Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
12-03-2022 21:28
Static task
static1
Behavioral task
behavioral1
Sample
781c3776ad8d048f6341909927793603efbc90c0ae36405bf84d8aeecff83bbf.exe
Resource
win7-20220311-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
781c3776ad8d048f6341909927793603efbc90c0ae36405bf84d8aeecff83bbf.exe
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
781c3776ad8d048f6341909927793603efbc90c0ae36405bf84d8aeecff83bbf.exe
-
Size
552KB
-
MD5
a510c8e6e2d5059f05803a1d8c7be567
-
SHA1
31675c1c11df1647535d35b9b21d98910bece385
-
SHA256
781c3776ad8d048f6341909927793603efbc90c0ae36405bf84d8aeecff83bbf
-
SHA512
38ac7286ccdace004407abb61a2688ecbb6af1e2d5e375e9ef61ec759f6da7c7c7c5e482237a0d3f02462b1c39b7bf51caf946500ee2035a00ff3a8e7a8128dc
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
781c3776ad8d048f6341909927793603efbc90c0ae36405bf84d8aeecff83bbf.exefondue.exedescription pid process target process PID 2608 wrote to memory of 2964 2608 781c3776ad8d048f6341909927793603efbc90c0ae36405bf84d8aeecff83bbf.exe fondue.exe PID 2608 wrote to memory of 2964 2608 781c3776ad8d048f6341909927793603efbc90c0ae36405bf84d8aeecff83bbf.exe fondue.exe PID 2608 wrote to memory of 2964 2608 781c3776ad8d048f6341909927793603efbc90c0ae36405bf84d8aeecff83bbf.exe fondue.exe PID 2964 wrote to memory of 3824 2964 fondue.exe FonDUE.EXE PID 2964 wrote to memory of 3824 2964 fondue.exe FonDUE.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\781c3776ad8d048f6341909927793603efbc90c0ae36405bf84d8aeecff83bbf.exe"C:\Users\Admin\AppData\Local\Temp\781c3776ad8d048f6341909927793603efbc90c0ae36405bf84d8aeecff83bbf.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2608 -
C:\Windows\SysWOW64\fondue.exe"C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll2⤵
- Suspicious use of WriteProcessMemory
PID:2964 -
C:\Windows\system32\FonDUE.EXE"C:\Windows\sysnative\FonDUE.EXE" /enable-feature:NetFx3 /caller-name:mscoreei.dll3⤵PID:3824