Analysis
-
max time kernel
134s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
22/02/2022, 22:01
Static task
static1
Behavioral task
behavioral1
Sample
0888cf47ad8ac8ecb7ab31179f2db2397aed7f414e5a89e2b81d5a27087ef0a2.exe
Resource
win7-en-20211208
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
0888cf47ad8ac8ecb7ab31179f2db2397aed7f414e5a89e2b81d5a27087ef0a2.exe
Resource
win10v2004-en-20220113
0 signatures
0 seconds
General
-
Target
0888cf47ad8ac8ecb7ab31179f2db2397aed7f414e5a89e2b81d5a27087ef0a2.exe
-
Size
415KB
-
MD5
a6b22f6b6897fcd3141fa5a49bb9acf7
-
SHA1
5eb9a7a5bf8eb2f973d8d1f0422a7b54eab977f9
-
SHA256
0888cf47ad8ac8ecb7ab31179f2db2397aed7f414e5a89e2b81d5a27087ef0a2
-
SHA512
0f3d9256e35229cd0eef228961ebaffc3fd7f23ddce58554cc789f97830e0f62804a91705d105aaed9ee708b62f5a68abcdceb10c16aeda4974c021b854e19ec
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 5 IoCs
description pid Process procid_target PID 2792 wrote to memory of 3904 2792 0888cf47ad8ac8ecb7ab31179f2db2397aed7f414e5a89e2b81d5a27087ef0a2.exe 82 PID 2792 wrote to memory of 3904 2792 0888cf47ad8ac8ecb7ab31179f2db2397aed7f414e5a89e2b81d5a27087ef0a2.exe 82 PID 2792 wrote to memory of 3904 2792 0888cf47ad8ac8ecb7ab31179f2db2397aed7f414e5a89e2b81d5a27087ef0a2.exe 82 PID 3904 wrote to memory of 4524 3904 fondue.exe 83 PID 3904 wrote to memory of 4524 3904 fondue.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\0888cf47ad8ac8ecb7ab31179f2db2397aed7f414e5a89e2b81d5a27087ef0a2.exe"C:\Users\Admin\AppData\Local\Temp\0888cf47ad8ac8ecb7ab31179f2db2397aed7f414e5a89e2b81d5a27087ef0a2.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2792 -
C:\Windows\SysWOW64\fondue.exe"C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll2⤵
- Suspicious use of WriteProcessMemory
PID:3904 -
C:\Windows\system32\FonDUE.EXE"C:\Windows\sysnative\FonDUE.EXE" /enable-feature:NetFx3 /caller-name:mscoreei.dll3⤵PID:4524
-
-