Analysis
-
max time kernel
545s -
max time network
548s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
13/01/2024, 23:54
Static task
static1
Behavioral task
behavioral1
Sample
FusionBeacon.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
FusionBeacon.exe
Resource
win10v2004-20231215-en
General
-
Target
FusionBeacon.exe
-
Size
168KB
-
MD5
261e0bb975aad28f0fc84883225e10ad
-
SHA1
06134738f055a4b351ddb369cb3cb4d8223469fe
-
SHA256
adbd0c7096a7373be82dd03df1aae61cb39e0a155c00bbb9c67abc01d48718aa
-
SHA512
a024e25f039e521fb08ec3ee62cb459ddbf5229dd274f8a796aa6d16cf5d86fafa430bb82ce0515a5f9f77543983936affbd9ec9e5d060556867120b94d66b1e
-
SSDEEP
3072:CtcJe7V1HcxhlUMqc0IUGg4NDd1YaMENt7B07uP:CtcJOVOxbRGivMErt0
Malware Config
Signatures
-
Blocklisted process makes network request 36 IoCs
flow pid Process 4 2700 msiexec.exe 6 2700 msiexec.exe 7 2700 msiexec.exe 41 2700 msiexec.exe 43 2700 msiexec.exe 45 2700 msiexec.exe 47 2700 msiexec.exe 49 2700 msiexec.exe 51 2700 msiexec.exe 53 2700 msiexec.exe 55 2700 msiexec.exe 57 2700 msiexec.exe 59 2700 msiexec.exe 61 2700 msiexec.exe 63 2700 msiexec.exe 65 2700 msiexec.exe 67 2700 msiexec.exe 69 2700 msiexec.exe 71 2700 msiexec.exe 73 2700 msiexec.exe 75 2700 msiexec.exe 77 2700 msiexec.exe 79 2700 msiexec.exe 81 2700 msiexec.exe 83 2700 msiexec.exe 85 2700 msiexec.exe 87 2700 msiexec.exe 89 2700 msiexec.exe 91 2700 msiexec.exe 93 2700 msiexec.exe 95 2700 msiexec.exe 97 2700 msiexec.exe 99 2700 msiexec.exe 101 2700 msiexec.exe 103 2700 msiexec.exe 104 2700 msiexec.exe -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 2920 set thread context of 2700 2920 FusionBeacon.exe 28 -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 2920 wrote to memory of 2700 2920 FusionBeacon.exe 28 PID 2920 wrote to memory of 2700 2920 FusionBeacon.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\FusionBeacon.exe"C:\Users\Admin\AppData\Local\Temp\FusionBeacon.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2920 -
C:\Windows\System32\msiexec.exe\??\C:\Windows\System32\msiexec.exe2⤵
- Blocklisted process makes network request
PID:2700
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9VC31Q9\post[1].php
Filesize3B
MD58a80554c91d9fca8acb82f023de02f11
SHA15f36b2ea290645ee34d943220a14b54ee5ea5be5
SHA256ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
SHA512ca4b6defb8adcc010050bc8b1bb8f8092c4928b8a0fba32146abcfb256e4d91672f88ca2cdf6210e754e5b8ac5e23fb023806ccd749ac8b701f79a691f03c87a