Overview

overview

9

Static

static

3

FiddlerSetup.exe

windows7-x64

4

FiddlerSetup.exe

windows10-2004-x64

9

$PLUGINSDI...up.exe

windows7-x64

3

$PLUGINSDI...up.exe

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analytics.dll

windows7-x64

1

Analytics.dll

windows10-2004-x64

1

Be.Windows...ox.dll

windows7-x64

1

Be.Windows...ox.dll

windows10-2004-x64

1

DotNetZip.dll

windows7-x64

1

DotNetZip.dll

windows10-2004-x64

1

EnableLoopback.exe

windows7-x64

1

EnableLoopback.exe

windows10-2004-x64

5

ExecAction.exe

windows7-x64

1

ExecAction.exe

windows10-2004-x64

1

FSE2.exe

windows7-x64

3

FSE2.exe

windows10-2004-x64

3

Fiddler.exe

windows7-x64

1

Fiddler.exe

windows10-2004-x64

3

ForceCPU.exe

windows7-x64

1

ForceCPU.exe

windows10-2004-x64

1

GA.Analyti...or.dll

windows7-x64

1

GA.Analyti...or.dll

windows10-2004-x64

1

ImportExpo...ts.dll

windows7-x64

1

ImportExpo...ts.dll

windows10-2004-x64

1

ImportExpo...rt.dll

windows7-x64

1

ImportExpo...rt.dll

windows10-2004-x64

1

Inspectors...on.dll

windows7-x64

1

Inspectors...on.dll

windows10-2004-x64

1

Inspectors...or.dll

windows7-x64

1

Inspectors...or.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-03-2024 17:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Fiddler.exe

  • Size

    1.5MB

  • MD5

    a5b8c0f51898e9d55e4b3aa7904adf32

  • SHA1

    5eaff276409670f3e8ce4cbb17086f1362d18868

  • SHA256

    5e3006a575d4acce2e5e3cec684d7e9a1fbc3efbb73f06f5c4604faebf014ad3

  • SHA512

    6abf01f09c8c6e430118de27322f4d67bf25018633544556630c47bfa9adc2c1fd186c94119a0b9be6c2d8dead9bbb46a8b1185fe02da2085601b0e9613ad427

  • SSDEEP

    12288:nkcQS3I8s758yMQhaTqylrpxVKXgDPL5daRtriRStgz+/iUFu0o3AklQvleUl053:rOrc7WeJ3WZwo343m+pmjtSDN

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 17 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Fiddler.exe
    "C:\Users\Admin\AppData\Local\Temp\Fiddler.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2168
  • C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    1⤵
      PID:2828

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Progress_Software_Corpora\Fiddler.exe_Url_sblwdlp4jxb3bmuxfbi1zl1jd5acanau\5.0.20211.51073\user.config
      Filesize

      966B

      MD5

      2c448ed2239dfa5215c72df3f3e3f3a2

      SHA1

      9d0bd4229e906b97a9b58044869ab06d7f1a38c7

      SHA256

      02b88887582b3de13d041310d6596d4a14cbaa1fc8b17caef9b2f60e6bcad58f

      SHA512

      ff0a05a2482d5b57d6304989a5890ca2f204c1d1991f6adcfa956d9cf2597040d188467747deb9b947674ce8c7458e00b688b169cea712e092efdd30d1764144

      Download Submit

    • memory/2168-9-0x0000000002400000-0x0000000002480000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2168-4-0x0000000002400000-0x0000000002480000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2168-3-0x0000000002400000-0x0000000002480000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2168-17-0x000000001BA40000-0x000000001BA48000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2168-5-0x0000000002400000-0x0000000002480000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2168-16-0x000000001BA30000-0x000000001BA38000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2168-8-0x000000001AF00000-0x000000001AF0C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/2168-7-0x000000001AF00000-0x000000001AF0C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/2168-0-0x00000000009C0000-0x0000000000B3E000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/2168-10-0x000000001B480000-0x000000001B4C2000-memory.dmp

      Filesize

      264KB

      Download

    • memory/2168-11-0x000000001B9F0000-0x000000001BA02000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2168-12-0x0000000002400000-0x0000000002480000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2168-13-0x000000001B4D0000-0x000000001B4E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2168-20-0x000000001BA60000-0x000000001BA6E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/2168-19-0x000000001E750000-0x000000001E776000-memory.dmp

      Filesize

      152KB

      Download

    • memory/2168-21-0x00000000203F0000-0x00000000204AA000-memory.dmp

      Filesize

      744KB

      Download

    • memory/2168-45-0x0000000002400000-0x0000000002480000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2168-2-0x0000000002400000-0x0000000002480000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2168-6-0x000000001AA00000-0x000000001AA0C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/2168-15-0x000000001BA10000-0x000000001BA2A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/2168-14-0x00000000211E0000-0x000000002138E000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/2168-22-0x0000000021390000-0x000000002188E000-memory.dmp

      Filesize

      5.0MB

      Download

    • memory/2168-23-0x0000000021890000-0x0000000021D8E000-memory.dmp

      Filesize

      5.0MB

      Download

    • memory/2168-24-0x000000001BBC0000-0x000000001BBC8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2168-25-0x000000001BBD0000-0x000000001BBD8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2168-29-0x0000000002400000-0x0000000002480000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2168-1-0x000007FEF5800000-0x000007FEF61EC000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2168-35-0x000000001F130000-0x000000001F1D8000-memory.dmp

      Filesize

      672KB

      Download

    • memory/2168-36-0x000007FEF5800000-0x000007FEF61EC000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2168-39-0x0000000023950000-0x00000000240F6000-memory.dmp

      Filesize

      7.6MB

      Download

    • memory/2168-42-0x0000000002400000-0x0000000002480000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2168-43-0x0000000002400000-0x0000000002480000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2168-44-0x0000000002400000-0x0000000002480000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2168-18-0x000000001BA50000-0x000000001BA5C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/2168-46-0x0000000002400000-0x0000000002480000-memory.dmp

      Filesize

      512KB

      Download