62edf170bdcc41edea85d33acf3eb85474258699b3d41f9418d286c836cb088d

Analysis

max time kernel
1070s
max time network
1175s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
27/05/2024, 19:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fabric-installer-1.0.1.jar
Size

193KB
MD5

ae3b61867b3397ac509998a4640eae0f
SHA1

1e6cc158b29e3744104bdb0b782c4981a657de63
SHA256

62edf170bdcc41edea85d33acf3eb85474258699b3d41f9418d286c836cb088d
SHA512

6e77702af63d9eb6e83adb01aa96a6e057811f524a7787ae48519cd85352f142c30a35f9d9c7794164726eb11e12ce664da6c3a40c8ada3e0294063f38f4636b
SSDEEP

3072:2QeXHvPZppn79P5u7HrhmIAaGQgnAwO4vbecx74w7uJJQbA2kn/NrLRavJ:+ZpP5OLhmsGpAiXx74syabpA+J

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
688	icacls.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3000	java.exe
3000	java.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 688	3000	java.exe	79
PID 3000 wrote to memory of 688	3000	java.exe	79

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\fabric-installer-1.0.1.jar
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
7d0973eca7556e08e41fd736b8070e7a

SHA1
e19e742540c83e9187d518af6095bf25d7e5fd4a

SHA256
81f9c5047986b362dae3e5975aff430d02d8e65095c032064d91c8b05026ea4f

SHA512
40f2ea8c98e5184a5a90b81fd6eac7ef2b111c798d13e272cdbfd3f49cef5a9a8cd42eb39993a06494ed66879f00c564b5a3a39a21d976549d33cd1915632b19

Download Submit
memory/3000-2-0x000001F480000000-0x000001F480270000-memory.dmp

Filesize
2.4MB

Download
memory/3000-11-0x000001F4F5D40000-0x000001F4F5D41000-memory.dmp

Filesize
4KB

Download
memory/3000-16-0x000001F4F5D40000-0x000001F4F5D41000-memory.dmp

Filesize
4KB

Download
memory/3000-20-0x000001F480270000-0x000001F480280000-memory.dmp

Filesize
64KB

Download
memory/3000-21-0x000001F480280000-0x000001F480290000-memory.dmp

Filesize
64KB

Download
memory/3000-23-0x000001F480290000-0x000001F4802A0000-memory.dmp

Filesize
64KB

Download
memory/3000-25-0x000001F4802A0000-0x000001F4802B0000-memory.dmp

Filesize
64KB

Download
memory/3000-27-0x000001F4802B0000-0x000001F4802C0000-memory.dmp

Filesize
64KB

Download
memory/3000-30-0x000001F4802C0000-0x000001F4802D0000-memory.dmp

Filesize
64KB

Download
memory/3000-33-0x000001F4802E0000-0x000001F4802F0000-memory.dmp

Filesize
64KB

Download
memory/3000-32-0x000001F4802D0000-0x000001F4802E0000-memory.dmp

Filesize
64KB

Download
memory/3000-36-0x000001F4802F0000-0x000001F480300000-memory.dmp

Filesize
64KB

Download
memory/3000-37-0x000001F480300000-0x000001F480310000-memory.dmp

Filesize
64KB

Download
memory/3000-39-0x000001F480310000-0x000001F480320000-memory.dmp

Filesize
64KB

Download
memory/3000-41-0x000001F480000000-0x000001F480270000-memory.dmp

Filesize
2.4MB

Download
memory/3000-42-0x000001F480320000-0x000001F480330000-memory.dmp

Filesize
64KB

Download
memory/3000-48-0x000001F480340000-0x000001F480350000-memory.dmp

Filesize
64KB

Download
memory/3000-47-0x000001F480330000-0x000001F480340000-memory.dmp

Filesize
64KB

Download
memory/3000-46-0x000001F480280000-0x000001F480290000-memory.dmp

Filesize
64KB

Download
memory/3000-45-0x000001F480270000-0x000001F480280000-memory.dmp

Filesize
64KB

Download
memory/3000-51-0x000001F480350000-0x000001F480360000-memory.dmp

Filesize
64KB

Download
memory/3000-50-0x000001F480290000-0x000001F4802A0000-memory.dmp

Filesize
64KB

Download
memory/3000-52-0x000001F4F5D40000-0x000001F4F5D41000-memory.dmp

Filesize
4KB

Download
memory/3000-55-0x000001F480360000-0x000001F480370000-memory.dmp

Filesize
64KB

Download
memory/3000-54-0x000001F4802A0000-0x000001F4802B0000-memory.dmp

Filesize
64KB

Download
memory/3000-59-0x000001F480370000-0x000001F480380000-memory.dmp

Filesize
64KB

Download
memory/3000-58-0x000001F4802B0000-0x000001F4802C0000-memory.dmp

Filesize
64KB

Download
memory/3000-61-0x000001F480380000-0x000001F480390000-memory.dmp

Filesize
64KB

Download
memory/3000-60-0x000001F4802C0000-0x000001F4802D0000-memory.dmp

Filesize
64KB

Download
memory/3000-65-0x000001F480390000-0x000001F4803A0000-memory.dmp

Filesize
64KB

Download
memory/3000-64-0x000001F4802E0000-0x000001F4802F0000-memory.dmp

Filesize
64KB

Download
memory/3000-63-0x000001F4802D0000-0x000001F4802E0000-memory.dmp

Filesize
64KB

Download
memory/3000-68-0x000001F4803A0000-0x000001F4803B0000-memory.dmp

Filesize
64KB

Download
memory/3000-67-0x000001F4802F0000-0x000001F480300000-memory.dmp

Filesize
64KB

Download
memory/3000-71-0x000001F4803B0000-0x000001F4803C0000-memory.dmp

Filesize
64KB

Download
memory/3000-70-0x000001F480300000-0x000001F480310000-memory.dmp

Filesize
64KB

Download
memory/3000-72-0x000001F4F5D40000-0x000001F4F5D41000-memory.dmp

Filesize
4KB

Download
memory/3000-75-0x000001F4803C0000-0x000001F4803D0000-memory.dmp

Filesize
64KB

Download
memory/3000-74-0x000001F480310000-0x000001F480320000-memory.dmp

Filesize
64KB

Download
memory/3000-78-0x000001F4803D0000-0x000001F4803E0000-memory.dmp

Filesize
64KB

Download
memory/3000-77-0x000001F480320000-0x000001F480330000-memory.dmp

Filesize
64KB

Download
memory/3000-82-0x000001F4803E0000-0x000001F4803F0000-memory.dmp

Filesize
64KB

Download
memory/3000-81-0x000001F480340000-0x000001F480350000-memory.dmp

Filesize
64KB

Download
memory/3000-80-0x000001F480330000-0x000001F480340000-memory.dmp

Filesize
64KB

Download
memory/3000-86-0x000001F480350000-0x000001F480360000-memory.dmp

Filesize
64KB

Download
memory/3000-88-0x000001F4F5D40000-0x000001F4F5D41000-memory.dmp

Filesize
4KB

Download
memory/3000-87-0x000001F4803F0000-0x000001F480400000-memory.dmp

Filesize
64KB

Download
memory/3000-92-0x000001F480400000-0x000001F480410000-memory.dmp

Filesize
64KB

Download
memory/3000-91-0x000001F480360000-0x000001F480370000-memory.dmp

Filesize
64KB

Download
memory/3000-95-0x000001F480410000-0x000001F480420000-memory.dmp

Filesize
64KB

Download
memory/3000-94-0x000001F480370000-0x000001F480380000-memory.dmp

Filesize
64KB

Download
memory/3000-98-0x000001F480420000-0x000001F480430000-memory.dmp

Filesize
64KB

Download
memory/3000-97-0x000001F480380000-0x000001F480390000-memory.dmp

Filesize
64KB

Download
memory/3000-101-0x000001F480430000-0x000001F480440000-memory.dmp

Filesize
64KB

Download
memory/3000-100-0x000001F480390000-0x000001F4803A0000-memory.dmp

Filesize
64KB

Download
memory/3000-104-0x000001F480440000-0x000001F480450000-memory.dmp

Filesize
64KB

Download
memory/3000-103-0x000001F4803A0000-0x000001F4803B0000-memory.dmp

Filesize
64KB

Download
memory/3000-110-0x000001F480450000-0x000001F480460000-memory.dmp

Filesize
64KB

Download
memory/3000-109-0x000001F4803B0000-0x000001F4803C0000-memory.dmp

Filesize
64KB

Download
memory/3000-107-0x000001F4F5D40000-0x000001F4F5D41000-memory.dmp

Filesize
4KB

Download
memory/3000-114-0x000001F480460000-0x000001F480470000-memory.dmp

Filesize
64KB

Download
memory/3000-113-0x000001F4803C0000-0x000001F4803D0000-memory.dmp

Filesize
64KB

Download
memory/3000-116-0x000001F480470000-0x000001F480480000-memory.dmp

Filesize
64KB

Download
memory/3000-120-0x000001F480480000-0x000001F480490000-memory.dmp

Filesize
64KB

Download
memory/3000-119-0x000001F4803D0000-0x000001F4803E0000-memory.dmp

Filesize
64KB

Download
memory/3000-122-0x000001F4803E0000-0x000001F4803F0000-memory.dmp

Filesize
64KB

Download
memory/3000-124-0x000001F480490000-0x000001F4804A0000-memory.dmp

Filesize
64KB

Download
memory/3000-123-0x000001F4F5D40000-0x000001F4F5D41000-memory.dmp

Filesize
4KB

Download
memory/3000-129-0x000001F4804A0000-0x000001F4804B0000-memory.dmp

Filesize
64KB

Download
memory/3000-128-0x000001F4803F0000-0x000001F480400000-memory.dmp

Filesize
64KB

Download
memory/3000-136-0x000001F4804C0000-0x000001F4804D0000-memory.dmp

Filesize
64KB

Download
memory/3000-135-0x000001F4804D0000-0x000001F4804E0000-memory.dmp

Filesize
64KB

Download
memory/3000-134-0x000001F4804B0000-0x000001F4804C0000-memory.dmp

Filesize
64KB

Download
memory/3000-133-0x000001F480400000-0x000001F480410000-memory.dmp

Filesize
64KB

Download
memory/3000-139-0x000001F480410000-0x000001F480420000-memory.dmp

Filesize
64KB

Download
memory/3000-140-0x000001F4804E0000-0x000001F4804F0000-memory.dmp

Filesize
64KB

Download
memory/3000-146-0x000001F480500000-0x000001F480510000-memory.dmp

Filesize
64KB

Download
memory/3000-154-0x000001F480520000-0x000001F480530000-memory.dmp

Filesize
64KB

Download
memory/3000-156-0x000001F480540000-0x000001F480550000-memory.dmp

Filesize
64KB

Download
memory/3000-155-0x000001F480530000-0x000001F480540000-memory.dmp

Filesize
64KB

Download
memory/3000-161-0x000001F480560000-0x000001F480570000-memory.dmp

Filesize
64KB

Download
memory/3000-160-0x000001F480550000-0x000001F480560000-memory.dmp

Filesize
64KB

Download
memory/3000-159-0x000001F480450000-0x000001F480460000-memory.dmp

Filesize
64KB

Download
memory/3000-153-0x000001F480510000-0x000001F480520000-memory.dmp

Filesize
64KB

Download
memory/3000-152-0x000001F480440000-0x000001F480450000-memory.dmp

Filesize
64KB

Download
memory/3000-143-0x000001F480420000-0x000001F480430000-memory.dmp

Filesize
64KB

Download
memory/3000-145-0x000001F480430000-0x000001F480440000-memory.dmp

Filesize
64KB

Download
memory/3000-144-0x000001F4804F0000-0x000001F480500000-memory.dmp

Filesize
64KB

Download
memory/3000-166-0x000001F480570000-0x000001F480580000-memory.dmp

Filesize
64KB

Download
memory/3000-165-0x000001F480470000-0x000001F480480000-memory.dmp

Filesize
64KB

Download
memory/3000-164-0x000001F480460000-0x000001F480470000-memory.dmp

Filesize
64KB

Download
memory/3000-168-0x000001F4F5D40000-0x000001F4F5D41000-memory.dmp

Filesize
4KB

Download
memory/3000-172-0x000001F480580000-0x000001F480590000-memory.dmp

Filesize
64KB

Download
memory/3000-171-0x000001F480480000-0x000001F480490000-memory.dmp

Filesize
64KB

Download
memory/3000-174-0x000001F480490000-0x000001F4804A0000-memory.dmp

Filesize
64KB

Download
memory/3000-175-0x000001F4804A0000-0x000001F4804B0000-memory.dmp

Filesize
64KB

Download
memory/3000-176-0x000001F4804B0000-0x000001F4804C0000-memory.dmp

Filesize
64KB

Download
memory/3000-177-0x000001F4804D0000-0x000001F4804E0000-memory.dmp

Filesize
64KB

Download
memory/3000-178-0x000001F4804C0000-0x000001F4804D0000-memory.dmp

Filesize
64KB

Download
memory/3000-179-0x000001F4804E0000-0x000001F4804F0000-memory.dmp

Filesize
64KB

Download
memory/3000-180-0x000001F4804F0000-0x000001F480500000-memory.dmp

Filesize
64KB

Download
memory/3000-181-0x000001F480500000-0x000001F480510000-memory.dmp

Filesize
64KB

Download
memory/3000-182-0x000001F480510000-0x000001F480520000-memory.dmp

Filesize
64KB

Download
memory/3000-183-0x000001F480520000-0x000001F480530000-memory.dmp

Filesize
64KB

Download
memory/3000-190-0x000001F4F5D40000-0x000001F4F5D41000-memory.dmp

Filesize
4KB

Download