Analysis

  • max time kernel
    121s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04/02/2024, 20:08

General

  • Target

    FM4ffx.exe

  • Size

    319KB

  • MD5

    fe768a6b82ed2a59c58254eae67b8cf9

  • SHA1

    3dad9bf5011fb73b9be2fe6c601bb6281a3ceaf6

  • SHA256

    3ac3c700060a0487060724f3fd22faf70d5f633e69401641964d7ba4d6e6e570

  • SHA512

    3d8caadc61ea127bd0e3d01f35274a2ebfa34a0ac12b0932988300d011347f74a09c2bf3c85e58bfbe5200288c6e6f100b4f08916d23e56d7b52a70130aad14b

  • SSDEEP

    6144:Ve34G2ct7JdUwA2UL4iCPfAHfWpR+0BmiBEaiXLoyX:Et9BHjAupYMmyk7R

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe
    "C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe"
    1⤵
    • Loads dropped DLL
    PID:2376

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nsd9805.tmp

          Filesize

          774B

          MD5

          ca2ab995fc98ffabca74381df2379a0a

          SHA1

          64e1c4c5b3b4e36702b43540bc35421971382a1d

          SHA256

          3a9e787227cf97835ad102c7c078552ffa96a3d4a77477596ec5426f061451cd

          SHA512

          325636417ac43ad58c565567f6c085ae563569fe49a93513911a890760ec654ab5792ec3122a8db4b5d75c5edf87f762c60f6c1964fe276f137082ec7f014075

        • C:\Users\Admin\AppData\Local\Temp\nsd9A34.tmp

          Filesize

          524B

          MD5

          4f4e02cd97ab1e133de6df4fbfa7180d

          SHA1

          bcbaa15c165fa7d8fd3a1d77596fdc20998398b2

          SHA256

          b7fe92eb3ace7e91c326e93e8117327458763be7ad0aeed2f373278b3d505d98

          SHA512

          4375d226a2536f07c6f21729c96540c10965cdda17a94a5947fadf2a48117815469f91d8749b0ce66c532840b20db42d64349647e14d949454b6cf61ff07aadb

        • C:\Users\Admin\AppData\Local\Temp\nsj9699.tmp

          Filesize

          431B

          MD5

          d738690ce32cfe499f16941d0fbfdc93

          SHA1

          0a71594d356f0212f30c09029d54230aa40ec3fd

          SHA256

          d1fc804b6af67de02675fc08f651869f41e470612e8dcfdb6cce48113f283c9b

          SHA512

          15e03b91f82312a0e735c0ed52daa6cca4d62a2e283871312d24ae8b28e2febffaaaeb6c1da755b34c925462dadb36152808bcfd1bd43a7c6aad32a94366eb75

        • C:\Users\Admin\AppData\Local\Temp\nsj9788.tmp

          Filesize

          719B

          MD5

          ff7eafe60fd3d23ef0afd7df6c47f3b8

          SHA1

          66e62c8c1a1ce8f0747b1759b5726395e2e8562e

          SHA256

          30da2d1a8943c29aa3057174926b5089eefdd70493791e2b0988d75d29c67ac0

          SHA512

          a8d2983972b0c02bea97fd48e59ae4fe557446b0b66ef8ba010b92fb4b51313da58d86791be1777075029c34d6291355b950bfc25458b4fe66f87c4442cde2a0

        • C:\Users\Admin\AppData\Local\Temp\nso9845.tmp

          Filesize

          825B

          MD5

          46accc4705ffd228ab6340c7e338c0c6

          SHA1

          b97a780a902da3498672712de592f7f0c98acba0

          SHA256

          b32e04b973c73a20dfd853f22c52125f92f34ea8682e46a7a44adb8533a2f93d

          SHA512

          3a33411c1fc071b87652952d75faddba825d74a4bfb446e941515deeab0d20fd1c6d0e25e7701fc73ea3a5b784431aa3bc875c69b764736c7d8ae792c1bc5568

        • C:\Users\Admin\AppData\Local\Temp\nso99D2.tmp

          Filesize

          236B

          MD5

          33508f396e76f103ec390e9525ab5cea

          SHA1

          369033d917963b28af65b92dc34fd0a4953925a2

          SHA256

          77ba70efd243f1bc2559ddcbb79f7663293436d9c783ddc0a08bae112f21b781

          SHA512

          b6dad2f29f515c2ab87ed5b58a2639d5e25694156b45860a8bb9a602d48e7d41ab893659c14c0b3afd2d2dd71057dde5a2c563d5bbaf2ccf8d99267e5b39a938

        • C:\Users\Admin\AppData\Local\Temp\nst96D8.tmp

          Filesize

          486B

          MD5

          0ba10262185601bf8e9890cef3e29a46

          SHA1

          cb4a2fbf89b65a8c3039fdfb873758ab6dc9a54a

          SHA256

          1d1f76dc2c543c8603e07e380459d488931a7231b2093888720d4cc195469160

          SHA512

          0d64de2bedd313b35ccf207ddcda5f0cee127a0fe6cda75fcf8c8ded435922aee02a14edb34df8bb65431e8c89de955ec94a33b75663fbb54fe9bb72acc0c7aa

        • C:\Users\Admin\AppData\Local\Temp\nsy99C1.tmp

          Filesize

          181B

          MD5

          8e1d7f380f34d70472428fe4b8b1b5f0

          SHA1

          548cb0af05967496ed3166991dbacfb6156908d2

          SHA256

          8deb3dfd6f4cf850d87a4099acb502a41328aeb0a620d16dfa8f5a2ccc275dd7

          SHA512

          9554395fd9af2266c91238b93d81fdba13aeb2b2f5d38955bfab8fad812e452357ca482b35de2033741482e85810d4148a1395b2ab003c7d8730b062ea315d3d

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.Admin\user.js

          Filesize

          662B

          MD5

          b66b138f62539437be00686f6be6a6f2

          SHA1

          19ac7aa4641cdc99e50ef5285081917d23a6b77a

          SHA256

          a8c06088417a4e88b3dfeee4408f70ca4bda6f698fc12551a655c7afadc5cd66

          SHA512

          01fd007741a20ecca11544db63b88ccc9ce20a4e3c415d1aa360215f46c8ea3aa2b32a2a13e8ce0f1ef61204d3037ea0d57b99fc8ef190ee5e974d338a220ceb

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.Admin\user.js

          Filesize

          980B

          MD5

          64faeb182f8c5f4092ea1d0cdb199cf6

          SHA1

          406724b8b79f43e4e0e71159f8216ffb203a02b9

          SHA256

          a6706f396ca5577f9a4c3b3c1c820252a725616de5b166f4f92af085f4a2b1a9

          SHA512

          8ff86f9ffbc1f6aea48a7e1d0f85e6c81fdff036b3d264a8fa4f4306ad0be8ec21edc1a29da7b57f7733bdd9cc03318eaf06ae9ae836658840cebafb893a62e5

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.Admin\user.js

          Filesize

          1KB

          MD5

          8f4d4817bcfd8a89d5e9fa49c44e93e9

          SHA1

          547983c75b91df3a7e779a1ddbd048e969cec26f

          SHA256

          9e7f9bc6406ac61af0c046ed44cd24a9ac9f77a37a415cb079254994fb53e009

          SHA512

          f92a39a005e7aedd9950e3adee700dd5c0402ebd09cadb2e476c649854abbf989b9a40d70f749166615843574fac558ea15899b44452856df13777cdf99bd508

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\user.js

          Filesize

          469B

          MD5

          893988094d341055aa2a7768da62bfdf

          SHA1

          c543e1b43169b52c32a16c82f39a5bde82ebffe2

          SHA256

          df40898017df130e2f7e189adb18e72b232932c87adf8d640ee32c62ad81189a

          SHA512

          8547ef22c9b79c42fbbfdbf1160d79a43b604fc8d5237e6d384d8b5713362554a6d2cd8332c8a5de42b6e3d1fcdabedc06cf2877b187bcebee88a66257e03add

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\user.js

          Filesize

          628B

          MD5

          158cfda5f5e2b46ac7f257be55238920

          SHA1

          edcae23657c4811dbc952eb5ba81dbd7460e5084

          SHA256

          6f3aaba88e63a433a247a47c66ef4b06410eb32824049c019e4f7f12c71a2514

          SHA512

          955b03c8e029646181249f5a93400f36a035957981b0c7a4ef99377c2be37849cf194bed580bbe611095df81300b0925c3177cb843e08149b80ed1ecfd319cc4

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\user.js

          Filesize

          779B

          MD5

          2339a21915dd2b630eb93c903da89ac4

          SHA1

          51c7e5592f70cf59db049a16d6d769dbf4fb4239

          SHA256

          5aae938755cb9e99cd99521a04842b285060e7e405e26fc41194d3ff06daf3d7

          SHA512

          0b82cc56447449ca1f12ce3fed73600734b01868b27307107aa869dd0cb505d1fa6c5cfb466703fa8ec93501bf636570af66626ce0aea6ec7033d11dc829adfb

        • \Users\Admin\AppData\Local\Temp\nsj95AC.tmp\System.dll

          Filesize

          11KB

          MD5

          c17103ae9072a06da581dec998343fc1

          SHA1

          b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

          SHA256

          dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

          SHA512

          d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

        • \Users\Admin\AppData\Local\Temp\nsj95AC.tmp\Time.dll

          Filesize

          10KB

          MD5

          38977533750fe69979b2c2ac801f96e6

          SHA1

          74643c30cda909e649722ed0c7f267903558e92a

          SHA256

          b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

          SHA512

          e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

        • \Users\Admin\AppData\Local\Temp\nsj95AC.tmp\mt.dll

          Filesize

          5KB

          MD5

          aac69f856c4540edd4ef7ce6c8571639

          SHA1

          2860f55ea9774d631219e66604051e90a43258b7

          SHA256

          6dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd

          SHA512

          ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd

        • \Users\Admin\AppData\Local\Temp\nsj95AC.tmp\nsisos.dll

          Filesize

          5KB

          MD5

          69806691d649ef1c8703fd9e29231d44

          SHA1

          e2193fcf5b4863605eec2a5eb17bf84c7ac00166

          SHA256

          ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

          SHA512

          5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb