844652fb604b2b25b8ed69569eac116f46bbdc219fbc8e4be0c55aa1e6454ffd

Analysis

Target

cc2f5f3dfe758d7d8621a7435a3f9b79.exe
Size

42KB
MD5

cc2f5f3dfe758d7d8621a7435a3f9b79
SHA1

b6745fa897f2d7e2791b3f4014eaf05e08eac100
SHA256

844652fb604b2b25b8ed69569eac116f46bbdc219fbc8e4be0c55aa1e6454ffd
SHA512

c251250372928d0f0d2198d772c939c8a3b5a5ea5127ca7539a2c0ca728f81965ccda49f05d076a457019b9646eafa3b468fff9b86c7c158cff80b6012e02e13

Score

1^/10

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

cc2f5f3dfe758d7d8621a7435a3f9b79.exefondue.exe

description	pid	process	target process
PID 3660 wrote to memory of 2056	3660	cc2f5f3dfe758d7d8621a7435a3f9b79.exe	fondue.exe
PID 3660 wrote to memory of 2056	3660	cc2f5f3dfe758d7d8621a7435a3f9b79.exe	fondue.exe
PID 3660 wrote to memory of 2056	3660	cc2f5f3dfe758d7d8621a7435a3f9b79.exe	fondue.exe
PID 2056 wrote to memory of 2692	2056	fondue.exe	FonDUE.EXE
PID 2056 wrote to memory of 2692	2056	fondue.exe	FonDUE.EXE

C:\Users\Admin\AppData\Local\Temp\cc2f5f3dfe758d7d8621a7435a3f9b79.exe
"C:\Users\Admin\AppData\Local\Temp\cc2f5f3dfe758d7d8621a7435a3f9b79.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3660
- C:\Windows\SysWOW64\fondue.exe
  "C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2056
- - C:\Windows\system32\FonDUE.EXE
    "C:\Windows\sysnative\FonDUE.EXE" /enable-feature:NetFx3 /caller-name:mscoreei.dll
    3⤵
    PID:2692