64KB

Download
memory/4988-75-0x000002599D5B0000-0x000002599D5C0000-memory.dmp

Filesize
64KB

Download
memory/4988-77-0x000002599D5C0000-0x000002599D5D0000-memory.dmp

Filesize
64KB

Download
memory/4988-78-0x000002599D670000-0x000002599D680000-memory.dmp

Filesize
64KB

Download
memory/4988-81-0x000002599D680000-0x000002599D690000-memory.dmp

Filesize
64KB

Download
memory/4988-80-0x000002599D5D0000-0x000002599D5E0000-memory.dmp

Filesize
64KB

Download
memory/4988-86-0x000002599D690000-0x000002599D6A0000-memory.dmp

Filesize
64KB

Download
memory/4988-85-0x000002599D5E0000-0x000002599D5F0000-memory.dmp

Filesize
64KB

Download
memory/4988-91-0x000002599D6A0000-0x000002599D6B0000-memory.dmp

Filesize
64KB

Download
memory/4988-90-0x000002599D5F0000-0x000002599D600000-memory.dmp

Filesize
64KB

Download
memory/4988-93-0x000002599D600000-0x000002599D610000-memory.dmp

Filesize
64KB

Download
memory/4988-94-0x000002599D6B0000-0x000002599D6C0000-memory.dmp

Filesize
64KB

Download
memory/4988-97-0x000002599D6C0000-0x000002599D6D0000-memory.dmp

Filesize
64KB

Download
memory/4988-96-0x000002599D610000-0x000002599D620000-memory.dmp

Filesize
64KB

Download
memory/4988-100-0x000002599D6D0000-0x000002599D6E0000-memory.dmp

Filesize
64KB

Download
memory/4988-99-0x000002599D620000-0x000002599D630000-memory.dmp

Filesize
64KB

Download
memory/4988-103-0x000002599D630000-0x000002599D640000-memory.dmp

Filesize
64KB

Download
memory/4988-105-0x000002599D6E0000-0x000002599D6F0000-memory.dmp

Filesize
64KB

Download
memory/4988-104-0x000002599D640000-0x000002599D650000-memory.dmp

Filesize
64KB

Download
memory/4988-106-0x000002599B9C0000-0x000002599B9C1000-memory.dmp

Filesize
4KB

Download
memory/4988-111-0x000002599D6F0000-0x000002599D700000-memory.dmp

Filesize
64KB

Download
memory/4988-110-0x000002599D650000-0x000002599D660000-memory.dmp

Filesize
64KB

Download
memory/4988-112-0x000002599D660000-0x000002599D670000-memory.dmp

Filesize
64KB

Download
memory/4988-113-0x000002599D700000-0x000002599D710000-memory.dmp

Filesize
64KB

Download
memory/4988-119-0x000002599D710000-0x000002599D720000-memory.dmp

Filesize
64KB

Download
memory/4988-118-0x000002599D670000-0x000002599D680000-memory.dmp

Filesize
64KB

Download
memory/4988-122-0x000002599D720000-0x000002599D730000-memory.dmp

Filesize
64KB

Download
memory/4988-121-0x000002599D680000-0x000002599D690000-memory.dmp

Filesize
64KB

Download
memory/4988-120-0x000002599B9C0000-0x000002599B9C1000-memory.dmp

Filesize
4KB

Download
memory/4988-126-0x000002599D690000-0x000002599D6A0000-memory.dmp

Filesize
64KB

Download
memory/4988-127-0x000002599D730000-0x000002599D740000-memory.dmp

Filesize
64KB

Download
memory/4988-131-0x000002599D6A0000-0x000002599D6B0000-memory.dmp

Filesize
64KB

Download
memory/4988-135-0x000002599B9C0000-0x000002599B9C1000-memory.dmp

Filesize
4KB

Download
memory/4988-136-0x000002599B9C0000-0x000002599B9C1000-memory.dmp

Filesize
4KB

Download
memory/4988-134-0x000002599D760000-0x000002599D770000-memory.dmp

Filesize
64KB

Download
memory/4988-133-0x000002599D750000-0x000002599D760000-memory.dmp

Filesize
64KB

Download
memory/4988-132-0x000002599D740000-0x000002599D750000-memory.dmp

Filesize
64KB

Download
memory/4988-138-0x000002599D770000-0x000002599D780000-memory.dmp

Filesize
64KB

Download
memory/4988-137-0x000002599D6B0000-0x000002599D6C0000-memory.dmp

Filesize
64KB

Download
memory/4988-141-0x000002599D780000-0x000002599D790000-memory.dmp

Filesize
64KB

Download
memory/4988-140-0x000002599D6C0000-0x000002599D6D0000-memory.dmp

Filesize
64KB

Download
memory/4988-148-0x000002599D6E0000-0x000002599D6F0000-memory.dmp

Filesize
64KB

Download
memory/4988-153-0x000002599D6F0000-0x000002599D700000-memory.dmp

Filesize
64KB

Download
memory/4988-155-0x000002599D7C0000-0x000002599D7D0000-memory.dmp

Filesize
64KB

Download
memory/4988-159-0x000002599D7F0000-0x000002599D800000-memory.dmp

Filesize
64KB

Download
memory/4988-158-0x000002599D700000-0x000002599D710000-memory.dmp

Filesize
64KB

Download
memory/4988-157-0x000002599D7E0000-0x000002599D7F0000-memory.dmp

Filesize
64KB

Download
memory/4988-156-0x000002599D7D0000-0x000002599D7E0000-memory.dmp

Filesize
64KB

Download
memory/4988-154-0x000002599D7B0000-0x000002599D7C0000-memory.dmp

Filesize
64KB

Download
memory/4988-147-0x000002599D7A0000-0x000002599D7B0000-memory.dmp

Filesize
64KB

Download
memory/4988-146-0x000002599D790000-0x000002599D7A0000-memory.dmp

Filesize
64KB

Download
memory/4988-145-0x000002599D6D0000-0x000002599D6E0000-memory.dmp

Filesize
64KB

Download
memory/4988-162-0x000002599D710000-0x000002599D720000-memory.dmp

Filesize
64KB

Download
memory/4988-163-0x000002599D800000-0x000002599D810000-memory.dmp

Filesize
64KB

Download
memory/4988-167-0x000002599B9C0000-0x000002599B9C1000-memory.dmp

Filesize
4KB

Download
memory/4988-169-0x000002599D810000-0x000002599D820000-memory.dmp

Filesize
64KB

Download
memory/4988-168-0x000002599D720000-0x000002599D730000-memory.dmp

Filesize
64KB

Download
memory/4988-173-0x000002599D820000-0x000002599D830000-memory.dmp

Filesize
64KB

Download
memory/4988-172-0x000002599D730000-0x000002599D740000-memory.dmp

Filesize
64KB

Download
memory/4988-176-0x000002599D740000-0x000002599D750000-memory.dmp

Filesize
64KB

Download
memory/4988-178-0x000002599D760000-0x000002599D770000-memory.dmp

Filesize
64KB

Download
memory/4988-177-0x000002599D750000-0x000002599D760000-memory.dmp

Filesize
64KB

Download
memory/4988-179-0x000002599D770000-0x000002599D780000-memory.dmp

Filesize
64KB

Download
memory/4988-180-0x000002599D780000-0x000002599D790000-memory.dmp

Filesize
64KB

Download
memory/4988-181-0x000002599D790000-0x000002599D7A0000-memory.dmp

Filesize
64KB

Download
memory/4988-182-0x000002599D7A0000-0x000002599D7B0000-memory.dmp

Filesize
64KB

Download
memory/4988-183-0x000002599D7B0000-0x000002599D7C0000-memory.dmp

Filesize
64KB

Download
memory/4988-184-0x000002599D7C0000-0x000002599D7D0000-memory.dmp

Filesize
64KB

Download
memory/4988-189-0x000002599B9C0000-0x000002599B9C1000-memory.dmp

Filesize
4KB

Download