ba05cff99c9c900d8210f793e76f76bf0f0b25d077f45ee32ddf4d56b78b9962 | Triage

Analysis

max time kernel
132s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
26-03-2022 07:23

Sharing

Report Analysis Logs

General

Target

ba05cff99c9c900d8210f793e76f76bf0f0b25d077f45ee32ddf4d56b78b9962.exe
Size

78KB
MD5

00fd8f3d1b855717213460550c2f09f9
SHA1

d4475c42754dcf04d648741efe6bb195978bbcbd
SHA256

ba05cff99c9c900d8210f793e76f76bf0f0b25d077f45ee32ddf4d56b78b9962
SHA512

5497ef18c6973c2e1b3eaa85270f5739069cf23e05d21a0de2e2fabc8c19fcc59b3dfc1ee0dc293d441da8fdec35ca9656d3df328f8804ef6a8b73f8ccb354de

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

ba05cff99c9c900d8210f793e76f76bf0f0b25d077f45ee32ddf4d56b78b9962.exefondue.exe

description	pid	process	target process
PID 1672 wrote to memory of 1868	1672	ba05cff99c9c900d8210f793e76f76bf0f0b25d077f45ee32ddf4d56b78b9962.exe	fondue.exe
PID 1672 wrote to memory of 1868	1672	ba05cff99c9c900d8210f793e76f76bf0f0b25d077f45ee32ddf4d56b78b9962.exe	fondue.exe
PID 1672 wrote to memory of 1868	1672	ba05cff99c9c900d8210f793e76f76bf0f0b25d077f45ee32ddf4d56b78b9962.exe	fondue.exe
PID 1868 wrote to memory of 2484	1868	fondue.exe	FonDUE.EXE
PID 1868 wrote to memory of 2484	1868	fondue.exe	FonDUE.EXE

C:\Users\Admin\AppData\Local\Temp\ba05cff99c9c900d8210f793e76f76bf0f0b25d077f45ee32ddf4d56b78b9962.exe
"C:\Users\Admin\AppData\Local\Temp\ba05cff99c9c900d8210f793e76f76bf0f0b25d077f45ee32ddf4d56b78b9962.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1672

C:\Windows\SysWOW64\fondue.exe
"C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:1868

C:\Windows\system32\FonDUE.EXE
"C:\Windows\sysnative\FonDUE.EXE" /enable-feature:NetFx3 /caller-name:mscoreei.dll
3⤵
PID:2484

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1868-130-0x0000000000000000-mapping.dmp

Download
memory/2484-131-0x0000000000000000-mapping.dmp

Download