Analysis Overview
SHA256
d90987a8f7a56cd9c09f69585de0ee6241c326f5b41399b2a8319d03fe6ce64e
Threat Level: Shows suspicious behavior
The file fabric-installer-1.0.1.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Unsigned PE
System Location Discovery: System Language Discovery
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 23:20
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 23:20
Reported
2024-11-09 23:23
Platform
win7-20240903-en
Max time kernel
117s
Max time network
134s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fabric-installer-1.0.1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{40F0B331-9EF1-11EF-81BB-F2BBDB1F0DCB} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3035a217fe32db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d907000000000200000000001066000000010000200000004f455b73da825336870a4bdc3981df128fd7518c6b01f7f68a85b07fe8fccde7000000000e800000000200002000000074c7fc1d19451c2c2e9bfbed7b638b508e6573c371ece5ea30b9d06167e0f26f20000000997450dcb02070cbf522246824395c14db1e699464de86208ba2d32f527be84140000000d1080696c9c24c7815a1fb81645b0f4cf8fb44ae8669929d5099c214f8eb9454d7df3de6e812f934905810470d3bf3c2a231663e7abdfb1fba96dc7d2572811d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437356316" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d90700000000020000000000106600000001000020000000b42ff186526c3a41c770f06bb3d612bc49fbf1ad98848ddb26328b4bd71e38c3000000000e8000000002000020000000503e58d921dd920b9eaa6a6591006f403fe57ff2b004ad23c908b66c32f56ae690000000cc59d821befcf7cf03a9aa9bfc192ea7a44d01ba45bc6866567d7f65ae7bf5c2dbbfeba70aed2bd9af5d17dd67d2dba880315bb0668f623474dc1c68d2e9a8a7a008e349e4355895a6c9cf1824ff72f32c2f17ddcb57dd554b6c1c0e96c6b9a7ea4477d7b7d2bda7c622daed914427a99e9f6248f34e9ba3ae2b5358a4cdc27f21d61f4b98899442e6834c209a9c3e4640000000c313d0dd7eeb8697da8b7de7d8c42ac9b4d049a4fe89eb628f0e21e0191df17370a5da6e1a2221ee86fb7801be2e18fa68b0953e752283e4b6006bbd07015061 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\fabric-installer-1.0.1.exe
"C:\Users\Admin\AppData\Local\Temp\fabric-installer-1.0.1.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://fabricmc.net/wiki/player:tutorials:java:windows
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2148 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | fabricmc.net | udp |
| FI | 65.109.48.61:443 | fabricmc.net | tcp |
| FI | 65.109.48.61:443 | fabricmc.net | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 2.23.210.82:80 | r11.o.lencr.org | tcp |
| GB | 2.23.210.75:80 | r11.o.lencr.org | tcp |
| FI | 65.109.48.61:443 | fabricmc.net | tcp |
| FI | 65.109.48.61:443 | fabricmc.net | tcp |
| FI | 65.109.48.61:443 | fabricmc.net | tcp |
| FI | 65.109.48.61:443 | fabricmc.net | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.19.117.18:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01LB6K3J\favicon[1].ico
| MD5 | 94bed0e172b2d893f1a2e046ed9a9baf |
| SHA1 | 050d1b4d6752dd973ddb31beca55815e300180b7 |
| SHA256 | ad44b5a49faee0d955620c627d1710e662893688522e7051dfdae10b42984a27 |
| SHA512 | 515e21806859deee755e617bf1ddb28b363b34e65b4cb6853764e6f53014d405184b6fdf333ae33722d8e7a69b8c93f401c5cacce0e217013237ffa475994fd7 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9fajjbh\imagestore.dat
| MD5 | 6995eba422e2074bd88c8635822d6dde |
| SHA1 | 5a4159d086ca54461d1c4d1e4e3203551909168f |
| SHA256 | 162723d6e39a6890c91184708a69b2c4e72c7b77b2054b92bd9de855ec9bce04 |
| SHA512 | ca176bb9ad8b791a45c9dfbff5200fa013dee34ca8a38c05a18adb2c1f9ecabd833f6c3055cfde6b198f402113962806fcf2c1fa5f330dc1d404f5e23ea6c7de |
C:\Users\Admin\AppData\Local\Temp\TarF6F.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\CabF6D.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a9eda258f16a8345092733571cab401 |
| SHA1 | 5ed6c079ebff2e3d36096ea65ee2c933bd2dc912 |
| SHA256 | 2d353568fe1595db5092eb4f214c28a76744f81ee60a7c2f31abe03109349481 |
| SHA512 | 43e1d36c2ab029775beefb9b2c2ff00372bedeb7caf2a422532eac8485efd051143474bbbb54f6f257714f0778a513378abcf22e0bea6696c0e9a66a75ca712d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6fca27c3f76339a54b3d3ace40b095db |
| SHA1 | 40283c3758d5819eb0a08ed40eed4d08281c5890 |
| SHA256 | 45e6c8ea818fa6d0f5dfa118d54b2711de4a4fdf72d1718a783d31c9a4c33e5c |
| SHA512 | 4f984d9cf2c5dba6282358ec4f77023d3e602efd9581baed69996db4cc93dd72492de3947b32a62614a1b88ed8349a84816eef3b8cc2756d53dd1b9e1ca6e830 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e30877bd0e5062466e7304a64cddf51b |
| SHA1 | 02bb9dd459d97b4414887d30c271d0e13e1041ad |
| SHA256 | ef97452991a55c2aae584759b28d915c46e780861ab6694bbde02f22585f30e6 |
| SHA512 | e4203e74794147927b9273e52b6d9a17f15fb9361c7efd42b09e1a3308ed846259852179dd562872061c2c7f8e123efcb5dac4ced6c319880cd420f165f1c186 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76048d69b215d4c2ad4d1417adb0f8e7 |
| SHA1 | 3d5c3dad801c2f66001a7ef420bd88173247f2f2 |
| SHA256 | cba7540ba982d6f58dabcee0681d7c393c037f1d93d6b534d6c7c09f6a82f937 |
| SHA512 | ba2d2c359c32ce80e69e50970a0a7f8c44196baafeced4d90bb364acdeb51036c7aa47d435db83339b4c911e211a62fa41374e8a35e9ede2efa685830164243f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ba845dde6f53819edd4dc4af226de03 |
| SHA1 | 07fbe02020307037c942990b61329a5eb8e189be |
| SHA256 | a25adb224ae75f7531fc0d63b6e73e941b36524577dc8ad6c112b290608c5b1c |
| SHA512 | 2f2c2be5a8f4f429bc2e836f2568157fa187187d38e7fc9a3fec40bbdda3bccc1c10bbbaaa26ae903faa55586faf4589b3a2e1042b7f4cd0d0a763795561996a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a626a4b002ef1b84553c0c785f40e05 |
| SHA1 | f1614368b5f1bc80be08df88860a5f1eeb332eda |
| SHA256 | f58bc6a2e96960ace16873997c652981adbf3bce62da5837a7992cb42dccf3bd |
| SHA512 | c58256fc6d2e56700b3fef3c2360ead318abc88f0104bb1b6d499349d48fc52d3e1c4fe6d539e61a90262ce883c995bf23de7cd6ae029d8af9f363f4042edc0a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5b17f59d202c822eca0f3159b4e594d |
| SHA1 | e7fbdfbbfc622aab77ae12b87a95cc4d63448d69 |
| SHA256 | a50f39e62f2565b9dadbce6ba022f9804f8935f631cfa49d0a1b5a65071d9d04 |
| SHA512 | 217ffbd8d24c18049f215584b1732647b65acea22ab43357aaf72d23b7db5dd02cb11ff08eeead8c62e85489b2f914c06b6033e136103447eed46942bfcfaaf1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e0a5387acb894f6e8a51cf8ef37fe70 |
| SHA1 | fc77def7bdc8ed2b4e92328846a91343b99ebd6e |
| SHA256 | a64af22c8c116d58b513d9c576809e944d522413e69714377543e7881eed698e |
| SHA512 | bcab941f9023482ac0ac6bd6caf6d237c134a675c5c0e988dd3310f3cc17e941ba36d9e1e99764c9cb34e7d3f6671db0d9e16f40b7f90f1c18af17c36a239935 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 706b278c3f2d71e61917bd442906546c |
| SHA1 | eadff15a4536b7be41fef09496bdd3279291234f |
| SHA256 | 842a2705a5182ce8f89299a09f2897a6c5a9a547ef909fae10c9778046fc9996 |
| SHA512 | 6eb0a8fd03291c56d0844beee96b11f8b53beb37926b6c3cfa5e541cedd03681df361a94a8bc8a4aff38636b667cf18f8a6fe8b5d87cb5fcc126f2c6ac199820 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 049c28ab4af00ecbe9c76320f1432b29 |
| SHA1 | 72b9c31a408b709897914b4ae1b95412638b000b |
| SHA256 | dba925338768eeb22301392d5614e33f720c89c4f28bbfed5c167f56cb45f523 |
| SHA512 | 0e2a5412cb2e2a456108298f33865037769b3483fa2f2ecc341fb10de3c89619dbe77114c0b962481b08753ee7bd468760897c01607123bf0af56e16e2078bfe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c7d9df37c21826838881c59791ab6d1 |
| SHA1 | d468015a3410e76021b029f63896eadb1d79a777 |
| SHA256 | 5dda3d97395c19fb6315f7806eed31231f2463629016821b294230fdb099bc68 |
| SHA512 | 84a143769a73f6b64f2a0c828e9d4fb0b490089ec7369d2cffc2de3912b1c19a74f5f393d5de536e10d87e2faac361e2d550eee304c5b2b8f156dbf74ecada1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | fa931b8d15ce081e18cf3de4a4bed374 |
| SHA1 | b9dcc466ad20b029e690634c62848187e5ac3926 |
| SHA256 | 6440738ffc6bedd8116baecc17e3735888ac4261e9063328c0eb967c22190c38 |
| SHA512 | cd002c21b06436946fb6f7c428b4794f5721843f2cd520066aa253de77b7757f5cc4d2be9993baedf2730c31e9762bddec351ee9c286f135af3a768a7057de84 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d35f3bf8b11218ba82fddff06d7b34b9 |
| SHA1 | e11c11744f31b24074155528126005bbfa8e1a7c |
| SHA256 | 2cced8fa7d5e87e27005dcf3e4f62697993ac619d3601eea8913ff9df07c15a2 |
| SHA512 | 1e437dd413f4f7f24244445ddc4f1471aa925c7f03a67b6ad081597bc158fa04134c54766e67551b8b982f198ca690537cc4b2e83727e32044c21dc4292a6cc9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0fb880f79ee3d62ec152ec548cc56ff0 |
| SHA1 | 5884d0425e550a27daff4f40c2e26456d6c9800a |
| SHA256 | 4f9194b8aa4d66defcaa3ff256f34c840abda51d073146af341c61eeeab7d351 |
| SHA512 | 6af710298499a2fa2e6594f8aa481274c2a2e62a914e1e85c7fdc1cf22028967f94720a3d1f71c99da5ec3b3f6ed4028393b8a434ccfc1a88bd24c7f07fa4382 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88f3bcbde5ec70547cc8b34d38e0cc84 |
| SHA1 | f5d5a960c7ea5776aa1b8cfc0d991c4a8b221f9b |
| SHA256 | aff65e023d473f79336c62e4a103199132168bde46bae92be517277886d1242e |
| SHA512 | 8033aec395929df5a847e0349c03301482a6cdbe0404b574ce2e5e7191e9794dea124fab7b91bfe76efcebc2bb0ae7a1c370b1e781d68875f9188d2cb8aef711 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ed2eecbee9c1e6c01d9d9288e95c211 |
| SHA1 | 74c97e90db3190a1b610ba7cfb49af547f6d4b59 |
| SHA256 | eba270d5b37f68210c8af28d68194478bcc3afe080e97116ab168e79c68db620 |
| SHA512 | ce817b345fbd77595a2dee09fef3f9df7cde6689128be18eb2760595b65777db76a422135be5f917de4cd56498a3406a8b338c72310830a4dcf009124a801fc9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 4608f34287e66846964acaf6b455469d |
| SHA1 | edaee1b4fc822bceeec481da96fc5a715485cb1e |
| SHA256 | cef335b4200729382781ab616cba09b3cb654210bf86326fc6189d121daec35c |
| SHA512 | 48ad7a2b7f35d9c00815ba08ecd375717c7a82665613ef0580ba66aa501f8483543658c48544ae458de7909ad5222b797b7616ee4c8c6aecbd395cf6417f29f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 62f52a3a4d781b6c14c2b5604f5e187e |
| SHA1 | cea5456cd1743a42db9f28f2180bc8f02dede555 |
| SHA256 | 3aa2b03721d2878dbe590091b63191cd552ef38f3a270915607ada6e15fcf35a |
| SHA512 | fac0cf2791d89f217f27821229e0d86351b039209739a49778c122d99bc03fda407757942de80733ed938fd30da025846524f4098f02181f51dc994b55cd24d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 940f7fbafa8b30ae0dc2e77b2a85d26c |
| SHA1 | 7023c918e1b39671d234e18f7a0a29e51a4b2c0a |
| SHA256 | 7286e80f9c927842d4ad193fd69e063514f4ee34a805e4aa6f5cb1b804cad7e3 |
| SHA512 | ad81897451cfa05ba5bc19ca4cad4108f099740751c4178e1cbf03f38b6cfc9b6119306f286692f21a89ca4967de27ed8ea2e47c4c69c41a0403741d4a5ff670 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12d0f4d368bb3e53c1f51a8ee7e8dcef |
| SHA1 | 2e149620d7a4b8ff89d9e32f9bac4e8dfb1e659d |
| SHA256 | 85dd26a3d3f83e0b00f3a66b6535b0f8a3ebd666178fd663a639e61345654ea4 |
| SHA512 | 7c19e85f2838e8c5f19eff78364923843f47d2d7e64752973694fbd39c35228737079ef12f134e0294d099e002e3dfdd4d622a2d3bf22102a6ac546eb8da1278 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0366b82bc4420e9988189bffbf13933a |
| SHA1 | fd43d58e2a8ddd089e9f1bab0d2e66970f4708fa |
| SHA256 | 44c0eba056299f8a16a904a8f3ec28c4317a45bedcca182c52ea6702998957ea |
| SHA512 | ccb63c7e3ae961fd69679f85b9a54d14296cfc06569694b0cd1b761046864d66a8e13e0fcb2394aa45fe775d99e662c63d6d1846ba2b2a7f0055618e256ec3c7 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 23:20
Reported
2024-11-09 23:23
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\fabric-installer-1.0.1.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4144 wrote to memory of 3124 | N/A | C:\Users\Admin\AppData\Local\Temp\fabric-installer-1.0.1.exe | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe |
| PID 4144 wrote to memory of 3124 | N/A | C:\Users\Admin\AppData\Local\Temp\fabric-installer-1.0.1.exe | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe |
| PID 4144 wrote to memory of 2400 | N/A | C:\Users\Admin\AppData\Local\Temp\fabric-installer-1.0.1.exe | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe |
| PID 4144 wrote to memory of 2400 | N/A | C:\Users\Admin\AppData\Local\Temp\fabric-installer-1.0.1.exe | C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\fabric-installer-1.0.1.exe
"C:\Users\Admin\AppData\Local\Temp\fabric-installer-1.0.1.exe"
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
"javaw.exe" "-version"
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
"javaw.exe" "-jar" "C:\Users\Admin\AppData\Local\Temp\fabric-installer-1.0.1.exe" "-fabricInstallerBootstrap" "true"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | meta.fabricmc.net | udp |
| US | 172.67.151.177:443 | meta.fabricmc.net | tcp |
| US | 8.8.8.8:53 | 177.151.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.73.42.20.in-addr.arpa | udp |
Files
memory/3124-2-0x000001FD86E80000-0x000001FD870F0000-memory.dmp
memory/3124-12-0x000001FD855E0000-0x000001FD855E1000-memory.dmp
memory/3124-13-0x000001FD86E80000-0x000001FD870F0000-memory.dmp
memory/2400-16-0x0000019280000000-0x0000019280270000-memory.dmp
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
| MD5 | 1f1f623c8fba44e6ac061c7fbabaab46 |
| SHA1 | 39bff2a87794ae66963dd360849195c112890bdb |
| SHA256 | 6ed9f3e283f36ef094d50d599fc24d6d99fde8b989ca4e312a4fa1ecd51dd93b |
| SHA512 | cb244f15ab24d9fdeb57de4a41d3ccc669ff2190378e1330f0689a889db48c8c16db8a2eca052e24a4c83e21b4c225b4838b71db149a7b912c415ac8a3a4ab73 |
memory/2400-26-0x00000192F2220000-0x00000192F2221000-memory.dmp
memory/2400-30-0x00000192F2220000-0x00000192F2221000-memory.dmp
memory/2400-34-0x0000019280270000-0x0000019280280000-memory.dmp
memory/2400-35-0x0000019280280000-0x0000019280290000-memory.dmp
memory/2400-37-0x0000019280290000-0x00000192802A0000-memory.dmp
memory/2400-39-0x00000192802A0000-0x00000192802B0000-memory.dmp
memory/2400-41-0x00000192802B0000-0x00000192802C0000-memory.dmp
memory/2400-43-0x00000192802C0000-0x00000192802D0000-memory.dmp
memory/2400-45-0x00000192802D0000-0x00000192802E0000-memory.dmp
memory/2400-47-0x00000192802E0000-0x00000192802F0000-memory.dmp
memory/2400-50-0x0000019280000000-0x0000019280270000-memory.dmp
memory/2400-53-0x0000019280270000-0x0000019280280000-memory.dmp
memory/2400-52-0x0000019280300000-0x0000019280310000-memory.dmp
memory/2400-51-0x00000192802F0000-0x0000019280300000-memory.dmp
memory/2400-55-0x0000019280310000-0x0000019280320000-memory.dmp
memory/2400-58-0x0000019280320000-0x0000019280330000-memory.dmp
memory/2400-57-0x0000019280280000-0x0000019280290000-memory.dmp
memory/2400-61-0x0000019280330000-0x0000019280340000-memory.dmp
memory/2400-60-0x0000019280290000-0x00000192802A0000-memory.dmp
memory/2400-63-0x00000192802A0000-0x00000192802B0000-memory.dmp
memory/2400-64-0x0000019280340000-0x0000019280350000-memory.dmp
memory/2400-66-0x00000192802B0000-0x00000192802C0000-memory.dmp
memory/2400-67-0x0000019280350000-0x0000019280360000-memory.dmp
memory/2400-71-0x0000019280360000-0x0000019280370000-memory.dmp
memory/2400-70-0x00000192802C0000-0x00000192802D0000-memory.dmp
memory/2400-73-0x0000019280370000-0x0000019280380000-memory.dmp
memory/2400-72-0x00000192802D0000-0x00000192802E0000-memory.dmp
memory/2400-75-0x00000192F2220000-0x00000192F2221000-memory.dmp
memory/2400-77-0x0000019280380000-0x0000019280390000-memory.dmp
memory/2400-76-0x00000192802E0000-0x00000192802F0000-memory.dmp
memory/2400-80-0x0000019280390000-0x00000192803A0000-memory.dmp
memory/2400-79-0x00000192802F0000-0x0000019280300000-memory.dmp
memory/2400-82-0x0000019280300000-0x0000019280310000-memory.dmp
memory/2400-83-0x00000192803A0000-0x00000192803B0000-memory.dmp
memory/2400-87-0x00000192803B0000-0x00000192803C0000-memory.dmp
memory/2400-86-0x0000019280310000-0x0000019280320000-memory.dmp
memory/2400-93-0x0000019280330000-0x0000019280340000-memory.dmp
memory/2400-92-0x00000192803D0000-0x00000192803E0000-memory.dmp
memory/2400-91-0x00000192803C0000-0x00000192803D0000-memory.dmp
memory/2400-90-0x0000019280320000-0x0000019280330000-memory.dmp
memory/2400-97-0x0000019280340000-0x0000019280350000-memory.dmp
memory/2400-98-0x00000192803E0000-0x00000192803F0000-memory.dmp
memory/2400-103-0x00000192803F0000-0x0000019280400000-memory.dmp
memory/2400-102-0x0000019280350000-0x0000019280360000-memory.dmp
memory/2400-106-0x0000019280400000-0x0000019280410000-memory.dmp
memory/2400-105-0x0000019280360000-0x0000019280370000-memory.dmp
memory/2400-108-0x0000019280370000-0x0000019280380000-memory.dmp
memory/2400-109-0x0000019280410000-0x0000019280420000-memory.dmp
memory/2400-112-0x0000019280420000-0x0000019280430000-memory.dmp
memory/2400-111-0x0000019280380000-0x0000019280390000-memory.dmp
memory/2400-114-0x0000019280390000-0x00000192803A0000-memory.dmp
memory/2400-115-0x0000019280430000-0x0000019280440000-memory.dmp
memory/2400-119-0x00000192F2220000-0x00000192F2221000-memory.dmp
memory/2400-121-0x0000019280440000-0x0000019280450000-memory.dmp
memory/2400-120-0x00000192803A0000-0x00000192803B0000-memory.dmp
memory/2400-124-0x00000192803B0000-0x00000192803C0000-memory.dmp
memory/2400-128-0x00000192803D0000-0x00000192803E0000-memory.dmp
memory/2400-127-0x00000192803C0000-0x00000192803D0000-memory.dmp
memory/2400-126-0x0000019280460000-0x0000019280470000-memory.dmp
memory/2400-125-0x0000019280450000-0x0000019280460000-memory.dmp
memory/2400-132-0x0000019280470000-0x0000019280480000-memory.dmp
memory/2400-136-0x0000019280480000-0x0000019280490000-memory.dmp
memory/2400-135-0x00000192803E0000-0x00000192803F0000-memory.dmp
memory/2400-134-0x00000192F2220000-0x00000192F2221000-memory.dmp
memory/2400-145-0x0000019280400000-0x0000019280410000-memory.dmp
memory/2400-144-0x00000192804A0000-0x00000192804B0000-memory.dmp
memory/2400-149-0x00000192F2220000-0x00000192F2221000-memory.dmp
memory/2400-148-0x00000192804C0000-0x00000192804D0000-memory.dmp
memory/2400-147-0x0000019280410000-0x0000019280420000-memory.dmp
memory/2400-143-0x0000019280490000-0x00000192804A0000-memory.dmp
memory/2400-142-0x00000192803F0000-0x0000019280400000-memory.dmp
memory/2400-150-0x0000019280420000-0x0000019280430000-memory.dmp
memory/2400-152-0x00000192F2220000-0x00000192F2221000-memory.dmp
memory/2400-151-0x00000192804D0000-0x00000192804E0000-memory.dmp
memory/2400-155-0x00000192804E0000-0x00000192804F0000-memory.dmp
memory/2400-154-0x0000019280430000-0x0000019280440000-memory.dmp
memory/2400-165-0x0000019280510000-0x0000019280520000-memory.dmp
memory/2400-167-0x0000019280470000-0x0000019280480000-memory.dmp
memory/2400-166-0x0000019280520000-0x0000019280530000-memory.dmp
memory/2400-163-0x0000019280460000-0x0000019280470000-memory.dmp
memory/2400-162-0x0000019280450000-0x0000019280460000-memory.dmp
memory/2400-161-0x0000019280500000-0x0000019280510000-memory.dmp
memory/2400-160-0x00000192804F0000-0x0000019280500000-memory.dmp
memory/2400-159-0x0000019280440000-0x0000019280450000-memory.dmp
memory/2400-171-0x0000019280530000-0x0000019280540000-memory.dmp
memory/2400-170-0x0000019280480000-0x0000019280490000-memory.dmp
memory/2400-174-0x00000192804A0000-0x00000192804B0000-memory.dmp
memory/2400-173-0x0000019280490000-0x00000192804A0000-memory.dmp
memory/2400-175-0x0000019280540000-0x0000019280550000-memory.dmp
memory/2400-177-0x0000019280550000-0x0000019280560000-memory.dmp
memory/2400-179-0x00000192F2220000-0x00000192F2221000-memory.dmp
memory/2400-182-0x00000192804C0000-0x00000192804D0000-memory.dmp
memory/2400-184-0x00000192804D0000-0x00000192804E0000-memory.dmp
memory/2400-185-0x00000192804E0000-0x00000192804F0000-memory.dmp
memory/2400-186-0x00000192804F0000-0x0000019280500000-memory.dmp
memory/2400-187-0x0000019280500000-0x0000019280510000-memory.dmp
memory/2400-188-0x0000019280510000-0x0000019280520000-memory.dmp
memory/2400-189-0x0000019280520000-0x0000019280530000-memory.dmp
memory/2400-190-0x0000019280530000-0x0000019280540000-memory.dmp
memory/2400-191-0x0000019280540000-0x0000019280550000-memory.dmp
memory/2400-192-0x0000019280550000-0x0000019280560000-memory.dmp
memory/2400-195-0x00000192F2220000-0x00000192F2221000-memory.dmp
memory/2400-201-0x00000192F2220000-0x00000192F2221000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\fabric-installer-native2335754200727659728.tmp
| MD5 | 2a4edd64e186969b56c571c6889b450b |
| SHA1 | 6dffeccb4f7f65d0fedc965bea8e1494375a3d9f |
| SHA256 | 32a9cbd598dfd72ee53e60c79c195306afd19acc65c8fc1db6d33833d1550f25 |
| SHA512 | e3ff5a86dccba08caff1ee17bdf9a33a1e0a43e0ab669a23e0eb8f9d8f85d1383ec959d7cde6ef6b40fe58ae02a795761fdd36769aaf202c0ff5d2eda1d1510a |
memory/2400-215-0x00000192F2220000-0x00000192F2221000-memory.dmp
memory/2400-235-0x00000192F2220000-0x00000192F2221000-memory.dmp
memory/2400-252-0x00000192F2220000-0x00000192F2221000-memory.dmp