Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-03-2024 19:00

General

  • Target

    FM4ffx.exe

  • Size

    319KB

  • MD5

    fe768a6b82ed2a59c58254eae67b8cf9

  • SHA1

    3dad9bf5011fb73b9be2fe6c601bb6281a3ceaf6

  • SHA256

    3ac3c700060a0487060724f3fd22faf70d5f633e69401641964d7ba4d6e6e570

  • SHA512

    3d8caadc61ea127bd0e3d01f35274a2ebfa34a0ac12b0932988300d011347f74a09c2bf3c85e58bfbe5200288c6e6f100b4f08916d23e56d7b52a70130aad14b

  • SSDEEP

    6144:Ve34G2ct7JdUwA2UL4iCPfAHfWpR+0BmiBEaiXLoyX:Et9BHjAupYMmyk7R

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe
    "C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe"
    1⤵
    • Loads dropped DLL
    PID:2324

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsc3F87.tmp

    Filesize

    930B

    MD5

    dc577e61df1e98d3d26e5f6cce8bb3e7

    SHA1

    52813b8350c60cad25d47426dba46c7b7045bc77

    SHA256

    eb113874886c35afd69cae707fd4900e963f4cf4eb401ffc9afb4ea821907a45

    SHA512

    4e48d39555a7c31eb02499462192b063c6770bee7368f3a5f548367836836b2d167392c5d2e36832c83a5b7e2afb8f931c209d0e8a04a0e5522ff5c3eea6befc

  • C:\Users\Admin\AppData\Local\Temp\nsc402A.tmp

    Filesize

    347B

    MD5

    d751bc444026664e1b6df9de418d6d16

    SHA1

    a8a7f31c370d402264221484891d612cb4fed54b

    SHA256

    880d1993d001641986cc07de59a16a5adad29d0ce4ef4f74bc3c7dad3b2bd369

    SHA512

    5c0451163a25df4624f1f0ba7d8e58902251a97a2a125fa7fb634c64c81a4b36e1454b98c065fe2d21eb170d31bc3d5b33e27206ebc412f8b33d92880acb5133

  • C:\Users\Admin\AppData\Local\Temp\nsc402B.tmp

    Filesize

    412B

    MD5

    1a3b93ca7ce9f8c129b9d06d9649c320

    SHA1

    d47dfbdec40c0aa81ce8c2c205f3daaf771781e6

    SHA256

    2fad777a79b52e18b0f5f66629674f2ed4c091fd2246af767fb045b391eb2ef1

    SHA512

    6aae2435e41349b39a422cde7e0940602726b332a8acc70ffae41d124d0b214be16bfd1251d5c5caf2db7362c9b0b83fd9575cb03eccb9f40432fbd9db9cc893

  • C:\Users\Admin\AppData\Local\Temp\nsc407F.tmp

    Filesize

    730B

    MD5

    42e2423b41e7eb76f3cd40940a09de10

    SHA1

    c15733f1bffc01252dbd91b09ea53601dda012d3

    SHA256

    496f23be5af0c625ee0eb4723da59048a9d7ce254a31a9d54e3ddd2e196da818

    SHA512

    b2dbf59355dd271668955b267230961486ea0483d4ef7e9ae47d294b576a9086851488ab74c21e3ef7732bca66ddabeb7a05e078b30f64614a33874f8652afe8

  • C:\Users\Admin\AppData\Local\Temp\nsh3EB5.tmp

    Filesize

    541B

    MD5

    c391c2b73489a9e5bc0a7dbe75b54b78

    SHA1

    a2ef1252cf9259691fefddfb882cb62f70422078

    SHA256

    1710a543d25e6853bc3682990c1a78237c8c6fc9f1fe91d40537ff6f15353ec9

    SHA512

    993c2d50f0fa7e3f877d2e6e249094db26968e815f7e7e1dfebf211ec659295bf0c8733b84add3b668e9f0dc869a89c8527bbb48b1da6d99fe26ec6d6c89e971

  • C:\Users\Admin\AppData\Local\Temp\nsh3FA7.tmp

    Filesize

    980B

    MD5

    17ca453ce621ca5b8e6d6265e6b80767

    SHA1

    3f2621bde53bcd25ddb5144531bc9f15ecaed151

    SHA256

    b69f3d9a46ccc4b11cc9e797f3936b92843aeb4a155f1411f7db9c16d9fb85ed

    SHA512

    b1ebcf513bc80a785c96517648ba9a5291ffa10a96dc887f966887dccfb2712cd3305ef9c086b3880cc258ad2743304c5502772a3df90fd8f1f800def355bc2d

  • C:\Users\Admin\AppData\Local\Temp\nsh404D.tmp

    Filesize

    575B

    MD5

    740c921f8df0d19a3726b47c01c2d5da

    SHA1

    12702fb70db25431a0d23bacc76d35648a0541dc

    SHA256

    408a2a073048a8f52e2ce551e81575d6baefd25596be7682d6da6a32f2568a8f

    SHA512

    cff9cae9675f4ea6b293943e0ec4733e4237128641b9afdf78f57cf5844c3975155eb57df8ce2d6e0de3df5c139054be4309abbd3b4d3f58d98a983964b3f7c8

  • C:\Users\Admin\AppData\Local\Temp\nsm3E84.tmp

    Filesize

    431B

    MD5

    c6619e83361cd8ac7000d949c3a7d6fa

    SHA1

    3ed0379d1c4fe45b7b60cd1a1f06bc3823df6d19

    SHA256

    443f3fa3f3532861a96a30b6ebd83fcc2b4d5b1e9b4e26ed962de393e7bced96

    SHA512

    4745c5eea59d99ca51449143dfce6f49a765d118135bab72fc78fc85827d75479dc98ee0458d8463a82471f1be5ee9a702859ec0dfddae4d4101515c8911ef87

  • C:\Users\Admin\AppData\Local\Temp\nsr3EA4.tmp

    Filesize

    486B

    MD5

    988a639c6489ff1e7d1fa237f86a74c5

    SHA1

    bbf84325c42e7038cf08fd7305e10d227ade1f61

    SHA256

    8f2e0bde782a998aa6b018579b6f4ec79c2adaebca269c8128e20b7f0e3e2038

    SHA512

    1280700031dbfa506504b19661b24f668821e3057d8813e1979e88051da148cc273c81c1f9738c63951d31c5c557f308fbb0afa228d0bc8994aa754e256d5ad7

  • C:\Users\Admin\AppData\Local\Temp\nss403C.tmp

    Filesize

    469B

    MD5

    dd7adb5de49fb9044f1285648685f76c

    SHA1

    9a14182660614e0a323cf927a98fcb9a68df89cd

    SHA256

    270e56074f509bb9ea720d16fbfbcfc34515ec8abee62abbdcdd52a87275d3de

    SHA512

    42f7f53ef22f3fcc36912116aedfa72bd5da12d35e8944109198a464fa8cc9fd3b34b3409de22710913f46ea13db8346d9327cb22744e126c3d5d3592a48ecc1

  • C:\Users\Admin\AppData\Local\Temp\nss403D.tmp

    Filesize

    524B

    MD5

    376c197c319c553b71b66b4da6b62fc8

    SHA1

    0dd6db0ed242301291706b130f4d6c9df1bd2673

    SHA256

    6685ddd41f68fbd4615fbe809cdafe0ba0a9f54ba72a9a3a641d2a2881dc40a0

    SHA512

    299d19bc9fe9c0ffdfc4cb8c2354eee1b71303fd3ccb2b5bd31dac34bd7718ccaee4f8c2c32d2f37b527e2c382b3b234a37e2ce966f13cb98bfdbfc5659bbb8e

  • C:\Users\Admin\AppData\Local\Temp\nss4090.tmp

    Filesize

    779B

    MD5

    63f4368e6a509bcdd77d3ad4fe694557

    SHA1

    dd08ef3c0a2c37b772f356e13ca63aa4d3b8bf7b

    SHA256

    74b27b953401d09393ab7d31bc4766eb0cff14a8b3312d59777c80ab9c12a409

    SHA512

    b3bcd70a52a5a9735e7bb87a6dfb2555cbdda330be7ccca086f8e9cc5a0e8abbdd177d5490af66129be343e2aef5f9f01f1066c58cf3cd95c9a099a59b4d6aea

  • C:\Users\Admin\AppData\Local\Temp\nsw3DD5.tmp\System.dll

    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

  • C:\Users\Admin\AppData\Local\Temp\nsw3DD5.tmp\Time.dll

    Filesize

    10KB

    MD5

    38977533750fe69979b2c2ac801f96e6

    SHA1

    74643c30cda909e649722ed0c7f267903558e92a

    SHA256

    b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

    SHA512

    e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

  • C:\Users\Admin\AppData\Local\Temp\nsw3DD5.tmp\mt.dll

    Filesize

    5KB

    MD5

    aac69f856c4540edd4ef7ce6c8571639

    SHA1

    2860f55ea9774d631219e66604051e90a43258b7

    SHA256

    6dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd

    SHA512

    ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd

  • C:\Users\Admin\AppData\Local\Temp\nsw3DD5.tmp\nsisos.dll

    Filesize

    5KB

    MD5

    69806691d649ef1c8703fd9e29231d44

    SHA1

    e2193fcf5b4863605eec2a5eb17bf84c7ac00166

    SHA256

    ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

    SHA512

    5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb

  • C:\Users\Admin\AppData\Local\Temp\nsw3F15.tmp

    Filesize

    719B

    MD5

    bd49c248f6ae0692735488a44edbc4d8

    SHA1

    a24c40d42ddc5521a3814f5e720bf7505c1c3f3b

    SHA256

    5c8b284b2b398026e755755c364c5b806f9e913623d4182ad0ff7494753b6e00

    SHA512

    10827e5aa299554388510951c4054267be8e4571615b69e350dfe5534700c3baa20f6017936f5e55edb56d667ca7214428166c8909adc53a10f350b8c561b6dd

  • C:\Users\Admin\AppData\Local\Temp\nsx3F67.tmp

    Filesize

    878B

    MD5

    3723a745b67e1b7f65baf5720f493acd

    SHA1

    ecab05e9024cbc6682583acd546516af61fe4299

    SHA256

    5529ed0c862d05a9d42bcb6a4bf4784f84081b871794222b81a74aa6c226ee49

    SHA512

    ca29cb9969ba8d2a9b8f93c23dfb8a91a950216cefec1af1160a9f651e036c80a1887756c3bc97d9d123d1c416b4f6cc757f7f002131fca33f65b147681240a5

  • C:\Users\Admin\AppData\Local\Temp\nsx405E.tmp

    Filesize

    628B

    MD5

    8329df7152678e2728d280ca62892ca1

    SHA1

    c66c97d188d44d0db336e3f1480a106025092821

    SHA256

    739e156533c7db4d17cb35167f972abc09bf2e6a668ba69aeb500d5ddc73f140

    SHA512

    89a1efab2f05461e1c20d6b06a362d8c92f21f31bc8db28a604ebb00761066ddabb8351c5c76e0981d57c45b89a9304cec05769b076024b4c43cdc452755274d

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\user.js

    Filesize

    680B

    MD5

    2dd30232b6438bc12a6b7689d5d5c270

    SHA1

    cd8e0d4828b78397d13fc1d7ee88b061cbddb426

    SHA256

    db7a46dd31d133ca42b60b893fefe39366d936cd12f9774d2e92c947be1dfb8a

    SHA512

    ba8fae53304112a26ff695104574f2b4f6563e84b37376aacfd5e2499da4b1d0fe40d3c2fb0ab09e9891b3a9e731973c070db807d06662fe504c9ec1768cab5c

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\user.js

    Filesize

    236B

    MD5

    b368cacea9ece1505a52d0433be3f33a

    SHA1

    80a181947a6e9e5766fd204c17c09068fabafb4a

    SHA256

    b52eba19422c5cf4357bc264401c02f34253193fec759da8336d486c921c7c64

    SHA512

    0d1f4d09331b57905ff91d6807fb398cceff03db5d2a02dbc22b776a4f53e3e2a796fc1125bd92638dad4a79ae42817dc68ef249c133092d6877729ed89476bb

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xtlddrxx.Admin\user.js

    Filesize

    662B

    MD5

    62f173e6b5fa014cb8b119f00cc92ed3

    SHA1

    463e62d6a1793f61dde2e506413036d5e5001bea

    SHA256

    b127f8bbe53c7801836d7be4a2cbb19e30b69cd7fe78f821c620e37834a7bd02

    SHA512

    9d65d3ec9237b96312b62eeaf0f11df5e219466903f2eeb3c67c2e9bef73e38533b3addd564d1e6d979cc75e4983a2822458e902888154fb80a76cb9cacd97aa

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xtlddrxx.Admin\user.js

    Filesize

    825B

    MD5

    ba87baad26f200d40f64e43dee137433

    SHA1

    de9aff4b883b3bff360ffebbfa19cf0f757772c1

    SHA256

    37ce5566caa1ea20abf939d7e3079882c34237b540b08da5b54e40125bf3454b

    SHA512

    420e1179d7cc139f4a847ec4506b5baada5ac1e101d7524eb176c36b273f717b93f15e0b159c2ab111d359a1adb43f5e100a048940d5076e518b0153446bfc02

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xtlddrxx.Admin\user.js

    Filesize

    1KB

    MD5

    1821ada3c382869386aa17bef9c0e303

    SHA1

    483c63df0d0b26348cadee348d8c3fcaa5d00769

    SHA256

    32712193e8bd79910b9791ff0ed6c0f7cc1ccea6ae5d57a37a79beb10a264cbb

    SHA512

    2c2665e26c40b8fdfec4ac0ed0d90227c2ab834df6d97361d5655f870d3c3a2d9940212e0a78b17a161dde752fae4af4514f3488eb23bcadb7df9e07449e0d4d