Overview

overview

5

Static

static

3

FiddlerSetup.exe

windows7-x64

4

FiddlerSetup.exe

windows10-2004-x64

4

$PLUGINSDI...up.exe

windows7-x64

3

$PLUGINSDI...up.exe

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analytics.dll

windows7-x64

1

Analytics.dll

windows10-2004-x64

1

Be.Windows...ox.dll

windows7-x64

1

Be.Windows...ox.dll

windows10-2004-x64

1

DotNetZip.dll

windows7-x64

1

DotNetZip.dll

windows10-2004-x64

1

EnableLoopback.exe

windows7-x64

1

EnableLoopback.exe

windows10-2004-x64

5

ExecAction.exe

windows7-x64

1

ExecAction.exe

windows10-2004-x64

1

FSE2.exe

windows7-x64

3

FSE2.exe

windows10-2004-x64

3

Fiddler.exe

windows7-x64

1

Fiddler.exe

windows10-2004-x64

3

ForceCPU.exe

windows7-x64

1

ForceCPU.exe

windows10-2004-x64

1

GA.Analyti...or.dll

windows7-x64

1

GA.Analyti...or.dll

windows10-2004-x64

1

ImportExpo...ts.dll

windows7-x64

1

ImportExpo...ts.dll

windows10-2004-x64

1

ImportExpo...rt.dll

windows7-x64

1

ImportExpo...rt.dll

windows10-2004-x64

1

Inspectors...on.dll

windows7-x64

1

Inspectors...on.dll

windows10-2004-x64

1

Inspectors...or.dll

windows7-x64

1

Inspectors...or.dll

windows10-2004-x64

1

Resubmissions

05/03/2024, 13:45

240305-q2myfsha98 5

Analysis

  • max time kernel
    120s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05/03/2024, 13:45

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Fiddler.exe

  • Size

    1.5MB

  • MD5

    a5b8c0f51898e9d55e4b3aa7904adf32

  • SHA1

    5eaff276409670f3e8ce4cbb17086f1362d18868

  • SHA256

    5e3006a575d4acce2e5e3cec684d7e9a1fbc3efbb73f06f5c4604faebf014ad3

  • SHA512

    6abf01f09c8c6e430118de27322f4d67bf25018633544556630c47bfa9adc2c1fd186c94119a0b9be6c2d8dead9bbb46a8b1185fe02da2085601b0e9613ad427

  • SSDEEP

    12288:nkcQS3I8s758yMQhaTqylrpxVKXgDPL5daRtriRStgz+/iUFu0o3AklQvleUl053:rOrc7WeJ3WZwo343m+pmjtSDN

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Fiddler.exe
    "C:\Users\Admin\AppData\Local\Temp\Fiddler.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2292
  • C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    1⤵
      PID:3004

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Progress_Software_Corpora\Fiddler.exe_Url_sblwdlp4jxb3bmuxfbi1zl1jd5acanau\5.0.20211.51073\user.config
      Filesize

      966B

      MD5

      29bd757efdf2000fbd55c76ede82c3e4

      SHA1

      1abcf3be95daa6b68c9d7adebdcd89d69c287406

      SHA256

      6d6f9655abc3cc9e7c6de940361900e8c0a8c17d27f74ca1af2c4c2414b6b205

      SHA512

      9bb9b4848d9e07f3357672e72ec9df3043a84d691337d7617a36d434249d60a0e550293325745b0e5da00bf42cc84aa8dad4f7e033944fedf8ff88e9bd809c64

      Download Submit

    • memory/2292-9-0x000000001B4B0000-0x000000001B530000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2292-19-0x000000001B930000-0x000000001B956000-memory.dmp

      Filesize

      152KB

      Download

    • memory/2292-3-0x000000001B4B0000-0x000000001B530000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2292-4-0x000000001B4B0000-0x000000001B530000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2292-5-0x000000001B4B0000-0x000000001B530000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2292-21-0x00000000207E0000-0x000000002089A000-memory.dmp

      Filesize

      744KB

      Download

    • memory/2292-7-0x000000001AA30000-0x000000001AA3C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/2292-8-0x000000001AA30000-0x000000001AA3C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/2292-0-0x0000000000800000-0x000000000097E000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/2292-10-0x000000001B420000-0x000000001B462000-memory.dmp

      Filesize

      264KB

      Download

    • memory/2292-11-0x000000001B4B0000-0x000000001B530000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2292-12-0x000000001B040000-0x000000001B052000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2292-13-0x000000001B0A0000-0x000000001B0B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2292-14-0x00000000215E0000-0x000000002178E000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/2292-15-0x000000001B3F0000-0x000000001B40A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/2292-17-0x000000001B480000-0x000000001B488000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2292-18-0x000000001B4A0000-0x000000001B4AC000-memory.dmp

      Filesize

      48KB

      Download

    • memory/2292-16-0x000000001B470000-0x000000001B478000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2292-2-0x000000001B4B0000-0x000000001B530000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2292-20-0x000000001B810000-0x000000001B81E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/2292-6-0x000000001AA20000-0x000000001AA2C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/2292-22-0x00000000219F0000-0x0000000021EEE000-memory.dmp

      Filesize

      5.0MB

      Download

    • memory/2292-23-0x0000000022160000-0x000000002265E000-memory.dmp

      Filesize

      5.0MB

      Download

    • memory/2292-25-0x0000000000530000-0x0000000000538000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2292-24-0x0000000000510000-0x0000000000518000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2292-29-0x000000001B4B0000-0x000000001B530000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2292-1-0x000007FEF51A0000-0x000007FEF5B8C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2292-35-0x000000001EAF0000-0x000000001EB98000-memory.dmp

      Filesize

      672KB

      Download

    • memory/2292-36-0x000007FEF51A0000-0x000007FEF5B8C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2292-37-0x000000001B4B0000-0x000000001B530000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2292-38-0x000000001B4B0000-0x000000001B530000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2292-39-0x000000001B4B0000-0x000000001B530000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2292-41-0x000000001B4B0000-0x000000001B530000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2292-42-0x000000001B4B0000-0x000000001B530000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2292-44-0x000000001B4B0000-0x000000001B530000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2292-45-0x0000000023360000-0x0000000023B06000-memory.dmp

      Filesize

      7.6MB

      Download

    • memory/2292-48-0x000000001B4B0000-0x000000001B530000-memory.dmp

      Filesize

      512KB

      Download