Analysis
-
max time kernel
107s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220112 -
submitted
10/03/2022, 01:18
Static task
static1
Behavioral task
behavioral1
Sample
7171c9736984feb383e2db8153cec96b9af1c4cdd37e953ceb43a16b7c235137.exe
Resource
win7-20220223-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
7171c9736984feb383e2db8153cec96b9af1c4cdd37e953ceb43a16b7c235137.exe
Resource
win10v2004-en-20220112
0 signatures
0 seconds
General
-
Target
7171c9736984feb383e2db8153cec96b9af1c4cdd37e953ceb43a16b7c235137.exe
-
Size
521KB
-
MD5
bee7464a4a2158057dc9d750188c8149
-
SHA1
e0b9118d8f18939a7be0a6a4c436e9b9465ab3a3
-
SHA256
7171c9736984feb383e2db8153cec96b9af1c4cdd37e953ceb43a16b7c235137
-
SHA512
952aea8509d9540baa95d1c4f4237f5eee83fd06defea2c0638df3fcb2200fa490ccd64bdd207b64d5af3e8aba979ad5f5ce08412f0580f1c8793802de489fa6
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 5 IoCs
description pid Process procid_target PID 3148 wrote to memory of 3676 3148 7171c9736984feb383e2db8153cec96b9af1c4cdd37e953ceb43a16b7c235137.exe 58 PID 3148 wrote to memory of 3676 3148 7171c9736984feb383e2db8153cec96b9af1c4cdd37e953ceb43a16b7c235137.exe 58 PID 3148 wrote to memory of 3676 3148 7171c9736984feb383e2db8153cec96b9af1c4cdd37e953ceb43a16b7c235137.exe 58 PID 3676 wrote to memory of 1216 3676 fondue.exe 61 PID 3676 wrote to memory of 1216 3676 fondue.exe 61
Processes
-
C:\Users\Admin\AppData\Local\Temp\7171c9736984feb383e2db8153cec96b9af1c4cdd37e953ceb43a16b7c235137.exe"C:\Users\Admin\AppData\Local\Temp\7171c9736984feb383e2db8153cec96b9af1c4cdd37e953ceb43a16b7c235137.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3148 -
C:\Windows\SysWOW64\fondue.exe"C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll2⤵
- Suspicious use of WriteProcessMemory
PID:3676 -
C:\Windows\system32\FonDUE.EXE"C:\Windows\sysnative\FonDUE.EXE" /enable-feature:NetFx3 /caller-name:mscoreei.dll3⤵PID:1216
-
-