b80a84f2e301665f4fe49d2b33a6bc25efd565cad9a7ad73e5750346cb9640cd

Analysis

Target

b80a84f2e301665f4fe49d2b33a6bc25efd565cad9a7ad73e5750346cb9640cd.exe
Size

552KB
MD5

15bfaea98e4b5fae084e3df3cf813e38
SHA1

a9b8d08ed14189eb5f23f04b0f8febe411e1b55b
SHA256

b80a84f2e301665f4fe49d2b33a6bc25efd565cad9a7ad73e5750346cb9640cd
SHA512

8a9a99bd11acdf35e457645b9f26ed3aacff61d7e0b99a3780898433e6bf298d3e4fb0e747e33ff4554619ecbf671e967f297589b4401857b2cc9281d0ccc1ff

Score

1^/10

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 4256 wrote to memory of 4272	4256	b80a84f2e301665f4fe49d2b33a6bc25efd565cad9a7ad73e5750346cb9640cd.exe	81
PID 4256 wrote to memory of 4272	4256	b80a84f2e301665f4fe49d2b33a6bc25efd565cad9a7ad73e5750346cb9640cd.exe	81
PID 4256 wrote to memory of 4272	4256	b80a84f2e301665f4fe49d2b33a6bc25efd565cad9a7ad73e5750346cb9640cd.exe	81
PID 4272 wrote to memory of 3836	4272	fondue.exe	87
PID 4272 wrote to memory of 3836	4272	fondue.exe	87

C:\Users\Admin\AppData\Local\Temp\b80a84f2e301665f4fe49d2b33a6bc25efd565cad9a7ad73e5750346cb9640cd.exe
"C:\Users\Admin\AppData\Local\Temp\b80a84f2e301665f4fe49d2b33a6bc25efd565cad9a7ad73e5750346cb9640cd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4256
- C:\Windows\SysWOW64\fondue.exe
  "C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4272
- - C:\Windows\system32\FonDUE.EXE
    "C:\Windows\sysnative\FonDUE.EXE" /enable-feature:NetFx3 /caller-name:mscoreei.dll
    3⤵
    PID:3836