2945881f15e98a18d27108a29963988190853838f34faf3020e6c3c97342672d | Triage

Analysis

max time kernel
132s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
26-03-2022 06:54

Sharing

Report Analysis Logs

General

Target

5.exe
Size

37KB
MD5

e817d74d13c658890ff3a4c01ab44c62
SHA1

bf0b97392e7d56eee0b63dc65efff4db883cb0c7
SHA256

2945881f15e98a18d27108a29963988190853838f34faf3020e6c3c97342672d
SHA512

8d90ef308c1e0b7e01e7732e2cd819f07bfc1ef06e523efa81694ced75550c9f1be460fc9de412faeb96273a6492580402ab9c9538ed441fc26d96b6785e7815

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

5.exefondue.exe

description	pid	process	target process
PID 1092 wrote to memory of 1212	1092	5.exe	fondue.exe
PID 1092 wrote to memory of 1212	1092	5.exe	fondue.exe
PID 1092 wrote to memory of 1212	1092	5.exe	fondue.exe
PID 1212 wrote to memory of 1480	1212	fondue.exe	FonDUE.EXE
PID 1212 wrote to memory of 1480	1212	fondue.exe	FonDUE.EXE

C:\Users\Admin\AppData\Local\Temp\5.exe
"C:\Users\Admin\AppData\Local\Temp\5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1092

C:\Windows\SysWOW64\fondue.exe
"C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:1212

C:\Windows\system32\FonDUE.EXE
"C:\Windows\sysnative\FonDUE.EXE" /enable-feature:NetFx3 /caller-name:mscoreei.dll
3⤵
PID:1480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1212-130-0x0000000000000000-mapping.dmp

Download
memory/1480-131-0x0000000000000000-mapping.dmp

Download