Analysis
-
max time kernel
93s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20220331-en -
submitted
07-04-2022 09:27
Behavioral task
behavioral1
Sample
086d0beffb9ac2f9e7c502496dfffacc.exe
Resource
win7-20220331-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
086d0beffb9ac2f9e7c502496dfffacc.exe
Resource
win10v2004-20220331-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
086d0beffb9ac2f9e7c502496dfffacc.exe
-
Size
37KB
-
MD5
086d0beffb9ac2f9e7c502496dfffacc
-
SHA1
8ab427c8509c644b276db5edca504bd739eb135e
-
SHA256
266dc410718f70b5c26f84779f65f09d0d6d73cc8404285dd4e0d48a90959c5e
-
SHA512
be8ad234c1aab5619107bb27b8f6905629b435062e56189472f602d51363c16a65ca6be5bbc0282ccac6044be4e4c377eae393f1ff823d4d2bb3cbb11639c9b2
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
086d0beffb9ac2f9e7c502496dfffacc.exefondue.exedescription pid process target process PID 3804 wrote to memory of 4808 3804 086d0beffb9ac2f9e7c502496dfffacc.exe fondue.exe PID 3804 wrote to memory of 4808 3804 086d0beffb9ac2f9e7c502496dfffacc.exe fondue.exe PID 3804 wrote to memory of 4808 3804 086d0beffb9ac2f9e7c502496dfffacc.exe fondue.exe PID 4808 wrote to memory of 4936 4808 fondue.exe FonDUE.EXE PID 4808 wrote to memory of 4936 4808 fondue.exe FonDUE.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\086d0beffb9ac2f9e7c502496dfffacc.exe"C:\Users\Admin\AppData\Local\Temp\086d0beffb9ac2f9e7c502496dfffacc.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\fondue.exe"C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\FonDUE.EXE"C:\Windows\sysnative\FonDUE.EXE" /enable-feature:NetFx3 /caller-name:mscoreei.dll3⤵