adbd0c7096a7373be82dd03df1aae61cb39e0a155c00bbb9c67abc01d48718aa

Analysis

max time kernel
545s
max time network
548s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/01/2024, 23:54

Target

FusionBeacon.exe
Size

168KB
MD5

261e0bb975aad28f0fc84883225e10ad
SHA1

06134738f055a4b351ddb369cb3cb4d8223469fe
SHA256

adbd0c7096a7373be82dd03df1aae61cb39e0a155c00bbb9c67abc01d48718aa
SHA512

a024e25f039e521fb08ec3ee62cb459ddbf5229dd274f8a796aa6d16cf5d86fafa430bb82ce0515a5f9f77543983936affbd9ec9e5d060556867120b94d66b1e
SSDEEP

3072:CtcJe7V1HcxhlUMqc0IUGg4NDd1YaMENt7B07uP:CtcJOVOxbRGivMErt0

Score

6^/10

Blocklisted process makes network request 36 IoCs

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2920 set thread context of 2700	2920	FusionBeacon.exe	28

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2920 wrote to memory of 2700	2920	FusionBeacon.exe	28
PID 2920 wrote to memory of 2700	2920	FusionBeacon.exe	28

C:\Users\Admin\AppData\Local\Temp\FusionBeacon.exe
"C:\Users\Admin\AppData\Local\Temp\FusionBeacon.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2920
- C:\Windows\System32\msiexec.exe
  \??\C:\Windows\System32\msiexec.exe
  2⤵
  - Blocklisted process makes network request
  PID:2700

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9VC31Q9\post[1].php

Filesize
3B

MD5
8a80554c91d9fca8acb82f023de02f11

SHA1
5f36b2ea290645ee34d943220a14b54ee5ea5be5

SHA256
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

SHA512
ca4b6defb8adcc010050bc8b1bb8f8092c4928b8a0fba32146abcfb256e4d91672f88ca2cdf6210e754e5b8ac5e23fb023806ccd749ac8b701f79a691f03c87a

Download Submit
memory/2700-7-0x0000000000030000-0x0000000000070000-memory.dmp

Filesize
256KB

Download
memory/2700-10-0x0000000000030000-0x0000000000070000-memory.dmp

Filesize
256KB

Download
memory/2700-9-0x0000000000030000-0x0000000000070000-memory.dmp

Filesize
256KB

Download
memory/2700-14-0x00000000024A0000-0x0000000002649000-memory.dmp

Filesize
1.7MB

Download
memory/2700-24-0x0000000000030000-0x0000000000070000-memory.dmp

Filesize
256KB

Download
memory/2700-25-0x0000000000030000-0x0000000000070000-memory.dmp

Filesize
256KB

Download
memory/2700-28-0x0000000000030000-0x0000000000070000-memory.dmp

Filesize
256KB

Download
memory/2700-95-0x0000000000030000-0x0000000000070000-memory.dmp

Filesize
256KB

Download
memory/2700-98-0x0000000000030000-0x0000000000070000-memory.dmp

Filesize
256KB

Download
memory/2920-0-0x0000000000BA0000-0x0000000000D49000-memory.dmp

Filesize
1.7MB

Download