df3f934c67afd692834f69457206c220ccc4b953233c2b4175f01bfba99e1319 | Triage

Analysis

max time kernel
117s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20220310-en
submitted
14-03-2022 00:38

Sharing

Report Analysis Logs

General

Target

df3f934c67afd692834f69457206c220ccc4b953233c2b4175f01bfba99e1319.exe
Size

552KB
MD5

f456fa1a0693a4b56108c8a7736e49b6
SHA1

b9c18028d523070e1820278f059b012a721d3344
SHA256

df3f934c67afd692834f69457206c220ccc4b953233c2b4175f01bfba99e1319
SHA512

b869c77fc89e0a665f242c1799426c4965a00c5d88428c2322ac0d8e3c2e83a38b9bf5a1a9da50afa7f41c3f2ff3210d482424d24d8bcd71ec21bf71e946d056

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

df3f934c67afd692834f69457206c220ccc4b953233c2b4175f01bfba99e1319.exefondue.exe

description	pid	process	target process
PID 5028 wrote to memory of 5044	5028	df3f934c67afd692834f69457206c220ccc4b953233c2b4175f01bfba99e1319.exe	fondue.exe
PID 5028 wrote to memory of 5044	5028	df3f934c67afd692834f69457206c220ccc4b953233c2b4175f01bfba99e1319.exe	fondue.exe
PID 5028 wrote to memory of 5044	5028	df3f934c67afd692834f69457206c220ccc4b953233c2b4175f01bfba99e1319.exe	fondue.exe
PID 5044 wrote to memory of 1480	5044	fondue.exe	FonDUE.EXE
PID 5044 wrote to memory of 1480	5044	fondue.exe	FonDUE.EXE

C:\Users\Admin\AppData\Local\Temp\df3f934c67afd692834f69457206c220ccc4b953233c2b4175f01bfba99e1319.exe
"C:\Users\Admin\AppData\Local\Temp\df3f934c67afd692834f69457206c220ccc4b953233c2b4175f01bfba99e1319.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5028

C:\Windows\SysWOW64\fondue.exe
"C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:5044

C:\Windows\system32\FonDUE.EXE
"C:\Windows\sysnative\FonDUE.EXE" /enable-feature:NetFx3 /caller-name:mscoreei.dll
3⤵
PID:1480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads