Analysis
-
max time kernel
160s -
max time network
185s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220112 -
submitted
22/02/2022, 22:47
Static task
static1
Behavioral task
behavioral1
Sample
07530460c9d449daa4faba251277a00cf26e741a144e0dcb8e55f27ab4f54caf.exe
Resource
win7-en-20211208
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
07530460c9d449daa4faba251277a00cf26e741a144e0dcb8e55f27ab4f54caf.exe
Resource
win10v2004-en-20220112
0 signatures
0 seconds
General
-
Target
07530460c9d449daa4faba251277a00cf26e741a144e0dcb8e55f27ab4f54caf.exe
-
Size
520KB
-
MD5
6f4cc7f74974e70f6d046529ff575022
-
SHA1
77f216cb385b8a612ea12915918fec3e6d17a7a6
-
SHA256
07530460c9d449daa4faba251277a00cf26e741a144e0dcb8e55f27ab4f54caf
-
SHA512
1862dafb703df2db42a8699d5137e5e9659ce0daa3f9af8d1fe6a44228f22bf70917ad1354f309949f53528255d13c2e1057dfff304d22c05841d0de6e278e72
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 5 IoCs
description pid Process procid_target PID 2104 wrote to memory of 3360 2104 07530460c9d449daa4faba251277a00cf26e741a144e0dcb8e55f27ab4f54caf.exe 65 PID 2104 wrote to memory of 3360 2104 07530460c9d449daa4faba251277a00cf26e741a144e0dcb8e55f27ab4f54caf.exe 65 PID 2104 wrote to memory of 3360 2104 07530460c9d449daa4faba251277a00cf26e741a144e0dcb8e55f27ab4f54caf.exe 65 PID 3360 wrote to memory of 1444 3360 fondue.exe 75 PID 3360 wrote to memory of 1444 3360 fondue.exe 75
Processes
-
C:\Users\Admin\AppData\Local\Temp\07530460c9d449daa4faba251277a00cf26e741a144e0dcb8e55f27ab4f54caf.exe"C:\Users\Admin\AppData\Local\Temp\07530460c9d449daa4faba251277a00cf26e741a144e0dcb8e55f27ab4f54caf.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2104 -
C:\Windows\SysWOW64\fondue.exe"C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll2⤵
- Suspicious use of WriteProcessMemory
PID:3360 -
C:\Windows\system32\FonDUE.EXE"C:\Windows\sysnative\FonDUE.EXE" /enable-feature:NetFx3 /caller-name:mscoreei.dll3⤵PID:1444
-
-