Analysis

  • max time kernel
    121s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    21-03-2024 19:00

General

  • Target

    FM4ffx.exe

  • Size

    319KB

  • MD5

    fe768a6b82ed2a59c58254eae67b8cf9

  • SHA1

    3dad9bf5011fb73b9be2fe6c601bb6281a3ceaf6

  • SHA256

    3ac3c700060a0487060724f3fd22faf70d5f633e69401641964d7ba4d6e6e570

  • SHA512

    3d8caadc61ea127bd0e3d01f35274a2ebfa34a0ac12b0932988300d011347f74a09c2bf3c85e58bfbe5200288c6e6f100b4f08916d23e56d7b52a70130aad14b

  • SSDEEP

    6144:Ve34G2ct7JdUwA2UL4iCPfAHfWpR+0BmiBEaiXLoyX:Et9BHjAupYMmyk7R

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe
    "C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe"
    1⤵
    • Loads dropped DLL
    PID:2336

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nse51DC.tmp

    Filesize

    431B

    MD5

    5890d87d3fee24cbd60a9a963d41d826

    SHA1

    f8d485cc85b1bc589b314063edaac4ea2b4ca1cd

    SHA256

    b8e71bd47ba040a7684082fe2e9b3af93bea955b5d9445e003cc4fda8ba20c07

    SHA512

    cd02712ac9e92801cd21f2114027bfb672d89539c4507c438c291292004d4f88c965f155cabc906421cee989c172854e4a6276ee6716183f8562c1471b19199b

  • C:\Users\Admin\AppData\Local\Temp\nsj51FC.tmp

    Filesize

    486B

    MD5

    0d482c98f4cb98eee81ed469615ae1f9

    SHA1

    110c39d8c0614ed1125686bf6cb39d9fff932206

    SHA256

    9f89196a1f2e193d2eebe68134b5abd83c0d26568bd37a1fea87027566faee75

    SHA512

    4dbcd87348ff4365331c9740520fe6dc067cc5fa160243b257d9469e3836ec04239c4a0721ee084d44a6e0d092851f4a07512bce0eb2481d8a661c3407f271ab

  • C:\Users\Admin\AppData\Local\Temp\nsj54CE.tmp

    Filesize

    628B

    MD5

    ab723d82158cb49f8c45fda4667fe7d9

    SHA1

    2dab4f30b78425f70c84e820865a98af370aa887

    SHA256

    f607aec829cbf27fda196b7f5543f3c0e3866a69cba8b6098b5185f0769b4787

    SHA512

    2dc49bccd02e6e64ab47e19df8076d925e0ff837e321fe6b16604a6d1793bc5660767406a440942ccd30825479f0c8d7bae781dcddb5938cf05aeddea9cade29

  • C:\Users\Admin\AppData\Local\Temp\nso5449.tmp

    Filesize

    181B

    MD5

    0215e9d3a4e17116ec9ef7181bf756a5

    SHA1

    ca04292b9585192167218007b6b35d87eaf1cba1

    SHA256

    28a15e20ebbf380d5cfa75c6d9957058f3cf2e51517f89c45fba89a7762ae8e5

    SHA512

    3ca55a9ed0bd097acbbbea024ac56f1768851426cc5ab3c57aa2a7f72de582d00d2ade528d0032f278d5038b6d31b408e27102a8e8f5ab96b2a6ff518a7bb965

  • C:\Users\Admin\AppData\Local\Temp\nso549E.tmp

    Filesize

    575B

    MD5

    7b62e68e4e8e47a7a47d1a6faa74e5d7

    SHA1

    1b333843e376c5258dcf366fc6ab832afd833927

    SHA256

    0fb377bc116b04255e1de8b519e91710a8b02b758c1a24710670fbe2a0c551d5

    SHA512

    c28b78e07c8d368ddb4dd7a487800ea4e57ecb79d752a1a6ed2e4f99e975191213041be65931a8787a3c4db1e1e5e69025c88519455471d4cebcad22fc0aa53f

  • C:\Users\Admin\AppData\Local\Temp\nst546B.tmp

    Filesize

    347B

    MD5

    eb21d65bb1f459bb8f517b997a32eebe

    SHA1

    a83f753127edffa3681bec0ce6efa921925c6e63

    SHA256

    06412fade94dee8601a0fa786f38f804a3485bedc22a6a6a309ed1e7734b3b16

    SHA512

    c2c6adf41d42eb7abcec5a935a63016a85cce4df1c27eb766cab3ba87bb4552f576af2e33fc1fca39b3b6358be40fec00c4bd445d418fc52d1b093b7226551b7

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.Admin\user.js

    Filesize

    774B

    MD5

    2bf5fe73daebd52b3599f43a559029e4

    SHA1

    7593afd016ecf334f135af606c2c1c14b205defd

    SHA256

    b2c6c47c90b26e3720d82f65274bfabaf97794fdd164ce64a8ac352a87a3cffe

    SHA512

    2afa5da422a82bdbacc68839f79022f62ffb2bf4812ae39d490a530e4e2be593c92ff9c3a5213a067a8b077ad271f471898f935323e4f388559ea82a19ed2a57

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.Admin\user.js

    Filesize

    930B

    MD5

    50895db1213d4a201ad61288f4106868

    SHA1

    426509b82130dd62bf4910eaf69cba3883a6b1da

    SHA256

    c869df0ff6ac5f0663d64ec41771caa4464d80b6778067695a9075bb7d70d61d

    SHA512

    7bce8c7aae025bfb9832d6abfb60e6958e8b0faa7a3bd9948e20ab29bbf2c11814d656d020693209ac4fa9e231dc32fe4a99f8fac87ed22c5a2c17ac5bff52a4

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.Admin\user.js

    Filesize

    1KB

    MD5

    351080079fb74f3e35e5624b3992ee6e

    SHA1

    a24d62d2d23c9ec36ff5063983cb5f368127f815

    SHA256

    92ccebc3adb72f87e4d0bf4b49eba5b26c805aaa231e1a866ad5719116e32e90

    SHA512

    3f248de5e2915f84275c981a398639eb37af8d887dc291d6189d3c7426f4ab31bc6b8a1871b5cd3f7dbde0971930ce7e37e50c7926b979076350d9299d90c096

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\user.js

    Filesize

    524B

    MD5

    e04534701c1d1325f869c1d2a6fc8bb0

    SHA1

    dea581a8369f1d062acb583aedbe301ed3e64ec8

    SHA256

    07541251cc0a6179258d75f1bf1e2cd5e1250230327d84b57d5312caafeedfa9

    SHA512

    a374e441d09d5a3e375086c3d381ff9912c271add570bbc70e20afd5828300bdb7ea4b4eaeef7ba1c15fab7dbc699f86d2cc8633ca0e67c728d4558dadbf04c4

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\user.js

    Filesize

    730B

    MD5

    b7398861330100724c6476e3df77f3de

    SHA1

    5b8f4f20143adedd4956f6ce052fb205fd29ef38

    SHA256

    12cc04f2f40f96a97f449d3685f425eca1759033ea091e5277ec54301dd4bdbe

    SHA512

    b038c924f705567ecb81fdf5f1837c0cee1cfad48a54a0886be09615cf06eb8d5b5750e1d79a2f13515d393ff55d1c0fc0e7bd2ecc6ae519708ab3caf8fb1cf5

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\user.js

    Filesize

    831B

    MD5

    6b82730556ebbc6d5109da4170c810b1

    SHA1

    7f1e731c2128ddb103066e498b89b59cfb80b334

    SHA256

    f42586fcef936b6128a3919b63688741eeec199cc8aa4868c0c2c92d6ff30f6b

    SHA512

    70d389d85fdbb518aa5f5ed6c5f94cc761da83db2662656971cb41e1ec17e5c92c75d44b845e530c391ec82cf9d27f3aac3ee6ed05487265bf54bfdf69712914

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\user.js

    Filesize

    469B

    MD5

    3529d51f4670bf0b078eb09e7b530876

    SHA1

    32f6274bcb9d11d7df6d4c2d7f3007075785e3e2

    SHA256

    4ef6805c5a9beaef2614e5acac412bc19e30e840b3599e8cfdde2709a1531c46

    SHA512

    151988342696c5283d6615c1f32d8a58ede80ccb8f1f6788a9c66b4674c1a9eb573a753dde7d9bd613faecd143025cab19ade3babfc56178cd1f85f60d5a9e4c

  • \Users\Admin\AppData\Local\Temp\nsy50CF.tmp\System.dll

    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

  • \Users\Admin\AppData\Local\Temp\nsy50CF.tmp\Time.dll

    Filesize

    10KB

    MD5

    38977533750fe69979b2c2ac801f96e6

    SHA1

    74643c30cda909e649722ed0c7f267903558e92a

    SHA256

    b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

    SHA512

    e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

  • \Users\Admin\AppData\Local\Temp\nsy50CF.tmp\mt.dll

    Filesize

    5KB

    MD5

    aac69f856c4540edd4ef7ce6c8571639

    SHA1

    2860f55ea9774d631219e66604051e90a43258b7

    SHA256

    6dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd

    SHA512

    ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd

  • \Users\Admin\AppData\Local\Temp\nsy50CF.tmp\nsisos.dll

    Filesize

    5KB

    MD5

    69806691d649ef1c8703fd9e29231d44

    SHA1

    e2193fcf5b4863605eec2a5eb17bf84c7ac00166

    SHA256

    ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

    SHA512

    5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb