169605839aebe681cc8f32304083932a0a710dad4d24c900a9dc17d92f6efd29

Analysis

max time kernel
121s
max time network
139s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30-06-2024 01:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Fiddler.exe
Size

1.4MB
MD5

bf4fb7029571683986ecf3a48eacd4fd
SHA1

5f1c4f0a79f4a0c8e96d27adbf0153a45a58cc11
SHA256

b0eab66bae42868d402f326a37cb0e4364d4a686eb5feb4d93325b5078c1bc0e
SHA512

ec240842386f28e87576720252d12c5a02ea9e2c29485d1acaea34c89a1577041462610d953a59e9e4acef4d3c566e861d6672a00d9bf196d778bf13a45bb25e
SSDEEP

24576:HA93BNl5yPcNBSuUsRCb/l+53flpmjaqkIw:swLzkIw

Score

6^/10

Malware Config

Signatures

Downloads MZ/PE file
Modifies Internet Explorer settings 1 TTPs 1 IoCs
adware spyware

Modify Registry
T1112

Processes:

Fiddler.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main Fiddler.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

Fiddler.exe

pid process

2916 Fiddler.exe
2916 Fiddler.exe
2916 Fiddler.exe
2916 Fiddler.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Fiddler.exe

description pid process

Token: SeDebugPrivilege 2916 Fiddler.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

Fiddler.exe

pid process

2916 Fiddler.exe
2916 Fiddler.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	Fiddler.exe

pid	process
2916	Fiddler.exe
2916	Fiddler.exe
2916	Fiddler.exe
2916	Fiddler.exe

description	pid	process
Token: SeDebugPrivilege	2916	Fiddler.exe

pid	process
2916	Fiddler.exe
2916	Fiddler.exe

C:\Users\Admin\AppData\Local\Temp\Fiddler.exe
"C:\Users\Admin\AppData\Local\Temp\Fiddler.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9784ca32e86052e3f22109653c91b074

SHA1
15cc00a6849743c65fa46a7bfc36a00f03c577e5

SHA256
57cf4213f879b97bc00b68aae15ff4fdff511b141c4fbf44248121a702c398ab

SHA512
792398212f3fac8a119076190a073e143d970ac95ea33747bf29c5020611b9bafaac9812ffc60843ddb18f6921fad2d109bddc1140edb5685523368b4579d4d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
bd892836313502d61ac1a64012a792f2

SHA1
30968f7255b204c354eadb4624bf843fee998da5

SHA256
08979555f575f1a1ed906812edd44ecfa5d4b1d499a8e7b490a43d386aa323df

SHA512
cc85c9229ff0e50ad85201bd8c1fb7dc0d8233fdc7d57397aef2f6787f72373489dfbe63243655fabc8a12a6827fde52235add874107208775f381073e884ed4

Download Submit
C:\Users\Admin\AppData\Local\Progress_Software_Corpora\Fiddler.exe_Url_sblwdlp4jxb3bmuxfbi1zl1jd5acanau\5.0.20202.18177\user.config

Filesize
966B

MD5
e73446b3922c9ec6bc5092873b0db117

SHA1
846f8fc308aa3e2e2b48e54eac10b2c57ccee8fd

SHA256
23d100bd5b481e4798620eff38865daecd0ba9d72fd39faa92e48049b4bf620b

SHA512
92ee3281d7ed8a7bcbd48a803f04f7e133b88c101c339ba1e5204963b55b533d39306972b05244301f004fd495dd9ef0b6c37af5e3827e501b17d3fe03c739ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar215B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\Desktop\FiddlerAutoUpdater.exe

Filesize
4.4MB

MD5
78537045a5e032d4ac93514f027c7a47

SHA1
5b6e705b20652c0cf39ee890013b9b8e8ad26b07

SHA256
06812518a722af6f98fbd8c3a5ace0cad1c6d53477972618728e64bafcbc948c

SHA512
8fee84a791ae85175b7d61b54c66fc47abd4e231b7194779d2213f94c388b23e3f8e0408a1f29856b2a0404d824f17858f6b0676f6a1656428424665658c4a47

Download Submit
memory/2916-19-0x000000001B910000-0x000000001B92A000-memory.dmp

Filesize
104KB

Download
memory/2916-23-0x000000001F330000-0x000000001F356000-memory.dmp

Filesize
152KB

Download
memory/2916-4-0x000000001A8D0000-0x000000001A8E6000-memory.dmp

Filesize
88KB

Download
memory/2916-5-0x000000001B8C0000-0x000000001B908000-memory.dmp

Filesize
288KB

Download
memory/2916-6-0x000000001A980000-0x000000001A9A4000-memory.dmp

Filesize
144KB

Download
memory/2916-7-0x000007FEF61B0000-0x000007FEF6B9C000-memory.dmp

Filesize
9.9MB

Download
memory/2916-8-0x000007FEF61B0000-0x000007FEF6B9C000-memory.dmp

Filesize
9.9MB

Download
memory/2916-9-0x000007FEF61B0000-0x000007FEF6B9C000-memory.dmp

Filesize
9.9MB

Download
memory/2916-10-0x000000001AB80000-0x000000001AB8C000-memory.dmp

Filesize
48KB

Download
memory/2916-11-0x000000001AB90000-0x000000001AB9C000-memory.dmp

Filesize
48KB

Download
memory/2916-12-0x000000001AB90000-0x000000001AB9C000-memory.dmp

Filesize
48KB

Download
memory/2916-13-0x000007FEF61B0000-0x000007FEF6B9C000-memory.dmp

Filesize
9.9MB

Download
memory/2916-14-0x000000001F060000-0x000000001F0A2000-memory.dmp

Filesize
264KB

Download
memory/2916-15-0x000000001B140000-0x000000001B152000-memory.dmp

Filesize
72KB

Download
memory/2916-16-0x000000001B090000-0x000000001B0A0000-memory.dmp

Filesize
64KB

Download
memory/2916-17-0x000007FEF61B0000-0x000007FEF6B9C000-memory.dmp

Filesize
9.9MB

Download
memory/2916-18-0x000000001F4F0000-0x000000001F69E000-memory.dmp

Filesize
1.7MB

Download
memory/2916-2-0x000007FEF61B0000-0x000007FEF6B9C000-memory.dmp

Filesize
9.9MB

Download
memory/2916-20-0x000000001B930000-0x000000001B938000-memory.dmp

Filesize
32KB

Download
memory/2916-22-0x000000001B960000-0x000000001B96C000-memory.dmp

Filesize
48KB

Download
memory/2916-21-0x000000001B940000-0x000000001B948000-memory.dmp

Filesize
32KB

Download
memory/2916-3-0x000000001A880000-0x000000001A8D0000-memory.dmp

Filesize
320KB

Download
memory/2916-24-0x000000001B970000-0x000000001B97E000-memory.dmp

Filesize
56KB

Download
memory/2916-25-0x000000001F6A0000-0x000000001F75A000-memory.dmp

Filesize
744KB

Download
memory/2916-26-0x000000001FA20000-0x000000001FF1E000-memory.dmp

Filesize
5.0MB

Download
memory/2916-27-0x000000001FF20000-0x000000002041E000-memory.dmp

Filesize
5.0MB

Download
memory/2916-28-0x000000001CA00000-0x000000001CA08000-memory.dmp

Filesize
32KB

Download
memory/2916-29-0x000000001E7E0000-0x000000001E7E8000-memory.dmp

Filesize
32KB

Download
memory/2916-33-0x000007FEF61B0000-0x000007FEF6B9C000-memory.dmp

Filesize
9.9MB

Download
memory/2916-39-0x000000001FA20000-0x000000001FAC8000-memory.dmp

Filesize
672KB

Download
memory/2916-76-0x000007FEF61B0000-0x000007FEF6B9C000-memory.dmp

Filesize
9.9MB

Download
memory/2916-78-0x00000000233D0000-0x0000000023B76000-memory.dmp

Filesize
7.6MB

Download
memory/2916-82-0x000007FEF61B3000-0x000007FEF61B4000-memory.dmp

Filesize
4KB

Download
memory/2916-84-0x000007FEF61B0000-0x000007FEF6B9C000-memory.dmp

Filesize
9.9MB

Download
memory/2916-85-0x000007FEF61B0000-0x000007FEF6B9C000-memory.dmp

Filesize
9.9MB

Download
memory/2916-1-0x0000000000250000-0x00000000003C6000-memory.dmp

Filesize
1.5MB

Download
memory/2916-0-0x000007FEF61B3000-0x000007FEF61B4000-memory.dmp

Filesize
4KB

Download
memory/2916-86-0x000007FEF61B0000-0x000007FEF6B9C000-memory.dmp

Filesize
9.9MB

Download
memory/2916-87-0x000007FEF61B0000-0x000007FEF6B9C000-memory.dmp

Filesize
9.9MB

Download
memory/2916-266-0x000007FEF61B0000-0x000007FEF6B9C000-memory.dmp

Filesize
9.9MB

Download
memory/2916-267-0x000007FEF61B0000-0x000007FEF6B9C000-memory.dmp

Filesize
9.9MB

Download
memory/2916-268-0x000007FEF61B0000-0x000007FEF6B9C000-memory.dmp

Filesize
9.9MB

Download
memory/2916-269-0x000007FEF61B0000-0x000007FEF6B9C000-memory.dmp

Filesize
9.9MB

Download