Analysis

  • max time kernel
    135s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/02/2024, 20:08

General

  • Target

    FM4ffx.exe

  • Size

    319KB

  • MD5

    fe768a6b82ed2a59c58254eae67b8cf9

  • SHA1

    3dad9bf5011fb73b9be2fe6c601bb6281a3ceaf6

  • SHA256

    3ac3c700060a0487060724f3fd22faf70d5f633e69401641964d7ba4d6e6e570

  • SHA512

    3d8caadc61ea127bd0e3d01f35274a2ebfa34a0ac12b0932988300d011347f74a09c2bf3c85e58bfbe5200288c6e6f100b4f08916d23e56d7b52a70130aad14b

  • SSDEEP

    6144:Ve34G2ct7JdUwA2UL4iCPfAHfWpR+0BmiBEaiXLoyX:Et9BHjAupYMmyk7R

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe
    "C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe"
    1⤵
    • Loads dropped DLL
    PID:4132

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nscE488.tmp

          Filesize

          431B

          MD5

          3b00ec69364632b3ee6285867731c508

          SHA1

          7445e35dc921e53e253f373fddcfea9267379a08

          SHA256

          585e361e5393e92450c8d4727a24224688f7b45ab9f10f18abb590b2c386af3f

          SHA512

          22f2bfe100ddd6f0aac0ae04c016f10341b2af05f3f87126283de866a4698f85c677ec687691a782d82aa805b8536866008488161fe40b86c25829f1bbacb081

        • C:\Users\Admin\AppData\Local\Temp\nscE613.tmp

          Filesize

          719B

          MD5

          2c46f5193eef5ef3ddd2c39efe531f92

          SHA1

          a207dc890f9150866f9a639ab5df3339fa826031

          SHA256

          ab4030f2ed1f88e1b3c3159109d3e96c860c677634c689ed9453c11bd9cb7964

          SHA512

          695f380dcfd18733e03a72be8d22bbc64804c6658aba17729f4feaf60b0923d8bb4b8d7031bdd642e2f9f51f18d6e66248d5e7dc5b99d6f736f319685e7a2373

        • C:\Users\Admin\AppData\Local\Temp\nsdE702.tmp

          Filesize

          930B

          MD5

          bfbac1f7338d16e5a84d2b95aefd230e

          SHA1

          55da54e4e01890be7e9c6b8c96d071e5f7086029

          SHA256

          678f7b961ba2b8a3bad60e3b0ddcb6365785b5faa75a8f76dd22ab1cdbc2c186

          SHA512

          874466ebbc03bb33d9b63ef2afe78ed8ec06bd1e4717552c09bb6f1b65a2841fc7b8164d055cdcba6f4ec5cda071242789300f0c804dff5cabf1541783b31202

        • C:\Users\Admin\AppData\Local\Temp\nsdE7A0.tmp

          Filesize

          1KB

          MD5

          e9aefb9c1dd4c64b406bd25f8f22123a

          SHA1

          027c0e407a6438bd03f6736da5cdcdabbe9879a7

          SHA256

          9ebc7cf2802c38745826387880b446d19c923df07b088aad78ae2f1ab1afaefb

          SHA512

          90ac9b7bdc5f691f4d32db37e56a4f51ebb88af309890e4d3878a0f0f3e351eaa832db548631e380b115e91a77153631beda3fa29680a39933945977cc050370

        • C:\Users\Admin\AppData\Local\Temp\nshE4F7.tmp

          Filesize

          541B

          MD5

          002b3c430e01f8f2231c6b987668459d

          SHA1

          00cc2d23ff6a840912b0cd6ca93ef503f8a706cc

          SHA256

          d4d7f1368a2375e1072a71719e9ddf63213e100705ae239a403c92b0b97dfdd2

          SHA512

          60b465c9293be81990682d6e9b22543d8558c20405e5f8b93577fdd0bd2cea85c175e9e9199dca91a04cdeea954b2fadfa6a97058e875ffbc9abbaa9d01e9e09

        • C:\Users\Admin\AppData\Local\Temp\nsiE6D2.tmp

          Filesize

          878B

          MD5

          6323fb1c8943d27cb16146cd9f3b0222

          SHA1

          b076e2999156ecdcb5f39f5d57058876d5c4158e

          SHA256

          c0938c1397a43469492a858fbaaca2713ff23a265b395d784ff289b5060d1df2

          SHA512

          4f33cfd3b4d5b6582f313180204fef8c7aac617be6ee845d9dcdc2acdb067825047bb43a068a5476a4ad463f802d871a338f22a27d00b61210ea69ef1ebcda20

        • C:\Users\Admin\AppData\Local\Temp\nsnE653.tmp

          Filesize

          774B

          MD5

          07d2a0f7586b8f7127e50080a5993c80

          SHA1

          6f1770aaa3c855325b2a31a0a90e99bacff5bf42

          SHA256

          2a5a10b09408b96c58e26f1fac1eb2b93408a9cc07104ae123553bad392c8dff

          SHA512

          567808a6352ab4bda27f9d47bad9f0e13e3cbd812497a7897f30cfcb77b0134e739e20e9ca37a1a0fb8f3e1b888f54a3ddd7c71c96376978febdcc0e8651915c

        • C:\Users\Admin\AppData\Local\Temp\nsoE919.tmp

          Filesize

          181B

          MD5

          5862516fa7ade335b492bec88166dcf0

          SHA1

          eda8724856d94de4434b9d6d1fa1cc93079ae282

          SHA256

          7bfecc5b797816e6a86500bafba8005cace8f50a76c8821a7535b96013099a9c

          SHA512

          6999f41ca50fca448c2b48f62bf016effa2b667dce3da6d14770230ca06f20d69468f625d40bd99cc75427d7476d92a683800127515530b402477e4b47ba0627

        • C:\Users\Admin\AppData\Local\Temp\nsoE91A.tmp

          Filesize

          236B

          MD5

          a7f1418f154c02a6c5e9e02fd9f42e43

          SHA1

          64ec79a39de54d70318bf66e3150f83a7e60d4a8

          SHA256

          deeb972b9058d244d09375236617356025a572389dd7974a0aa01199dc5b5b3e

          SHA512

          d32c96c42d820dc09d8e3642c05abf82f9ff4adb776420793650b429d2ab52586a51625062d2f32e1204a045a19108307fc30083bbbe49988c6e0d33d43b5996

        • C:\Users\Admin\AppData\Local\Temp\nsoEA0C.tmp

          Filesize

          680B

          MD5

          74ffbad749ea748b92285187eefbc2f7

          SHA1

          7c4ef4f56dd45eb45e1efa8bb6b35cac33975eb5

          SHA256

          15317e83cc20048de9d524ca745ed4ccf5d146e84cd71cafcada2e9c47aa59a1

          SHA512

          1fc80850baf5b0de35595f3b26a89a23958da5207270927e8bd9fc7ebbe6f4ebdbf32a9c14e8cabbc306a5125dea58869d7c33e627183c092a247f52318f3bfd

        • C:\Users\Admin\AppData\Local\Temp\nspEA5D.tmp

          Filesize

          779B

          MD5

          d0290fde5c30bebebd49a9d6d57e51a6

          SHA1

          abc8344eb1ac6aadcdd738d1f5b91412e224f8ea

          SHA256

          bc892e247e62a5521658859aa33c4da536a467d0089af5374727922ac6dd3e97

          SHA512

          b2d021a3c8b3743faf4a37b9503f95ba27aeeb5b7437069c838176b007f22f41a3a58b63505f608a1fd27b20da6f76c021eb62fffab33d529afbb47a90ea5c5a

        • C:\Users\Admin\AppData\Local\Temp\nsqE1D5.tmp\System.dll

          Filesize

          11KB

          MD5

          c17103ae9072a06da581dec998343fc1

          SHA1

          b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

          SHA256

          dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

          SHA512

          d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

        • C:\Users\Admin\AppData\Local\Temp\nsqE1D5.tmp\Time.dll

          Filesize

          10KB

          MD5

          38977533750fe69979b2c2ac801f96e6

          SHA1

          74643c30cda909e649722ed0c7f267903558e92a

          SHA256

          b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

          SHA512

          e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

        • C:\Users\Admin\AppData\Local\Temp\nsqE1D5.tmp\mt.dll

          Filesize

          5KB

          MD5

          aac69f856c4540edd4ef7ce6c8571639

          SHA1

          2860f55ea9774d631219e66604051e90a43258b7

          SHA256

          6dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd

          SHA512

          ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd

        • C:\Users\Admin\AppData\Local\Temp\nsqE1D5.tmp\nsisos.dll

          Filesize

          5KB

          MD5

          69806691d649ef1c8703fd9e29231d44

          SHA1

          e2193fcf5b4863605eec2a5eb17bf84c7ac00166

          SHA256

          ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

          SHA512

          5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb

        • C:\Users\Admin\AppData\Local\Temp\nssE586.tmp

          Filesize

          662B

          MD5

          3713ade89570c6617c133b60be665fdc

          SHA1

          50a4ab62d04293c270551b71dfc590bbefa4804d

          SHA256

          850d433577dd156c2802560938fbe1eb89b2109f353641a44d6ccd702e1232f8

          SHA512

          9e4e47d81842967b58d99ca8c98b8046b8c8895b27ff5f3dcb184d818c00358068cf3ffaaf0a3997237c05c68ef94e725e7164ccf583ba010682c8973596fcf2

        • C:\Users\Admin\AppData\Local\Temp\nstE761.tmp

          Filesize

          980B

          MD5

          c026206b7720da67b708afb8dba35297

          SHA1

          d714c75f853dbd7ed354a5c99a9bf614219e8ed7

          SHA256

          31f3bbfd0ede40a97561d5a8f23fbc11c81ddc30da27d6d3cccd51efeb2b19bb

          SHA512

          5a876a588f9423c8a77151239f15a6ae98f1b3e3940a4fbdebdc22359428b4cbfd1e91ee4daac9f9fc3e73ee29edb6a03e74e42483b903c9d59f4030a07dd5cf

        • C:\Users\Admin\AppData\Local\Temp\nstE93A.tmp

          Filesize

          291B

          MD5

          d2732df2e279609a1e25073887ebfa70

          SHA1

          fdc35dea6107cdaff711fb5e32d64479f4cd1170

          SHA256

          d37e75ee71061cd7f9f32387b7877da305af24e387340ed4e98d583b67739870

          SHA512

          f6e01a029b724d2baa60c37a3a9311ab6aab71c4f21ed755655fb2548c4ac9896c6275b1b19432fcf4e18580748248e3fb7a83ca1fa553e59fe9e13125c0817a

        • C:\Users\Admin\AppData\Local\Temp\nsuE9DD.tmp

          Filesize

          628B

          MD5

          731ccfbea378a107c153802688fd1deb

          SHA1

          046fe26082b9215a13991c65271f62a04abae461

          SHA256

          088434099d1c3adb89166f9c003f581c75cebab54275ee27391cc18f205f5f51

          SHA512

          14bcd34bedf53ea4392bf82bb0ae5d1a125eb05320788a310347d2e8f4f165ea3980895ac8ea7777b47290d30fcbe45a6829eb416b55c5f0960f33a0f67fdaba

        • C:\Users\Admin\AppData\Local\Temp\nsxE4B8.tmp

          Filesize

          486B

          MD5

          65b66b63e83451761e34e2899588e2b2

          SHA1

          d57a3a64b2b4f2cbf7e90e4a4295d40e6f54c8d0

          SHA256

          0094b7d196207c602163f3344c47cbbcb0db702bba40465c783321de3e3d6e4e

          SHA512

          4c4bb74bad8f0b2361e83c0a24c65dc93aaf132ccf565f5c3d44a8bbd1a05b9b02ecc24aac9cdc7e4a180d6577bd09bbc2b0b4e7b0987c4e23a979492be16587

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\urxy0c8h.Admin\user.js

          Filesize

          597B

          MD5

          a1a1b03ba8c9672a4b841522f50c60ff

          SHA1

          78de6ed98e94d1ef1a3f584df5580888750e0395

          SHA256

          b150944f661a3cefa223235b76ddc413aaea157208896d55d3cfa0ae6ab9aa46

          SHA512

          ee4cc259e9b002d9471c9033a104169c6a9db0e354da7b0aefacb94c35dc1625c3451d7faf65b5a8999a87e57ea16829c7fd1015def089374f009b05a54e5769

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\user.js

          Filesize

          347B

          MD5

          c1e7403d8838f507d7939517fdf4a356

          SHA1

          074292b0c4e6a3749e3a4a671f47a4400f6647b5

          SHA256

          d1546aa018ba376b0452945d10b545378cc79cfca159e7be62b3c9d6b3616144

          SHA512

          9db12a414a7c821da464a89e6c00ff2f2970ebeb26f3fd9bc228823a16a0a9a677256b551558f06a294f215b614fc283f1736086862ced3f831395aa030db477

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\user.js

          Filesize

          469B

          MD5

          40858b6a908fb4c9958797bbf89206e3

          SHA1

          4fb64657828dc054893cfcdd5e9d9aef8109cb79

          SHA256

          12bb68115c8f82ed2fda1d2cc14ded972b2a62fc328a75ebb3f6292b30dccc58

          SHA512

          62ad9c76296a46f6817cd51efe58f4c71606559c1b51724836efee07159478a54aa0370ff846b63209dd7e722680d6f29859b9453eacbf772f85fb6b6876f999

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\user.js

          Filesize

          575B

          MD5

          d33a0a453d37d67387c82de2d4eea72a

          SHA1

          ac02a4a0781266141b5bba51bba3043f9ad1e742

          SHA256

          1ecff6334ce3dcd92c244aa16423e4e186182bb8fae0fe7f7d872a93648cb369

          SHA512

          685ab3bf3a50b7b3a624562b1a9a3d28cb63666b6c86291b9bf74902aff9a1fc782e8f0d2ee6602e3f159a1494269c58190fcdebfbe6da3e9960ed54a220d1e4