Overview

overview

7

Static

static

7

26565b5f59...18.exe

windows7-x64

7

26565b5f59...18.exe

windows10-2004-x64

7

$LOCALAPPD...ds.exe

windows7-x64

7

$LOCALAPPD...ds.exe

windows10-2004-x64

7

$PLUGINSDI...Ex.dll

windows7-x64

3

$PLUGINSDI...Ex.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

1

$PLUGINSDI...ns.dll

windows10-2004-x64

1

$PLUGINSDI...ad.dll

windows7-x64

3

$PLUGINSDI...ad.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/Time.dll

windows7-x64

3

$PLUGINSDIR/Time.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...ef.dll

windows7-x64

3

$PLUGINSDI...ef.dll

windows10-2004-x64

3

$PLUGINSDIR/mt.dll

windows7-x64

1

$PLUGINSDIR/mt.dll

windows10-2004-x64

1

$PLUGINSDI...os.dll

windows7-x64

3

$PLUGINSDI...os.dll

windows10-2004-x64

1

FM4ffx.exe

windows7-x64

7

FM4ffx.exe

windows10-2004-x64

7

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    147s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/07/2024, 21:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FM4ffx.exe

  • Size

    319KB

  • MD5

    fe768a6b82ed2a59c58254eae67b8cf9

  • SHA1

    3dad9bf5011fb73b9be2fe6c601bb6281a3ceaf6

  • SHA256

    3ac3c700060a0487060724f3fd22faf70d5f633e69401641964d7ba4d6e6e570

  • SHA512

    3d8caadc61ea127bd0e3d01f35274a2ebfa34a0ac12b0932988300d011347f74a09c2bf3c85e58bfbe5200288c6e6f100b4f08916d23e56d7b52a70130aad14b

  • SSDEEP

    6144:Ve34G2ct7JdUwA2UL4iCPfAHfWpR+0BmiBEaiXLoyX:Et9BHjAupYMmyk7R

Score
7/10
spywarestealer

Malware Config

Signatures

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe
    "C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe"
    1⤵
    • Loads dropped DLL
    PID:1388

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsc4C41.tmp
    Filesize

    412B

    MD5

    663ac7ad0d23dfe1bf7c8c302ae0bd2e

    SHA1

    98e367ab335842975bc984ded436c4a26d7ebe3c

    SHA256

    315f7ada136d0bc046cfb7dd83c8bdedd61d4d13eeaf85f32ce429e07dd4cc62

    SHA512

    fb02e6fb54282360f9de5795f57481dfdab9bdfc2ee2cca57dcc1d08604fc8adc6a59088aa60e86ea76151487ff93ee28c74b23bd804ff4e76b90bfcdbb2ee24

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsc4C42.tmp
    Filesize

    469B

    MD5

    6de16a912e7d60a63be54e459114af0b

    SHA1

    75cda4604f900b54938666596275af15069cb177

    SHA256

    3f81583b45041a87d61040cc3651aa7935075a41584a9345813bc1380d7aea12

    SHA512

    3e498986305294379618f7678054d545fbc33df4b86b2ea1db7a6f446804d141b8e59e088b82ee3998b929bf9822ca59956014c9b36efa33a31024a0b8f84681

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsh4B1E.tmp
    Filesize

    825B

    MD5

    02dcaf13dc22827c1e281e2540f58fff

    SHA1

    75aeca75f3713c4d030ded36ee53355dc413a871

    SHA256

    39725acd4081577338ce4501c54dd71130be340fad523eb4fba6653ad3f151a8

    SHA512

    d82112f2496d828ece7f32a93d35dc6d311e774cc013407f30692de4f7420b852146028757552e18fb3ecb76474bdc1ebc092572c5a00d67073112a4b59e693b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsl49AC.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsl49AC.tmp\Time.dll
    Filesize

    10KB

    MD5

    38977533750fe69979b2c2ac801f96e6

    SHA1

    74643c30cda909e649722ed0c7f267903558e92a

    SHA256

    b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

    SHA512

    e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsl49AC.tmp\mt.dll
    Filesize

    5KB

    MD5

    aac69f856c4540edd4ef7ce6c8571639

    SHA1

    2860f55ea9774d631219e66604051e90a43258b7

    SHA256

    6dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd

    SHA512

    ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsl49AC.tmp\nsisos.dll
    Filesize

    5KB

    MD5

    69806691d649ef1c8703fd9e29231d44

    SHA1

    e2193fcf5b4863605eec2a5eb17bf84c7ac00166

    SHA256

    ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

    SHA512

    5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsm4A9C.tmp
    Filesize

    541B

    MD5

    bdcdecf13379c64b016efcad7d6ae56e

    SHA1

    d46b8e90a5c5f599dbc5a6d39d248c7f542918ea

    SHA256

    769b0ec10f3f338541e3077244a48a10e3bb731abe364021cbd7adaeffb937fd

    SHA512

    69eac2add208787cc8a10b560e9e496adbf674206b678d45e1c7d5a1fbefeea0c9d991d68f7a6cc5b39478cd89d32f76eb8dc1ebce3a9220da17033d0c0b58d9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsm4B3E.tmp
    Filesize

    878B

    MD5

    0db7583415d1eed31712db43e00f8134

    SHA1

    3ac3fb9d403331f0bc8669dbc3edf92f2173f6c3

    SHA256

    85ae1a77018063ea088c6436aa79d4ba5cd65c5ca555b6a2dc399800ecb0f1fd

    SHA512

    49d63dbaa43ea0d75ab3e09e5bbdd6506f630531cfd0888c9bb6f4b4e538c49ea2400cc0a09d2e63c9d9ac267421dcbe64c1e7629fb5317407ba890aa3f953fa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsm4C2F.tmp
    Filesize

    291B

    MD5

    52e87e34e328c8261f25203bf97c66cd

    SHA1

    1669be842ab0c4900316b31378d0d9c82673c1a0

    SHA256

    5d181617e62d47d0597c0defeb409d9652affd9721f5a67f923e7f2cb38e45af

    SHA512

    07f947ac1816a7821b6ef3a0e460d1cdd75a2d4b3335c6b79fd75c11d973d7f367feecf251c132d9a1d6b3c95830e6adbf18c8a20258a24f6c4ae66a01d41db4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsm4C30.tmp
    Filesize

    347B

    MD5

    571d3bc1edacc5662488769841c69aa5

    SHA1

    a268274489f9dc9460b5e74195d5dfd58a47d1c5

    SHA256

    c5a212671052e519125b0bbd36cb288d4e65c3411ff2338a1d364f1ebc755c34

    SHA512

    e6673509925d52cdbd6c144a8e92f2c5576e7836bede11e38c482fe2949d3c2b5798f05192d523e39a4a083c0141fdcfe6ff47ef53c0a7b132a1193d18b51dff

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsm4C84.tmp
    Filesize

    680B

    MD5

    b1879f432cd6a1c1e4cc2070744449e0

    SHA1

    a56c90fcb24636e8f7183753c43d36f2ff024284

    SHA256

    db19bc46514fd525a27e702bc046ce21925f251212dc16fbd8c74b3868f2a775

    SHA512

    de8f404d7da07b79c6b981a3f02410399315abfe6d50d862bbb852dbe4f0795ad14fa77b269d14d415652228b0e4d538094601a6911b4a8518280ef47b48ecfc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsr4ABD.tmp
    Filesize

    662B

    MD5

    b7b1a1c72f50c10a8f2acd1e741aed85

    SHA1

    da10100f2e4eeb9e10557578e965925921d794ed

    SHA256

    c841c7a04dd7d29c9dff143d30e9f9acc4d0539b85408302c9349080d8dd30f3

    SHA512

    d4b744fbfa95d8f4041769a200d2d1d19526c957be669b680fa5dd8b6a9c37ca0c02fa8dd681675d233f17096e7ec46a03c5ed2e6e54294891f990c155bdd2a3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsr4B5E.tmp
    Filesize

    930B

    MD5

    05dd0d615c38cd2ff561f9d8ff023c2a

    SHA1

    301a81cdecb76bfada6f4cd04aa78c4c48640154

    SHA256

    8d33ba167800628ca332408a46bb024cd8c3983d1065db837971c91d0c8ea5b6

    SHA512

    192a231d8083407180f8328925813e128add45e05ecc14c65b2da8f6ef7ac03fb5cdc08a06341541066706ee05f08fffa18a055ae71a2a27b423190955abf86d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsr4BAE.tmp
    Filesize

    1KB

    MD5

    6ef7b3c18a39766ea393df7123ff4949

    SHA1

    fc84ed27699f2693dccd3e231db0cb1ce6e27038

    SHA256

    f7f0098e42b09233dd54deea88bc7944fe62cee7d5c0519271b21e1982d76f44

    SHA512

    9c37566ce416eda82ff86008c6a73f8567cb67574f383d5adb2abf50802a1b879a010ac60300c58cd6733c7fbb8c1e86ee18244472e235d7e0932e57d1fbcec9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsw4B7E.tmp
    Filesize

    980B

    MD5

    484ad8f8ce86f6fff28f263390b7d6b8

    SHA1

    05c227be5ffc3c0427223e25e2bc609ca1bc8423

    SHA256

    b14e9b2f9a68bab87025fe27bf22dd464f4863e6f8363e20a965934ec6c2ead0

    SHA512

    fcd0e37793d29b63d5d47cfe7b8bb86ee1979ed02dd05719715d1c3a7fd45aeeb351d1d497181893fff3a1fbea49ac6521c91608b544f5a0264ef4331e8112cc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsx4C1E.tmp
    Filesize

    181B

    MD5

    ef2fdf3f228056df325cf65b2412e0aa

    SHA1

    765be7b7b15ac8598ce40f57f393b1b88b418a29

    SHA256

    3aa72c765ecee098d542fa71cbad0482f57aeb96352dfb0803bc2b02142d72c0

    SHA512

    4a286ae3e3024a8b03002c5fcb017d396139cdd5173a1752d2c549716c30bdcf5c9c24054d0fde9a265b798d7f51f9dac033d8c67375ee801902ad06fdb24f13

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsx4C1F.tmp
    Filesize

    236B

    MD5

    1ebb75bbbdc90e9252a4a1969a74a022

    SHA1

    52cbbc9be8ffd1e37cd4adae839cf810a96e2356

    SHA256

    675eda7a8595f7ef4a092916e226a9a9008197872b8aa44ad5deecab834853e5

    SHA512

    7f5a3547c441bbe5fe5d9e63d868eea41ff6a24d3f0bd4c5b92ae0d9b141de1a046b19371bfc5e366c3ebe22e528a0a47dd3e89322c700e0a923373bf4bdb009

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qt34trpx.Admin\user.js
    Filesize

    431B

    MD5

    f490a16744ae3365e569f1c0f2d4aabc

    SHA1

    77559b5da43c2dc8ec52253c58a2581e3f6a1b44

    SHA256

    63afc2dbb3d6867d67f3fddf2b25985e3add04f521210badfcc910934455f9af

    SHA512

    3910f1f00b4b3f65173c8ff5c2a1d2acdab11f4fa15d80ba472dd238f460a3ba79e8b903af07b31ed3f7e2bb66e9809d7496f0d3f900c6573482f13e40f2c699

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qt34trpx.Admin\user.js
    Filesize

    774B

    MD5

    7a908a9fef893753944c9b82b84d944e

    SHA1

    abee8b63480e35bf41bbc6fcce9c17259e396278

    SHA256

    9b5e7d7084e7edc30b4aaf150d664163f9b4bdfc4db7b16855825283d0931c54

    SHA512

    2e85b9f931a19d9177cb100b05a22dc9a41d15ed8de91691ecfea88b55ddc40e1d9b08d06ed85773ce7ddf9235b15e76f3bc81e3aac4f5b249b9c3c27f75508f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\user.js
    Filesize

    575B

    MD5

    0f46af3fb673fb9cc2ad09dc3b0f7dc9

    SHA1

    e6da60f4b8053b7fb36c840f9efa18ccb4fc8dde

    SHA256

    0a4be34fbc3d9072a31f64af30e2fae399d15c1c233bc367af7540d734a3951c

    SHA512

    b651d839762b2b4685b6d44110379e86c179a04b025cdc5b588149bdaaf2ec40318cc7a4bce2f7b32cec78c0606d10382427e8588714fa5feba7cd455f2f267a

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\user.js
    Filesize

    628B

    MD5

    3d034c2f1d45510bdb95325e7f2511f4

    SHA1

    e44c0b8b9f23ddd9da12f63096292d8c1c96c07a

    SHA256

    6f37773a6225d65a8dcc0ddef146ae65783720f16e5091470e5e299e8a9f3610

    SHA512

    5e59f4e27e322ba69292d18ef745f533ec2c2b98bf90e34f7c501f1c9f8c4c85df8340b3b50e062a81228ad05aa9a9210975dfb5c066e46e5bffdb33f6ce7642

    Download Submit