Analysis
-
max time kernel
93s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20220310-en -
submitted
27-03-2022 16:27
Behavioral task
behavioral1
Sample
29761cea6322ff4d985807bd6367ccd0.exe
Resource
win7-20220310-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
29761cea6322ff4d985807bd6367ccd0.exe
Resource
win10v2004-20220310-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
29761cea6322ff4d985807bd6367ccd0.exe
-
Size
37KB
-
MD5
29761cea6322ff4d985807bd6367ccd0
-
SHA1
c66cea52ca72cc85344a55f872a1b77fad4e895b
-
SHA256
877968fc395c36225759ca3a735c35ee708a1be05b23b35c8efa8c7b8ef86061
-
SHA512
fad86ad9faf1357259386344ac5e7b047c09dd75be017c2bfd907ba6c8c0e2a98a3102881cbba9c71f2c1259e2a72b0146be16137af3618cc675d08d9f31852e
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
29761cea6322ff4d985807bd6367ccd0.exefondue.exedescription pid process target process PID 3056 wrote to memory of 3480 3056 29761cea6322ff4d985807bd6367ccd0.exe fondue.exe PID 3056 wrote to memory of 3480 3056 29761cea6322ff4d985807bd6367ccd0.exe fondue.exe PID 3056 wrote to memory of 3480 3056 29761cea6322ff4d985807bd6367ccd0.exe fondue.exe PID 3480 wrote to memory of 5044 3480 fondue.exe FonDUE.EXE PID 3480 wrote to memory of 5044 3480 fondue.exe FonDUE.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\29761cea6322ff4d985807bd6367ccd0.exe"C:\Users\Admin\AppData\Local\Temp\29761cea6322ff4d985807bd6367ccd0.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3056 -
C:\Windows\SysWOW64\fondue.exe"C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll2⤵
- Suspicious use of WriteProcessMemory
PID:3480 -
C:\Windows\system32\FonDUE.EXE"C:\Windows\sysnative\FonDUE.EXE" /enable-feature:NetFx3 /caller-name:mscoreei.dll3⤵PID:5044