ea4b8c48a3e7917050c64c8224a397853acdf22603c8fbe3a9e8c14b25553463

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
15-04-2024 21:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FM4ffx.exe
Size

319KB
MD5

fe768a6b82ed2a59c58254eae67b8cf9
SHA1

3dad9bf5011fb73b9be2fe6c601bb6281a3ceaf6
SHA256

3ac3c700060a0487060724f3fd22faf70d5f633e69401641964d7ba4d6e6e570
SHA512

3d8caadc61ea127bd0e3d01f35274a2ebfa34a0ac12b0932988300d011347f74a09c2bf3c85e58bfbe5200288c6e6f100b4f08916d23e56d7b52a70130aad14b
SSDEEP

6144:Ve34G2ct7JdUwA2UL4iCPfAHfWpR+0BmiBEaiXLoyX:Et9BHjAupYMmyk7R

Score

7^/10

spyware stealer

Malware Config

Signatures

Loads dropped DLL 64 IoCs

pid	Process
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe
2396	FM4ffx.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe
"C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe"
1⤵
- Loads dropped DLL
PID:2396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsd571.tmp

Filesize
431B

MD5
da9add9dd4d36890002b7a4e44765204

SHA1
efb8393b78b32d4972c8711ff4b0ed9a9cdd3afc

SHA256
20ffdf1e117dd0a95f5a1de7bcf57ed2e7270813150b098f1f6995cb325c66fc

SHA512
7156c92b417b9746685cfabd6fb76b4325d993b9285c1485ec00d88792ee99ff55dac7cab4dabc8578da78a838c4d674f772fb889edfe088b761c5df70306477

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd615.tmp

Filesize
878B

MD5
95aaa58dd112733b2d7be85c809b1fdf

SHA1
bd8061bd3e110005eaf458965c9d5bfe1b4570ed

SHA256
0c575bdf78ffd2757fdca5df9da71062f238943d10522c7bfe059a97d529642a

SHA512
03c799a9beec24339f9d8d4dfbc8bb9d257c8516e3ebb7bc9a079d6af494cc995b228e2c95669340d24a4164ea5885bfd6a7f4b08806c1161eeaf623b1a52b36

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd666.tmp

Filesize
1KB

MD5
3535175d5fe1263a13f541a3f5788e2e

SHA1
9058c3d29df2a618e4a1ea6cc38852a77d74c234

SHA256
1bf0c5e7507ee7c02dee6c8e8dcb5e6b447431c9ab9c922fecc1acf01c224280

SHA512
6af45ea520fe39398bb98d69734901dc9d0d15105b78c667c0f2a3f29c6fc2bf71c7a8d048dfa6e005abd779016924b94a6449bfa237e7ada6ea760d58663753

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd6B8.tmp

Filesize
291B

MD5
6aa933d86c1a74523df0f6c186b20601

SHA1
55cc3fdfbac5de08207966e019a84e1a961ce491

SHA256
b1586bdc88dd208ff009438b8b6e9f82346b0b32420b3f0cff50b3063400e7ea

SHA512
2dea248bc403bf5b97e02217283b723cfa2966b2128769ad340d152928574a33f6862dd82a92c04a90cf2bfea0e2a275b0774f39b05776438a35dcb5796797db

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd6B9.tmp

Filesize
347B

MD5
f7b56b389f39121a64782e47caf0f1c1

SHA1
edc848701148653c4099874b817093477c0d3d09

SHA256
050b78e1cd7ca624e65c78a715d9ca9fc76517dbd854bc82a2f2e19a61267ba4

SHA512
22a22fc43f617f71b3d47473e829df07c666df2f4c78858fbda5af99eb56056985ce675bba5968969d2bf327f1b9ca01a7b77835ec41cfe1efc5d35887e1423f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi635.tmp

Filesize
930B

MD5
31b549406e39ecedcb6bc1ab05dedc3d

SHA1
2faf5763f3301da376f070331da131771a74882b

SHA256
cd66b3d2b1527abac6efa4e7cf65eb88b0cf86e877c4aa25770180932fbb65e3

SHA512
92f31a8c5a35c06a068c060e6f63e1474cb0af7ceb17199150227f1a81ade2945c2b76a3009414b7cabc61b132e600195924d751697b1d15476e18cb4eea8431

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi72E.tmp

Filesize
779B

MD5
bf233a9acd10fb6884f13c07d21c2878

SHA1
1ff23f41d65a5f88fd1d13b93f9060920b0bbafe

SHA256
3a41d9686af2bb63a2a5dc8c33b0ee9b19fd90de0a2b7ac79c6ab5ffb807a57f

SHA512
956574b9e574619391b77a3be30880badb7b9dea1d00729935f7cc63c44dd4be70114e73cdf1f6346d16eaabbfa0aef59f4d5da808f451eb4a50cf594cd9c206

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso656.tmp

Filesize
980B

MD5
5b8e777c322e3fd381d8905ee454d408

SHA1
f2847377904d5166bf403d6a51b845551d30ac9b

SHA256
70d7504dbda9d1fb4bc5efdbf54dda68f7832b5cfc78083e7353ba2f7c2e68bc

SHA512
c6321e2ab2d425bcf370c0144e65f4c37debf7eb21f9cd4e27cafbc2706bc82181d13dcbf1023b2a1e7543529c36004ba1b5f1d1f41a4ee3a59f94010a55d601

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6A6.tmp

Filesize
105B

MD5
d66b7c36887a3a1f869cd8b637cc43b6

SHA1
2e7ad1e83bbe8ae41a119efcaaede2bc82e9d8db

SHA256
d7516cb11c81e5ef2e0c7cffa7175c3a7f36f945e788a27024fdc79443fdda45

SHA512
155ba55e437c52f3f53d27750fb8365f3489c08a00a8a842610d9d2687aaa067add493273caf5b49fe4bff39eca917eb3f4b4bcb58537119b3ce82e3ed40ceb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6FD.tmp

Filesize
628B

MD5
0129e6c269df7b63747fdf533e3afbc1

SHA1
fb8398a4396ca6a72428257011db762851fab2f7

SHA256
5a24f36b0b7ca46e9c3b3039df01c2b925c23a249cd1b5d8ef13dd4c89eebf41

SHA512
b34ec521a950b4f224ed2dd347ba25328156c98b398560a1f2d78325f3798f143f6511e5cab789aa5cc7816dffaa8367ce22ce2e54a76e96f53f766771a6c6c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6FE.tmp

Filesize
680B

MD5
e3b992e5b02f3bef9085b810f694c0c2

SHA1
cbbc591ad91c07c86c010382dc6f7eb69a0dfad9

SHA256
ade66b14ab59f700d08d422d5ee43f14ac9b364f964d7788b40ea966116280ce

SHA512
3cc410810f8359030b0a6fd7a6b02922c4075c240d87abb90a5096db5f69f126b3c0d7884c5c39ffaaced5634c900520fcb77702decefc5c0746ac57fdc790d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst582.tmp

Filesize
486B

MD5
0525142a58f260d0a77bcbfeaf415042

SHA1
dfd3b1d833236c7bd36d2cfe34df3078accc7dbe

SHA256
1cdbf8bdc126f5a2ba231f86900d5298ac109de12cbddecf329bcda0558dca4f

SHA512
b297810c61b81e0985dd4c9dad008d3c069808f86be216df4ccd973e42984c56d3a36ca5b0a14c09b8875eef1571700515e3fd4631e0ee36d2b2f5f5c77f33c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst5D4.tmp

Filesize
719B

MD5
15495f3ce2fa9814aafa1c906c849a92

SHA1
8d22b93da4efb1b4396d08a68b7cb5a58324de1a

SHA256
98da026b21f7623c6a8160ff997e3266999debf8108034607808957981dfafe4

SHA512
cc68c35ffa8b30326d35a11699913d2d1076be639bb989fff3a01bb42057ce8ef92e8ad6bc1c485dba0a5d1f26f325d53667729aa45a07c9eedbd28f1c68bfd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst6CA.tmp

Filesize
412B

MD5
38e711d02ed7311ad698cbb76a24f9a5

SHA1
048e46afb925a22155bf99f395f850c0d2b514bb

SHA256
484533e6125a0df541dc96844e538c4272d174e8f45b05ec08cdcb03a581bf19

SHA512
212076bc56f2e205bc7ac3ac74afe0a3cb4e718ea18b62fe2dc07270d3ac8b4cb4d69eea60465fd9ff4c8d9df832e589445316e8459cd4e8924cf8b39ca50cef

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst6CB.tmp

Filesize
469B

MD5
822f8c76b50edb3c189a54b8522754ce

SHA1
ab6cc98c1ae68128abf2dd6ab7e8e3e7e6a56ac1

SHA256
465f0c8d2a4d38666cb0a80439cd87337a06cfce91515f59da85d2c4216380d9

SHA512
36e01b7edf0dd1d7ce0633ddb28b5a7109d3b7d04ec1ff036f7b683abae6c5a99db1570a1a75145374a2475fddbbba1561e00f7be2566d72e57ee6be7548b533

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst71E.tmp

Filesize
730B

MD5
2c6a3f6aea00dbc9bb170b38cec1600d

SHA1
c8cc2590836fb93b69f6e9a5b386df025d2e236a

SHA256
2112874094a7719b54c62cbfccd1dcf2fdbb7ca83b39a18facfd96baeeb3a036

SHA512
641984b9dc54d5a8d03466fce6fc6084ea1c49cbde7694ecac47ee1c3055affc5ee13a00a768ba357b3a5f97d277e4c564fc7bd3e272d5bd6b870e44cc866caa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy551.tmp

Filesize
355B

MD5
aa942cbf080fbb2237e6897523515ce5

SHA1
4a432578611a39f2626a0967b89febcd4c629892

SHA256
42fe6aede59d0b4629f96288d1ab22008aca8576815f9d70fdb91810e2fed48c

SHA512
ca4265c36c946f1e8c7abbff7535e3db2885c57209d7d32562e0fe399a2b17dfe95aa47956f87bb181ffe7cb71481861dbbf8423aacbd0faba354eebea78d3db

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy5A2.tmp

Filesize
541B

MD5
29736e3852f4813f469960faa6f4756d

SHA1
fd0c06bde5ca860cb0d8624a8713f2d10649aa01

SHA256
4bc5e034af2b5b3b4a03e973cf22941f81b68dd112c5f3feb6f8b9fbccd47e6e

SHA512
ce6ca323157099c28ef9e9f268b48307399e480bb0f1322a919415578577899f94b9b144fffac41131c252ea50d3f45821b0b702385bf340512d0bc226b5193d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.Admin\user.js

Filesize
662B

MD5
9fc58f3409c7ad470178c6441829cd9e

SHA1
8a188540e9f33614f3ff61c0b6cdb25b0ba02d66

SHA256
e6a96ef67e4b7046b3267575f5033f441f1bb78e8af64ce08d50429261b09af2

SHA512
f1ab8e45cc918cc22003b44110594a8bf04645104a461d9ea0250d2d66b0947fb7a705bc76d7961ac16605517f722461960e99640fc4709e994bc94f9d3cd513

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.Admin\user.js

Filesize
825B

MD5
08436f987f0cf2d7e695b76636db5efc

SHA1
0e24c29520fdc9e90e8a61678151dc14d1d7ebb4

SHA256
4f332937dcea116a338fc7e4b6189d2b726ad21775ed040e0a9362f9dbd50ee7

SHA512
dca7b438b460bab640da94f75d6b7a9018059bc89c2431c79480576c5eed4aa42445ae685a250d5c1369591c93cdfeba1d51d64597fd5fc56596ebedf464db57

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\user.js

Filesize
575B

MD5
6fee58b1dd6b5f79a301ab9d0f5ec78f

SHA1
28d41ab1cb2133ec81569c89fb41470637a94e9e

SHA256
b11b9bae8e0dfc29a95546b6b6d91fdac4a69dec94c5879efcb710cf0a52304d

SHA512
1a96b7bd4b8510408c9f018094415df2b96760d58db9a1300dc87396c0462240a881516c0d66d4df6b9c15397c43dd61e57389449dc8f4739bb376a9c0310c8f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lf4jobx9.default-release\user.js

Filesize
236B

MD5
a860dba88cc2614b18bed58eca7f9dc7

SHA1
cc7268d56ff8e10e67fb3fee51d340c083045f79

SHA256
5e5917979c3a500c686d3cc621b4d2dd199d87168aa5757f683e9b15f2854cd7

SHA512
39cfe9cccf1e54e3793e41441cb2bba44ea4d74fb6cdaa9f7ae34534a4503eab3d57dbf25fb84ed44ad45c5f7a67ebc9dbe1827b1041644644ae2aca0d441d31

Download Submit
\Users\Admin\AppData\Local\Temp\nsi4F1.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsi4F1.tmp\Time.dll

Filesize
10KB

MD5
38977533750fe69979b2c2ac801f96e6

SHA1
74643c30cda909e649722ed0c7f267903558e92a

SHA256
b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

SHA512
e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

Download Submit
\Users\Admin\AppData\Local\Temp\nsi4F1.tmp\mt.dll

Filesize
5KB

MD5
aac69f856c4540edd4ef7ce6c8571639

SHA1
2860f55ea9774d631219e66604051e90a43258b7

SHA256
6dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd

SHA512
ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd

Download Submit
\Users\Admin\AppData\Local\Temp\nsi4F1.tmp\nsisos.dll

Filesize
5KB

MD5
69806691d649ef1c8703fd9e29231d44

SHA1
e2193fcf5b4863605eec2a5eb17bf84c7ac00166

SHA256
ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

SHA512
5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb

Download Submit