Overview

overview

10

Static

static

549ebde3da...3b.exe

windows7_x64

10

549ebde3da...3b.exe

windows10-2004_x64

4

Analysis

  • max time kernel
    135s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    05-02-2022 15:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    549ebde3daa59c044fc725c988ceced294da49053f723f31cae3a0bf9c7aa93b.exe

  • Size

    900KB

  • MD5

    ca9bbaa73bae25efa936a5ec3c5544ee

  • SHA1

    08370270d030793c166fea22ad903a4554aee3d6

  • SHA256

    549ebde3daa59c044fc725c988ceced294da49053f723f31cae3a0bf9c7aa93b

  • SHA512

    014b3ba273841b2d131d1ec0c12a277b89429dedc108531527114bebf4840c95faf95983d6f0ee7a21fbadf6365cfcde764d586094bb4a92b17d259982df34f1

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\549ebde3daa59c044fc725c988ceced294da49053f723f31cae3a0bf9c7aa93b.exe
    "C:\Users\Admin\AppData\Local\Temp\549ebde3daa59c044fc725c988ceced294da49053f723f31cae3a0bf9c7aa93b.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2764
    • C:\Windows\SysWOW64\fondue.exe
      "C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2596
      • C:\Windows\system32\FonDUE.EXE
        "C:\Windows\sysnative\FonDUE.EXE" /enable-feature:NetFx3 /caller-name:mscoreei.dll
        3⤵
          PID:3080
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
      1⤵
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:816

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/816-130-0x000002220BD30000-0x000002220BD40000-memory.dmp

      Filesize

      64KB

      Download

    • memory/816-131-0x000002220BD90000-0x000002220BDA0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/816-132-0x000002220EA90000-0x000002220EA94000-memory.dmp

      Filesize

      16KB

      Download