Overview

overview

10

Static

static

6fc7902a12...b9.exe

windows7_x64

10

6fc7902a12...b9.exe

windows10-2004_x64

1

Analysis

  • max time kernel
    53s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220331-en
  • submitted
    30-03-2022 04:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6fc7902a1237525e8fa7200e38f749e74fb9c410b9ceedb86f7214fe1bc4b4b9.exe

  • Size

    78KB

  • MD5

    0a5c54b7f730314ca2a40e5763a2bbda

  • SHA1

    bbad076d9732eb7fa8f7f8917ad6afef159a992f

  • SHA256

    6fc7902a1237525e8fa7200e38f749e74fb9c410b9ceedb86f7214fe1bc4b4b9

  • SHA512

    a35859e63013b2557bf7e6da5b2266b41cb88d72916e897dabd5a1b0f9b48db84cbbf4d76400ca449432c10a6c1051a69cc58814c632fd8c37f9fd838fce5087

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6fc7902a1237525e8fa7200e38f749e74fb9c410b9ceedb86f7214fe1bc4b4b9.exe
    "C:\Users\Admin\AppData\Local\Temp\6fc7902a1237525e8fa7200e38f749e74fb9c410b9ceedb86f7214fe1bc4b4b9.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5108
    • C:\Windows\SysWOW64\fondue.exe
      "C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2248
      • C:\Windows\system32\FonDUE.EXE
        "C:\Windows\sysnative\FonDUE.EXE" /enable-feature:NetFx3 /caller-name:mscoreei.dll
        3⤵
          PID:4476

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2248-124-0x0000000000000000-mapping.dmp
      Download
    • memory/4476-125-0x0000000000000000-mapping.dmp
      Download