Analysis
-
max time kernel
125s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
07-04-2022 16:53
Behavioral task
behavioral1
Sample
1c51743f17f9c5857d6ef3e2055d7e5c.exe
Resource
win7-20220331-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
1c51743f17f9c5857d6ef3e2055d7e5c.exe
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
1c51743f17f9c5857d6ef3e2055d7e5c.exe
-
Size
37KB
-
MD5
1c51743f17f9c5857d6ef3e2055d7e5c
-
SHA1
a7ff86648725f2113316fe43c3e090ecdddde833
-
SHA256
e38f21ebea32604e4eb53752699175be72bff67e891a9bc5ba06538225554398
-
SHA512
839246085d1e9ce3be6bf618e00812c223a0e7ad5d71d1debe7ce0a5e8653dfd66d0860f79382ec71edf97093e6e23a8e54313aad01ea6ed76b8a3fbacb33f22
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
1c51743f17f9c5857d6ef3e2055d7e5c.exefondue.exedescription pid process target process PID 1344 wrote to memory of 4884 1344 1c51743f17f9c5857d6ef3e2055d7e5c.exe fondue.exe PID 1344 wrote to memory of 4884 1344 1c51743f17f9c5857d6ef3e2055d7e5c.exe fondue.exe PID 1344 wrote to memory of 4884 1344 1c51743f17f9c5857d6ef3e2055d7e5c.exe fondue.exe PID 4884 wrote to memory of 3936 4884 fondue.exe FonDUE.EXE PID 4884 wrote to memory of 3936 4884 fondue.exe FonDUE.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\1c51743f17f9c5857d6ef3e2055d7e5c.exe"C:\Users\Admin\AppData\Local\Temp\1c51743f17f9c5857d6ef3e2055d7e5c.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\fondue.exe"C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\FonDUE.EXE"C:\Windows\sysnative\FonDUE.EXE" /enable-feature:NetFx3 /caller-name:mscoreei.dll3⤵