Analysis
-
max time kernel
132s -
max time network
162s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
26-03-2022 07:23
Static task
static1
Behavioral task
behavioral1
Sample
ba05cff99c9c900d8210f793e76f76bf0f0b25d077f45ee32ddf4d56b78b9962.exe
Resource
win7-20220311-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
ba05cff99c9c900d8210f793e76f76bf0f0b25d077f45ee32ddf4d56b78b9962.exe
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
ba05cff99c9c900d8210f793e76f76bf0f0b25d077f45ee32ddf4d56b78b9962.exe
-
Size
78KB
-
MD5
00fd8f3d1b855717213460550c2f09f9
-
SHA1
d4475c42754dcf04d648741efe6bb195978bbcbd
-
SHA256
ba05cff99c9c900d8210f793e76f76bf0f0b25d077f45ee32ddf4d56b78b9962
-
SHA512
5497ef18c6973c2e1b3eaa85270f5739069cf23e05d21a0de2e2fabc8c19fcc59b3dfc1ee0dc293d441da8fdec35ca9656d3df328f8804ef6a8b73f8ccb354de
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
ba05cff99c9c900d8210f793e76f76bf0f0b25d077f45ee32ddf4d56b78b9962.exefondue.exedescription pid process target process PID 1672 wrote to memory of 1868 1672 ba05cff99c9c900d8210f793e76f76bf0f0b25d077f45ee32ddf4d56b78b9962.exe fondue.exe PID 1672 wrote to memory of 1868 1672 ba05cff99c9c900d8210f793e76f76bf0f0b25d077f45ee32ddf4d56b78b9962.exe fondue.exe PID 1672 wrote to memory of 1868 1672 ba05cff99c9c900d8210f793e76f76bf0f0b25d077f45ee32ddf4d56b78b9962.exe fondue.exe PID 1868 wrote to memory of 2484 1868 fondue.exe FonDUE.EXE PID 1868 wrote to memory of 2484 1868 fondue.exe FonDUE.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\ba05cff99c9c900d8210f793e76f76bf0f0b25d077f45ee32ddf4d56b78b9962.exe"C:\Users\Admin\AppData\Local\Temp\ba05cff99c9c900d8210f793e76f76bf0f0b25d077f45ee32ddf4d56b78b9962.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\fondue.exe"C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\FonDUE.EXE"C:\Windows\sysnative\FonDUE.EXE" /enable-feature:NetFx3 /caller-name:mscoreei.dll3⤵