Overview

overview

7

Static

static

7

573c960fb0...e5.exe

windows7-x64

7

573c960fb0...e5.exe

windows10-2004-x64

7

$LOCALAPPD...ds.exe

windows7-x64

7

$LOCALAPPD...ds.exe

windows10-2004-x64

7

$PLUGINSDI...Ex.dll

windows7-x64

3

$PLUGINSDI...Ex.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

1

$PLUGINSDI...ns.dll

windows10-2004-x64

1

$PLUGINSDI...ad.dll

windows7-x64

3

$PLUGINSDI...ad.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/Time.dll

windows7-x64

3

$PLUGINSDIR/Time.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...ef.dll

windows7-x64

3

$PLUGINSDI...ef.dll

windows10-2004-x64

3

$PLUGINSDIR/mt.dll

windows7-x64

1

$PLUGINSDIR/mt.dll

windows10-2004-x64

1

$PLUGINSDI...os.dll

windows7-x64

3

$PLUGINSDI...os.dll

windows10-2004-x64

1

FM4ffx.exe

windows7-x64

7

FM4ffx.exe

windows10-2004-x64

7

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    12-01-2024 18:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FM4ffx.exe

  • Size

    319KB

  • MD5

    fe768a6b82ed2a59c58254eae67b8cf9

  • SHA1

    3dad9bf5011fb73b9be2fe6c601bb6281a3ceaf6

  • SHA256

    3ac3c700060a0487060724f3fd22faf70d5f633e69401641964d7ba4d6e6e570

  • SHA512

    3d8caadc61ea127bd0e3d01f35274a2ebfa34a0ac12b0932988300d011347f74a09c2bf3c85e58bfbe5200288c6e6f100b4f08916d23e56d7b52a70130aad14b

  • SSDEEP

    6144:Ve34G2ct7JdUwA2UL4iCPfAHfWpR+0BmiBEaiXLoyX:Et9BHjAupYMmyk7R

Score
7/10
spywarestealer

Malware Config

Signatures

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe
    "C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe"
    1⤵
    • Loads dropped DLL
    PID:2132

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsd6CC7.tmp
    Filesize

    105B

    MD5

    d66b7c36887a3a1f869cd8b637cc43b6

    SHA1

    2e7ad1e83bbe8ae41a119efcaaede2bc82e9d8db

    SHA256

    d7516cb11c81e5ef2e0c7cffa7175c3a7f36f945e788a27024fdc79443fdda45

    SHA512

    155ba55e437c52f3f53d27750fb8365f3489c08a00a8a842610d9d2687aaa067add493273caf5b49fe4bff39eca917eb3f4b4bcb58537119b3ce82e3ed40ceb8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsd6D6B.tmp
    Filesize

    575B

    MD5

    d6861c5a63bbf62b5eb33e4d9812bdf1

    SHA1

    8a1a874ecf1ba0b5fc0eaae39619b8a7aa2b3c69

    SHA256

    b5598e1d9c16ce6b0edf02b3a4729cbe650eeddfe88275456036d835b11e8041

    SHA512

    5967ba9d5fefec6141a5e9955861545b9c3eb4564a4002d2124bef73b8b20bed0b3d1a1b62cd49a967ad420c37859262e3a1ac9546de664884261eea1cb0511c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsj6BAE.tmp
    Filesize

    1KB

    MD5

    33966567447458715849954758f7dea2

    SHA1

    027b25ff1d800af20f191bddb7c8ceb0d8cf4250

    SHA256

    03bf51f5bddf03ad72f461b03b69359fc2ffa5f867f6a41aa0afffa8de895e6e

    SHA512

    676e32da0053e5045a0c66d3bd388ce2cdbdac3ce54a93b2fd20b0c6c9e2be967ad3ea712485ce059b77b96f2c8e9fc2f471c33981c913333ba444f68fc3a956

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nso6D0B.tmp
    Filesize

    412B

    MD5

    2795b54ed21d6ee2a44074c08be3aca8

    SHA1

    bc935015bdb7a69d1243d8e97c051dc117b580f2

    SHA256

    1938a36454295ec4512d5a6cfbbb060c2d1c72822e6f3959805fa4382da3b1e8

    SHA512

    1d082d9ce105179a6154d0d8e18e91962e5434d444e1cf1f0561d1a138c8c3b563a4f14bd255ab7bae7b55a64f6c34e3d0ea0d67ff760e58f30ec82e37acef9b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst6CD9.tmp
    Filesize

    236B

    MD5

    1a11db922d646464580731582301706e

    SHA1

    e076ce6ac24b8e73bfe5dfc7c40775a837b9093d

    SHA256

    57785aa4182c7d8ea35210edfa0a4034c4a24f617520645a942d016bb8f2c3ea

    SHA512

    f8afbf23d49a6cc0d1f30678b1a2aaa109da5497441f9cf05741a9a028ea8d24ab4cec11bb88ebf9f3d802fe685856f2d2f43b8647e75774b7f8a24eb817b01e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst6CDA.tmp
    Filesize

    291B

    MD5

    39ff188068d46775bc2ad7c600f2e7d8

    SHA1

    470ca72807c9e060114d0bfdfcfcbce9265b8a1d

    SHA256

    96dc5d755132ecea5e6d2ebde1894323037cde053c3ef785cf6853d75759f9cc

    SHA512

    58dcb572a331cbb87b16f4b7fd607992ab84d7bb0a38507e2ff89f6da5d963f03d3dc2d2b00624dc308cc5136a0b73ba171b936f08e6df3b52ec68c1159f4706

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst6D2B.tmp
    Filesize

    469B

    MD5

    0bb5ca4089fc8ed75a60d6d6bd3c615a

    SHA1

    1d440b6538de80325775c865fea0ce24ccd07de7

    SHA256

    3cd3b37bf1aca1218199f46acf9feca4320e8e43082f0c130361a1956484be12

    SHA512

    1d368e0e90f4435046e4090698786c9a8b250429cc2e597bad0a5843fccca17d6cda607939226d4cf469d44fc90c2d3902d0ac361efee7cc583b03024e986a51

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst6E1B.tmp
    Filesize

    779B

    MD5

    ddab011e7e7cdadb6fa21ebf1bab045b

    SHA1

    e75c6ba046584d72d14866c969b049558c97d959

    SHA256

    2e78583a8f6e6e038bda0ce8078bd7482be0cd51310a8b4f0be99416ed5db5d4

    SHA512

    18b7d788aba5a1dd7407c69c31057a7177ed50624779d21c10590a5d180de142ea409a38f4d2e8439c589046495bbfe94a123334388c494cfac94d5a55c1f54a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsy6AD0.tmp
    Filesize

    878B

    MD5

    8c17517bba577146b1f6577fa0313efc

    SHA1

    1931d4a80b159e0d5b850ca92debf31fd6edcf8a

    SHA256

    9364f8a087c4b2bc1d40bf8f41261ffddc49996285849500890fc13678efe77d

    SHA512

    dc2d1ff9c57995e58013e3eb81dc063f6990d6beba2025036ea58c247ea18ecbe312d56fcd75022abc406d4bcbc70af5d2f6f15fd746491f99f04618d496a291

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsy6B6E.tmp
    Filesize

    980B

    MD5

    c4c93cc8fa59e5135d0fc5b15db3539b

    SHA1

    afe9f8eb1413a44b18a3a6cc79886fff655b5d83

    SHA256

    cd6781ad13b23c1eed7b544ff64dc99043ed2f064d94df6bae6bd4088bd14926

    SHA512

    65a1df38a8832f193944311ff802189a8fb277dce37b484165b75f6b58d9578fce4ec73be19c5ecb98f51d3ca3e50bf8f41e4517ff89d32330d47317c1aedbf5

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.Admin\user.js
    Filesize

    431B

    MD5

    f9e4df1ac2916d5277ce4e5e60e0dc51

    SHA1

    cd3ca4137b53254781699331b6496bf716433811

    SHA256

    3c858eb196f08a4d425b8c5f50803117973bafb181928646bd3a22ead52b3bfb

    SHA512

    1ce8b9d4f6bc0b1721ad7ca2064317945b42e3f31abce9dd11cc97817b53aebc1fbcefd449783df01f28a08eb56d11a3924296777bcfc9fc022b8653412c31e4

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.Admin\user.js
    Filesize

    541B

    MD5

    5c29fd60aceac3cd800e69a8c7babf56

    SHA1

    e0bc9b8c45dd3b5aad0b70bb5b1c15c4a1dea096

    SHA256

    5a65046b0c12c86e6fa706edc5b32d5648efe1aa67dce2eff293647240c1e525

    SHA512

    6b627bee43bbd1df6b8737030456a72ef9b87bcbe19002445af3c0ac205ba945f8542a33398a644945e5291e705309d54bc7edded815999073dcd30d644d1d8b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.Admin\user.js
    Filesize

    719B

    MD5

    318ad523b5124cf988f2e0b3e06f450f

    SHA1

    26a39aa40a829dad04cf77d236d770964aa257e7

    SHA256

    b9e6185fe9e30a59eb6fd80033cc2fadcb2b6f320db5cd8722f8f65da5466ecc

    SHA512

    f4725b819f6d019bb97c8a55644f758400f5d9732ecb6b378d95af162a1f26ebcc0e35a662f6af6e7f4e52a12e9f373e54300751ee4c1e9b57688b87e05f3e24

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.Admin\user.js
    Filesize

    930B

    MD5

    6acb9c7b1fcc792ea42ed57030e45b36

    SHA1

    9a85e3b841cb3a859a00eb43327ede018ee40326

    SHA256

    1c13618261f2345aba58c7027794b12e3ceb874ae52559000add14462e8c77eb

    SHA512

    40d7337ca889460ad7506374952b5fd8a0c55039f818a6938eb66a4fcd10434976e30378d001a9b9b5b1d234ff2f057a9fbae5ddae4652a3f1c20feb80fe03f1

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\user.js
    Filesize

    347B

    MD5

    14f9ab1b33c7592a5f6cb65f2038cc02

    SHA1

    ebba2feecfa9f4bf51003350cc64d56a87ed4c51

    SHA256

    558e6b613a8cfbcdf6ebecb9f526d51474ecf57d56ce615a65c9bdc562cfd679

    SHA512

    70047f8b8fb74794c924813009dc2dda758f2ce15ae0e7670490644b24298d21c20ed2e725d0423d598ca345a68281a6ffca2ba490bb878096d4580f2897fde4

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\user.js
    Filesize

    628B

    MD5

    c2e120317660332c65e8c4518b43a8ad

    SHA1

    5dc0d753371f52e90409adaef3ecb140a84e6484

    SHA256

    44a4da01b2385746becdb7aaefda6f1e7f9ad40085b9d9d5854a522b2056343c

    SHA512

    5a5c7f2657fd409a7d3d606ed3a37725ade389d653adadf91287e77915039940e8a93d3880d509f7d9da131adcfb9d186bb4447dbd55d6d7b55431694b039f6a

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\user.js
    Filesize

    730B

    MD5

    c737a348e8ae96284dc5703b04c369b9

    SHA1

    c5f271d53316fd429676a61cdf1999f2abe7d016

    SHA256

    749fb0c43764959a2891579f866db1e9799061d0518c98a74ab064e3e4619bc5

    SHA512

    344dc2b3b7a06d3706955f8366110b10b65b044a6f2f68bf35a8d96177c72ae1e3c026463e9777dd8a90224beb27b1936dd6c5e6b1b626f2367de57d7d880cbb

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd678A.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd678A.tmp\Time.dll
    Filesize

    10KB

    MD5

    38977533750fe69979b2c2ac801f96e6

    SHA1

    74643c30cda909e649722ed0c7f267903558e92a

    SHA256

    b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

    SHA512

    e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd678A.tmp\mt.dll
    Filesize

    5KB

    MD5

    aac69f856c4540edd4ef7ce6c8571639

    SHA1

    2860f55ea9774d631219e66604051e90a43258b7

    SHA256

    6dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd

    SHA512

    ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd678A.tmp\nsisos.dll
    Filesize

    5KB

    MD5

    69806691d649ef1c8703fd9e29231d44

    SHA1

    e2193fcf5b4863605eec2a5eb17bf84c7ac00166

    SHA256

    ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

    SHA512

    5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb

    Download Submit