Overview

overview

7

Static

static

7

374907c57e...18.exe

windows7-x64

7

374907c57e...18.exe

windows10-2004-x64

7

$LOCALAPPD...ds.exe

windows7-x64

7

$LOCALAPPD...ds.exe

windows10-2004-x64

7

$PLUGINSDI...Ex.dll

windows7-x64

3

$PLUGINSDI...Ex.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

1

$PLUGINSDI...ns.dll

windows10-2004-x64

1

$PLUGINSDI...ad.dll

windows7-x64

3

$PLUGINSDI...ad.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/Time.dll

windows7-x64

3

$PLUGINSDIR/Time.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...ef.dll

windows7-x64

3

$PLUGINSDI...ef.dll

windows10-2004-x64

3

$PLUGINSDIR/mt.dll

windows7-x64

1

$PLUGINSDIR/mt.dll

windows10-2004-x64

1

$PLUGINSDI...os.dll

windows7-x64

3

$PLUGINSDI...os.dll

windows10-2004-x64

1

FM4ffx.exe

windows7-x64

7

FM4ffx.exe

windows10-2004-x64

7

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/07/2024, 02:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FM4ffx.exe

  • Size

    319KB

  • MD5

    fe768a6b82ed2a59c58254eae67b8cf9

  • SHA1

    3dad9bf5011fb73b9be2fe6c601bb6281a3ceaf6

  • SHA256

    3ac3c700060a0487060724f3fd22faf70d5f633e69401641964d7ba4d6e6e570

  • SHA512

    3d8caadc61ea127bd0e3d01f35274a2ebfa34a0ac12b0932988300d011347f74a09c2bf3c85e58bfbe5200288c6e6f100b4f08916d23e56d7b52a70130aad14b

  • SSDEEP

    6144:Ve34G2ct7JdUwA2UL4iCPfAHfWpR+0BmiBEaiXLoyX:Et9BHjAupYMmyk7R

Score
7/10
spywarestealer

Malware Config

Signatures

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe
    "C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe"
    1⤵
    • Loads dropped DLL
    PID:2844

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nse83E2.tmp
    Filesize

    877B

    MD5

    bbe17df80528c4f0938c1afb43206117

    SHA1

    45f69a8640480786946f4944a73edf033e2e8df5

    SHA256

    d6d52b443b3de6d0dcd728251602a4a8657e2475fecf8accccf280aacc6bd506

    SHA512

    8d2a5d0f119603cbee2a859eb4616370bb09adbb806a6908a41e882ead9b6a443510451d48c585bba22d2df9569d275c08d360823bbe6d91265e4d08c0467164

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nse852A.tmp
    Filesize

    778B

    MD5

    2c82966f6c5438bd05d0865d7658c50f

    SHA1

    68aab711871b7148c418eda7d2b0abada1f36409

    SHA256

    e1bb51fd2d4ada05f1d680f61d23fb254610afed6cb803e360684bbf82ad8d9b

    SHA512

    a58caa10426b05a2dca9dd56a419180e15f1ca805f6b7a0990c4f2fc1b5468ccc480b0d3356f8cd89edaa5448ad6faf76c7bddb4a65d2a2735c493cb1fa57ac0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsi8231.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsi8231.tmp\Time.dll
    Filesize

    10KB

    MD5

    38977533750fe69979b2c2ac801f96e6

    SHA1

    74643c30cda909e649722ed0c7f267903558e92a

    SHA256

    b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

    SHA512

    e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsi8231.tmp\mt.dll
    Filesize

    5KB

    MD5

    aac69f856c4540edd4ef7ce6c8571639

    SHA1

    2860f55ea9774d631219e66604051e90a43258b7

    SHA256

    6dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd

    SHA512

    ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsi8231.tmp\nsisos.dll
    Filesize

    5KB

    MD5

    69806691d649ef1c8703fd9e29231d44

    SHA1

    e2193fcf5b4863605eec2a5eb17bf84c7ac00166

    SHA256

    ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

    SHA512

    5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsj8402.tmp
    Filesize

    929B

    MD5

    acf69c1e26c6e668f5698a6cd1d0f06d

    SHA1

    db407c8e98d505926751f21911f347625a0bbf33

    SHA256

    13b977acda431d67ea51d98056cd552f6fa528eb8cb4fcf7553fbd311b0986fb

    SHA512

    da95e3c2bc19c9f75d60a75a82b55b40d3c7ebf96bc0f8e289aaf6559f5e1f0029b150a4a0ac0a747be6971f89d0e41ff87dfb4d4f80c5b4c21cf80c4786093a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsj84F9.tmp
    Filesize

    679B

    MD5

    5867b989a1cf7393ea34ab8b073d70cb

    SHA1

    2f6178a390dd8f3596cdcd2640465e1549b586c7

    SHA256

    e278e05ad9dc5c33d53afdb1ad2574b95eed1184f02ec21456e8820e5a4630e0

    SHA512

    3d3157faa79473c7be1a58f1e37e4fc9c3cf26b4e2b3f478ffa006f22216eb0722fbb51b2e873abf70e3f7de7b07ec1f45056a15a7efbeaaef6e42a1200fd894

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nso8422.tmp
    Filesize

    979B

    MD5

    ff153bfddbe7872b14348930b373d198

    SHA1

    e6edf3641a169311706c5a9eef36c846e78c3d52

    SHA256

    3d8229c34bb40c3236c6f4b428b99bc114d8bc931bd741bfd1660c012676cb96

    SHA512

    5f6641cb02ba7107799824b4cc9160b8a0ee1dbcd45d6c22e7b938cb21c926b499fd37ca5eaeb0b15a618f85c8781b21642de0bcca6a5b9bb2a9f5ada2c89cd5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsp84C6.tmp
    Filesize

    411B

    MD5

    2bb2c5f2aea6e34b67cf08dbc3b1a113

    SHA1

    bc80c1dac5176b01ec39687807f1954a9c4ec7d8

    SHA256

    d15ffc60509673e1fb53f184ce9741a540479aa24dc643473ebe1e2ba485979d

    SHA512

    d0d23ade4a30d5ad8e1401603f9cfec1377077d6b11302c09c2fe9792d3cee365acae656d1641c82615eee5fa7e1dcae35bd0e256394b9e051758d29b5c77a02

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsp851A.tmp
    Filesize

    729B

    MD5

    e402511fb7de4678d6bb2bc1713444c2

    SHA1

    1f98ca15e2062ee65c5bb03874b7db99481a5a93

    SHA256

    7d0906aa5b2844098dc120bdcabc318f9aa573353b17a78c18fcb04cae7d07aa

    SHA512

    c9c6a85a6d749d6218c40be1c9d25b5be87b1062bb4e7616e23f28eb14b2acd1b3fcc74513be5a528182505ef1c260c4275879e6e36c9a6f4b7c1130f95d245e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsu8443.tmp
    Filesize

    1KB

    MD5

    edad6e68e7a7948b71f8f4927249d0e7

    SHA1

    eced7810c223aa1e9c9e7168a9b629570395ae3d

    SHA256

    b29a6bd758a1a7f8ff9d4d3f8b85dddccd8d241b6792a127b0c9ad8f03e7fc3d

    SHA512

    7fa704b8038ce955cc5e4ce27299ccea9138a8e51719db56f3fd6a2b72a53c80a519edfef18187122abd925ef62a19f1c0c765d774089fb7264376728d09f685

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsu84E9.tmp
    Filesize

    627B

    MD5

    16aa8049130ce30999587ecfb3d0ed70

    SHA1

    d2ee1a8c1862ad4873403e0d0b7d257a5336dbfa

    SHA256

    24dc187ed7206fdb6a19bcfd23b54af5b324d6c2d55417a908ee5dc8dde50fa5

    SHA512

    dd10eacbc3e972788153ed4abb0e62ff1e1f62960dddc78d33004b66b2174e0e6cb5728bf1107b5b7e910837c6d632bba82379f32053915afa6d74e62d18ced5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsz83C2.tmp
    Filesize

    824B

    MD5

    bb3570ccff63b82e296943f9a8ff2d4f

    SHA1

    e9b8b0012f89557f7529feac1b86d02524ebfcc1

    SHA256

    f28f33ca8b33f52cd365cb189486220c5de3714280badf16a42640d1d17534da

    SHA512

    3f566553342e5871ab5fa46e440214ebee0aa82ce0a93634b49f82658c895bd690d1cce943966ccc7e79580b836ed566360c8529553221b0f84280d88c4aa7bb

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\srcme4dw.Admin\user.js
    Filesize

    486B

    MD5

    5994441e37ccbb796b8ddaf66318eace

    SHA1

    d8e78189cd7dc9436948357e3befc1239fe48db2

    SHA256

    7dc28f5166de2147800d0c9798440eb3f5011b3b5fbb0278ac41e022a4876f3d

    SHA512

    26aff7812daf98961485d3ba783809237a0b07664508b5d7e2b0c149668123182da9586898bc35ded1d68689f3d347bf47ec6d25634d6a1f243e7e4d05d46742

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\srcme4dw.Admin\user.js
    Filesize

    718B

    MD5

    14c3666cfec128c879766f8d3fe2868a

    SHA1

    aa6a6b54534537525e4b0c2feced08c0a37072ba

    SHA256

    7a53e492e988834865ffd5251b9b8b0b4f40e96ea1466531b4f8454f4c5ace43

    SHA512

    61b93363095588d8072d8bf178f8ea96a16e028e024c20690b69c0da966e8e152776f895b052081bddb29bc34343f4862f5c8ed714ab55f123f14e3f7c3e47df

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\user.js
    Filesize

    347B

    MD5

    c6297644701ffd03b28cc3b0af71c705

    SHA1

    95048d26f1e927bae4c166cbfbfacfac5b854582

    SHA256

    126e506a4d22231084c9914008948076852f182c9311cd95a39cf168062fec51

    SHA512

    e72ddcd053556ad819e853056f463370e0e342ea4b569e403a93957f41c89c8d11095a5361a8707dc51bf428b3aa58dd02b0278c6147ef92a97a799a52554583

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\user.js
    Filesize

    523B

    MD5

    fcd64beac61c48db08d10287952deab1

    SHA1

    53bda693ec178900dded8da75ade60f5b0a1cc24

    SHA256

    806daa826f98917baa7182178c81559c9d3e0ca3beaadc6c02f7bc287ea32e04

    SHA512

    3012708cbe56a27e45704b8e56f39fc475472c66dfbfe95570bdb221fd1ce48ea8b4480b2f34970a604b24e42dce727d1f2eabd07739d1662aa2da5035123c1d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\user.js
    Filesize

    574B

    MD5

    ca001c89e06c01169a82f9391f3a58e7

    SHA1

    6f1ef6022566104b37de6266aa6987d09e97ce1b

    SHA256

    6fd5e653433372a5b237d29e60f9a789aa242c5ee40a979e806fb3ec4c487888

    SHA512

    ca19ddb936817decaeef607eefe05ee23c8dfc5a1d75dcafecf2b2de723ab64de6202d824e2fd90d680b13e1f3530a7fbe73f714f2307076ac14d361598684e2

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\user.js
    Filesize

    236B

    MD5

    27896b5648516b19a42eb9cb32cd13a3

    SHA1

    3c8bd9220b679f8ee06959a68adc37e140568941

    SHA256

    b2e5892cc26414b790ef3b9459fe519a79f01c067c27f1e99c1526595079da9e

    SHA512

    886b3af995e62055b234e03d1e1a3f38badcd77650d44aea1248eaf757250ca1e96bc4758958198c4a86d578d6c62a6ff5c56fe166291d7c8a8807bbd622a3ee

    Download Submit