Overview

overview

7

Static

static

3

fabric-ins....1.exe

windows10-1703-x64

7

Analysis

  • max time kernel
    44s
  • max time network
    39s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    08-09-2024 13:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fabric-installer-1.0.1.exe

  • Size

    449KB

  • MD5

    7f0502234a4af4bb9ee0b35ee38b8711

  • SHA1

    e708d55f12586a153770bafa4b7fbfa8441b1409

  • SHA256

    d90987a8f7a56cd9c09f69585de0ee6241c326f5b41399b2a8319d03fe6ce64e

  • SHA512

    4dc60b1c4da89d3f40456ca54665c797816e42fa1e44e9b2873f799ccf2a4f834732b2854e3f8491e1ab1be562e7d7528fef19acb49d072a63a668e7e5468320

  • SSDEEP

    6144:nI+0wPnAFavZtK9qEgsdjMpgmo6KlspZpP5OLhmsGpAiXx74syabpA+J:BPnAFSS36lKmPpemsGmiXxVfnJ

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fabric-installer-1.0.1.exe
    "C:\Users\Admin\AppData\Local\Temp\fabric-installer-1.0.1.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2536
    • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
      "javaw.exe" "-version"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:688
      • C:\Windows\system32\icacls.exe
        C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
        3⤵
        • Modifies file permissions
        PID:3164
    • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
      "javaw.exe" "-jar" "C:\Users\Admin\AppData\Local\Temp\fabric-installer-1.0.1.exe" "-fabricInstallerBootstrap" "true"
      2⤵
      • Loads dropped DLL
      • Modifies registry class
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      PID:3080
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:2084

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
      Filesize

      46B

      MD5

      408ce33d969acd3048386d12009bc5b9

      SHA1

      c13dccf92e44d65f7912f9721a85f93dbebe617f

      SHA256

      cd2b9ecff3c3826d23d3086a4d797707ca5076ee2fedfe471030d332514e1aae

      SHA512

      6ed91cfab98c54f87ed4f335191697970ee871102c26602df15262cc140e045fb5e389a8bf6eeec51a125f671a4004970e6287933c3bbd5f740522c6875690fc

      Download Submit

    • \Users\Admin\AppData\Local\Temp\fabric-installer-native6944360028976914884.tmp
      Filesize

      9KB

      MD5

      2a4edd64e186969b56c571c6889b450b

      SHA1

      6dffeccb4f7f65d0fedc965bea8e1494375a3d9f

      SHA256

      32a9cbd598dfd72ee53e60c79c195306afd19acc65c8fc1db6d33833d1550f25

      SHA512

      e3ff5a86dccba08caff1ee17bdf9a33a1e0a43e0ab669a23e0eb8f9d8f85d1383ec959d7cde6ef6b40fe58ae02a795761fdd36769aaf202c0ff5d2eda1d1510a

      Download Submit

    • memory/688-2-0x000001C180000000-0x000001C180270000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/688-12-0x000001C1F2D00000-0x000001C1F2D01000-memory.dmp

      Filesize

      4KB

      Download

    • memory/688-14-0x000001C180000000-0x000001C180270000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/3080-106-0x00000196C3170000-0x00000196C3171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3080-154-0x00000196C3170000-0x00000196C3171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3080-53-0x00000196C3170000-0x00000196C3171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3080-72-0x00000196C3170000-0x00000196C3171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3080-85-0x00000196C3170000-0x00000196C3171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3080-97-0x00000196C3170000-0x00000196C3171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3080-100-0x00000196C3170000-0x00000196C3171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3080-26-0x00000196C3170000-0x00000196C3171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3080-121-0x00000196C3170000-0x00000196C3171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3080-130-0x00000196C3190000-0x00000196C3400000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/3080-137-0x00000196C3170000-0x00000196C3171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3080-31-0x00000196C3170000-0x00000196C3171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3080-164-0x00000196C3170000-0x00000196C3171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3080-168-0x00000196C3170000-0x00000196C3171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3080-179-0x00000196C3170000-0x00000196C3171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3080-186-0x00000196C3170000-0x00000196C3171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3080-189-0x00000196C3170000-0x00000196C3171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3080-188-0x00000196C3170000-0x00000196C3171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3080-191-0x00000196C3170000-0x00000196C3171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3080-17-0x00000196C3190000-0x00000196C3400000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/3080-289-0x00000196C3190000-0x00000196C3400000-memory.dmp

      Filesize

      2.4MB

      Download