06812518a722af6f98fbd8c3a5ace0cad1c6d53477972618728e64bafcbc948c

Analysis

max time kernel
144s
max time network
136s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
10/10/2024, 10:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Fiddler.exe
Size

3.5MB
MD5

32cf2e7c6ae825d5f7cb2a7d39c2ee24
SHA1

262176d879e7727375025cae4aafc90698adad26
SHA256

d7ea71114bfe70383c1ac2be6dd19676805a0afb6e20c0ad3000018afad093e5
SHA512

a72e70f1a11d4443aedc56a2453cb3ed05bd8106b0e906364f23f01098a378440d2d86ac15f6d98ceedfe18b0a60d80f6806300b390c2969c3de97cb380b82c2
SSDEEP

49152:0Ms91NvXsJm+5Tti9og1fcaufet3YG5kCTnEsRH0jgB3:RsfNvXsJm+5TtiTMfeJnEsRHAgt

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	Fiddler.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

pid	Process
2148	Fiddler.exe
2148	Fiddler.exe
2148	Fiddler.exe
2148	Fiddler.exe
2148	Fiddler.exe
2148	Fiddler.exe
2148	Fiddler.exe
2148	Fiddler.exe
2148	Fiddler.exe
2148	Fiddler.exe
2148	Fiddler.exe
2148	Fiddler.exe
2148	Fiddler.exe
2148	Fiddler.exe
2148	Fiddler.exe
2148	Fiddler.exe
2148	Fiddler.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2148	Fiddler.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2148	Fiddler.exe
2148	Fiddler.exe

C:\Users\Admin\AppData\Local\Temp\Fiddler.exe
"C:\Users\Admin\AppData\Local\Temp\Fiddler.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2148

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:2804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Progress_Software_Corpora\Fiddler.exe_Url_sblwdlp4jxb3bmuxfbi1zl1jd5acanau\5.0.20242.10753\user.config

Filesize
966B

MD5
0614bfd813d8b79da1f4ad1b5f8c2d80

SHA1
a43a88b65b24821670138f0db7424005dddccb1b

SHA256
8480578c28d9f5df51fe7df8199514f00b520e696975249a4e15cf2a9d4457d4

SHA512
891f7c006154fa8c36578906221e1a6c577ca05053417c49ba852e3f3ff012c8c7d4438202025aa5ecf983ecbd35cf1241ba63950583d7da419651cdb36f5948

Download Submit
C:\Users\Admin\AppData\Local\Progress_Software_Corpora\Fiddler.exe_Url_sblwdlp4jxb3bmuxfbi1zl1jd5acanau\5.0.20242.10753\user.config

Filesize
1KB

MD5
469899558574f01ff57606562e413372

SHA1
eaf070b8bc7f0770e87d66dc84e3d1c62837aac4

SHA256
ec3e0f7049df6d7e69b162f91f3cf819ee1f6fbbd87926824ec2f3f575250b5e

SHA512
cb97f624ddade7a0fa4c66d072f1bad281af5e4c14c0bda903a82fe54f664d29fec751a3f733d7bedf80fcc25e644700f707cc9545c06c29d0c817deb8f142e4

Download Submit
C:\Users\Admin\AppData\Local\Progress_Software_Corpora\Fiddler.exe_Url_sblwdlp4jxb3bmuxfbi1zl1jd5acanau\5.0.20242.10753\user.config

Filesize
1KB

MD5
070cd3a2e9a881c8505d90ce3f6fb478

SHA1
3fbbac45de3a301a5af3aa7f897b560642c5c66d

SHA256
467300b24bd1474d3a145d128fd25f40e54d8996396f1a5251761dc0f31b24a0

SHA512
2fe00a66aa4f4e7831963212d271f846b948e7c9d6ebb67ff26031606997ef4bbe1e64972ca6e90f9e70c6a5e95d0fca2a391892d06eb365235c8a17a3fa9612

Download Submit
memory/2148-9-0x000007FEF55B0000-0x000007FEF5F9C000-memory.dmp

Filesize
9.9MB

Download
memory/2148-5-0x000007FEF55B0000-0x000007FEF5F9C000-memory.dmp

Filesize
9.9MB

Download
memory/2148-4-0x000007FEF55B0000-0x000007FEF5F9C000-memory.dmp

Filesize
9.9MB

Download
memory/2148-6-0x000000001B140000-0x000000001B14C000-memory.dmp

Filesize
48KB

Download
memory/2148-7-0x000000001B5B0000-0x000000001B5BC000-memory.dmp

Filesize
48KB

Download
memory/2148-8-0x000000001B5B0000-0x000000001B5BC000-memory.dmp

Filesize
48KB

Download
memory/2148-0-0x000007FEF55B3000-0x000007FEF55B4000-memory.dmp

Filesize
4KB

Download
memory/2148-10-0x000000001BE70000-0x000000001BEB2000-memory.dmp

Filesize
264KB

Download
memory/2148-11-0x000000001BF00000-0x000000001BF12000-memory.dmp

Filesize
72KB

Download
memory/2148-12-0x000000001B600000-0x000000001B610000-memory.dmp

Filesize
64KB

Download
memory/2148-14-0x0000000021400000-0x00000000215DA000-memory.dmp

Filesize
1.9MB

Download
memory/2148-13-0x000007FEF55B0000-0x000007FEF5F9C000-memory.dmp

Filesize
9.9MB

Download
memory/2148-16-0x000000001BA60000-0x000000001BA6A000-memory.dmp

Filesize
40KB

Download
memory/2148-15-0x000000001C1B0000-0x000000001C1CA000-memory.dmp

Filesize
104KB

Download
memory/2148-17-0x000000001C010000-0x000000001C018000-memory.dmp

Filesize
32KB

Download
memory/2148-19-0x000000001C1D0000-0x000000001C1F6000-memory.dmp

Filesize
152KB

Download
memory/2148-20-0x000000001C200000-0x000000001C20E000-memory.dmp

Filesize
56KB

Download
memory/2148-18-0x000000001C120000-0x000000001C12C000-memory.dmp

Filesize
48KB

Download
memory/2148-2-0x000007FEF55B0000-0x000007FEF5F9C000-memory.dmp

Filesize
9.9MB

Download
memory/2148-22-0x00000000219E0000-0x0000000021EDE000-memory.dmp

Filesize
5.0MB

Download
memory/2148-23-0x0000000021EE0000-0x00000000223DE000-memory.dmp

Filesize
5.0MB

Download
memory/2148-24-0x000000001C220000-0x000000001C228000-memory.dmp

Filesize
32KB

Download
memory/2148-25-0x000000001C240000-0x000000001C248000-memory.dmp

Filesize
32KB

Download
memory/2148-29-0x000007FEF55B0000-0x000007FEF5F9C000-memory.dmp

Filesize
9.9MB

Download
memory/2148-3-0x000007FEF55B0000-0x000007FEF5F9C000-memory.dmp

Filesize
9.9MB

Download
memory/2148-35-0x000000001CF30000-0x000000001CFD8000-memory.dmp

Filesize
672KB

Download
memory/2148-36-0x000007FEF55B3000-0x000007FEF55B4000-memory.dmp

Filesize
4KB

Download
memory/2148-37-0x000007FEF55B0000-0x000007FEF5F9C000-memory.dmp

Filesize
9.9MB

Download
memory/2148-21-0x000000001F650000-0x000000001F70A000-memory.dmp

Filesize
744KB

Download
memory/2148-49-0x000007FEF55B0000-0x000007FEF5F9C000-memory.dmp

Filesize
9.9MB

Download
memory/2148-50-0x000007FEF55B0000-0x000007FEF5F9C000-memory.dmp

Filesize
9.9MB

Download
memory/2148-51-0x000007FEF55B0000-0x000007FEF5F9C000-memory.dmp

Filesize
9.9MB

Download
memory/2148-52-0x000007FEF55B0000-0x000007FEF5F9C000-memory.dmp

Filesize
9.9MB

Download
memory/2148-53-0x00000000244F0000-0x0000000024C96000-memory.dmp

Filesize
7.6MB

Download
memory/2148-1-0x0000000000CF0000-0x0000000001072000-memory.dmp

Filesize
3.5MB

Download
memory/2148-65-0x000007FEF55B0000-0x000007FEF5F9C000-memory.dmp

Filesize
9.9MB

Download