Overview
overview
7Static
static
7dc600d29ce...76.exe
windows7-x64
7dc600d29ce...76.exe
windows10-2004-x64
7$LOCALAPPD...ds.exe
windows7-x64
7$LOCALAPPD...ds.exe
windows10-2004-x64
7$PLUGINSDI...Ex.dll
windows7-x64
3$PLUGINSDI...Ex.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
1$PLUGINSDI...ns.dll
windows10-2004-x64
1$PLUGINSDI...ad.dll
windows7-x64
3$PLUGINSDI...ad.dll
windows10-2004-x64
3$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...es.dll
windows7-x64
3$PLUGINSDI...es.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/Time.dll
windows7-x64
3$PLUGINSDIR/Time.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...ef.dll
windows7-x64
3$PLUGINSDI...ef.dll
windows10-2004-x64
3$PLUGINSDIR/mt.dll
windows7-x64
1$PLUGINSDIR/mt.dll
windows10-2004-x64
1$PLUGINSDI...os.dll
windows7-x64
3$PLUGINSDI...os.dll
windows10-2004-x64
1FM4ffx.exe
windows7-x64
7FM4ffx.exe
windows10-2004-x64
7$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
21-03-2024 19:00
Behavioral task
behavioral1
Sample
dc600d29ce64dc8a5a9bf45abe4ce276.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
dc600d29ce64dc8a5a9bf45abe4ce276.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$LOCALAPPDATA/funmoods.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$LOCALAPPDATA/funmoods.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/ExtractDLLEx.dll
Resource
win7-20240319-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/ExtractDLLEx.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/IEFunctions.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/IEFunctions.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/InetLoad.dll
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/InetLoad.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/Processes.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/Processes.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/Time.dll
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/Time.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240215-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240319-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/chrmPref.dll
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/chrmPref.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/mt.dll
Resource
win7-20240220-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/mt.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/nsisos.dll
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/nsisos.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
FM4ffx.exe
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
FM4ffx.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20231129-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
General
-
Target
FM4ffx.exe
-
Size
319KB
-
MD5
fe768a6b82ed2a59c58254eae67b8cf9
-
SHA1
3dad9bf5011fb73b9be2fe6c601bb6281a3ceaf6
-
SHA256
3ac3c700060a0487060724f3fd22faf70d5f633e69401641964d7ba4d6e6e570
-
SHA512
3d8caadc61ea127bd0e3d01f35274a2ebfa34a0ac12b0932988300d011347f74a09c2bf3c85e58bfbe5200288c6e6f100b4f08916d23e56d7b52a70130aad14b
-
SSDEEP
6144:Ve34G2ct7JdUwA2UL4iCPfAHfWpR+0BmiBEaiXLoyX:Et9BHjAupYMmyk7R
Malware Config
Signatures
-
Loads dropped DLL 64 IoCs
pid Process 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe 2324 FM4ffx.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
930B
MD5dc577e61df1e98d3d26e5f6cce8bb3e7
SHA152813b8350c60cad25d47426dba46c7b7045bc77
SHA256eb113874886c35afd69cae707fd4900e963f4cf4eb401ffc9afb4ea821907a45
SHA5124e48d39555a7c31eb02499462192b063c6770bee7368f3a5f548367836836b2d167392c5d2e36832c83a5b7e2afb8f931c209d0e8a04a0e5522ff5c3eea6befc
-
Filesize
347B
MD5d751bc444026664e1b6df9de418d6d16
SHA1a8a7f31c370d402264221484891d612cb4fed54b
SHA256880d1993d001641986cc07de59a16a5adad29d0ce4ef4f74bc3c7dad3b2bd369
SHA5125c0451163a25df4624f1f0ba7d8e58902251a97a2a125fa7fb634c64c81a4b36e1454b98c065fe2d21eb170d31bc3d5b33e27206ebc412f8b33d92880acb5133
-
Filesize
412B
MD51a3b93ca7ce9f8c129b9d06d9649c320
SHA1d47dfbdec40c0aa81ce8c2c205f3daaf771781e6
SHA2562fad777a79b52e18b0f5f66629674f2ed4c091fd2246af767fb045b391eb2ef1
SHA5126aae2435e41349b39a422cde7e0940602726b332a8acc70ffae41d124d0b214be16bfd1251d5c5caf2db7362c9b0b83fd9575cb03eccb9f40432fbd9db9cc893
-
Filesize
730B
MD542e2423b41e7eb76f3cd40940a09de10
SHA1c15733f1bffc01252dbd91b09ea53601dda012d3
SHA256496f23be5af0c625ee0eb4723da59048a9d7ce254a31a9d54e3ddd2e196da818
SHA512b2dbf59355dd271668955b267230961486ea0483d4ef7e9ae47d294b576a9086851488ab74c21e3ef7732bca66ddabeb7a05e078b30f64614a33874f8652afe8
-
Filesize
541B
MD5c391c2b73489a9e5bc0a7dbe75b54b78
SHA1a2ef1252cf9259691fefddfb882cb62f70422078
SHA2561710a543d25e6853bc3682990c1a78237c8c6fc9f1fe91d40537ff6f15353ec9
SHA512993c2d50f0fa7e3f877d2e6e249094db26968e815f7e7e1dfebf211ec659295bf0c8733b84add3b668e9f0dc869a89c8527bbb48b1da6d99fe26ec6d6c89e971
-
Filesize
980B
MD517ca453ce621ca5b8e6d6265e6b80767
SHA13f2621bde53bcd25ddb5144531bc9f15ecaed151
SHA256b69f3d9a46ccc4b11cc9e797f3936b92843aeb4a155f1411f7db9c16d9fb85ed
SHA512b1ebcf513bc80a785c96517648ba9a5291ffa10a96dc887f966887dccfb2712cd3305ef9c086b3880cc258ad2743304c5502772a3df90fd8f1f800def355bc2d
-
Filesize
575B
MD5740c921f8df0d19a3726b47c01c2d5da
SHA112702fb70db25431a0d23bacc76d35648a0541dc
SHA256408a2a073048a8f52e2ce551e81575d6baefd25596be7682d6da6a32f2568a8f
SHA512cff9cae9675f4ea6b293943e0ec4733e4237128641b9afdf78f57cf5844c3975155eb57df8ce2d6e0de3df5c139054be4309abbd3b4d3f58d98a983964b3f7c8
-
Filesize
431B
MD5c6619e83361cd8ac7000d949c3a7d6fa
SHA13ed0379d1c4fe45b7b60cd1a1f06bc3823df6d19
SHA256443f3fa3f3532861a96a30b6ebd83fcc2b4d5b1e9b4e26ed962de393e7bced96
SHA5124745c5eea59d99ca51449143dfce6f49a765d118135bab72fc78fc85827d75479dc98ee0458d8463a82471f1be5ee9a702859ec0dfddae4d4101515c8911ef87
-
Filesize
486B
MD5988a639c6489ff1e7d1fa237f86a74c5
SHA1bbf84325c42e7038cf08fd7305e10d227ade1f61
SHA2568f2e0bde782a998aa6b018579b6f4ec79c2adaebca269c8128e20b7f0e3e2038
SHA5121280700031dbfa506504b19661b24f668821e3057d8813e1979e88051da148cc273c81c1f9738c63951d31c5c557f308fbb0afa228d0bc8994aa754e256d5ad7
-
Filesize
469B
MD5dd7adb5de49fb9044f1285648685f76c
SHA19a14182660614e0a323cf927a98fcb9a68df89cd
SHA256270e56074f509bb9ea720d16fbfbcfc34515ec8abee62abbdcdd52a87275d3de
SHA51242f7f53ef22f3fcc36912116aedfa72bd5da12d35e8944109198a464fa8cc9fd3b34b3409de22710913f46ea13db8346d9327cb22744e126c3d5d3592a48ecc1
-
Filesize
524B
MD5376c197c319c553b71b66b4da6b62fc8
SHA10dd6db0ed242301291706b130f4d6c9df1bd2673
SHA2566685ddd41f68fbd4615fbe809cdafe0ba0a9f54ba72a9a3a641d2a2881dc40a0
SHA512299d19bc9fe9c0ffdfc4cb8c2354eee1b71303fd3ccb2b5bd31dac34bd7718ccaee4f8c2c32d2f37b527e2c382b3b234a37e2ce966f13cb98bfdbfc5659bbb8e
-
Filesize
779B
MD563f4368e6a509bcdd77d3ad4fe694557
SHA1dd08ef3c0a2c37b772f356e13ca63aa4d3b8bf7b
SHA25674b27b953401d09393ab7d31bc4766eb0cff14a8b3312d59777c80ab9c12a409
SHA512b3bcd70a52a5a9735e7bb87a6dfb2555cbdda330be7ccca086f8e9cc5a0e8abbdd177d5490af66129be343e2aef5f9f01f1066c58cf3cd95c9a099a59b4d6aea
-
Filesize
11KB
MD5c17103ae9072a06da581dec998343fc1
SHA1b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
SHA256dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
SHA512d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
Filesize
10KB
MD538977533750fe69979b2c2ac801f96e6
SHA174643c30cda909e649722ed0c7f267903558e92a
SHA256b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35
SHA512e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53
-
Filesize
5KB
MD5aac69f856c4540edd4ef7ce6c8571639
SHA12860f55ea9774d631219e66604051e90a43258b7
SHA2566dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd
SHA512ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd
-
Filesize
5KB
MD569806691d649ef1c8703fd9e29231d44
SHA1e2193fcf5b4863605eec2a5eb17bf84c7ac00166
SHA256ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6
SHA5125e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb
-
Filesize
719B
MD5bd49c248f6ae0692735488a44edbc4d8
SHA1a24c40d42ddc5521a3814f5e720bf7505c1c3f3b
SHA2565c8b284b2b398026e755755c364c5b806f9e913623d4182ad0ff7494753b6e00
SHA51210827e5aa299554388510951c4054267be8e4571615b69e350dfe5534700c3baa20f6017936f5e55edb56d667ca7214428166c8909adc53a10f350b8c561b6dd
-
Filesize
878B
MD53723a745b67e1b7f65baf5720f493acd
SHA1ecab05e9024cbc6682583acd546516af61fe4299
SHA2565529ed0c862d05a9d42bcb6a4bf4784f84081b871794222b81a74aa6c226ee49
SHA512ca29cb9969ba8d2a9b8f93c23dfb8a91a950216cefec1af1160a9f651e036c80a1887756c3bc97d9d123d1c416b4f6cc757f7f002131fca33f65b147681240a5
-
Filesize
628B
MD58329df7152678e2728d280ca62892ca1
SHA1c66c97d188d44d0db336e3f1480a106025092821
SHA256739e156533c7db4d17cb35167f972abc09bf2e6a668ba69aeb500d5ddc73f140
SHA51289a1efab2f05461e1c20d6b06a362d8c92f21f31bc8db28a604ebb00761066ddabb8351c5c76e0981d57c45b89a9304cec05769b076024b4c43cdc452755274d
-
Filesize
680B
MD52dd30232b6438bc12a6b7689d5d5c270
SHA1cd8e0d4828b78397d13fc1d7ee88b061cbddb426
SHA256db7a46dd31d133ca42b60b893fefe39366d936cd12f9774d2e92c947be1dfb8a
SHA512ba8fae53304112a26ff695104574f2b4f6563e84b37376aacfd5e2499da4b1d0fe40d3c2fb0ab09e9891b3a9e731973c070db807d06662fe504c9ec1768cab5c
-
Filesize
236B
MD5b368cacea9ece1505a52d0433be3f33a
SHA180a181947a6e9e5766fd204c17c09068fabafb4a
SHA256b52eba19422c5cf4357bc264401c02f34253193fec759da8336d486c921c7c64
SHA5120d1f4d09331b57905ff91d6807fb398cceff03db5d2a02dbc22b776a4f53e3e2a796fc1125bd92638dad4a79ae42817dc68ef249c133092d6877729ed89476bb
-
Filesize
662B
MD562f173e6b5fa014cb8b119f00cc92ed3
SHA1463e62d6a1793f61dde2e506413036d5e5001bea
SHA256b127f8bbe53c7801836d7be4a2cbb19e30b69cd7fe78f821c620e37834a7bd02
SHA5129d65d3ec9237b96312b62eeaf0f11df5e219466903f2eeb3c67c2e9bef73e38533b3addd564d1e6d979cc75e4983a2822458e902888154fb80a76cb9cacd97aa
-
Filesize
825B
MD5ba87baad26f200d40f64e43dee137433
SHA1de9aff4b883b3bff360ffebbfa19cf0f757772c1
SHA25637ce5566caa1ea20abf939d7e3079882c34237b540b08da5b54e40125bf3454b
SHA512420e1179d7cc139f4a847ec4506b5baada5ac1e101d7524eb176c36b273f717b93f15e0b159c2ab111d359a1adb43f5e100a048940d5076e518b0153446bfc02
-
Filesize
1KB
MD51821ada3c382869386aa17bef9c0e303
SHA1483c63df0d0b26348cadee348d8c3fcaa5d00769
SHA25632712193e8bd79910b9791ff0ed6c0f7cc1ccea6ae5d57a37a79beb10a264cbb
SHA5122c2665e26c40b8fdfec4ac0ed0d90227c2ab834df6d97361d5655f870d3c3a2d9940212e0a78b17a161dde752fae4af4514f3488eb23bcadb7df9e07449e0d4d