Overview
overview
7Static
static
703f518342b...18.exe
windows7-x64
703f518342b...18.exe
windows10-2004-x64
7$LOCALAPPD...ds.exe
windows7-x64
7$LOCALAPPD...ds.exe
windows10-2004-x64
7$PLUGINSDI...Ex.dll
windows7-x64
3$PLUGINSDI...Ex.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
1$PLUGINSDI...ns.dll
windows10-2004-x64
1$PLUGINSDI...ad.dll
windows7-x64
3$PLUGINSDI...ad.dll
windows10-2004-x64
3$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...es.dll
windows7-x64
3$PLUGINSDI...es.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/Time.dll
windows7-x64
3$PLUGINSDIR/Time.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...ef.dll
windows7-x64
3$PLUGINSDI...ef.dll
windows10-2004-x64
3$PLUGINSDIR/mt.dll
windows7-x64
1$PLUGINSDIR/mt.dll
windows10-2004-x64
1$PLUGINSDI...os.dll
windows7-x64
3$PLUGINSDI...os.dll
windows10-2004-x64
1FM4ffx.exe
windows7-x64
7FM4ffx.exe
windows10-2004-x64
7$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3Analysis
-
max time kernel
140s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
20-06-2024 07:17
Behavioral task
behavioral1
Sample
03f518342b62cc476b693d6b5b436ae4_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
03f518342b62cc476b693d6b5b436ae4_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
$LOCALAPPDATA/funmoods.exe
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
$LOCALAPPDATA/funmoods.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/ExtractDLLEx.dll
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/ExtractDLLEx.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/IEFunctions.dll
Resource
win7-20240611-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/IEFunctions.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/InetLoad.dll
Resource
win7-20240611-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/InetLoad.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240611-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/Processes.dll
Resource
win7-20240419-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/Processes.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240220-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/Time.dll
Resource
win7-20240611-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/Time.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/chrmPref.dll
Resource
win7-20240611-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/chrmPref.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/mt.dll
Resource
win7-20240508-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/mt.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/nsisos.dll
Resource
win7-20231129-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/nsisos.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
FM4ffx.exe
Resource
win7-20240508-en
Behavioral task
behavioral28
Sample
FM4ffx.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240220-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240220-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
General
-
Target
FM4ffx.exe
-
Size
319KB
-
MD5
fe768a6b82ed2a59c58254eae67b8cf9
-
SHA1
3dad9bf5011fb73b9be2fe6c601bb6281a3ceaf6
-
SHA256
3ac3c700060a0487060724f3fd22faf70d5f633e69401641964d7ba4d6e6e570
-
SHA512
3d8caadc61ea127bd0e3d01f35274a2ebfa34a0ac12b0932988300d011347f74a09c2bf3c85e58bfbe5200288c6e6f100b4f08916d23e56d7b52a70130aad14b
-
SSDEEP
6144:Ve34G2ct7JdUwA2UL4iCPfAHfWpR+0BmiBEaiXLoyX:Et9BHjAupYMmyk7R
Malware Config
Signatures
-
Loads dropped DLL 64 IoCs
Processes:
FM4ffx.exepid process 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe 2760 FM4ffx.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
Processes
-
C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe"C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe"1⤵
- Loads dropped DLL
PID:2760
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4180,i,11751898164297348119,13021661521765644467,262144 --variations-seed-version --mojo-platform-channel-handle=3928 /prefetch:81⤵PID:5000
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
661B
MD5beb03959a34a1f7dfaadd0f2ebd687ce
SHA13a3172acd409c6dd8f68b8b4351dabe5936edf57
SHA25627d2bb5645e69fc7690ced7a2d4c722cf9d8ec995fe7bd07d8141897899247fc
SHA5126516ff7083ebdfb420941830728a68bfcfac7303aa17925620ae1449950b1d69c3de6b53230b0363ef96b758d5ce596529eee892d9678953cb6c9f9773b07067
-
Filesize
877B
MD5daef14909c4b9abd8243e41fcead6ff8
SHA1dbfd7b5f16909e408897c50bb47e704a65ab1e9d
SHA256f2f09bcde383eb99127e964fe63cea6caca0540b7ec20587aea69087be58e7a0
SHA51258807d5fd99710604a0935e939fe2143478903cd0b2d6b845f85696bd7043dd3f548fb12013fa54a304a7e5de587eada2feafbf906de5ff45a6757208b09e4d1
-
Filesize
105B
MD5d66b7c36887a3a1f869cd8b637cc43b6
SHA12e7ad1e83bbe8ae41a119efcaaede2bc82e9d8db
SHA256d7516cb11c81e5ef2e0c7cffa7175c3a7f36f945e788a27024fdc79443fdda45
SHA512155ba55e437c52f3f53d27750fb8365f3489c08a00a8a842610d9d2687aaa067add493273caf5b49fe4bff39eca917eb3f4b4bcb58537119b3ce82e3ed40ceb8
-
Filesize
11KB
MD5c17103ae9072a06da581dec998343fc1
SHA1b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
SHA256dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
SHA512d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
Filesize
10KB
MD538977533750fe69979b2c2ac801f96e6
SHA174643c30cda909e649722ed0c7f267903558e92a
SHA256b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35
SHA512e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53
-
Filesize
5KB
MD5aac69f856c4540edd4ef7ce6c8571639
SHA12860f55ea9774d631219e66604051e90a43258b7
SHA2566dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd
SHA512ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd
-
Filesize
5KB
MD569806691d649ef1c8703fd9e29231d44
SHA1e2193fcf5b4863605eec2a5eb17bf84c7ac00166
SHA256ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6
SHA5125e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb
-
Filesize
929B
MD5ba0edf378719986165661a535665374f
SHA119760e361e55da6c81f162eb7b892cb608d988aa
SHA256c2af3ef194ee56bfe1b3f6ee85538d38dee6207f9e4c25dfd6e0ed58f0c6f4b0
SHA5127d996c1315a841e927cc014b23b7552b209e9ed91ef52a3ddee4801a2217fbc2fbca9cc8cce9de9ea29ca9bd072d6d8352a5e12e8d6d3957219ae817f383ec0d
-
Filesize
729B
MD5ce5e7ee7e40357da1d0a814e552953c3
SHA11e9362ba3704ea8fd2a32a19d8fed449b2e520bd
SHA256b24632839646475bbe84fbfe2f8b0ba036bb9e8d7f9eb556ebbd75d63909d5d7
SHA5126efed953a70a09bf9980332a0b7c9dba48589acb0dd81a67a993f4e99197521a325d5ab687cafbee2ff7ece9c5e77f4dde52b65ea7f84ce6fdf86894bcdd361e
-
Filesize
778B
MD5756a2199461f233e44e2ff84eb3f8449
SHA1b40a3f926b06c175c8a667d9913e79363330b30e
SHA256143ef62184392cdd8bf4a7fd2a1a7ca62f2600a94cc7768562e3abd70a5cdd6e
SHA51235ebe260194078c4068db9a142bdddda97c17395475a2397569e44315f7820eb5a803bcb18d91c6ecb901749cbc388f4e59c428d890c0d26702d290e660dc864
-
Filesize
431B
MD584c6a105b21c548e24b6451723672211
SHA145b4472c6f02238bdf3e569195f468134267f60d
SHA256e6dd101bc0c0110cd5cfeed06e6c8ab0953d263a6c4051ea43688b55f11421e8
SHA5122b5e4c50ae738eb5068bc267f901a38c5fe16b608b3d61f1ac26d70cabf80a9b73c955d6fbb7cf45ca7d0b154aac7748904ed96b7313f26dd86505d76bdf00b9
-
Filesize
291B
MD59977d3425a4556c677885d392f451d3a
SHA1a90f8930f8b0f2c8e5541be0dcc21b2b14f1a516
SHA2563661fbc00b62c038c5c25d2471e719ee6322bc243503082be36841fbdb2f669f
SHA5120f450b2aeca4ebc7be7866573b9e69f0456ee3c3bc709727685b02a45844b1629bca0ff51a5fbced6dd04c5e27ea143399f8ef9a8aec627adf0565d2861a1cb6
-
Filesize
347B
MD547cbd47c60e8af1b4374c6a352f0f91a
SHA1b629ccfcfe420a19cdf04caf1655cad0f1668803
SHA256738e0f7d518eab9042f5296f544ae731a6963ba1dc8796be554279e1c15a44b1
SHA51299953dbb8d7146016796e0ea65c7f6f306e1d8d2ffbbf1c69e59dc7df7525e8afc78c6b40298747e38682f62518f687c50d7d3ebbe69fe9bde8ad130a97d0229
-
Filesize
541B
MD5a0bdd513b48c9cf0902cdfd002196f36
SHA1c285aa75b1d878b3e89bd158fe361c2474a4985b
SHA256ab08125d40fc5002a34b86bb17167a25e3d582649504a5a3495a751f2b059ce8
SHA5129a9e3429d2871e9670d78db0d2bbbfabb2718e8ab0ed945aa659d498c82362400994214e2701dca6b922515968ee808d00cc4aa44feb87326a9f0b9231921442
-
Filesize
597B
MD53ac1c8221139cdd9230f8667b73eb6d4
SHA147c833e140dbb1219a851f3f9ed888d28dff4b33
SHA256f29db17fd2237ddbc465f7821cf400cc7de667cd4c416bd8601cbd4f331bf272
SHA512328379c487eda9c908cf1e3e139d3e9b40590810133f1bb24e17918bb94b3c24e9062a7778180838bed237cd2835c5c0a4cfa4044146387e738bd8f6f5310568
-
Filesize
773B
MD5ab98dcbc05863e27597c535e58a69aa7
SHA15844a26c005468c7ad4715d12f5eaa7c7997e4bd
SHA256ad4290ccd1bd885d7d51bf1b8faf13797f4dc31ef0e45e13698e63ce0e0a2dab
SHA512c5667200bc2f29e7a6dc5ccc0a2caecb44f8299f3ef56e54d6dc2edb6b4dc86731cf38db295bca3b6cc6b9ef837a8491dc04219be39366b3b3ec488c5a7b7439
-
Filesize
1KB
MD53a48e9c0746eebecb1fd6b78339b2b6a
SHA11ca2295078f7e21c66a27deba5fa3a87580907c9
SHA256e2489d00487d56f660b5d38571f692f20f728cc48cb2a422a2b94863d3b19d14
SHA512cc17bd5219b2c4157a704ae19027264eff4159a2e50a3d2470021554dbf045d12a3fb53a68d78587f1429850b784ebaf72beaf1af31975ef03f69e2280505011
-
Filesize
411B
MD5ad5e41c9b83c443379bae29df86df772
SHA1ad4187ffdb50ccfef0d2c97131060650fefb670a
SHA256e11adba324d2a56c44a54c6814af8077dfe35078d0387b7db5ea0fac1ebc05e9
SHA512c5599b59bdc3d0f6a3c8ee9b47a0d5d538cbbc154be25255d7d3ed2f876a382c860e8b88bfdc311f69b78e8f555917226fe9edc91b9ffb348c9e9d5999fb9171
-
Filesize
523B
MD5836744fceccf4ba6438b53572ebce43f
SHA1325366ea6fcf3b3c9b77e312bbf8713df6c7386a
SHA256fa9b47a79e78e6ced3a9d0d7937c83d1aa668dcb17380d3e2323c57a74d386c9
SHA512ee5caaf3670fabe00301ef0d993d9dddaca6aceea365daccc753a722a6e3f5fe42afe8de68d3f857d08e290aea11f591b1cbd8c37b889ea8fdfdd3738083c1c4
-
Filesize
627B
MD51cf4841d076be3ad6592a867dadf29c9
SHA105076b1693312e6813326e29695e05e8b1028994
SHA25634e3ca1218ab24caabce6c73bbac56266b52803ad4e190b76785cf3ec5b00886
SHA512c1cc8f1718391a42669db6b266b7f40bdff3329e3191b300f868f8e4bced29cff5b93b7a669531a561211143728f614f23da9a91dc5391f8008d42699a8bee2e
-
Filesize
236B
MD519973f6dde6e6ed10dff32e566cd40a5
SHA1e070abab89fc535a8073c76f7fe3e7863385b134
SHA25688a875e2352f2f03061e306ee1ea9a076a411c0998f66cb6110c2ba4e9bcb12e
SHA512e6f42f8b0d5e313cf340b3aff2fbd83b3fe671191b650a0664bb311a7159967b07572710405f61837ece8049735adef6dd2f8daf2354c394ec1ac238954dd4bf