Overview
overview
7Static
static
78fa9719792...fc.exe
windows7-x64
78fa9719792...fc.exe
windows10-2004-x64
7$LOCALAPPD...ds.exe
windows7-x64
7$LOCALAPPD...ds.exe
windows10-2004-x64
7$PLUGINSDI...Ex.dll
windows7-x64
3$PLUGINSDI...Ex.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
1$PLUGINSDI...ns.dll
windows10-2004-x64
1$PLUGINSDI...ad.dll
windows7-x64
3$PLUGINSDI...ad.dll
windows10-2004-x64
3$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...es.dll
windows7-x64
3$PLUGINSDI...es.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/Time.dll
windows7-x64
3$PLUGINSDIR/Time.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...ef.dll
windows7-x64
3$PLUGINSDI...ef.dll
windows10-2004-x64
3$PLUGINSDIR/mt.dll
windows7-x64
1$PLUGINSDIR/mt.dll
windows10-2004-x64
1$PLUGINSDI...os.dll
windows7-x64
3$PLUGINSDI...os.dll
windows10-2004-x64
1FM4ffx.exe
windows7-x64
7FM4ffx.exe
windows10-2004-x64
7$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
04/02/2024, 16:49
Behavioral task
behavioral1
Sample
8fa9719792d0704543e239c4546b05fc.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
8fa9719792d0704543e239c4546b05fc.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
$LOCALAPPDATA/funmoods.exe
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
$LOCALAPPDATA/funmoods.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/ExtractDLLEx.dll
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/ExtractDLLEx.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/IEFunctions.dll
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/IEFunctions.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/InetLoad.dll
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/InetLoad.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20231215-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/Processes.dll
Resource
win7-20231129-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/Processes.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231215-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/Time.dll
Resource
win7-20231215-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/Time.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20231215-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/chrmPref.dll
Resource
win7-20231215-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/chrmPref.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/mt.dll
Resource
win7-20231215-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/mt.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/nsisos.dll
Resource
win7-20231129-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/nsisos.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral27
Sample
FM4ffx.exe
Resource
win7-20231129-en
Behavioral task
behavioral28
Sample
FM4ffx.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20231215-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231215-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20231215-en
General
-
Target
FM4ffx.exe
-
Size
319KB
-
MD5
fe768a6b82ed2a59c58254eae67b8cf9
-
SHA1
3dad9bf5011fb73b9be2fe6c601bb6281a3ceaf6
-
SHA256
3ac3c700060a0487060724f3fd22faf70d5f633e69401641964d7ba4d6e6e570
-
SHA512
3d8caadc61ea127bd0e3d01f35274a2ebfa34a0ac12b0932988300d011347f74a09c2bf3c85e58bfbe5200288c6e6f100b4f08916d23e56d7b52a70130aad14b
-
SSDEEP
6144:Ve34G2ct7JdUwA2UL4iCPfAHfWpR+0BmiBEaiXLoyX:Et9BHjAupYMmyk7R
Malware Config
Signatures
-
Loads dropped DLL 64 IoCs
pid Process 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe 2344 FM4ffx.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
878B
MD51feeeeff7a189fb24b2ed2ebec203234
SHA135d8958cb9db3d47008dae0677793677008bcc86
SHA256a403c871fd9bff63f13c478e3e68f534842ff0f44b863519aa38577da95e5229
SHA512f182ce10f2598aa6ae2005b21c64d3157a268e62eba2a87da2035bfea2c3d5774059bc88a375740fe58789afea9cedb71832d0771e6fc2b6c07064b4610f06aa
-
Filesize
105B
MD5d66b7c36887a3a1f869cd8b637cc43b6
SHA12e7ad1e83bbe8ae41a119efcaaede2bc82e9d8db
SHA256d7516cb11c81e5ef2e0c7cffa7175c3a7f36f945e788a27024fdc79443fdda45
SHA512155ba55e437c52f3f53d27750fb8365f3489c08a00a8a842610d9d2687aaa067add493273caf5b49fe4bff39eca917eb3f4b4bcb58537119b3ce82e3ed40ceb8
-
Filesize
181B
MD56d6ceaa3b759c67e2a3df7f03502790c
SHA1d2fcb5722fc94dd8bb03a7dbf383e778c52570bc
SHA25688e9452df1cb01b7383e20bea98c1fc4402de0bceab799dea021632cb2b8147a
SHA512569d8104c34cceb9e354d1f27c161f5377d1d8cbdad01bcb15c8ba4cae5fbdc2e214e0581c75ccc2667d2e9507dbd2c1344c147c8626102631c03e97c5c2244b
-
Filesize
541B
MD5f98c691f211671767c7903223a1d6b85
SHA19fb11afc626480978d618beefe50d7861ef3d4d4
SHA2568b33e7f48e6c277bb6756971a37a31596d2994d493496fe2111c70ea6be7f25f
SHA5124125a514a7de4008ac2a2b23a77a5ffa32f9f74805c9b174806e52cccec5ec540b1484fd76d36f3b3adbfa1e0fdb8d1c7bab09eecb4ec968c9f954dbeaf92d87
-
Filesize
774B
MD588811edf8672e2705fb0e11df8c0c164
SHA131ccb974879c422a96606354d32c5f0a10ef1e77
SHA256decfc0ffe02980a1b4995648e59eeb72fba04b7ceda82ad16393f9a76ed2f797
SHA512ca04521eed6d4de335abb0a69ff3718f4e21e2491fa8e9e6ef84c796546ba17bf36295645288685c5b69995fee1dd18ccd5e5225590340754c6010149175cb79
-
Filesize
412B
MD5095aced55997d16a64d8e8ed9b409685
SHA1d6a123bab87054f678f72f0d548edd1fc9b0a8bb
SHA256ae964d05e67fb8315072a3d7c2c85ef5874911bc2d97b99133be0825530d60c5
SHA512596bd3bdaaa1517a57525902c8cc366a5f1da7d46a7e5779215172fefd15dec6d8dfd7453c76155bc9ce2d13b918e0408d2d7f422ac472b4bda7a1da8f842200
-
Filesize
779B
MD5dfa2f7292eacbabf79e5bfd7e796c4f6
SHA1d369891bcabf20cbc7c72ea77279ff7a4d53ebb9
SHA2562165041c264eb2cc1487c7e4bc1d1dcd27e3a72db6add3029470873fed120469
SHA5122b8af8ff1daa38803dbec1f370a9eb69a415a7b2e26a7e8d32705cdcc1100145770392290979ad6e744d52a033bc2d47ff7fe1a6a01d96e91e8e7bb6064f7fc5
-
Filesize
597B
MD51cec8ff3235fd6ac532e19037bb2c0ef
SHA111ade71dd27409df9526bccf4eb37247ec1b2fce
SHA256c1a2a2e23a366313aadab46eca61784f5f8c7d381d00860e6b10ef44b09544f4
SHA51232f411503002f96d94cd1a6bae2b6d0b162be07650857d95cb3bc85b088e7a6be802e615fa0611a3c709a604be3af215be3e315d11423b42afb95e81ff92e9ec
-
Filesize
825B
MD522d7353ea9118e85cfeec0d341cc4f28
SHA12eddc36a457f80d04cfd029b87b8e5755a8383c0
SHA256a68b7aeed582ac0025002ac3087322087820792ed4f2946fe66e096fb2f77aa9
SHA51218c1b46fe11fd14e9c14fadab26646a7ccaefe72090c6bf8b5850f5b60505c08051aaaceeafa85fd2f0afbfb173c04f41d20b1504e9983a731a950e7f5fcf0b0
-
Filesize
980B
MD5f7ccfecdabf7c994884fa40ee9928ab4
SHA1e71598817a75af9dd660ee66ccdbc10c46c17397
SHA2567536d33370906b212c21f7ec9956a27c1eb8a1a02af8fc2950eedd87127f5b42
SHA512df83e8946a6e407f09f9e5560a51bf715eec5a1cedb7c53b364f2a16ada7a70e382976b5d26b42a1d954d327e8c0ece57a82de74ef84f27cc0cc3264c496f37c
-
Filesize
486B
MD59eb0eb41b49d58ede28de452d27fca02
SHA12cdf8748b76f09f4847fbf88ac04ba4aae3cd09d
SHA2567bc588765a400eaf24ff8ed5d7eedefb15530a3b4627f84d7063c505d906013b
SHA5127adea8958d7ac3f2c893771240b69cb89b421cb873bddb088f05a16f331df1f4843f10933d043a96c1ebd928d978788d4724d1647ffa68aa458b4811db556043
-
Filesize
719B
MD5755a9d1824ac1541e12a5360f8134f9c
SHA16d7a156b3eef692994d26db63a923434a8b7f3a6
SHA256e675b4b28b1984647cf05639c8ff2df9669a52b916e681414d41776a867dd8b4
SHA5129c62ffa640f348f56e62dba7ec178183dc1ab6ee6f3414de90ec33a2e479a74bb729af2d359d9c04888f462bf8307a9cc92eaceb54be6ead981f2b070fefa777
-
Filesize
236B
MD5753e040a2cd174a9b0384835966e9b4a
SHA1af5ebe3795f3142f1342ba96baf2d25e82c7d8b1
SHA256c1f11382b48063d08865e3f6b607ef563015d4e795526ed75d6b9536c143a2b4
SHA512710e0b8a67450783a43a7df9a3f151ff90d65548c1f3d54bcb17ad28d85d20f13f822adffe0dbf04befda081c3dee9a0e61290c3c8127bc13c314874a3f6caa6
-
Filesize
347B
MD58cf8d21c5231ab97e59a7a8cfada4e15
SHA1b1f286cc12991c4d91c83840a8d872ee962943c9
SHA256e217c04c0abb6822e23527994c843ae98ebc39b0212cf6cb7e66ae833a79de54
SHA512e2974b57b7e265c200317d4f124532cce57210012e519316babd6736c5caaa355d6b70bce0ec161b6364de55abdaccb962d6830dfb65fa1b893e267f2f5bf56d
-
Filesize
730B
MD5005c6a04e62dac8119b07da481b2bcd1
SHA109c5ce1664cbc1eaea25e789ff0e1d2d6e9e6021
SHA256078e3b207ff862510c73500c45492673085d371943efe43209c03c656c65f3a7
SHA512951283b085048569669c7a1fe873491c3c76ffd6e76b05c1d3a4e91087986ff24f0b7660d4220c41149c962c49cd841845f109fabd7c87c0e836670c369c5d6a
-
Filesize
431B
MD54334157ad7d88e632243b799d5140615
SHA1bbedeca300da3dc17ca1d91131dae7c845364056
SHA256343282b37f7f4322f68212f46f34d68f4d5e4ecde7ca5853876a11c9ebe3343e
SHA5120021ad96ff2e18b3accaff5025e94c04c45378bc37e4f7ae262034ccbcf90e310e6312ee0f67ed4f963381601077fc6d9bc2212c6d0d64f1b119557a84db11a3
-
Filesize
930B
MD5696d0df31cc5ece78623d32a05997a4a
SHA158f40fbf47c61e552db8715be09a030d7052bcd7
SHA256748d4cd7b7ed9178e26acbe7ef4d47a6a3356523cbbaf168a8b2551165f26bbf
SHA5122caa53e8305592c8da4358ea1b5a1f9064083d26201712418e2df253f059394ab139f9f11b607dc53b44d86b145e0b6d8898f0646b3d3afbd0d83908913845ef
-
Filesize
469B
MD5846e35e4173c95ab9bd64c7a86330719
SHA12a3ee9900fe67ec18d84ffce892c92962f22b69c
SHA2565659d391be8aebb4d03df9b7bcce1eaa23503011c66c20add8bb0b31fef6e152
SHA512ee52133ed67f0a09663d93374d28f3cdb41b9d80121c54b3ec2f1211935fc0a4f1a9e8d473b220ea7393bfc9cd22ef16b02639c6d0086906b2c5c629137efa8f
-
Filesize
575B
MD5f207df3ed104e047043ad40137bd2464
SHA14833c30bd317750e2be8414eb3392f2827841219
SHA25647f1807337aad9eece91642dd88194fbe6f48e2f3f319ad2c19be84b98ebfb28
SHA512581f45a842fa4586d302cef4c2d1aeaeeb0a0a82877f255dba2df27b67e86b850048f5a225f822aa96d4ec86168f5875813d8443a23cef1b5263440700502531
-
Filesize
680B
MD55f8d45256e4109595182f99b792c9624
SHA1e7eb829852f8d12c546d183d960c7228d7b2ec83
SHA2565f73d2ba93aaf62cd516803dbe388eaf95dedb312202335a96a167226a811599
SHA512b351e8e6d0f5984f5b904e29e18a34e697c6580b9d6192f6ebc46a9f8b352f397d5b7c50806707e7f856671bf9b04ef36c6eb883659fed9fb4b06165ecf1820e
-
Filesize
11KB
MD5c17103ae9072a06da581dec998343fc1
SHA1b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
SHA256dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
SHA512d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
Filesize
10KB
MD538977533750fe69979b2c2ac801f96e6
SHA174643c30cda909e649722ed0c7f267903558e92a
SHA256b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35
SHA512e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53
-
Filesize
5KB
MD5aac69f856c4540edd4ef7ce6c8571639
SHA12860f55ea9774d631219e66604051e90a43258b7
SHA2566dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd
SHA512ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd
-
Filesize
5KB
MD569806691d649ef1c8703fd9e29231d44
SHA1e2193fcf5b4863605eec2a5eb17bf84c7ac00166
SHA256ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6
SHA5125e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb