b63198762408d6beff97af4132f085b3429e41bf7c00d7819e7361a7e987d3fa | Triage

Analysis

max time kernel
144s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220331-en
submitted
09-04-2022 07:34

Sharing

Report Analysis Logs

General

Target

b16fbd7f2bcb427d3473efce2bc72f3e.exe
Size

32KB
MD5

b16fbd7f2bcb427d3473efce2bc72f3e
SHA1

e294c3914f0d5d07d869faad19809df322f0b589
SHA256

b63198762408d6beff97af4132f085b3429e41bf7c00d7819e7361a7e987d3fa
SHA512

26abd5ca8ad85f3a8e390dbc35e0b086c87fd872d22769f643fe49147b9691ca84fd367e9566c976aefd2d93f1e1249634015685b1f2951dc301597de81d1071

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

b16fbd7f2bcb427d3473efce2bc72f3e.exefondue.exe

description	pid	process	target process
PID 3756 wrote to memory of 4728	3756	b16fbd7f2bcb427d3473efce2bc72f3e.exe	fondue.exe
PID 3756 wrote to memory of 4728	3756	b16fbd7f2bcb427d3473efce2bc72f3e.exe	fondue.exe
PID 3756 wrote to memory of 4728	3756	b16fbd7f2bcb427d3473efce2bc72f3e.exe	fondue.exe
PID 4728 wrote to memory of 4808	4728	fondue.exe	FonDUE.EXE
PID 4728 wrote to memory of 4808	4728	fondue.exe	FonDUE.EXE

C:\Users\Admin\AppData\Local\Temp\b16fbd7f2bcb427d3473efce2bc72f3e.exe
"C:\Users\Admin\AppData\Local\Temp\b16fbd7f2bcb427d3473efce2bc72f3e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3756

C:\Windows\SysWOW64\fondue.exe
"C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:4728

C:\Windows\system32\FonDUE.EXE
"C:\Windows\sysnative\FonDUE.EXE" /enable-feature:NetFx3 /caller-name:mscoreei.dll
3⤵
PID:4808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4728-124-0x0000000000000000-mapping.dmp

Download
memory/4808-125-0x0000000000000000-mapping.dmp

Download