cad169551f9addffb479b5a98c00ad5286dcdf6be35967e55e6d4b2a13685b8a | Triage

Analysis

max time kernel
134s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20220310-en
submitted
14-03-2022 12:08

Sharing

Report Analysis Logs

General

Target

cad169551f9addffb479b5a98c00ad5286dcdf6be35967e55e6d4b2a13685b8a.exe
Size

552KB
MD5

cde849b98bcc950c3e87a0dae0c16207
SHA1

30836c102d670dbcebabcbe8df7eb42f258e0383
SHA256

cad169551f9addffb479b5a98c00ad5286dcdf6be35967e55e6d4b2a13685b8a
SHA512

9f22ab4630b0a3a580b18714fd3579ae1a95fdc68b83f19b3cf02eb4c7b69053fbceec364ca89b5df31d2aaaba08b22bf00cf2f47dc782a373541fdcf6a13176

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

cad169551f9addffb479b5a98c00ad5286dcdf6be35967e55e6d4b2a13685b8a.exefondue.exe

description	pid	process	target process
PID 3692 wrote to memory of 1660	3692	cad169551f9addffb479b5a98c00ad5286dcdf6be35967e55e6d4b2a13685b8a.exe	fondue.exe
PID 3692 wrote to memory of 1660	3692	cad169551f9addffb479b5a98c00ad5286dcdf6be35967e55e6d4b2a13685b8a.exe	fondue.exe
PID 3692 wrote to memory of 1660	3692	cad169551f9addffb479b5a98c00ad5286dcdf6be35967e55e6d4b2a13685b8a.exe	fondue.exe
PID 1660 wrote to memory of 1996	1660	fondue.exe	FonDUE.EXE
PID 1660 wrote to memory of 1996	1660	fondue.exe	FonDUE.EXE

C:\Users\Admin\AppData\Local\Temp\cad169551f9addffb479b5a98c00ad5286dcdf6be35967e55e6d4b2a13685b8a.exe
"C:\Users\Admin\AppData\Local\Temp\cad169551f9addffb479b5a98c00ad5286dcdf6be35967e55e6d4b2a13685b8a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3692

C:\Windows\SysWOW64\fondue.exe
"C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:1660

C:\Windows\system32\FonDUE.EXE
"C:\Windows\sysnative\FonDUE.EXE" /enable-feature:NetFx3 /caller-name:mscoreei.dll
3⤵
PID:1996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads