Analysis
-
max time kernel
132s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
26-03-2022 06:54
Behavioral task
behavioral1
Sample
5.exe
Resource
win7-20220311-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
5.exe
Resource
win10v2004-en-20220113
0 signatures
0 seconds
General
-
Target
5.exe
-
Size
37KB
-
MD5
e817d74d13c658890ff3a4c01ab44c62
-
SHA1
bf0b97392e7d56eee0b63dc65efff4db883cb0c7
-
SHA256
2945881f15e98a18d27108a29963988190853838f34faf3020e6c3c97342672d
-
SHA512
8d90ef308c1e0b7e01e7732e2cd819f07bfc1ef06e523efa81694ced75550c9f1be460fc9de412faeb96273a6492580402ab9c9538ed441fc26d96b6785e7815
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
5.exefondue.exedescription pid process target process PID 1092 wrote to memory of 1212 1092 5.exe fondue.exe PID 1092 wrote to memory of 1212 1092 5.exe fondue.exe PID 1092 wrote to memory of 1212 1092 5.exe fondue.exe PID 1212 wrote to memory of 1480 1212 fondue.exe FonDUE.EXE PID 1212 wrote to memory of 1480 1212 fondue.exe FonDUE.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\5.exe"C:\Users\Admin\AppData\Local\Temp\5.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\fondue.exe"C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\FonDUE.EXE"C:\Windows\sysnative\FonDUE.EXE" /enable-feature:NetFx3 /caller-name:mscoreei.dll3⤵