Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    04/02/2024, 16:49

General

  • Target

    FM4ffx.exe

  • Size

    319KB

  • MD5

    fe768a6b82ed2a59c58254eae67b8cf9

  • SHA1

    3dad9bf5011fb73b9be2fe6c601bb6281a3ceaf6

  • SHA256

    3ac3c700060a0487060724f3fd22faf70d5f633e69401641964d7ba4d6e6e570

  • SHA512

    3d8caadc61ea127bd0e3d01f35274a2ebfa34a0ac12b0932988300d011347f74a09c2bf3c85e58bfbe5200288c6e6f100b4f08916d23e56d7b52a70130aad14b

  • SSDEEP

    6144:Ve34G2ct7JdUwA2UL4iCPfAHfWpR+0BmiBEaiXLoyX:Et9BHjAupYMmyk7R

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe
    "C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe"
    1⤵
    • Loads dropped DLL
    PID:2344

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nsd921.tmp

          Filesize

          878B

          MD5

          1feeeeff7a189fb24b2ed2ebec203234

          SHA1

          35d8958cb9db3d47008dae0677793677008bcc86

          SHA256

          a403c871fd9bff63f13c478e3e68f534842ff0f44b863519aa38577da95e5229

          SHA512

          f182ce10f2598aa6ae2005b21c64d3157a268e62eba2a87da2035bfea2c3d5774059bc88a375740fe58789afea9cedb71832d0771e6fc2b6c07064b4610f06aa

        • C:\Users\Admin\AppData\Local\Temp\nsd9C1.tmp

          Filesize

          105B

          MD5

          d66b7c36887a3a1f869cd8b637cc43b6

          SHA1

          2e7ad1e83bbe8ae41a119efcaaede2bc82e9d8db

          SHA256

          d7516cb11c81e5ef2e0c7cffa7175c3a7f36f945e788a27024fdc79443fdda45

          SHA512

          155ba55e437c52f3f53d27750fb8365f3489c08a00a8a842610d9d2687aaa067add493273caf5b49fe4bff39eca917eb3f4b4bcb58537119b3ce82e3ed40ceb8

        • C:\Users\Admin\AppData\Local\Temp\nsd9C2.tmp

          Filesize

          181B

          MD5

          6d6ceaa3b759c67e2a3df7f03502790c

          SHA1

          d2fcb5722fc94dd8bb03a7dbf383e778c52570bc

          SHA256

          88e9452df1cb01b7383e20bea98c1fc4402de0bceab799dea021632cb2b8147a

          SHA512

          569d8104c34cceb9e354d1f27c161f5377d1d8cbdad01bcb15c8ba4cae5fbdc2e214e0581c75ccc2667d2e9507dbd2c1344c147c8626102631c03e97c5c2244b

        • C:\Users\Admin\AppData\Local\Temp\nsi89E.tmp

          Filesize

          541B

          MD5

          f98c691f211671767c7903223a1d6b85

          SHA1

          9fb11afc626480978d618beefe50d7861ef3d4d4

          SHA256

          8b33e7f48e6c277bb6756971a37a31596d2994d493496fe2111c70ea6be7f25f

          SHA512

          4125a514a7de4008ac2a2b23a77a5ffa32f9f74805c9b174806e52cccec5ec540b1484fd76d36f3b3adbfa1e0fdb8d1c7bab09eecb4ec968c9f954dbeaf92d87

        • C:\Users\Admin\AppData\Local\Temp\nsi8F0.tmp

          Filesize

          774B

          MD5

          88811edf8672e2705fb0e11df8c0c164

          SHA1

          31ccb974879c422a96606354d32c5f0a10ef1e77

          SHA256

          decfc0ffe02980a1b4995648e59eeb72fba04b7ceda82ad16393f9a76ed2f797

          SHA512

          ca04521eed6d4de335abb0a69ff3718f4e21e2491fa8e9e6ef84c796546ba17bf36295645288685c5b69995fee1dd18ccd5e5225590340754c6010149175cb79

        • C:\Users\Admin\AppData\Local\Temp\nsi9E5.tmp

          Filesize

          412B

          MD5

          095aced55997d16a64d8e8ed9b409685

          SHA1

          d6a123bab87054f678f72f0d548edd1fc9b0a8bb

          SHA256

          ae964d05e67fb8315072a3d7c2c85ef5874911bc2d97b99133be0825530d60c5

          SHA512

          596bd3bdaaa1517a57525902c8cc366a5f1da7d46a7e5779215172fefd15dec6d8dfd7453c76155bc9ce2d13b918e0408d2d7f422ac472b4bda7a1da8f842200

        • C:\Users\Admin\AppData\Local\Temp\nsiA3A.tmp

          Filesize

          779B

          MD5

          dfa2f7292eacbabf79e5bfd7e796c4f6

          SHA1

          d369891bcabf20cbc7c72ea77279ff7a4d53ebb9

          SHA256

          2165041c264eb2cc1487c7e4bc1d1dcd27e3a72db6add3029470873fed120469

          SHA512

          2b8af8ff1daa38803dbec1f370a9eb69a415a7b2e26a7e8d32705cdcc1100145770392290979ad6e744d52a033bc2d47ff7fe1a6a01d96e91e8e7bb6064f7fc5

        • C:\Users\Admin\AppData\Local\Temp\nso8BF.tmp

          Filesize

          597B

          MD5

          1cec8ff3235fd6ac532e19037bb2c0ef

          SHA1

          11ade71dd27409df9526bccf4eb37247ec1b2fce

          SHA256

          c1a2a2e23a366313aadab46eca61784f5f8c7d381d00860e6b10ef44b09544f4

          SHA512

          32f411503002f96d94cd1a6bae2b6d0b162be07650857d95cb3bc85b088e7a6be802e615fa0611a3c709a604be3af215be3e315d11423b42afb95e81ff92e9ec

        • C:\Users\Admin\AppData\Local\Temp\nso911.tmp

          Filesize

          825B

          MD5

          22d7353ea9118e85cfeec0d341cc4f28

          SHA1

          2eddc36a457f80d04cfd029b87b8e5755a8383c0

          SHA256

          a68b7aeed582ac0025002ac3087322087820792ed4f2946fe66e096fb2f77aa9

          SHA512

          18c1b46fe11fd14e9c14fadab26646a7ccaefe72090c6bf8b5850f5b60505c08051aaaceeafa85fd2f0afbfb173c04f41d20b1504e9983a731a950e7f5fcf0b0

        • C:\Users\Admin\AppData\Local\Temp\nso962.tmp

          Filesize

          980B

          MD5

          f7ccfecdabf7c994884fa40ee9928ab4

          SHA1

          e71598817a75af9dd660ee66ccdbc10c46c17397

          SHA256

          7536d33370906b212c21f7ec9956a27c1eb8a1a02af8fc2950eedd87127f5b42

          SHA512

          df83e8946a6e407f09f9e5560a51bf715eec5a1cedb7c53b364f2a16ada7a70e382976b5d26b42a1d954d327e8c0ece57a82de74ef84f27cc0cc3264c496f37c

        • C:\Users\Admin\AppData\Local\Temp\nst88E.tmp

          Filesize

          486B

          MD5

          9eb0eb41b49d58ede28de452d27fca02

          SHA1

          2cdf8748b76f09f4847fbf88ac04ba4aae3cd09d

          SHA256

          7bc588765a400eaf24ff8ed5d7eedefb15530a3b4627f84d7063c505d906013b

          SHA512

          7adea8958d7ac3f2c893771240b69cb89b421cb873bddb088f05a16f331df1f4843f10933d043a96c1ebd928d978788d4724d1647ffa68aa458b4811db556043

        • C:\Users\Admin\AppData\Local\Temp\nst8E0.tmp

          Filesize

          719B

          MD5

          755a9d1824ac1541e12a5360f8134f9c

          SHA1

          6d7a156b3eef692994d26db63a923434a8b7f3a6

          SHA256

          e675b4b28b1984647cf05639c8ff2df9669a52b916e681414d41776a867dd8b4

          SHA512

          9c62ffa640f348f56e62dba7ec178183dc1ab6ee6f3414de90ec33a2e479a74bb729af2d359d9c04888f462bf8307a9cc92eaceb54be6ead981f2b070fefa777

        • C:\Users\Admin\AppData\Local\Temp\nst9D3.tmp

          Filesize

          236B

          MD5

          753e040a2cd174a9b0384835966e9b4a

          SHA1

          af5ebe3795f3142f1342ba96baf2d25e82c7d8b1

          SHA256

          c1f11382b48063d08865e3f6b607ef563015d4e795526ed75d6b9536c143a2b4

          SHA512

          710e0b8a67450783a43a7df9a3f151ff90d65548c1f3d54bcb17ad28d85d20f13f822adffe0dbf04befda081c3dee9a0e61290c3c8127bc13c314874a3f6caa6

        • C:\Users\Admin\AppData\Local\Temp\nst9D5.tmp

          Filesize

          347B

          MD5

          8cf8d21c5231ab97e59a7a8cfada4e15

          SHA1

          b1f286cc12991c4d91c83840a8d872ee962943c9

          SHA256

          e217c04c0abb6822e23527994c843ae98ebc39b0212cf6cb7e66ae833a79de54

          SHA512

          e2974b57b7e265c200317d4f124532cce57210012e519316babd6736c5caaa355d6b70bce0ec161b6364de55abdaccb962d6830dfb65fa1b893e267f2f5bf56d

        • C:\Users\Admin\AppData\Local\Temp\nstA2A.tmp

          Filesize

          730B

          MD5

          005c6a04e62dac8119b07da481b2bcd1

          SHA1

          09c5ce1664cbc1eaea25e789ff0e1d2d6e9e6021

          SHA256

          078e3b207ff862510c73500c45492673085d371943efe43209c03c656c65f3a7

          SHA512

          951283b085048569669c7a1fe873491c3c76ffd6e76b05c1d3a4e91087986ff24f0b7660d4220c41149c962c49cd841845f109fabd7c87c0e836670c369c5d6a

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.Admin\user.js

          Filesize

          431B

          MD5

          4334157ad7d88e632243b799d5140615

          SHA1

          bbedeca300da3dc17ca1d91131dae7c845364056

          SHA256

          343282b37f7f4322f68212f46f34d68f4d5e4ecde7ca5853876a11c9ebe3343e

          SHA512

          0021ad96ff2e18b3accaff5025e94c04c45378bc37e4f7ae262034ccbcf90e310e6312ee0f67ed4f963381601077fc6d9bc2212c6d0d64f1b119557a84db11a3

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.Admin\user.js

          Filesize

          930B

          MD5

          696d0df31cc5ece78623d32a05997a4a

          SHA1

          58f40fbf47c61e552db8715be09a030d7052bcd7

          SHA256

          748d4cd7b7ed9178e26acbe7ef4d47a6a3356523cbbaf168a8b2551165f26bbf

          SHA512

          2caa53e8305592c8da4358ea1b5a1f9064083d26201712418e2df253f059394ab139f9f11b607dc53b44d86b145e0b6d8898f0646b3d3afbd0d83908913845ef

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\user.js

          Filesize

          469B

          MD5

          846e35e4173c95ab9bd64c7a86330719

          SHA1

          2a3ee9900fe67ec18d84ffce892c92962f22b69c

          SHA256

          5659d391be8aebb4d03df9b7bcce1eaa23503011c66c20add8bb0b31fef6e152

          SHA512

          ee52133ed67f0a09663d93374d28f3cdb41b9d80121c54b3ec2f1211935fc0a4f1a9e8d473b220ea7393bfc9cd22ef16b02639c6d0086906b2c5c629137efa8f

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\user.js

          Filesize

          575B

          MD5

          f207df3ed104e047043ad40137bd2464

          SHA1

          4833c30bd317750e2be8414eb3392f2827841219

          SHA256

          47f1807337aad9eece91642dd88194fbe6f48e2f3f319ad2c19be84b98ebfb28

          SHA512

          581f45a842fa4586d302cef4c2d1aeaeeb0a0a82877f255dba2df27b67e86b850048f5a225f822aa96d4ec86168f5875813d8443a23cef1b5263440700502531

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\user.js

          Filesize

          680B

          MD5

          5f8d45256e4109595182f99b792c9624

          SHA1

          e7eb829852f8d12c546d183d960c7228d7b2ec83

          SHA256

          5f73d2ba93aaf62cd516803dbe388eaf95dedb312202335a96a167226a811599

          SHA512

          b351e8e6d0f5984f5b904e29e18a34e697c6580b9d6192f6ebc46a9f8b352f397d5b7c50806707e7f856671bf9b04ef36c6eb883659fed9fb4b06165ecf1820e

        • \Users\Admin\AppData\Local\Temp\nsd7DE.tmp\System.dll

          Filesize

          11KB

          MD5

          c17103ae9072a06da581dec998343fc1

          SHA1

          b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

          SHA256

          dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

          SHA512

          d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

        • \Users\Admin\AppData\Local\Temp\nsd7DE.tmp\Time.dll

          Filesize

          10KB

          MD5

          38977533750fe69979b2c2ac801f96e6

          SHA1

          74643c30cda909e649722ed0c7f267903558e92a

          SHA256

          b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

          SHA512

          e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

        • \Users\Admin\AppData\Local\Temp\nsd7DE.tmp\mt.dll

          Filesize

          5KB

          MD5

          aac69f856c4540edd4ef7ce6c8571639

          SHA1

          2860f55ea9774d631219e66604051e90a43258b7

          SHA256

          6dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd

          SHA512

          ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd

        • \Users\Admin\AppData\Local\Temp\nsd7DE.tmp\nsisos.dll

          Filesize

          5KB

          MD5

          69806691d649ef1c8703fd9e29231d44

          SHA1

          e2193fcf5b4863605eec2a5eb17bf84c7ac00166

          SHA256

          ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

          SHA512

          5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb