Analysis

  • max time kernel
    140s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-06-2024 07:17

General

  • Target

    FM4ffx.exe

  • Size

    319KB

  • MD5

    fe768a6b82ed2a59c58254eae67b8cf9

  • SHA1

    3dad9bf5011fb73b9be2fe6c601bb6281a3ceaf6

  • SHA256

    3ac3c700060a0487060724f3fd22faf70d5f633e69401641964d7ba4d6e6e570

  • SHA512

    3d8caadc61ea127bd0e3d01f35274a2ebfa34a0ac12b0932988300d011347f74a09c2bf3c85e58bfbe5200288c6e6f100b4f08916d23e56d7b52a70130aad14b

  • SSDEEP

    6144:Ve34G2ct7JdUwA2UL4iCPfAHfWpR+0BmiBEaiXLoyX:Et9BHjAupYMmyk7R

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe
    "C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe"
    1⤵
    • Loads dropped DLL
    PID:2760
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4180,i,11751898164297348119,13021661521765644467,262144 --variations-seed-version --mojo-platform-channel-handle=3928 /prefetch:8
    1⤵
      PID:5000

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\nsiF3CE.tmp

      Filesize

      661B

      MD5

      beb03959a34a1f7dfaadd0f2ebd687ce

      SHA1

      3a3172acd409c6dd8f68b8b4351dabe5936edf57

      SHA256

      27d2bb5645e69fc7690ced7a2d4c722cf9d8ec995fe7bd07d8141897899247fc

      SHA512

      6516ff7083ebdfb420941830728a68bfcfac7303aa17925620ae1449950b1d69c3de6b53230b0363ef96b758d5ce596529eee892d9678953cb6c9f9773b07067

    • C:\Users\Admin\AppData\Local\Temp\nsiF420.tmp

      Filesize

      877B

      MD5

      daef14909c4b9abd8243e41fcead6ff8

      SHA1

      dbfd7b5f16909e408897c50bb47e704a65ab1e9d

      SHA256

      f2f09bcde383eb99127e964fe63cea6caca0540b7ec20587aea69087be58e7a0

      SHA512

      58807d5fd99710604a0935e939fe2143478903cd0b2d6b845f85696bd7043dd3f548fb12013fa54a304a7e5de587eada2feafbf906de5ff45a6757208b09e4d1

    • C:\Users\Admin\AppData\Local\Temp\nsiF4C0.tmp

      Filesize

      105B

      MD5

      d66b7c36887a3a1f869cd8b637cc43b6

      SHA1

      2e7ad1e83bbe8ae41a119efcaaede2bc82e9d8db

      SHA256

      d7516cb11c81e5ef2e0c7cffa7175c3a7f36f945e788a27024fdc79443fdda45

      SHA512

      155ba55e437c52f3f53d27750fb8365f3489c08a00a8a842610d9d2687aaa067add493273caf5b49fe4bff39eca917eb3f4b4bcb58537119b3ce82e3ed40ceb8

    • C:\Users\Admin\AppData\Local\Temp\nsnF2FC.tmp\System.dll

      Filesize

      11KB

      MD5

      c17103ae9072a06da581dec998343fc1

      SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

      SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

      SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • C:\Users\Admin\AppData\Local\Temp\nsnF2FC.tmp\Time.dll

      Filesize

      10KB

      MD5

      38977533750fe69979b2c2ac801f96e6

      SHA1

      74643c30cda909e649722ed0c7f267903558e92a

      SHA256

      b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

      SHA512

      e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

    • C:\Users\Admin\AppData\Local\Temp\nsnF2FC.tmp\mt.dll

      Filesize

      5KB

      MD5

      aac69f856c4540edd4ef7ce6c8571639

      SHA1

      2860f55ea9774d631219e66604051e90a43258b7

      SHA256

      6dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd

      SHA512

      ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd

    • C:\Users\Admin\AppData\Local\Temp\nsnF2FC.tmp\nsisos.dll

      Filesize

      5KB

      MD5

      69806691d649ef1c8703fd9e29231d44

      SHA1

      e2193fcf5b4863605eec2a5eb17bf84c7ac00166

      SHA256

      ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

      SHA512

      5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb

    • C:\Users\Admin\AppData\Local\Temp\nsnF440.tmp

      Filesize

      929B

      MD5

      ba0edf378719986165661a535665374f

      SHA1

      19760e361e55da6c81f162eb7b892cb608d988aa

      SHA256

      c2af3ef194ee56bfe1b3f6ee85538d38dee6207f9e4c25dfd6e0ed58f0c6f4b0

      SHA512

      7d996c1315a841e927cc014b23b7552b209e9ed91ef52a3ddee4801a2217fbc2fbca9cc8cce9de9ea29ca9bd072d6d8352a5e12e8d6d3957219ae817f383ec0d

    • C:\Users\Admin\AppData\Local\Temp\nsoF539.tmp

      Filesize

      729B

      MD5

      ce5e7ee7e40357da1d0a814e552953c3

      SHA1

      1e9362ba3704ea8fd2a32a19d8fed449b2e520bd

      SHA256

      b24632839646475bbe84fbfe2f8b0ba036bb9e8d7f9eb556ebbd75d63909d5d7

      SHA512

      6efed953a70a09bf9980332a0b7c9dba48589acb0dd81a67a993f4e99197521a325d5ab687cafbee2ff7ece9c5e77f4dde52b65ea7f84ce6fdf86894bcdd361e

    • C:\Users\Admin\AppData\Local\Temp\nsoF53A.tmp

      Filesize

      778B

      MD5

      756a2199461f233e44e2ff84eb3f8449

      SHA1

      b40a3f926b06c175c8a667d9913e79363330b30e

      SHA256

      143ef62184392cdd8bf4a7fd2a1a7ca62f2600a94cc7768562e3abd70a5cdd6e

      SHA512

      35ebe260194078c4068db9a142bdddda97c17395475a2397569e44315f7820eb5a803bcb18d91c6ecb901749cbc388f4e59c428d890c0d26702d290e660dc864

    • C:\Users\Admin\AppData\Local\Temp\nssF36C.tmp

      Filesize

      431B

      MD5

      84c6a105b21c548e24b6451723672211

      SHA1

      45b4472c6f02238bdf3e569195f468134267f60d

      SHA256

      e6dd101bc0c0110cd5cfeed06e6c8ab0953d263a6c4051ea43688b55f11421e8

      SHA512

      2b5e4c50ae738eb5068bc267f901a38c5fe16b608b3d61f1ac26d70cabf80a9b73c955d6fbb7cf45ca7d0b154aac7748904ed96b7313f26dd86505d76bdf00b9

    • C:\Users\Admin\AppData\Local\Temp\nsyF4D3.tmp

      Filesize

      291B

      MD5

      9977d3425a4556c677885d392f451d3a

      SHA1

      a90f8930f8b0f2c8e5541be0dcc21b2b14f1a516

      SHA256

      3661fbc00b62c038c5c25d2471e719ee6322bc243503082be36841fbdb2f669f

      SHA512

      0f450b2aeca4ebc7be7866573b9e69f0456ee3c3bc709727685b02a45844b1629bca0ff51a5fbced6dd04c5e27ea143399f8ef9a8aec627adf0565d2861a1cb6

    • C:\Users\Admin\AppData\Local\Temp\nsyF4D4.tmp

      Filesize

      347B

      MD5

      47cbd47c60e8af1b4374c6a352f0f91a

      SHA1

      b629ccfcfe420a19cdf04caf1655cad0f1668803

      SHA256

      738e0f7d518eab9042f5296f544ae731a6963ba1dc8796be554279e1c15a44b1

      SHA512

      99953dbb8d7146016796e0ea65c7f6f306e1d8d2ffbbf1c69e59dc7df7525e8afc78c6b40298747e38682f62518f687c50d7d3ebbe69fe9bde8ad130a97d0229

    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jlg6ljiw.Admin\user.js

      Filesize

      541B

      MD5

      a0bdd513b48c9cf0902cdfd002196f36

      SHA1

      c285aa75b1d878b3e89bd158fe361c2474a4985b

      SHA256

      ab08125d40fc5002a34b86bb17167a25e3d582649504a5a3495a751f2b059ce8

      SHA512

      9a9e3429d2871e9670d78db0d2bbbfabb2718e8ab0ed945aa659d498c82362400994214e2701dca6b922515968ee808d00cc4aa44feb87326a9f0b9231921442

    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jlg6ljiw.Admin\user.js

      Filesize

      597B

      MD5

      3ac1c8221139cdd9230f8667b73eb6d4

      SHA1

      47c833e140dbb1219a851f3f9ed888d28dff4b33

      SHA256

      f29db17fd2237ddbc465f7821cf400cc7de667cd4c416bd8601cbd4f331bf272

      SHA512

      328379c487eda9c908cf1e3e139d3e9b40590810133f1bb24e17918bb94b3c24e9062a7778180838bed237cd2835c5c0a4cfa4044146387e738bd8f6f5310568

    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jlg6ljiw.Admin\user.js

      Filesize

      773B

      MD5

      ab98dcbc05863e27597c535e58a69aa7

      SHA1

      5844a26c005468c7ad4715d12f5eaa7c7997e4bd

      SHA256

      ad4290ccd1bd885d7d51bf1b8faf13797f4dc31ef0e45e13698e63ce0e0a2dab

      SHA512

      c5667200bc2f29e7a6dc5ccc0a2caecb44f8299f3ef56e54d6dc2edb6b4dc86731cf38db295bca3b6cc6b9ef837a8491dc04219be39366b3b3ec488c5a7b7439

    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jlg6ljiw.Admin\user.js

      Filesize

      1KB

      MD5

      3a48e9c0746eebecb1fd6b78339b2b6a

      SHA1

      1ca2295078f7e21c66a27deba5fa3a87580907c9

      SHA256

      e2489d00487d56f660b5d38571f692f20f728cc48cb2a422a2b94863d3b19d14

      SHA512

      cc17bd5219b2c4157a704ae19027264eff4159a2e50a3d2470021554dbf045d12a3fb53a68d78587f1429850b784ebaf72beaf1af31975ef03f69e2280505011

    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m5gevmzl.default-release\user.js

      Filesize

      411B

      MD5

      ad5e41c9b83c443379bae29df86df772

      SHA1

      ad4187ffdb50ccfef0d2c97131060650fefb670a

      SHA256

      e11adba324d2a56c44a54c6814af8077dfe35078d0387b7db5ea0fac1ebc05e9

      SHA512

      c5599b59bdc3d0f6a3c8ee9b47a0d5d538cbbc154be25255d7d3ed2f876a382c860e8b88bfdc311f69b78e8f555917226fe9edc91b9ffb348c9e9d5999fb9171

    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m5gevmzl.default-release\user.js

      Filesize

      523B

      MD5

      836744fceccf4ba6438b53572ebce43f

      SHA1

      325366ea6fcf3b3c9b77e312bbf8713df6c7386a

      SHA256

      fa9b47a79e78e6ced3a9d0d7937c83d1aa668dcb17380d3e2323c57a74d386c9

      SHA512

      ee5caaf3670fabe00301ef0d993d9dddaca6aceea365daccc753a722a6e3f5fe42afe8de68d3f857d08e290aea11f591b1cbd8c37b889ea8fdfdd3738083c1c4

    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m5gevmzl.default-release\user.js

      Filesize

      627B

      MD5

      1cf4841d076be3ad6592a867dadf29c9

      SHA1

      05076b1693312e6813326e29695e05e8b1028994

      SHA256

      34e3ca1218ab24caabce6c73bbac56266b52803ad4e190b76785cf3ec5b00886

      SHA512

      c1cc8f1718391a42669db6b266b7f40bdff3329e3191b300f868f8e4bced29cff5b93b7a669531a561211143728f614f23da9a91dc5391f8008d42699a8bee2e

    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m5gevmzl.default-release\user.js

      Filesize

      236B

      MD5

      19973f6dde6e6ed10dff32e566cd40a5

      SHA1

      e070abab89fc535a8073c76f7fe3e7863385b134

      SHA256

      88a875e2352f2f03061e306ee1ea9a076a411c0998f66cb6110c2ba4e9bcb12e

      SHA512

      e6f42f8b0d5e313cf340b3aff2fbd83b3fe671191b650a0664bb311a7159967b07572710405f61837ece8049735adef6dd2f8daf2354c394ec1ac238954dd4bf