Analysis
-
max time kernel
129s -
max time network
132s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
14-04-2022 13:46
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT.exe
Resource
win7-20220311-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
SWIFT.exe
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
SWIFT.exe
-
Size
798KB
-
MD5
2964939592941753fa4294aa4e1389e8
-
SHA1
ec6966f36bb3e2dbf698e4984faac9e8a311a1c3
-
SHA256
cf079000d12cefafc5b2d251df1bd9a8ee96a62a67062f22dd9027693adfeeea
-
SHA512
8c01f9faefd3b761f5d810e84c6088600a77bdd8c55d93b4a18dd67ac4d04189e5c9fcd4e07a770d72dac2a09b260d5e3a47722e1f1db972fb62a189e56fdb99
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
SWIFT.exefondue.exedescription pid process target process PID 3372 wrote to memory of 1820 3372 SWIFT.exe fondue.exe PID 3372 wrote to memory of 1820 3372 SWIFT.exe fondue.exe PID 3372 wrote to memory of 1820 3372 SWIFT.exe fondue.exe PID 1820 wrote to memory of 4376 1820 fondue.exe FonDUE.EXE PID 1820 wrote to memory of 4376 1820 fondue.exe FonDUE.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\SWIFT.exe"C:\Users\Admin\AppData\Local\Temp\SWIFT.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3372 -
C:\Windows\SysWOW64\fondue.exe"C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll2⤵
- Suspicious use of WriteProcessMemory
PID:1820 -
C:\Windows\system32\FonDUE.EXE"C:\Windows\sysnative\FonDUE.EXE" /enable-feature:NetFx3 /caller-name:mscoreei.dll3⤵PID:4376