Analysis
-
max time kernel
111s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220112 -
submitted
22/02/2022, 22:19
Static task
static1
Behavioral task
behavioral1
Sample
0826278ce6120f1730ff87aa84ded08db3f6941cc910f46d9f57957ecf699049.exe
Resource
win7-en-20211208
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
0826278ce6120f1730ff87aa84ded08db3f6941cc910f46d9f57957ecf699049.exe
Resource
win10v2004-en-20220112
0 signatures
0 seconds
General
-
Target
0826278ce6120f1730ff87aa84ded08db3f6941cc910f46d9f57957ecf699049.exe
-
Size
520KB
-
MD5
5d448cf62d39fcc26a91719637e3484a
-
SHA1
2865d0b605fb881158cd37d465086bb8eadf7868
-
SHA256
0826278ce6120f1730ff87aa84ded08db3f6941cc910f46d9f57957ecf699049
-
SHA512
db305de170f9cd8f577a585cc2da37e35d857161e707341280d729c12f04f768f03f8d9f25f83ba51dd48a1f5cc110f842ee8d13eff1fcf214215b8053cb1bcd
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 5 IoCs
description pid Process procid_target PID 2436 wrote to memory of 3536 2436 0826278ce6120f1730ff87aa84ded08db3f6941cc910f46d9f57957ecf699049.exe 67 PID 2436 wrote to memory of 3536 2436 0826278ce6120f1730ff87aa84ded08db3f6941cc910f46d9f57957ecf699049.exe 67 PID 2436 wrote to memory of 3536 2436 0826278ce6120f1730ff87aa84ded08db3f6941cc910f46d9f57957ecf699049.exe 67 PID 3536 wrote to memory of 3692 3536 fondue.exe 77 PID 3536 wrote to memory of 3692 3536 fondue.exe 77
Processes
-
C:\Users\Admin\AppData\Local\Temp\0826278ce6120f1730ff87aa84ded08db3f6941cc910f46d9f57957ecf699049.exe"C:\Users\Admin\AppData\Local\Temp\0826278ce6120f1730ff87aa84ded08db3f6941cc910f46d9f57957ecf699049.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2436 -
C:\Windows\SysWOW64\fondue.exe"C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll2⤵
- Suspicious use of WriteProcessMemory
PID:3536 -
C:\Windows\system32\FonDUE.EXE"C:\Windows\sysnative\FonDUE.EXE" /enable-feature:NetFx3 /caller-name:mscoreei.dll3⤵PID:3692
-
-