be45c7c50188ef8b32ad85371e15796fbcf391c1140c57b0ddc87346c376b47a | Triage

Analysis

max time kernel
133s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20220310-en
submitted
14-03-2022 15:46

Sharing

Report Analysis Logs

General

Target

be45c7c50188ef8b32ad85371e15796fbcf391c1140c57b0ddc87346c376b47a.exe
Size

556KB
MD5

a00f95e5954c3f6bf27f166cf268c077
SHA1

93b270716fc487a77a0ce25636d36dc68cc95981
SHA256

be45c7c50188ef8b32ad85371e15796fbcf391c1140c57b0ddc87346c376b47a
SHA512

21944e219f6ab75d66f0aa200f2dbb4dbd982cd10dd490f18d7b947578a1b507ec0260833464dba51c2e6f46c1022fa8f1d4527920739f630a23cc9e211d8e99

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

be45c7c50188ef8b32ad85371e15796fbcf391c1140c57b0ddc87346c376b47a.exefondue.exe

description	pid	process	target process
PID 4536 wrote to memory of 4596	4536	be45c7c50188ef8b32ad85371e15796fbcf391c1140c57b0ddc87346c376b47a.exe	fondue.exe
PID 4536 wrote to memory of 4596	4536	be45c7c50188ef8b32ad85371e15796fbcf391c1140c57b0ddc87346c376b47a.exe	fondue.exe
PID 4536 wrote to memory of 4596	4536	be45c7c50188ef8b32ad85371e15796fbcf391c1140c57b0ddc87346c376b47a.exe	fondue.exe
PID 4596 wrote to memory of 2620	4596	fondue.exe	FonDUE.EXE
PID 4596 wrote to memory of 2620	4596	fondue.exe	FonDUE.EXE

C:\Users\Admin\AppData\Local\Temp\be45c7c50188ef8b32ad85371e15796fbcf391c1140c57b0ddc87346c376b47a.exe
"C:\Users\Admin\AppData\Local\Temp\be45c7c50188ef8b32ad85371e15796fbcf391c1140c57b0ddc87346c376b47a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4536

C:\Windows\SysWOW64\fondue.exe
"C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:4596

C:\Windows\system32\FonDUE.EXE
"C:\Windows\sysnative\FonDUE.EXE" /enable-feature:NetFx3 /caller-name:mscoreei.dll
3⤵
PID:2620

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads