Overview

overview

7

Static

static

7

f1f9fb8ef7...18.exe

windows7-x64

7

f1f9fb8ef7...18.exe

windows10-2004-x64

7

$LOCALAPPD...ds.exe

windows7-x64

7

$LOCALAPPD...ds.exe

windows10-2004-x64

7

$PLUGINSDI...Ex.dll

windows7-x64

3

$PLUGINSDI...Ex.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

1

$PLUGINSDI...ns.dll

windows10-2004-x64

1

$PLUGINSDI...ad.dll

windows7-x64

3

$PLUGINSDI...ad.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/Time.dll

windows7-x64

3

$PLUGINSDIR/Time.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...ef.dll

windows7-x64

3

$PLUGINSDI...ef.dll

windows10-2004-x64

3

$PLUGINSDIR/mt.dll

windows7-x64

1

$PLUGINSDIR/mt.dll

windows10-2004-x64

1

$PLUGINSDI...os.dll

windows7-x64

3

$PLUGINSDI...os.dll

windows10-2004-x64

1

FM4ffx.exe

windows7-x64

7

FM4ffx.exe

windows10-2004-x64

7

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    142s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/04/2024, 21:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FM4ffx.exe

  • Size

    319KB

  • MD5

    fe768a6b82ed2a59c58254eae67b8cf9

  • SHA1

    3dad9bf5011fb73b9be2fe6c601bb6281a3ceaf6

  • SHA256

    3ac3c700060a0487060724f3fd22faf70d5f633e69401641964d7ba4d6e6e570

  • SHA512

    3d8caadc61ea127bd0e3d01f35274a2ebfa34a0ac12b0932988300d011347f74a09c2bf3c85e58bfbe5200288c6e6f100b4f08916d23e56d7b52a70130aad14b

  • SSDEEP

    6144:Ve34G2ct7JdUwA2UL4iCPfAHfWpR+0BmiBEaiXLoyX:Et9BHjAupYMmyk7R

Score
7/10
spywarestealer

Malware Config

Signatures

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe
    "C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe"
    1⤵
    • Loads dropped DLL
    PID:2472
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4068 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3784

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\nsd199.tmp
      Filesize

      662B

      MD5

      2ce272f17a2fd7589f7a178b3d29bcf8

      SHA1

      f3c686404745342b4e4221cd9b005a485db45053

      SHA256

      fe2a7ce544025b0c47863cad2b8d4af03ee6c91c89762ff37b6916c513f36c9b

      SHA512

      dddc7cfd8229e96fd343cbd87eeba68f3727e988d24a37e9d8a2c748090bcdcd83b1bc6845e067472170a5524671fff76fed63866af9514455cbd0faa96915fb

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsf550.tmp
      Filesize

      412B

      MD5

      efb4ab4b9075533bb7f621b5b840b5d8

      SHA1

      9480a043f607175347b09bb431a67e258b7359ad

      SHA256

      4b753a88195bfa468ab3a56f78da5075b34df04e4d77060c4d16a215e888fe3d

      SHA512

      938096a0920821953ddb62a7f7d6b5ed9dc959fb0a3bbae26e757cc68faab3e0fa54d5ef185bd7f7c143db7e29dea0c6e168444d2a7bf649f63d2a389e033199

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsf63F.tmp
      Filesize

      680B

      MD5

      c7febbb0ef571391d4478b8bf9be5151

      SHA1

      4dd83a7e110805267d01b0816c1b67756b03e0b2

      SHA256

      19564b0c0953a796cc18a43378e3d6b22e06dd52234bbd71d7d7c97a6dbdf946

      SHA512

      effcafca884ff6a5c6925c09fb1cec3d4a8f9d222fff243df48158800216908a98f50990f6dedd8f6291d951206625a36af6f493c04131dca4ae726cc0870263

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsf68E.tmp
      Filesize

      730B

      MD5

      dd0956439c5b3d7715016cfbd66e29d4

      SHA1

      49d86894d2d651085a275ed1eaa94e5f69a4c237

      SHA256

      5c478141638af125d1d39d036b216c9c712faf2bf911b890898ac8d25df47725

      SHA512

      edbbb7c57f9b3c6dbac523342bfd269aacfa2dfbb4ed162fd637dd874ba1540572fe8ac55a72d227e2a924499eb58ffbf060de9b5ebb0b5d7e76b4140ab8406b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsn4C.tmp
      Filesize

      355B

      MD5

      aa942cbf080fbb2237e6897523515ce5

      SHA1

      4a432578611a39f2626a0967b89febcd4c629892

      SHA256

      42fe6aede59d0b4629f96288d1ab22008aca8576815f9d70fdb91810e2fed48c

      SHA512

      ca4265c36c946f1e8c7abbff7535e3db2885c57209d7d32562e0fe399a2b17dfe95aa47956f87bb181ffe7cb71481861dbbf8423aacbd0faba354eebea78d3db

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nso364.tmp
      Filesize

      980B

      MD5

      fa2a80184fc849c5bc14fcc6768d594e

      SHA1

      27569fc931ac46e7ec060e6da064ec718f09e273

      SHA256

      170a9c5c1118d84fd49ef06ac3569525a1f39dbda60f66e98de3e0ed4c29f1c5

      SHA512

      c748cccc85378bf452159bf24f5cb45624d16d1841d088b12df4325f1161ce9d9993e20182a33707e1f9acd9d78f7fe6bbdaab75234bb62211116b21aaff9e75

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsp53F.tmp
      Filesize

      347B

      MD5

      15d08cc18f85c6f38cf9c0aab22e5209

      SHA1

      16cf30131370e2d5c7bbe426dae454479e8e9641

      SHA256

      bbe46ab5f1f33757ee82ef825794dc1361cb855730451f7a783efc8c5b5bf577

      SHA512

      cb583effaabfcf8613dea630472757794f75cadb182fc00c3a370449a796638b07b0a9047be9c6266f5e086c9ba6a10cb49e5c88d139cebbe6632fe76e7eb538

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nspF8D8.tmp\System.dll
      Filesize

      11KB

      MD5

      c17103ae9072a06da581dec998343fc1

      SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

      SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

      SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nspF8D8.tmp\Time.dll
      Filesize

      10KB

      MD5

      38977533750fe69979b2c2ac801f96e6

      SHA1

      74643c30cda909e649722ed0c7f267903558e92a

      SHA256

      b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

      SHA512

      e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nspF8D8.tmp\mt.dll
      Filesize

      5KB

      MD5

      aac69f856c4540edd4ef7ce6c8571639

      SHA1

      2860f55ea9774d631219e66604051e90a43258b7

      SHA256

      6dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd

      SHA512

      ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nspF8D8.tmp\nsisos.dll
      Filesize

      5KB

      MD5

      69806691d649ef1c8703fd9e29231d44

      SHA1

      e2193fcf5b4863605eec2a5eb17bf84c7ac00166

      SHA256

      ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

      SHA512

      5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nst10B.tmp
      Filesize

      541B

      MD5

      e3daa4da6a10418888eed31757eb5b80

      SHA1

      8ecd557bcc50b1b3cc6e04fd1ad207d41d226c24

      SHA256

      0829130314ce7a82565168141f8f826998a7ef4c66aa9b299d591d51180009ee

      SHA512

      3d183ee49151f5899238abe01ab4e0a1ae113872e040336ece5f3cee723d1d4cb4cbf4c98ca0dd7e3e56ba05147bab87ef47f0ff05ca41be290281864745bb2a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsu335.tmp
      Filesize

      930B

      MD5

      6bbc22e5f2a5a30380d9dfc5d1c76ae4

      SHA1

      b2df646e1c5388f5cb71568d9f5e43daf4d72609

      SHA256

      cc38b1833fd6434c2de8a189b15b63d9f3b09c4d2d26d8b5bf1d0267052e3e17

      SHA512

      3d520c4bfc879de1ddfd23d49df90def9afb0a8a82941bbd51ff1bd340b5000998f87d2cf2e323892efe5dc708050fd90939630dbd64d966302f6752e81fdf4d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsy1C9.tmp
      Filesize

      719B

      MD5

      611f271c6d2cf64a15ae8cdbe0ed0e9e

      SHA1

      38cd273cf75a27f81e16e6527b26faa734841db5

      SHA256

      0bd829e5ba6ce8260a94b88611f48f0d5ed76e4b60d5e0737602731a35e1d02e

      SHA512

      ab34bec4e71a3d8a4fee39c05066bddd30a131f827f4c075f6c73d6a20d38bf679ab9307e04938118f5e87ff54da9b2a45a551a48fd0644d1bcae5e41479e113

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsy218.tmp
      Filesize

      774B

      MD5

      5860c47fc00734ff6f022d95522eafe3

      SHA1

      c9521e8ebdd0ca8f0ed78e8bc9cd2ab98241bef6

      SHA256

      308b10927d1400bbce659c1600885d6127f5698d7df01b0318da0cd988733aed

      SHA512

      e6fb0fed6e6639669f4d423423605da43703a2573ad01359407deff9ea89885007588c0bb4c8dc8c9ff595592bdf52562e75dc23e0289c0434144d20eed5bfc3

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsy267.tmp
      Filesize

      825B

      MD5

      6fc2d08070a017444f8a05d1cf41124e

      SHA1

      0ea7203fdaec470b32a4a1dd21fe01e53bbee645

      SHA256

      73158efa2aba1747910d110580dff57f40dee50f838990c0ac943a7e494ad432

      SHA512

      27d0d74b26e5c899debf5df4124b4ea01a90979949c05530a6fc2c768478e91c74b0afc5edd0faec84b3ae0692312504e9dbed21664f0945df4ed301a8d66e86

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsyDB.tmp
      Filesize

      486B

      MD5

      e374f234fd70ca6af005321b3c8343d9

      SHA1

      261379f49f39d11750b11572965d3de1a8747a19

      SHA256

      dbffd982c7b8d12c780d23ecb56daaaed78d67f84158003f41dbdd39e5f5c60f

      SHA512

      c5e43a481ea17ff5f8eec29383d66401784b2f26022693ff4f1da9d8e2fd9a4be71626de326c53ad32edd0de0f54a6856adf263110cd75d72256b99feb8fc1ed

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\user.js
      Filesize

      524B

      MD5

      d27f214228fcd358aeea039b41d98df2

      SHA1

      4bbc244b01d32aa670d69cd997773440fc308e1f

      SHA256

      5fa6d7db3c1991add8fa263ad1f3289807d50ff2dbbc6d1fee69ace9ec6b9059

      SHA512

      4b284806cecfdcf74af8df93d2352a31ddfc9b0579ccba9800dab676f712d82d77a0ac2d73161635f343636fdb8419901937caeabaf0a5c1ae2703341658da40

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\user.js
      Filesize

      628B

      MD5

      ff483e7672daa8f899ea5328a8f4911e

      SHA1

      7ad6fe4c2a8837691e19e2fa979a56c207975dd4

      SHA256

      3a6ab05f716386f86bc879b6492d7b5956b7e8c8abaff6ef8f1c6617bac2beca

      SHA512

      ecc94875b76e8fd472cd3a49c9d33bfcb86f476500d56f65bb0096a648fcc12da0d77cc78c71982d3bf29736d03eb2c1fbde076235f70a4db8e12f3ee21fae91

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\user.js
      Filesize

      291B

      MD5

      a669bd55f8067f76cbd03e828415f839

      SHA1

      14e501dc9ea7ef922036e219fc3697eff0bff72c

      SHA256

      2719af8064a91dedb73ebe73cff22db9961e18224bb45abfda297147c2b91428

      SHA512

      5c427abd2ea78a1834e4d8ffe3b1c545be8eda5a910994144a21ddcf850c824331b4eb3bf5c8013fafe3c7c847c460e735e47846647969fadf52c1d9e76aad48

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xvu9bdak.Admin\user.js
      Filesize

      597B

      MD5

      49b001ae720895cd0f6111e16bb007a5

      SHA1

      0b2eb9e2eb1b1ed51313da358815f6f871594699

      SHA256

      2cd354b38caae94b04194ae5ff39ea0559a6f912271772e92bbac2af094862bf

      SHA512

      15001a9526ea7531488efd1fa830605be5057e9174afd31d0787e9b9f7ddb14e77041ee539148711f03d0940e019626060dd2ff35c775ed228bc07d48c0a43bf

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xvu9bdak.Admin\user.js
      Filesize

      1KB

      MD5

      24dad8ef1c452dcf49613b411b14cf17

      SHA1

      a689a4f738464fc6dff60fbb2da8da61b296c844

      SHA256

      a29f0ed0d50ce634b41b10b95bee7cad2ddc5a8703daa2f8b7b5e32f4443c5bd

      SHA512

      e3b9c912015add5a2f1e7ee980b42182aec60f94a708e61df8bca9a413e8c0a8273276f8346b92566843215f5e40c563edfa208e86b39a061d99a8a8f42e811f

      Download Submit