781c3776ad8d048f6341909927793603efbc90c0ae36405bf84d8aeecff83bbf | Triage

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
12-03-2022 21:28

Sharing

Report Analysis Logs

General

Target

781c3776ad8d048f6341909927793603efbc90c0ae36405bf84d8aeecff83bbf.exe
Size

552KB
MD5

a510c8e6e2d5059f05803a1d8c7be567
SHA1

31675c1c11df1647535d35b9b21d98910bece385
SHA256

781c3776ad8d048f6341909927793603efbc90c0ae36405bf84d8aeecff83bbf
SHA512

38ac7286ccdace004407abb61a2688ecbb6af1e2d5e375e9ef61ec759f6da7c7c7c5e482237a0d3f02462b1c39b7bf51caf946500ee2035a00ff3a8e7a8128dc

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

781c3776ad8d048f6341909927793603efbc90c0ae36405bf84d8aeecff83bbf.exefondue.exe

description	pid	process	target process
PID 2608 wrote to memory of 2964	2608	781c3776ad8d048f6341909927793603efbc90c0ae36405bf84d8aeecff83bbf.exe	fondue.exe
PID 2608 wrote to memory of 2964	2608	781c3776ad8d048f6341909927793603efbc90c0ae36405bf84d8aeecff83bbf.exe	fondue.exe
PID 2608 wrote to memory of 2964	2608	781c3776ad8d048f6341909927793603efbc90c0ae36405bf84d8aeecff83bbf.exe	fondue.exe
PID 2964 wrote to memory of 3824	2964	fondue.exe	FonDUE.EXE
PID 2964 wrote to memory of 3824	2964	fondue.exe	FonDUE.EXE

C:\Users\Admin\AppData\Local\Temp\781c3776ad8d048f6341909927793603efbc90c0ae36405bf84d8aeecff83bbf.exe
"C:\Users\Admin\AppData\Local\Temp\781c3776ad8d048f6341909927793603efbc90c0ae36405bf84d8aeecff83bbf.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2608

C:\Windows\SysWOW64\fondue.exe
"C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2964

C:\Windows\system32\FonDUE.EXE
"C:\Windows\sysnative\FonDUE.EXE" /enable-feature:NetFx3 /caller-name:mscoreei.dll
3⤵
PID:3824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads