Analysis
-
max time kernel
173s -
max time network
186s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220112 -
submitted
22/02/2022, 21:46
Static task
static1
Behavioral task
behavioral1
Sample
091709c91bf867d749c68e55757c65ddedd2677a6fc851f4257b0e3a35bbaf9b.exe
Resource
win7-en-20211208
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
091709c91bf867d749c68e55757c65ddedd2677a6fc851f4257b0e3a35bbaf9b.exe
Resource
win10v2004-en-20220112
0 signatures
0 seconds
General
-
Target
091709c91bf867d749c68e55757c65ddedd2677a6fc851f4257b0e3a35bbaf9b.exe
-
Size
520KB
-
MD5
1a842c3d092c167328dfe60d09f21c31
-
SHA1
ae439a9bc46d6beaeaa14119d4008430f8babd99
-
SHA256
091709c91bf867d749c68e55757c65ddedd2677a6fc851f4257b0e3a35bbaf9b
-
SHA512
e882c7a3dd6a239b9cdd77bb8f64405bd3e5b4e13942470db414d46651c1a85213b16c01448ebffc4f8118cace4edc3ae5fdf421abcbbbb3e276e88e7122c9d3
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 5 IoCs
description pid Process procid_target PID 1800 wrote to memory of 4008 1800 091709c91bf867d749c68e55757c65ddedd2677a6fc851f4257b0e3a35bbaf9b.exe 57 PID 1800 wrote to memory of 4008 1800 091709c91bf867d749c68e55757c65ddedd2677a6fc851f4257b0e3a35bbaf9b.exe 57 PID 1800 wrote to memory of 4008 1800 091709c91bf867d749c68e55757c65ddedd2677a6fc851f4257b0e3a35bbaf9b.exe 57 PID 4008 wrote to memory of 3568 4008 fondue.exe 65 PID 4008 wrote to memory of 3568 4008 fondue.exe 65
Processes
-
C:\Users\Admin\AppData\Local\Temp\091709c91bf867d749c68e55757c65ddedd2677a6fc851f4257b0e3a35bbaf9b.exe"C:\Users\Admin\AppData\Local\Temp\091709c91bf867d749c68e55757c65ddedd2677a6fc851f4257b0e3a35bbaf9b.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1800 -
C:\Windows\SysWOW64\fondue.exe"C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll2⤵
- Suspicious use of WriteProcessMemory
PID:4008 -
C:\Windows\system32\FonDUE.EXE"C:\Windows\sysnative\FonDUE.EXE" /enable-feature:NetFx3 /caller-name:mscoreei.dll3⤵PID:3568
-
-