adbd0c7096a7373be82dd03df1aae61cb39e0a155c00bbb9c67abc01d48718aa

Analysis

max time kernel
543s
max time network
545s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13-01-2024 23:54

Target

FusionBeacon.exe
Size

168KB
MD5

261e0bb975aad28f0fc84883225e10ad
SHA1

06134738f055a4b351ddb369cb3cb4d8223469fe
SHA256

adbd0c7096a7373be82dd03df1aae61cb39e0a155c00bbb9c67abc01d48718aa
SHA512

a024e25f039e521fb08ec3ee62cb459ddbf5229dd274f8a796aa6d16cf5d86fafa430bb82ce0515a5f9f77543983936affbd9ec9e5d060556867120b94d66b1e
SSDEEP

3072:CtcJe7V1HcxhlUMqc0IUGg4NDd1YaMENt7B07uP:CtcJOVOxbRGivMErt0

Score

6^/10

Blocklisted process makes network request 36 IoCs

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1644 set thread context of 3640	1644	FusionBeacon.exe	88

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1644 wrote to memory of 3640	1644	FusionBeacon.exe	88
PID 1644 wrote to memory of 3640	1644	FusionBeacon.exe	88

C:\Users\Admin\AppData\Local\Temp\FusionBeacon.exe
"C:\Users\Admin\AppData\Local\Temp\FusionBeacon.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1644
- C:\Windows\System32\msiexec.exe
  \??\C:\Windows\System32\msiexec.exe
  2⤵
  - Blocklisted process makes network request
  PID:3640

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BMK4G1YN\post[1].php

Filesize
3B

MD5
8a80554c91d9fca8acb82f023de02f11

SHA1
5f36b2ea290645ee34d943220a14b54ee5ea5be5

SHA256
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

SHA512
ca4b6defb8adcc010050bc8b1bb8f8092c4928b8a0fba32146abcfb256e4d91672f88ca2cdf6210e754e5b8ac5e23fb023806ccd749ac8b701f79a691f03c87a

Download Submit
memory/1644-0-0x000001C562D40000-0x000001C562F35000-memory.dmp

Filesize
2.0MB

Download
memory/3640-10-0x000001DC0CC50000-0x000001DC0CC90000-memory.dmp

Filesize
256KB

Download
memory/3640-12-0x000001DC0CC50000-0x000001DC0CC90000-memory.dmp

Filesize
256KB

Download
memory/3640-13-0x000001DC0CC50000-0x000001DC0CC90000-memory.dmp

Filesize
256KB

Download
memory/3640-17-0x000001DC0F010000-0x000001DC0F205000-memory.dmp

Filesize
2.0MB

Download
memory/3640-30-0x000001DC0CC50000-0x000001DC0CC90000-memory.dmp

Filesize
256KB

Download
memory/3640-33-0x000001DC0CC50000-0x000001DC0CC90000-memory.dmp

Filesize
256KB

Download
memory/3640-100-0x000001DC0CC50000-0x000001DC0CC90000-memory.dmp

Filesize
256KB

Download
memory/3640-103-0x000001DC0CC50000-0x000001DC0CC90000-memory.dmp

Filesize
256KB

Download