877968fc395c36225759ca3a735c35ee708a1be05b23b35c8efa8c7b8ef86061 | Triage

Analysis

max time kernel
93s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20220310-en
submitted
27-03-2022 16:27

Sharing

Report Analysis Logs

General

Target

29761cea6322ff4d985807bd6367ccd0.exe
Size

37KB
MD5

29761cea6322ff4d985807bd6367ccd0
SHA1

c66cea52ca72cc85344a55f872a1b77fad4e895b
SHA256

877968fc395c36225759ca3a735c35ee708a1be05b23b35c8efa8c7b8ef86061
SHA512

fad86ad9faf1357259386344ac5e7b047c09dd75be017c2bfd907ba6c8c0e2a98a3102881cbba9c71f2c1259e2a72b0146be16137af3618cc675d08d9f31852e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

29761cea6322ff4d985807bd6367ccd0.exefondue.exe

description	pid	process	target process
PID 3056 wrote to memory of 3480	3056	29761cea6322ff4d985807bd6367ccd0.exe	fondue.exe
PID 3056 wrote to memory of 3480	3056	29761cea6322ff4d985807bd6367ccd0.exe	fondue.exe
PID 3056 wrote to memory of 3480	3056	29761cea6322ff4d985807bd6367ccd0.exe	fondue.exe
PID 3480 wrote to memory of 5044	3480	fondue.exe	FonDUE.EXE
PID 3480 wrote to memory of 5044	3480	fondue.exe	FonDUE.EXE

C:\Users\Admin\AppData\Local\Temp\29761cea6322ff4d985807bd6367ccd0.exe
"C:\Users\Admin\AppData\Local\Temp\29761cea6322ff4d985807bd6367ccd0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3056

C:\Windows\SysWOW64\fondue.exe
"C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:3480

C:\Windows\system32\FonDUE.EXE
"C:\Windows\sysnative\FonDUE.EXE" /enable-feature:NetFx3 /caller-name:mscoreei.dll
3⤵
PID:5044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3480-134-0x0000000000000000-mapping.dmp

Download
memory/5044-135-0x0000000000000000-mapping.dmp

Download