Analysis
-
max time kernel
134s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
10/03/2022, 01:12
Static task
static1
Behavioral task
behavioral1
Sample
71de05a6489374d3454f66de31e2f720f4e199d57caec38ea01a01bde3591a31.exe
Resource
win7-20220223-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
71de05a6489374d3454f66de31e2f720f4e199d57caec38ea01a01bde3591a31.exe
Resource
win10v2004-en-20220113
0 signatures
0 seconds
General
-
Target
71de05a6489374d3454f66de31e2f720f4e199d57caec38ea01a01bde3591a31.exe
-
Size
520KB
-
MD5
ad6d2ef1e0cc7def5c5c7effa3bf948a
-
SHA1
217d95930dc50619b2f734a7757cbc37fe575fcf
-
SHA256
71de05a6489374d3454f66de31e2f720f4e199d57caec38ea01a01bde3591a31
-
SHA512
4878db553bfa0430e80c9890807f99ff7400f9af3c54a51af13a3332fe758c1ec446608dfe6710b76253357b8cee78853823e1e70495ed1256813f43908ab452
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 5 IoCs
description pid Process procid_target PID 1456 wrote to memory of 1656 1456 71de05a6489374d3454f66de31e2f720f4e199d57caec38ea01a01bde3591a31.exe 80 PID 1456 wrote to memory of 1656 1456 71de05a6489374d3454f66de31e2f720f4e199d57caec38ea01a01bde3591a31.exe 80 PID 1456 wrote to memory of 1656 1456 71de05a6489374d3454f66de31e2f720f4e199d57caec38ea01a01bde3591a31.exe 80 PID 1656 wrote to memory of 2144 1656 fondue.exe 81 PID 1656 wrote to memory of 2144 1656 fondue.exe 81
Processes
-
C:\Users\Admin\AppData\Local\Temp\71de05a6489374d3454f66de31e2f720f4e199d57caec38ea01a01bde3591a31.exe"C:\Users\Admin\AppData\Local\Temp\71de05a6489374d3454f66de31e2f720f4e199d57caec38ea01a01bde3591a31.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1456 -
C:\Windows\SysWOW64\fondue.exe"C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll2⤵
- Suspicious use of WriteProcessMemory
PID:1656 -
C:\Windows\system32\FonDUE.EXE"C:\Windows\sysnative\FonDUE.EXE" /enable-feature:NetFx3 /caller-name:mscoreei.dll3⤵PID:2144
-
-