c03fc4054360e67008356e7019bd51b26b94dabf6ab33f0025d9a93be68dce29

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 22:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FM4ffx.exe
Size

319KB
MD5

fe768a6b82ed2a59c58254eae67b8cf9
SHA1

3dad9bf5011fb73b9be2fe6c601bb6281a3ceaf6
SHA256

3ac3c700060a0487060724f3fd22faf70d5f633e69401641964d7ba4d6e6e570
SHA512

3d8caadc61ea127bd0e3d01f35274a2ebfa34a0ac12b0932988300d011347f74a09c2bf3c85e58bfbe5200288c6e6f100b4f08916d23e56d7b52a70130aad14b
SSDEEP

6144:Ve34G2ct7JdUwA2UL4iCPfAHfWpR+0BmiBEaiXLoyX:Et9BHjAupYMmyk7R

Score

7^/10

spyware stealer

Malware Config

Signatures

Loads dropped DLL 64 IoCs

pid	Process
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe
2252	FM4ffx.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe
"C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe"
1⤵
- Loads dropped DLL
PID:2252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nse1EBD.tmp

Filesize
412B

MD5
e5150521363104a41f2c436e36631123

SHA1
aa9a983d897725ca673d64ad202997267d06e4d3

SHA256
5e0e5e0e2c3c271f327ff67ef655481e9a81ce5bf4394588d9bba330c0d1a867

SHA512
1294735581175a22bff29394099fd08c23865505e3d12c5b7323ef5fd04453bc0f3171f8e98c4f6569f5385fd59e1544eb66bf1d36a5c9a55ba4a8ea0e140bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1CF9.tmp

Filesize
541B

MD5
4c220c88b282ab06341d9c5ece3a2e7c

SHA1
b927e3d46facb2038f978b155bbc9c6e41ca049b

SHA256
ef1cdef64a2f8a9cca34215336fdf9635722f50d1e8b5e28c64b1af45c35601d

SHA512
c63700eaf49c92974c1285303965e42c6f94c38d026e409b3105b2ce6c73475466262f739887f6e3765b61e60964c9b4b83bdee598fc73849897065537e98e1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1D4A.tmp

Filesize
719B

MD5
e860bba96b332d9a1ef533ab08fa51af

SHA1
a7d883def3a04aba6c7ea6df2d677dbac3bcfe26

SHA256
554bee47bc19dd3c2e4a793c7da8bded9f47ee23c12f3bb9b91375e55554ccfc

SHA512
142ae4c552287de40786ca9128e0214289325ef422e698119165c0cf356a58f976f53a21df20e6c2a7a3c1d4818c5733b89ed6923f37533eb644bf8a4895ab31

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1E89.tmp

Filesize
105B

MD5
d66b7c36887a3a1f869cd8b637cc43b6

SHA1
2e7ad1e83bbe8ae41a119efcaaede2bc82e9d8db

SHA256
d7516cb11c81e5ef2e0c7cffa7175c3a7f36f945e788a27024fdc79443fdda45

SHA512
155ba55e437c52f3f53d27750fb8365f3489c08a00a8a842610d9d2687aaa067add493273caf5b49fe4bff39eca917eb3f4b4bcb58537119b3ce82e3ed40ceb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1E8A.tmp

Filesize
181B

MD5
ba19eecf765b4badeda4cc49a2238a8c

SHA1
ce855b43c9434a5b223950a5b0e2e91fba97ed89

SHA256
dc0b24465c3399a6ead826fe826f9f6ff28c5fce23d21942e96b050531e16fee

SHA512
dd6fd02f9769a879c889390cd44f2441f79ff2f072a24a6c1b6c3a4549c5ee479d61980b6419784957e1dd2f0c1b9e508571ce679318a9b7b7f97eabe00c29f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj1EDE.tmp

Filesize
524B

MD5
58ec8c855bb3c758bb75f0ed2fe6accb

SHA1
980f50f9939c7d8d470276e084664869f69cdaec

SHA256
ad282e1a4f537847174f1788183f47666e49dbd970c47d639d78fd8370f6a064

SHA512
f7a3936ee38d0fc0d75ab48aa5a9c2b1b387db064385e9b2f67847b555dfe045da328576fa03290aa01d1eaad2c1d531f70c8ee6ae0ed83b0eb4d78802d9560d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso1D6A.tmp

Filesize
774B

MD5
193ac0c7d92224ec32b002d422289e86

SHA1
8765a751bec6acd9c75f111f8bebbda596a093a1

SHA256
882b4bbe64435bd35c3849cc3fcaa23408b19a2171d1987250018ca5526359e2

SHA512
7d962a0ae04b9d0cadf6a0bcd4c6b72bef9728d070057c27d3a76843b2a07498d406120cc884f983d2fceb1a92bf5aaacfc3bc9e4baa8d211b75519d93f0ee24

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso1DBA.tmp

Filesize
878B

MD5
8a53a57d0d733f79604f7a638275861e

SHA1
3529a25b4da7912bed439708a375b6ce498c3e99

SHA256
fed9c0e0e87af64a27bc79fed2854e1c3ee1aadf8d44b0ade4ae0d60a10c7f13

SHA512
1b33bd8d27f35509792965752d896dd5d14c2ad2c7b0e352071f90035280e8f55a0bb499d2ee7a76a528399f470d523ae2ce14b2adf4ef1e083f5ef4aaa63d57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso1E0A.tmp

Filesize
980B

MD5
0ceeb1bbd362d65ad7f7ee8bd3dadea3

SHA1
0903ed26ce711dfaf80a326ec545b58ea2f61d3d

SHA256
0ac151a16890993a20dea7669a1bf23b9908ecc0b70e8c36a43727695e1c4583

SHA512
c1f1b610e9500a86de33c2b9158567dc537412296ca154850cf4cd73e1c46d81e531450717568128cbe1ebbcc1141e107f3fd81ed932e63be344a8ea3e1266b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso1EAC.tmp

Filesize
347B

MD5
db30781ba570967bd078b477d5981cba

SHA1
54e6be1f6a2f5accfce0c04e8773c0a3be587ffc

SHA256
cb2a774f2b5e12820c85667033c77cee9543628635977cefa115721cd5ec26a3

SHA512
a4e9eea860e945b9cc016fa228ece790d1764dc0dab7c99f42edfc40d5558045f2f92d98315a88049e4104c142d97c4f0ff4aecfb1cdfe053dd6a7b8f94de5b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso1F50.tmp

Filesize
779B

MD5
79cf59eeb9b7d325496a0444d9329e05

SHA1
fdde94d6df6ea8c6df99f0975fca99a59227c956

SHA256
2a69c5757dbafe5fe386590cc76b8bdaef507b7e3bba8ad0407836675018b398

SHA512
f60c29fd0aabaa436d1312de321df03ef60d44d66f5d40bffd96c4876e9f36fd6c22472709eee9775026299861aaa9d6585f8d3e47ec4bced26a49849f5613ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst1CE8.tmp

Filesize
486B

MD5
01b6c06673e9633a5c351f375331a261

SHA1
405f6145a52b870afa4beef7b1b4105b2f6e9c94

SHA256
fa43567a93a4d4429cba8027f1d438f3a768cd7f9572d2659af9289a73052e6e

SHA512
9df246f281350092ab13733eb71b75e4a8a2933ab270f21e82d60dd75a9670de4e2cdbe4e158d2d30d24a2607882ca0b7c382b21ac5b5f7b188d8d22a0d4b6be

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst1F1F.tmp

Filesize
680B

MD5
e456cd8927c73bb1ad851f46b72a84b3

SHA1
2a88cf4d662508368ba2988fcc3ad49470b209b8

SHA256
a75c73713ee3b7acd2c134050564306daefda35c514e3c42162506bd444d0bf9

SHA512
283fef2a575261f9d45b1feb0c7ac6f82866ed10daed65961744e66030cbe50d753d82fc45e79954f582014104f4b857e820fea16a581f545040190bbe92a024

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst1F20.tmp

Filesize
730B

MD5
09ef78a2ef4ae60600d608ae56e10ba3

SHA1
2b76a86045c140c7a54f214bef02b6e7b6068611

SHA256
5951b596a42c75ec88003248031f610f96631868c430d8218afcc3c6e9c2bd06

SHA512
0e89a13e961574df554c7f91b22af07e700ceeecf116c6ff1f7f270ae0d5451e731a13592cf78251eb28249265c9eab61da1c04e6c3c1f72d84fb55ebb630766

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy1E9A.tmp

Filesize
236B

MD5
cb17f6fa11ddb98ab1e3815180802001

SHA1
89773a742ec9b5cca074d08155115985eccfb986

SHA256
3ca42adc25a3bc6267fed012ad0c56add29c1ece90884a584b47ed336773a17b

SHA512
51309e352dcf8a497497be7b6d122012a85554d50508867b812d245bb51c64a429b88e87f408b93204d30a0af52245f4f54de269de37bd4199c32ed0a8eef6b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy1E9B.tmp

Filesize
291B

MD5
6e9b5a89bc2af9a958b6d0694cfff0ba

SHA1
da9abe1b8dbec23843ff3e8990f03be1ecfa5057

SHA256
8e4b3dedc3e41d3177a62fe5dfb90f8ca32c6c735212017e4913dd07694952e8

SHA512
a6ec9f564eb4bce97963847061ac15f5d8d717e782fbbde1226b0a46041725c82d72f6f472a761161df07a6ffc406226de9ab9fd9197f686e0284f5d7477f43f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy1EEE.tmp

Filesize
575B

MD5
a0bc01baeb154e91f3fac12af43edfc0

SHA1
06e216f21ebf3803a44de1bb8e771a9ecd44e8b8

SHA256
7c46f975c3dda1a2dab1b87bd927db4419c3dd7d1c3d1b1b5b6b72cdb2e65a1a

SHA512
1a19d800c963693f99331da2137a1b701530f6d9deb331cfe3b9007b15d95950f5287ca0e6b59a28312042fc074c4d349fd04a875d458393b284510d0d1a667d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.Admin\user.js

Filesize
431B

MD5
94405248ab81018f8cb277024d793c5a

SHA1
8ee71072cf55bf3c7c0387d41fd1f4c83ca1c434

SHA256
435ec431033dc51e028e4546bcd6bd7f06c0c5e21f720a298cf671e5f0151c0a

SHA512
be017f627ae43f19020991eed108b6e93b994668c97b597018eef973a872971dea5489ce157cbc5c1d5bfaee9a09b6e80ea68f205c399251aedb91ff3809145b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.Admin\user.js

Filesize
662B

MD5
7115c4e58ca90534f8aa6538ec0a0616

SHA1
e0242ca27107802ca1971e98370b63cd6921a559

SHA256
7fec5f4e6451da95ea51609e86006d07faf66b8599cfb769159b5460b2b042da

SHA512
3ef2ed6a9ca9d63db8bb3fe284da9e7ac218e1c618e0e6ee9af77d0011775ee18614582884998a37db7d2a3d506747dda771de58c71bf360e2c424871430bdfe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.Admin\user.js

Filesize
930B

MD5
42f7ec878587ca181f66bfedfafa8481

SHA1
3ac13567c183644fade368d1c461d9b8f216322e

SHA256
b79fd07f8d1c4d20da16a70d37428d127e2a59f32b7ef51df05d6022ad58b09c

SHA512
77ee7a356b70b2e7dbb416997edc202ac7069a164c10491f57f80282492f2a57d2500c811fe6f0591ab87faf73f9e5640e9e9ea1eacbdfe1155756fe3b90b483

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrxx2hps.default-release\user.js

Filesize
469B

MD5
393f5c86a99231058886d0e4d01bebd5

SHA1
b67e6b21532e7a6e364966ecadeaf60f84a38f25

SHA256
e1d1c87f5fedf692705d20e914b1b7dd97bcdfbf1a059999ad5b1c02405ab978

SHA512
f54b4c004b5800b56645b654e5b74acd928d836bdbbed772285f14e86619509acdfed7baadbe6bdb8b0e84276093120d1301079f6930d0ce972f6ba18eedd83e

Download Submit
\Users\Admin\AppData\Local\Temp\nsj1C0A.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsj1C0A.tmp\Time.dll

Filesize
10KB

MD5
38977533750fe69979b2c2ac801f96e6

SHA1
74643c30cda909e649722ed0c7f267903558e92a

SHA256
b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

SHA512
e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

Download Submit
\Users\Admin\AppData\Local\Temp\nsj1C0A.tmp\mt.dll

Filesize
5KB

MD5
aac69f856c4540edd4ef7ce6c8571639

SHA1
2860f55ea9774d631219e66604051e90a43258b7

SHA256
6dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd

SHA512
ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd

Download Submit
\Users\Admin\AppData\Local\Temp\nsj1C0A.tmp\nsisos.dll

Filesize
5KB

MD5
69806691d649ef1c8703fd9e29231d44

SHA1
e2193fcf5b4863605eec2a5eb17bf84c7ac00166

SHA256
ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

SHA512
5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb

Download Submit