b80a84f2e301665f4fe49d2b33a6bc25efd565cad9a7ad73e5750346cb9640cd | Triage

Analysis

max time kernel
124s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20220310-en
submitted
14-03-2022 17:36

Sharing

Report Analysis Logs

General

Target

b80a84f2e301665f4fe49d2b33a6bc25efd565cad9a7ad73e5750346cb9640cd.exe
Size

552KB
MD5

15bfaea98e4b5fae084e3df3cf813e38
SHA1

a9b8d08ed14189eb5f23f04b0f8febe411e1b55b
SHA256

b80a84f2e301665f4fe49d2b33a6bc25efd565cad9a7ad73e5750346cb9640cd
SHA512

8a9a99bd11acdf35e457645b9f26ed3aacff61d7e0b99a3780898433e6bf298d3e4fb0e747e33ff4554619ecbf671e967f297589b4401857b2cc9281d0ccc1ff

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

b80a84f2e301665f4fe49d2b33a6bc25efd565cad9a7ad73e5750346cb9640cd.exefondue.exe

description	pid	process	target process
PID 4256 wrote to memory of 4272	4256	b80a84f2e301665f4fe49d2b33a6bc25efd565cad9a7ad73e5750346cb9640cd.exe	fondue.exe
PID 4256 wrote to memory of 4272	4256	b80a84f2e301665f4fe49d2b33a6bc25efd565cad9a7ad73e5750346cb9640cd.exe	fondue.exe
PID 4256 wrote to memory of 4272	4256	b80a84f2e301665f4fe49d2b33a6bc25efd565cad9a7ad73e5750346cb9640cd.exe	fondue.exe
PID 4272 wrote to memory of 3836	4272	fondue.exe	FonDUE.EXE
PID 4272 wrote to memory of 3836	4272	fondue.exe	FonDUE.EXE

C:\Users\Admin\AppData\Local\Temp\b80a84f2e301665f4fe49d2b33a6bc25efd565cad9a7ad73e5750346cb9640cd.exe
"C:\Users\Admin\AppData\Local\Temp\b80a84f2e301665f4fe49d2b33a6bc25efd565cad9a7ad73e5750346cb9640cd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4256

C:\Windows\SysWOW64\fondue.exe
"C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:4272

C:\Windows\system32\FonDUE.EXE
"C:\Windows\sysnative\FonDUE.EXE" /enable-feature:NetFx3 /caller-name:mscoreei.dll
3⤵
PID:3836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads