Analysis

  • max time kernel
    143s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/02/2024, 16:49

General

  • Target

    FM4ffx.exe

  • Size

    319KB

  • MD5

    fe768a6b82ed2a59c58254eae67b8cf9

  • SHA1

    3dad9bf5011fb73b9be2fe6c601bb6281a3ceaf6

  • SHA256

    3ac3c700060a0487060724f3fd22faf70d5f633e69401641964d7ba4d6e6e570

  • SHA512

    3d8caadc61ea127bd0e3d01f35274a2ebfa34a0ac12b0932988300d011347f74a09c2bf3c85e58bfbe5200288c6e6f100b4f08916d23e56d7b52a70130aad14b

  • SSDEEP

    6144:Ve34G2ct7JdUwA2UL4iCPfAHfWpR+0BmiBEaiXLoyX:Et9BHjAupYMmyk7R

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe
    "C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe"
    1⤵
    • Loads dropped DLL
    PID:4580

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nsc65DF.tmp\System.dll

          Filesize

          11KB

          MD5

          c17103ae9072a06da581dec998343fc1

          SHA1

          b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

          SHA256

          dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

          SHA512

          d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

        • C:\Users\Admin\AppData\Local\Temp\nsc65DF.tmp\Time.dll

          Filesize

          10KB

          MD5

          38977533750fe69979b2c2ac801f96e6

          SHA1

          74643c30cda909e649722ed0c7f267903558e92a

          SHA256

          b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

          SHA512

          e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

        • C:\Users\Admin\AppData\Local\Temp\nsc65DF.tmp\mt.dll

          Filesize

          5KB

          MD5

          aac69f856c4540edd4ef7ce6c8571639

          SHA1

          2860f55ea9774d631219e66604051e90a43258b7

          SHA256

          6dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd

          SHA512

          ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd

        • C:\Users\Admin\AppData\Local\Temp\nsc65DF.tmp\nsisos.dll

          Filesize

          5KB

          MD5

          69806691d649ef1c8703fd9e29231d44

          SHA1

          e2193fcf5b4863605eec2a5eb17bf84c7ac00166

          SHA256

          ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

          SHA512

          5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb

        • C:\Users\Admin\AppData\Local\Temp\nsd680B.tmp

          Filesize

          774B

          MD5

          1c8929492492a4a6a546d90e36452614

          SHA1

          ff178d11dc8c4b4613541dcc275c4e617ffc6e8a

          SHA256

          af9e13c1ecf82469cb02765da7ca884d96f5f7d8bc7e7f9df81f8060c23bfabb

          SHA512

          c8a0cf29ab884377f8cd186b15cdbf486f45d2593aa9250264e7535af36763e3263aca7233ecc4a2c618c15f550856018ccfc539461a4e16d04d1c1f429cfc6a

        • C:\Users\Admin\AppData\Local\Temp\nsd6998.tmp

          Filesize

          181B

          MD5

          8cc6452e850a8e1d0339bf2618177e75

          SHA1

          c6bdd9b8a86b3171ff622b6625bccd419677ff31

          SHA256

          2c6a66169f4e91de638900a80c295c0ae0ae3c7976e6ff8bb449707a78e3a45d

          SHA512

          abf38fc2281240c17723b41ca144bc83d4955fa4795febf70edf6819ec47eaad58dd93036f75d4624195e222f5c10dd0e5f7406bc3aed6926776ac7ea8b5b342

        • C:\Users\Admin\AppData\Local\Temp\nsi673C.tmp

          Filesize

          541B

          MD5

          718e52a1d6be1cc8509b395a8d6a592a

          SHA1

          91f8f416d21852cad8e70243c9bdfb764b9ece6c

          SHA256

          7e25cea8f96b5fa6e4fb2476df599d5c4e6864d7215f36f6cb14b2e444861b28

          SHA512

          744286444d3dd90844c66fe5bba10d7718b9a062d200b9707a4d5dbb46bf6974ba137172841a9ebc72683f591e5cf9ed04b533012d20ca7fcde0c8dd204da984

        • C:\Users\Admin\AppData\Local\Temp\nsi678B.tmp

          Filesize

          597B

          MD5

          fd6c8feefdc8bfa22cc4ed7e001a1207

          SHA1

          d7ae2eaf83bd5bc887316e9f0d7cdc28730ebb0f

          SHA256

          b2403423d8192df692e3303e97e702e5b25833a3fc49b6fcab781e2d285d5586

          SHA512

          3fa13055bf3187ef811e10fb34b41e4f755e0c1d22c9bf07650bf08707a9d8e7aa01c9971e110e2f12712ab666ba712b27c7be6473805c1ebeef562a21cf3eb6

        • C:\Users\Admin\AppData\Local\Temp\nsj69BB.tmp

          Filesize

          347B

          MD5

          c9f6532768b8ca55799f110a3bdbaf8d

          SHA1

          b94f312720b55e63e1896998fb6332c3a3547436

          SHA256

          6f6d9975e2547fbcc45f2975693f03d20fdb4e2f939e60a66bdc5a969fab6f77

          SHA512

          910b67f863e383efb14c300c76f0bdfbdac3237967c5ce3500c82ddbfb1ac3071dcfb8cdc238468377835ffd347536f3c5239330d0b70d93d60f7c653eae1342

        • C:\Users\Admin\AppData\Local\Temp\nsj6A5E.tmp

          Filesize

          730B

          MD5

          30dbc329cdaa4e740e238b940e75c3c0

          SHA1

          64b71912a7d6f4cfc05fde8944f0c29327418d3f

          SHA256

          209b38c8ce14f31db12074182829fa2949223b8e10ac4f447fcfe97efbc26068

          SHA512

          d18c7232829e693256b0d3942111dbe1dcd1fd6c03cf04d9687df4f5290f9755ae71e18c6bd34cdbee3ab63cf7f6120615103b5f54a98a22330bf726486d5194

        • C:\Users\Admin\AppData\Local\Temp\nsn670C.tmp

          Filesize

          486B

          MD5

          180fd0af453438d2b82e5d360f9ececf

          SHA1

          3ccefd73decfef7ba9eca3746e2f009d43ddd5d3

          SHA256

          d1ca34d5cc1f42be9c989c1debb2c3fe65a9b2d4e6a400b47f3350de49b4999f

          SHA512

          9e80baeba4976dab6a19a56ae4f2aa54846c1494d34cee6f24e0bd2752ccb6b76881ee149364cd14f1a2437fc4a60aca6f060e913bb2dedcc5acd2dbd7a3952f

        • C:\Users\Admin\AppData\Local\Temp\nso68EB.tmp

          Filesize

          1KB

          MD5

          2d306fb7be8000158ff6be23611b808a

          SHA1

          2ab36b9240191c41b1edb540b59b160c5e30be3b

          SHA256

          8d710396991fd7bafa4f13f7c1bf148d09b7254dcf0e1d2d246ccde3da506880

          SHA512

          eced556e0c340b70a2fec67c174390e959a48df90664b73f6c0c6056b84e7f0647823e73ac9099883c3bc797b790df12e5133d6ff7631e1f72597c1b7ce073bf

        • C:\Users\Admin\AppData\Local\Temp\nso69DC.tmp

          Filesize

          469B

          MD5

          11dbaf06acb6b146c476005a969bfdeb

          SHA1

          72d15eb58cf394723198b5e14a9fd2c8629bf516

          SHA256

          a95d22b584c1f23519ef2b3e9ad4a9c50d81f9249737ef717625125b28588c1a

          SHA512

          9b4f13d0e5f189c5e4ec955f438096843cfbc1942087c9d010ff42382741a3f4b8adafa3df0b25dd190ee29af5aada69218625873999e5b6f3e694edd03d62bf

        • C:\Users\Admin\AppData\Local\Temp\nso6A7E.tmp

          Filesize

          779B

          MD5

          a29437f9a54b038545c0a4f508f577e3

          SHA1

          a2a08ca33997a838254d794149227f4976b01b88

          SHA256

          c5dd85e676ca02cb1ce5b95dd02b7146e8b18fc56df5d9713cc91654d037b678

          SHA512

          ba0e3a6a7dab51268f6ca0fab1df4ae824c655af8625ab7a46f254bb05ed57a2f4fdf1ccdbbb58afa8842ce9c33fdecd19ba628d774d34e72b65deaf78f77269

        • C:\Users\Admin\AppData\Local\Temp\nst6A4D.tmp

          Filesize

          680B

          MD5

          aa0339921924526249500ab4eb6a1990

          SHA1

          569fcd45d59bbbb7db89097a57a8f0656fe407da

          SHA256

          d68c9f1b1c48416c17010a953849c27e7a79694df4be81674946b41c0d11c5a8

          SHA512

          0d67a07c69441e0856439fa576d7559d446c3b6d6b2e0165d85e01441b9e3d50ae45475de486575584061d403cc16ca73f3efb3439d9d8c53a8b19952de4b3f6

        • C:\Users\Admin\AppData\Local\Temp\nsy67EB.tmp

          Filesize

          719B

          MD5

          56a1503a804744597d77c4a355c70854

          SHA1

          17ece3d0b331f208bb419e973ece1b32cdcf97ec

          SHA256

          c95700f0497469b4dd61bbb4ce6d0169ac8b86bc2297e17e884c5a44e4f89506

          SHA512

          e824d8e49c10bb092c8c9fa94c85fc9352b0df2ec0f826b3163f25566946f9cbb1901965cf2580ebcfedb06e7d70a39614f7cbb369dc74413faaa4eab6fb1b64

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlpp4n1x.Admin\user.js

          Filesize

          431B

          MD5

          b1c9d23c622a51406665dc62c01e98e2

          SHA1

          6d96252d410c62d20ec32f39a872b2edf9e33a69

          SHA256

          2cc2adbd5a33dd2d2cb2b9d24d671a3ddb930501dc63e386e438c1e7edbb31fa

          SHA512

          e17d26f914f84ee4644a202337291ef0ff97e8bbc8a68a762233bf98e711b57248785ad7dbf40c6aed91b02ba0bd64c68b7584a935369283b46eaca940051e08

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlpp4n1x.Admin\user.js

          Filesize

          662B

          MD5

          5c5d55e1443ef14f519d144431e218ff

          SHA1

          7558b477709271bfa455be2142c0128bb5d2d126

          SHA256

          9e8ca55b0f36e2cd9322c77d2a0b0cf6e10b16bcf5d2652bbbf0afda3f6c051c

          SHA512

          3d151a4eec17341737f0238b94422328a78284a936fd0ce7344797271ed8c0698ddca4ebfae06f8477fc285f8dec800a983411e46b78ba4df28ffda93e189cdb

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlpp4n1x.Admin\user.js

          Filesize

          930B

          MD5

          cb57a9d4fa8359b3f1a9286270076d58

          SHA1

          8ec708f52ec24002eb95d01019a14d2feb99d20d

          SHA256

          33e71a70b9840e32de0e0370181f40aed64e5cd51328f4c79bca3384b2425e0f

          SHA512

          ae21c426490e53f203cd2161db758ab4e3d805c0e7304066613f4e27490e2bcb86f062eaf8ad5576a2de59d259e4ab46d818222038ea7821b0c4ae2682c1c252

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlpp4n1x.Admin\user.js

          Filesize

          980B

          MD5

          9df8912833d848bba5868b4f6553a278

          SHA1

          4cc3161616de3f119bdc3903a9ddf91012dedc87

          SHA256

          71f5ae1f999ac82d7a534f89ed9dceeda047c71d73b2f2b4673792ef16909107

          SHA512

          6bdc593cecce2d4f01ed07b205122e4643e82f4409b7e2a9b3b0a14b8b68283df6747ed08284391e9f0f134032478deef9ab826cdb07c175e5b7969d3252e349

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p6p4nphm.default-release\user.js

          Filesize

          412B

          MD5

          823d0e37e8380caad4df2b7194748ae5

          SHA1

          c8b68e67fb0ce12c3bf762aa12ca3e8b64354d69

          SHA256

          6d093ed1cd986fb0de259a8fd3b7636145804f2d881a7bcdda354b59e2e054f3

          SHA512

          5cd1bb066011bb7103969b1df2d05dfc2c16e2f97e1dd11f601ebb443f1c17abe666294b5ff19e195f59edf82128b645b664c2f15b2020376ee920d88559afb0

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p6p4nphm.default-release\user.js

          Filesize

          524B

          MD5

          27802ab75f5e987ea5d9cf13bd57dab5

          SHA1

          00325cdcaba60d5e9ad16cefabec08de0675c984

          SHA256

          4b129fe7e22573a89c6ef9ecfc33ec75d4feaca47a27dcf0cc86f72fc2eb1691

          SHA512

          cafb6e5605c1a59561e607649c23068d9b3303cff6a6c4f99eedd05487c5dd8b4c5b43fe473318dcae4199984c59e0671256e8ec9157789d559287bf22f629e2

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p6p4nphm.default-release\user.js

          Filesize

          628B

          MD5

          0e108918b85c38c905422635bfa12943

          SHA1

          660b35431674cff7c4e0ba8122506675013763f5

          SHA256

          6512ee79eb3556739c0635808ab7d65b7594d1baaee6b85352b83196a69fd806

          SHA512

          45c5f1847fdeb80308835da4381c8aa6788eb78d51710c63e1c58915b330319d295af35a91619f78392c2825bb6ce4c7e334ad33a554b4baf1a1beab36822f72

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p6p4nphm.default-release\user.js

          Filesize

          236B

          MD5

          4d6dff940b7281903cab136ee933bd12

          SHA1

          8e29bd0ea6f36deb72e56ef049171fd8196cef02

          SHA256

          97dcef51fcff72bade73984593e54b357116d39e8645dcd061c4615588a2dcb4

          SHA512

          29f9ac54dacb9463ae8bb5f9bf795f4ddaefcdc8969485fa9f5134f497a424bc1e5a8ff6833d37f4799dcb024ead27e2f39b08ca0df3eb1598cdde9240be89e1