266dc410718f70b5c26f84779f65f09d0d6d73cc8404285dd4e0d48a90959c5e | Triage

Analysis

max time kernel
93s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20220331-en
submitted
07-04-2022 09:27

Sharing

Report Analysis Logs

General

Target

086d0beffb9ac2f9e7c502496dfffacc.exe
Size

37KB
MD5

086d0beffb9ac2f9e7c502496dfffacc
SHA1

8ab427c8509c644b276db5edca504bd739eb135e
SHA256

266dc410718f70b5c26f84779f65f09d0d6d73cc8404285dd4e0d48a90959c5e
SHA512

be8ad234c1aab5619107bb27b8f6905629b435062e56189472f602d51363c16a65ca6be5bbc0282ccac6044be4e4c377eae393f1ff823d4d2bb3cbb11639c9b2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

086d0beffb9ac2f9e7c502496dfffacc.exefondue.exe

description	pid	process	target process
PID 3804 wrote to memory of 4808	3804	086d0beffb9ac2f9e7c502496dfffacc.exe	fondue.exe
PID 3804 wrote to memory of 4808	3804	086d0beffb9ac2f9e7c502496dfffacc.exe	fondue.exe
PID 3804 wrote to memory of 4808	3804	086d0beffb9ac2f9e7c502496dfffacc.exe	fondue.exe
PID 4808 wrote to memory of 4936	4808	fondue.exe	FonDUE.EXE
PID 4808 wrote to memory of 4936	4808	fondue.exe	FonDUE.EXE

C:\Users\Admin\AppData\Local\Temp\086d0beffb9ac2f9e7c502496dfffacc.exe
"C:\Users\Admin\AppData\Local\Temp\086d0beffb9ac2f9e7c502496dfffacc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3804

C:\Windows\SysWOW64\fondue.exe
"C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:4808

C:\Windows\system32\FonDUE.EXE
"C:\Windows\sysnative\FonDUE.EXE" /enable-feature:NetFx3 /caller-name:mscoreei.dll
3⤵
PID:4936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4808-124-0x0000000000000000-mapping.dmp

Download
memory/4936-125-0x0000000000000000-mapping.dmp

Download