9ddd2984852b80fb41546e96a1c3414a55415050761a47633d28a4faeef7a3d1

Resubmissions

11-12-2024 18:37

241211-w9f3rstpez 10

11-12-2024 18:28

241211-w4jayatnat 10

Analysis

max time kernel
431s
max time network
1159s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
11-12-2024 18:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

virus/FiddlerSetup.5.0.20245.10105-latest.exe
Size

4.4MB
MD5

c1980b018489df28be8809eb32519001
SHA1

e860439703d7b6665af4507b20bbef2bbb7b73f4
SHA256

588024037b1e5929b1f2a741fff52a207bcab17f0650ec7cb0cd3cb78051998d
SHA512

f70d419e869e56700a9e23350a9779f5dd56bb78adb9a1b0d5039287a24f20004db20f842294d234d4717feaa3184a5e6d90f0ee3666208bad2ea518d37b0a35
SSDEEP

98304:qMgxyUnSAaB1eXq8yOkLiGXv72Qomw6pvtFIAwdaRdA:qMoWvePjqHv72Qo96pvtF5wH

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1392	FiddlerSetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FiddlerSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FiddlerSetup.5.0.20245.10105-latest.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 936 wrote to memory of 1392	936	FiddlerSetup.5.0.20245.10105-latest.exe	77
PID 936 wrote to memory of 1392	936	FiddlerSetup.5.0.20245.10105-latest.exe	77
PID 936 wrote to memory of 1392	936	FiddlerSetup.5.0.20245.10105-latest.exe	77

C:\Users\Admin\AppData\Local\Temp\virus\FiddlerSetup.5.0.20245.10105-latest.exe
"C:\Users\Admin\AppData\Local\Temp\virus\FiddlerSetup.5.0.20245.10105-latest.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:936
- C:\Users\Admin\AppData\Local\Temp\nszC554.tmp\FiddlerSetup.exe
  "C:\Users\Admin\AppData\Local\Temp\nszC554.tmp\FiddlerSetup.exe" /D=
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nszC554.tmp\FiddlerSetup.exe

Filesize
4.4MB

MD5
c2a0eb6f104eacec3f39581451ee208f

SHA1
9ae7d02aeb640fbd090dfc01885b98dd5dd0b6cc

SHA256
1f926cc353301e547e76c6d2eff23fcbe85495ba0292174cc6344fac26457af8

SHA512
8b062e4f0af1dce3a12b5776646fe8c235f30de6772f579da1a6ab2bb559ed69b3bd32af95eee248c48008ddcbd40a7e49eae722a44bc9b49dd13fe38113a3ca

Download Submit