Malware Analysis Report

2025-04-03 10:42

Sample ID 241109-3bm7ravall
Target fabric-installer-1.0.1.exe
SHA256 d90987a8f7a56cd9c09f69585de0ee6241c326f5b41399b2a8319d03fe6ce64e
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

d90987a8f7a56cd9c09f69585de0ee6241c326f5b41399b2a8319d03fe6ce64e

Threat Level: Shows suspicious behavior

The file fabric-installer-1.0.1.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Loads dropped DLL

Unsigned PE

System Location Discovery: System Language Discovery

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 23:20

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 23:20

Reported

2024-11-09 23:23

Platform

win7-20240903-en

Max time kernel

117s

Max time network

134s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fabric-installer-1.0.1.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fabric-installer-1.0.1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{40F0B331-9EF1-11EF-81BB-F2BBDB1F0DCB} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3035a217fe32db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d907000000000200000000001066000000010000200000004f455b73da825336870a4bdc3981df128fd7518c6b01f7f68a85b07fe8fccde7000000000e800000000200002000000074c7fc1d19451c2c2e9bfbed7b638b508e6573c371ece5ea30b9d06167e0f26f20000000997450dcb02070cbf522246824395c14db1e699464de86208ba2d32f527be84140000000d1080696c9c24c7815a1fb81645b0f4cf8fb44ae8669929d5099c214f8eb9454d7df3de6e812f934905810470d3bf3c2a231663e7abdfb1fba96dc7d2572811d C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437356316" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d90700000000020000000000106600000001000020000000b42ff186526c3a41c770f06bb3d612bc49fbf1ad98848ddb26328b4bd71e38c3000000000e8000000002000020000000503e58d921dd920b9eaa6a6591006f403fe57ff2b004ad23c908b66c32f56ae690000000cc59d821befcf7cf03a9aa9bfc192ea7a44d01ba45bc6866567d7f65ae7bf5c2dbbfeba70aed2bd9af5d17dd67d2dba880315bb0668f623474dc1c68d2e9a8a7a008e349e4355895a6c9cf1824ff72f32c2f17ddcb57dd554b6c1c0e96c6b9a7ea4477d7b7d2bda7c622daed914427a99e9f6248f34e9ba3ae2b5358a4cdc27f21d61f4b98899442e6834c209a9c3e4640000000c313d0dd7eeb8697da8b7de7d8c42ac9b4d049a4fe89eb628f0e21e0191df17370a5da6e1a2221ee86fb7801be2e18fa68b0953e752283e4b6006bbd07015061 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\fabric-installer-1.0.1.exe

"C:\Users\Admin\AppData\Local\Temp\fabric-installer-1.0.1.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://fabricmc.net/wiki/player:tutorials:java:windows

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2148 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 fabricmc.net udp
FI 65.109.48.61:443 fabricmc.net tcp
FI 65.109.48.61:443 fabricmc.net tcp
US 8.8.8.8:53 r11.o.lencr.org udp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 2.23.210.82:80 r11.o.lencr.org tcp
GB 2.23.210.75:80 r11.o.lencr.org tcp
FI 65.109.48.61:443 fabricmc.net tcp
FI 65.109.48.61:443 fabricmc.net tcp
FI 65.109.48.61:443 fabricmc.net tcp
FI 65.109.48.61:443 fabricmc.net tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.19.117.18:80 crl.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01LB6K3J\favicon[1].ico

MD5 94bed0e172b2d893f1a2e046ed9a9baf
SHA1 050d1b4d6752dd973ddb31beca55815e300180b7
SHA256 ad44b5a49faee0d955620c627d1710e662893688522e7051dfdae10b42984a27
SHA512 515e21806859deee755e617bf1ddb28b363b34e65b4cb6853764e6f53014d405184b6fdf333ae33722d8e7a69b8c93f401c5cacce0e217013237ffa475994fd7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9fajjbh\imagestore.dat

MD5 6995eba422e2074bd88c8635822d6dde
SHA1 5a4159d086ca54461d1c4d1e4e3203551909168f
SHA256 162723d6e39a6890c91184708a69b2c4e72c7b77b2054b92bd9de855ec9bce04
SHA512 ca176bb9ad8b791a45c9dfbff5200fa013dee34ca8a38c05a18adb2c1f9ecabd833f6c3055cfde6b198f402113962806fcf2c1fa5f330dc1d404f5e23ea6c7de

C:\Users\Admin\AppData\Local\Temp\TarF6F.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\CabF6D.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a9eda258f16a8345092733571cab401
SHA1 5ed6c079ebff2e3d36096ea65ee2c933bd2dc912
SHA256 2d353568fe1595db5092eb4f214c28a76744f81ee60a7c2f31abe03109349481
SHA512 43e1d36c2ab029775beefb9b2c2ff00372bedeb7caf2a422532eac8485efd051143474bbbb54f6f257714f0778a513378abcf22e0bea6696c0e9a66a75ca712d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6fca27c3f76339a54b3d3ace40b095db
SHA1 40283c3758d5819eb0a08ed40eed4d08281c5890
SHA256 45e6c8ea818fa6d0f5dfa118d54b2711de4a4fdf72d1718a783d31c9a4c33e5c
SHA512 4f984d9cf2c5dba6282358ec4f77023d3e602efd9581baed69996db4cc93dd72492de3947b32a62614a1b88ed8349a84816eef3b8cc2756d53dd1b9e1ca6e830

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e30877bd0e5062466e7304a64cddf51b
SHA1 02bb9dd459d97b4414887d30c271d0e13e1041ad
SHA256 ef97452991a55c2aae584759b28d915c46e780861ab6694bbde02f22585f30e6
SHA512 e4203e74794147927b9273e52b6d9a17f15fb9361c7efd42b09e1a3308ed846259852179dd562872061c2c7f8e123efcb5dac4ced6c319880cd420f165f1c186

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76048d69b215d4c2ad4d1417adb0f8e7
SHA1 3d5c3dad801c2f66001a7ef420bd88173247f2f2
SHA256 cba7540ba982d6f58dabcee0681d7c393c037f1d93d6b534d6c7c09f6a82f937
SHA512 ba2d2c359c32ce80e69e50970a0a7f8c44196baafeced4d90bb364acdeb51036c7aa47d435db83339b4c911e211a62fa41374e8a35e9ede2efa685830164243f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ba845dde6f53819edd4dc4af226de03
SHA1 07fbe02020307037c942990b61329a5eb8e189be
SHA256 a25adb224ae75f7531fc0d63b6e73e941b36524577dc8ad6c112b290608c5b1c
SHA512 2f2c2be5a8f4f429bc2e836f2568157fa187187d38e7fc9a3fec40bbdda3bccc1c10bbbaaa26ae903faa55586faf4589b3a2e1042b7f4cd0d0a763795561996a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a626a4b002ef1b84553c0c785f40e05
SHA1 f1614368b5f1bc80be08df88860a5f1eeb332eda
SHA256 f58bc6a2e96960ace16873997c652981adbf3bce62da5837a7992cb42dccf3bd
SHA512 c58256fc6d2e56700b3fef3c2360ead318abc88f0104bb1b6d499349d48fc52d3e1c4fe6d539e61a90262ce883c995bf23de7cd6ae029d8af9f363f4042edc0a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e5b17f59d202c822eca0f3159b4e594d
SHA1 e7fbdfbbfc622aab77ae12b87a95cc4d63448d69
SHA256 a50f39e62f2565b9dadbce6ba022f9804f8935f631cfa49d0a1b5a65071d9d04
SHA512 217ffbd8d24c18049f215584b1732647b65acea22ab43357aaf72d23b7db5dd02cb11ff08eeead8c62e85489b2f914c06b6033e136103447eed46942bfcfaaf1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e0a5387acb894f6e8a51cf8ef37fe70
SHA1 fc77def7bdc8ed2b4e92328846a91343b99ebd6e
SHA256 a64af22c8c116d58b513d9c576809e944d522413e69714377543e7881eed698e
SHA512 bcab941f9023482ac0ac6bd6caf6d237c134a675c5c0e988dd3310f3cc17e941ba36d9e1e99764c9cb34e7d3f6671db0d9e16f40b7f90f1c18af17c36a239935

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 706b278c3f2d71e61917bd442906546c
SHA1 eadff15a4536b7be41fef09496bdd3279291234f
SHA256 842a2705a5182ce8f89299a09f2897a6c5a9a547ef909fae10c9778046fc9996
SHA512 6eb0a8fd03291c56d0844beee96b11f8b53beb37926b6c3cfa5e541cedd03681df361a94a8bc8a4aff38636b667cf18f8a6fe8b5d87cb5fcc126f2c6ac199820

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 049c28ab4af00ecbe9c76320f1432b29
SHA1 72b9c31a408b709897914b4ae1b95412638b000b
SHA256 dba925338768eeb22301392d5614e33f720c89c4f28bbfed5c167f56cb45f523
SHA512 0e2a5412cb2e2a456108298f33865037769b3483fa2f2ecc341fb10de3c89619dbe77114c0b962481b08753ee7bd468760897c01607123bf0af56e16e2078bfe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c7d9df37c21826838881c59791ab6d1
SHA1 d468015a3410e76021b029f63896eadb1d79a777
SHA256 5dda3d97395c19fb6315f7806eed31231f2463629016821b294230fdb099bc68
SHA512 84a143769a73f6b64f2a0c828e9d4fb0b490089ec7369d2cffc2de3912b1c19a74f5f393d5de536e10d87e2faac361e2d550eee304c5b2b8f156dbf74ecada1b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 fa931b8d15ce081e18cf3de4a4bed374
SHA1 b9dcc466ad20b029e690634c62848187e5ac3926
SHA256 6440738ffc6bedd8116baecc17e3735888ac4261e9063328c0eb967c22190c38
SHA512 cd002c21b06436946fb6f7c428b4794f5721843f2cd520066aa253de77b7757f5cc4d2be9993baedf2730c31e9762bddec351ee9c286f135af3a768a7057de84

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d35f3bf8b11218ba82fddff06d7b34b9
SHA1 e11c11744f31b24074155528126005bbfa8e1a7c
SHA256 2cced8fa7d5e87e27005dcf3e4f62697993ac619d3601eea8913ff9df07c15a2
SHA512 1e437dd413f4f7f24244445ddc4f1471aa925c7f03a67b6ad081597bc158fa04134c54766e67551b8b982f198ca690537cc4b2e83727e32044c21dc4292a6cc9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0fb880f79ee3d62ec152ec548cc56ff0
SHA1 5884d0425e550a27daff4f40c2e26456d6c9800a
SHA256 4f9194b8aa4d66defcaa3ff256f34c840abda51d073146af341c61eeeab7d351
SHA512 6af710298499a2fa2e6594f8aa481274c2a2e62a914e1e85c7fdc1cf22028967f94720a3d1f71c99da5ec3b3f6ed4028393b8a434ccfc1a88bd24c7f07fa4382

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88f3bcbde5ec70547cc8b34d38e0cc84
SHA1 f5d5a960c7ea5776aa1b8cfc0d991c4a8b221f9b
SHA256 aff65e023d473f79336c62e4a103199132168bde46bae92be517277886d1242e
SHA512 8033aec395929df5a847e0349c03301482a6cdbe0404b574ce2e5e7191e9794dea124fab7b91bfe76efcebc2bb0ae7a1c370b1e781d68875f9188d2cb8aef711

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ed2eecbee9c1e6c01d9d9288e95c211
SHA1 74c97e90db3190a1b610ba7cfb49af547f6d4b59
SHA256 eba270d5b37f68210c8af28d68194478bcc3afe080e97116ab168e79c68db620
SHA512 ce817b345fbd77595a2dee09fef3f9df7cde6689128be18eb2760595b65777db76a422135be5f917de4cd56498a3406a8b338c72310830a4dcf009124a801fc9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 4608f34287e66846964acaf6b455469d
SHA1 edaee1b4fc822bceeec481da96fc5a715485cb1e
SHA256 cef335b4200729382781ab616cba09b3cb654210bf86326fc6189d121daec35c
SHA512 48ad7a2b7f35d9c00815ba08ecd375717c7a82665613ef0580ba66aa501f8483543658c48544ae458de7909ad5222b797b7616ee4c8c6aecbd395cf6417f29f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62f52a3a4d781b6c14c2b5604f5e187e
SHA1 cea5456cd1743a42db9f28f2180bc8f02dede555
SHA256 3aa2b03721d2878dbe590091b63191cd552ef38f3a270915607ada6e15fcf35a
SHA512 fac0cf2791d89f217f27821229e0d86351b039209739a49778c122d99bc03fda407757942de80733ed938fd30da025846524f4098f02181f51dc994b55cd24d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 940f7fbafa8b30ae0dc2e77b2a85d26c
SHA1 7023c918e1b39671d234e18f7a0a29e51a4b2c0a
SHA256 7286e80f9c927842d4ad193fd69e063514f4ee34a805e4aa6f5cb1b804cad7e3
SHA512 ad81897451cfa05ba5bc19ca4cad4108f099740751c4178e1cbf03f38b6cfc9b6119306f286692f21a89ca4967de27ed8ea2e47c4c69c41a0403741d4a5ff670

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 12d0f4d368bb3e53c1f51a8ee7e8dcef
SHA1 2e149620d7a4b8ff89d9e32f9bac4e8dfb1e659d
SHA256 85dd26a3d3f83e0b00f3a66b6535b0f8a3ebd666178fd663a639e61345654ea4
SHA512 7c19e85f2838e8c5f19eff78364923843f47d2d7e64752973694fbd39c35228737079ef12f134e0294d099e002e3dfdd4d622a2d3bf22102a6ac546eb8da1278

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0366b82bc4420e9988189bffbf13933a
SHA1 fd43d58e2a8ddd089e9f1bab0d2e66970f4708fa
SHA256 44c0eba056299f8a16a904a8f3ec28c4317a45bedcca182c52ea6702998957ea
SHA512 ccb63c7e3ae961fd69679f85b9a54d14296cfc06569694b0cd1b761046864d66a8e13e0fcb2394aa45fe775d99e662c63d6d1846ba2b2a7f0055618e256ec3c7

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-09 23:20

Reported

2024-11-09 23:23

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fabric-installer-1.0.1.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fabric-installer-1.0.1.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\fabric-installer-1.0.1.exe

"C:\Users\Admin\AppData\Local\Temp\fabric-installer-1.0.1.exe"

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe

"javaw.exe" "-version"

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe

"javaw.exe" "-jar" "C:\Users\Admin\AppData\Local\Temp\fabric-installer-1.0.1.exe" "-fabricInstallerBootstrap" "true"

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 meta.fabricmc.net udp
US 172.67.151.177:443 meta.fabricmc.net tcp
US 8.8.8.8:53 177.151.67.172.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 75.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 28.73.42.20.in-addr.arpa udp

Files

memory/3124-2-0x000001FD86E80000-0x000001FD870F0000-memory.dmp

memory/3124-12-0x000001FD855E0000-0x000001FD855E1000-memory.dmp

memory/3124-13-0x000001FD86E80000-0x000001FD870F0000-memory.dmp

memory/2400-16-0x0000019280000000-0x0000019280270000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 1f1f623c8fba44e6ac061c7fbabaab46
SHA1 39bff2a87794ae66963dd360849195c112890bdb
SHA256 6ed9f3e283f36ef094d50d599fc24d6d99fde8b989ca4e312a4fa1ecd51dd93b
SHA512 cb244f15ab24d9fdeb57de4a41d3ccc669ff2190378e1330f0689a889db48c8c16db8a2eca052e24a4c83e21b4c225b4838b71db149a7b912c415ac8a3a4ab73

memory/2400-26-0x00000192F2220000-0x00000192F2221000-memory.dmp

memory/2400-30-0x00000192F2220000-0x00000192F2221000-memory.dmp

memory/2400-34-0x0000019280270000-0x0000019280280000-memory.dmp

memory/2400-35-0x0000019280280000-0x0000019280290000-memory.dmp

memory/2400-37-0x0000019280290000-0x00000192802A0000-memory.dmp

memory/2400-39-0x00000192802A0000-0x00000192802B0000-memory.dmp

memory/2400-41-0x00000192802B0000-0x00000192802C0000-memory.dmp

memory/2400-43-0x00000192802C0000-0x00000192802D0000-memory.dmp

memory/2400-45-0x00000192802D0000-0x00000192802E0000-memory.dmp

memory/2400-47-0x00000192802E0000-0x00000192802F0000-memory.dmp

memory/2400-50-0x0000019280000000-0x0000019280270000-memory.dmp

memory/2400-53-0x0000019280270000-0x0000019280280000-memory.dmp

memory/2400-52-0x0000019280300000-0x0000019280310000-memory.dmp

memory/2400-51-0x00000192802F0000-0x0000019280300000-memory.dmp

memory/2400-55-0x0000019280310000-0x0000019280320000-memory.dmp

memory/2400-58-0x0000019280320000-0x0000019280330000-memory.dmp

memory/2400-57-0x0000019280280000-0x0000019280290000-memory.dmp

memory/2400-61-0x0000019280330000-0x0000019280340000-memory.dmp

memory/2400-60-0x0000019280290000-0x00000192802A0000-memory.dmp

memory/2400-63-0x00000192802A0000-0x00000192802B0000-memory.dmp

memory/2400-64-0x0000019280340000-0x0000019280350000-memory.dmp

memory/2400-66-0x00000192802B0000-0x00000192802C0000-memory.dmp

memory/2400-67-0x0000019280350000-0x0000019280360000-memory.dmp

memory/2400-71-0x0000019280360000-0x0000019280370000-memory.dmp

memory/2400-70-0x00000192802C0000-0x00000192802D0000-memory.dmp

memory/2400-73-0x0000019280370000-0x0000019280380000-memory.dmp

memory/2400-72-0x00000192802D0000-0x00000192802E0000-memory.dmp

memory/2400-75-0x00000192F2220000-0x00000192F2221000-memory.dmp

memory/2400-77-0x0000019280380000-0x0000019280390000-memory.dmp

memory/2400-76-0x00000192802E0000-0x00000192802F0000-memory.dmp

memory/2400-80-0x0000019280390000-0x00000192803A0000-memory.dmp

memory/2400-79-0x00000192802F0000-0x0000019280300000-memory.dmp

memory/2400-82-0x0000019280300000-0x0000019280310000-memory.dmp

memory/2400-83-0x00000192803A0000-0x00000192803B0000-memory.dmp

memory/2400-87-0x00000192803B0000-0x00000192803C0000-memory.dmp

memory/2400-86-0x0000019280310000-0x0000019280320000-memory.dmp

memory/2400-93-0x0000019280330000-0x0000019280340000-memory.dmp

memory/2400-92-0x00000192803D0000-0x00000192803E0000-memory.dmp

memory/2400-91-0x00000192803C0000-0x00000192803D0000-memory.dmp

memory/2400-90-0x0000019280320000-0x0000019280330000-memory.dmp

memory/2400-97-0x0000019280340000-0x0000019280350000-memory.dmp

memory/2400-98-0x00000192803E0000-0x00000192803F0000-memory.dmp

memory/2400-103-0x00000192803F0000-0x0000019280400000-memory.dmp

memory/2400-102-0x0000019280350000-0x0000019280360000-memory.dmp

memory/2400-106-0x0000019280400000-0x0000019280410000-memory.dmp

memory/2400-105-0x0000019280360000-0x0000019280370000-memory.dmp

memory/2400-108-0x0000019280370000-0x0000019280380000-memory.dmp

memory/2400-109-0x0000019280410000-0x0000019280420000-memory.dmp

memory/2400-112-0x0000019280420000-0x0000019280430000-memory.dmp

memory/2400-111-0x0000019280380000-0x0000019280390000-memory.dmp

memory/2400-114-0x0000019280390000-0x00000192803A0000-memory.dmp

memory/2400-115-0x0000019280430000-0x0000019280440000-memory.dmp

memory/2400-119-0x00000192F2220000-0x00000192F2221000-memory.dmp

memory/2400-121-0x0000019280440000-0x0000019280450000-memory.dmp

memory/2400-120-0x00000192803A0000-0x00000192803B0000-memory.dmp

memory/2400-124-0x00000192803B0000-0x00000192803C0000-memory.dmp

memory/2400-128-0x00000192803D0000-0x00000192803E0000-memory.dmp

memory/2400-127-0x00000192803C0000-0x00000192803D0000-memory.dmp

memory/2400-126-0x0000019280460000-0x0000019280470000-memory.dmp

memory/2400-125-0x0000019280450000-0x0000019280460000-memory.dmp

memory/2400-132-0x0000019280470000-0x0000019280480000-memory.dmp

memory/2400-136-0x0000019280480000-0x0000019280490000-memory.dmp

memory/2400-135-0x00000192803E0000-0x00000192803F0000-memory.dmp

memory/2400-134-0x00000192F2220000-0x00000192F2221000-memory.dmp

memory/2400-145-0x0000019280400000-0x0000019280410000-memory.dmp

memory/2400-144-0x00000192804A0000-0x00000192804B0000-memory.dmp

memory/2400-149-0x00000192F2220000-0x00000192F2221000-memory.dmp

memory/2400-148-0x00000192804C0000-0x00000192804D0000-memory.dmp

memory/2400-147-0x0000019280410000-0x0000019280420000-memory.dmp

memory/2400-143-0x0000019280490000-0x00000192804A0000-memory.dmp

memory/2400-142-0x00000192803F0000-0x0000019280400000-memory.dmp

memory/2400-150-0x0000019280420000-0x0000019280430000-memory.dmp

memory/2400-152-0x00000192F2220000-0x00000192F2221000-memory.dmp

memory/2400-151-0x00000192804D0000-0x00000192804E0000-memory.dmp

memory/2400-155-0x00000192804E0000-0x00000192804F0000-memory.dmp

memory/2400-154-0x0000019280430000-0x0000019280440000-memory.dmp

memory/2400-165-0x0000019280510000-0x0000019280520000-memory.dmp

memory/2400-167-0x0000019280470000-0x0000019280480000-memory.dmp

memory/2400-166-0x0000019280520000-0x0000019280530000-memory.dmp

memory/2400-163-0x0000019280460000-0x0000019280470000-memory.dmp

memory/2400-162-0x0000019280450000-0x0000019280460000-memory.dmp

memory/2400-161-0x0000019280500000-0x0000019280510000-memory.dmp

memory/2400-160-0x00000192804F0000-0x0000019280500000-memory.dmp

memory/2400-159-0x0000019280440000-0x0000019280450000-memory.dmp

memory/2400-171-0x0000019280530000-0x0000019280540000-memory.dmp

memory/2400-170-0x0000019280480000-0x0000019280490000-memory.dmp

memory/2400-174-0x00000192804A0000-0x00000192804B0000-memory.dmp

memory/2400-173-0x0000019280490000-0x00000192804A0000-memory.dmp

memory/2400-175-0x0000019280540000-0x0000019280550000-memory.dmp

memory/2400-177-0x0000019280550000-0x0000019280560000-memory.dmp

memory/2400-179-0x00000192F2220000-0x00000192F2221000-memory.dmp

memory/2400-182-0x00000192804C0000-0x00000192804D0000-memory.dmp

memory/2400-184-0x00000192804D0000-0x00000192804E0000-memory.dmp

memory/2400-185-0x00000192804E0000-0x00000192804F0000-memory.dmp

memory/2400-186-0x00000192804F0000-0x0000019280500000-memory.dmp

memory/2400-187-0x0000019280500000-0x0000019280510000-memory.dmp

memory/2400-188-0x0000019280510000-0x0000019280520000-memory.dmp

memory/2400-189-0x0000019280520000-0x0000019280530000-memory.dmp

memory/2400-190-0x0000019280530000-0x0000019280540000-memory.dmp

memory/2400-191-0x0000019280540000-0x0000019280550000-memory.dmp

memory/2400-192-0x0000019280550000-0x0000019280560000-memory.dmp

memory/2400-195-0x00000192F2220000-0x00000192F2221000-memory.dmp

memory/2400-201-0x00000192F2220000-0x00000192F2221000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\fabric-installer-native2335754200727659728.tmp

MD5 2a4edd64e186969b56c571c6889b450b
SHA1 6dffeccb4f7f65d0fedc965bea8e1494375a3d9f
SHA256 32a9cbd598dfd72ee53e60c79c195306afd19acc65c8fc1db6d33833d1550f25
SHA512 e3ff5a86dccba08caff1ee17bdf9a33a1e0a43e0ab669a23e0eb8f9d8f85d1383ec959d7cde6ef6b40fe58ae02a795761fdd36769aaf202c0ff5d2eda1d1510a

memory/2400-215-0x00000192F2220000-0x00000192F2221000-memory.dmp

memory/2400-235-0x00000192F2220000-0x00000192F2221000-memory.dmp

memory/2400-252-0x00000192F2220000-0x00000192F2221000-memory.dmp