Analysis
-
max time kernel
144s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20220331-en -
submitted
09-04-2022 07:34
Static task
static1
Behavioral task
behavioral1
Sample
b16fbd7f2bcb427d3473efce2bc72f3e.exe
Resource
win7-20220331-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
b16fbd7f2bcb427d3473efce2bc72f3e.exe
Resource
win10v2004-20220331-en
0 signatures
0 seconds
General
-
Target
b16fbd7f2bcb427d3473efce2bc72f3e.exe
-
Size
32KB
-
MD5
b16fbd7f2bcb427d3473efce2bc72f3e
-
SHA1
e294c3914f0d5d07d869faad19809df322f0b589
-
SHA256
b63198762408d6beff97af4132f085b3429e41bf7c00d7819e7361a7e987d3fa
-
SHA512
26abd5ca8ad85f3a8e390dbc35e0b086c87fd872d22769f643fe49147b9691ca84fd367e9566c976aefd2d93f1e1249634015685b1f2951dc301597de81d1071
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
b16fbd7f2bcb427d3473efce2bc72f3e.exefondue.exedescription pid process target process PID 3756 wrote to memory of 4728 3756 b16fbd7f2bcb427d3473efce2bc72f3e.exe fondue.exe PID 3756 wrote to memory of 4728 3756 b16fbd7f2bcb427d3473efce2bc72f3e.exe fondue.exe PID 3756 wrote to memory of 4728 3756 b16fbd7f2bcb427d3473efce2bc72f3e.exe fondue.exe PID 4728 wrote to memory of 4808 4728 fondue.exe FonDUE.EXE PID 4728 wrote to memory of 4808 4728 fondue.exe FonDUE.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\b16fbd7f2bcb427d3473efce2bc72f3e.exe"C:\Users\Admin\AppData\Local\Temp\b16fbd7f2bcb427d3473efce2bc72f3e.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\fondue.exe"C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\FonDUE.EXE"C:\Windows\sysnative\FonDUE.EXE" /enable-feature:NetFx3 /caller-name:mscoreei.dll3⤵