b70329c243528e0b6c689b3979bd5921eba413d80f713f529daaad5a02ce8cf6 | Triage

Analysis

max time kernel
101s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20220310-en
submitted
14-03-2022 17:53

Sharing

Report Analysis Logs

General

Target

b70329c243528e0b6c689b3979bd5921eba413d80f713f529daaad5a02ce8cf6.exe
Size

4.7MB
MD5

07df176023a74870f154494e50cf1a4c
SHA1

2ccd182a1b76b64e93d8fe1bb76c9d7956651a87
SHA256

b70329c243528e0b6c689b3979bd5921eba413d80f713f529daaad5a02ce8cf6
SHA512

e8b00a91a0e9b69988c7673c32a97cc05569862f406f526e13aaa808686c44a866ceded9e56d8bc7bd96739ac9c7f2ceec1e9e88ac16fe5104faeefb10cc0bab

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3272 wrote to memory of 4868	3272	b70329c243528e0b6c689b3979bd5921eba413d80f713f529daaad5a02ce8cf6.exe	83
PID 3272 wrote to memory of 4868	3272	b70329c243528e0b6c689b3979bd5921eba413d80f713f529daaad5a02ce8cf6.exe	83

C:\Users\Admin\AppData\Local\Temp\b70329c243528e0b6c689b3979bd5921eba413d80f713f529daaad5a02ce8cf6.exe
"C:\Users\Admin\AppData\Local\Temp\b70329c243528e0b6c689b3979bd5921eba413d80f713f529daaad5a02ce8cf6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3272
- C:\Windows\system32\fondue.exe
  "C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll
  2⤵
  PID:4868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads