Overview

overview

7

Static

static

7

5f51771e3f...18.exe

windows7-x64

7

5f51771e3f...18.exe

windows10-2004-x64

7

$LOCALAPPD...ds.exe

windows7-x64

7

$LOCALAPPD...ds.exe

windows10-2004-x64

7

$PLUGINSDI...Ex.dll

windows7-x64

3

$PLUGINSDI...Ex.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

1

$PLUGINSDI...ns.dll

windows10-2004-x64

1

$PLUGINSDI...ad.dll

windows7-x64

3

$PLUGINSDI...ad.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/Time.dll

windows7-x64

3

$PLUGINSDIR/Time.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...ef.dll

windows7-x64

3

$PLUGINSDI...ef.dll

windows10-2004-x64

3

$PLUGINSDIR/mt.dll

windows7-x64

1

$PLUGINSDIR/mt.dll

windows10-2004-x64

1

$PLUGINSDI...os.dll

windows7-x64

3

$PLUGINSDI...os.dll

windows10-2004-x64

1

FM4ffx.exe

windows7-x64

7

FM4ffx.exe

windows10-2004-x64

7

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    13s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    20/07/2024, 06:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FM4ffx.exe

  • Size

    319KB

  • MD5

    fe768a6b82ed2a59c58254eae67b8cf9

  • SHA1

    3dad9bf5011fb73b9be2fe6c601bb6281a3ceaf6

  • SHA256

    3ac3c700060a0487060724f3fd22faf70d5f633e69401641964d7ba4d6e6e570

  • SHA512

    3d8caadc61ea127bd0e3d01f35274a2ebfa34a0ac12b0932988300d011347f74a09c2bf3c85e58bfbe5200288c6e6f100b4f08916d23e56d7b52a70130aad14b

  • SSDEEP

    6144:Ve34G2ct7JdUwA2UL4iCPfAHfWpR+0BmiBEaiXLoyX:Et9BHjAupYMmyk7R

Score
7/10
spywarestealer

Malware Config

Signatures

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe
    "C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe"
    1⤵
    • Loads dropped DLL
    PID:1292

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nse966C.tmp
    Filesize

    541B

    MD5

    fac0ba7f047464c8e5bf2331706403eb

    SHA1

    1111eb788dd1ab272f5ac173bbfa14cfea83a5d7

    SHA256

    0fe271455088a64a2523b8d1358633b0f11f8a11bc69fdd66d82093c346799ad

    SHA512

    a3aa3975990b4f925f22dad08aaf5b32d876b65e0e88b491ab637f3e83df9778898c33f6b99f12174e090c074ae5fed1cf78baddec2245e96bd2b71b423d27ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsj96DA.tmp
    Filesize

    597B

    MD5

    8fdf92a3512ea9567363c07e67e67471

    SHA1

    f05e151472c3fde8f51e9fdf321a1703dc386e0d

    SHA256

    2e7e1362d8744108b993950f0429349c4912b08eeaf091f8b896e5c580de3584

    SHA512

    722e53355237f2ae1f69bdbc5775caa0989b528bab5b1e684e57275baff2c2f9a3bb83c0ddd31b1b071d7f49ac5452082274d9320d0f664e6d9486869956e83c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsj9952.tmp
    Filesize

    1KB

    MD5

    f8bc95587fab475cb48c745af1e018b9

    SHA1

    4afac481c47e750e5c28b97d6c89b184778c4bca

    SHA256

    1afbe532612ed8e34e5bacd2f972188a98d5af556fd88419599f6c43879ba0c2

    SHA512

    4740cea58af68c65c7d4ebcd20e016c8cf97d23de6d6ae4d47ea9011150c942879df904801fa7c6c6e494784211e44250744675a1e4d9b2a60036d7cccf77868

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsj9A8D.tmp
    Filesize

    236B

    MD5

    e00c50fd3f41cb6d5e4fc71865d5e904

    SHA1

    3211db5874e6c3641674a6bc9eb11c80ffd0904d

    SHA256

    fdd4e81cf18ff42e7a2d00552903413a03310958922c93aad5593182046bfc02

    SHA512

    ec7ed543e9a9f20df769f8b27e2ffbd2fc2caf526bc5a5207427242fc0c70a9c7ac6eba812f18b2bb7961d23ce19dda40c17ee69c53c22c9f3a15592409f543f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsj9B7F.tmp
    Filesize

    679B

    MD5

    5fe05ff9669b4bd169aca298da73a894

    SHA1

    45d5b67897fe1ca69327c7b1cc62f3dc5d783a69

    SHA256

    3ab0d758e9ecaacc829c2e55f998203380af6374ec0158b5723abc6b8f369674

    SHA512

    1564cfb13d88daf8aff3a6666e269d79e0d99d3e131cb00f9f50939f35d26f3dfb892fb728fda5e5ac0d16710f3b175bd554751c833aafd02ce7eb56e75c8552

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nso96FA.tmp
    Filesize

    661B

    MD5

    be5316c9aa79461ef90169a96fddb620

    SHA1

    44a2b803e3ca2978e8a90f7900d2364b89dec3e3

    SHA256

    ec216bdd4679641202918953c4a53bd948a6b139128259cd72bf3f014a8c423b

    SHA512

    a01fce3d43c86487f35c157b6db95dd6f8947047fbe3374209c5f12910cdb0a225d559675a663ba5e434cb817c1445cf85991e1ccf30928b1e9e14f21eaecd8f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nso9835.tmp
    Filesize

    824B

    MD5

    1ad55606d62d8cacd9c24b985d800c95

    SHA1

    958a1f2ae789579374cfb3a8bbefb3f883dc12a8

    SHA256

    0583fc2c77466616aec2cbb99761b9a6cdaf9aee1476e962c170e38446a7f6c3

    SHA512

    37cbe425e0df4a8578afbe80c06b29973c41eface2d39cdb7b04c34f427f6e196ebdb72ad14a5715e1c5adad574c1efd695c1eab0b8b80e9fad6c4b5ff987c69

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nso9884.tmp
    Filesize

    877B

    MD5

    1d8d1740fd275f08d2879e09be28d424

    SHA1

    d2795af07fcc5e6ba90ecede4b121a33015c85bf

    SHA256

    ac45d7106535ee7975721b95b481d65e35486f9e9ee0c7b55489a044791384d4

    SHA512

    37513444b668c42284c1c4e4f67b849eff77dad359a03e9a1f03d2bd441e52d34f8fe00d5b0d5b230a30dae6229b1a6362d08391dc2516cb1ba93480534946f7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst95DC.tmp
    Filesize

    355B

    MD5

    aa942cbf080fbb2237e6897523515ce5

    SHA1

    4a432578611a39f2626a0967b89febcd4c629892

    SHA256

    42fe6aede59d0b4629f96288d1ab22008aca8576815f9d70fdb91810e2fed48c

    SHA512

    ca4265c36c946f1e8c7abbff7535e3db2885c57209d7d32562e0fe399a2b17dfe95aa47956f87bb181ffe7cb71481861dbbf8423aacbd0faba354eebea78d3db

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst962C.tmp
    Filesize

    486B

    MD5

    6742b86adcbdd8d2006eff1e3e1a1c81

    SHA1

    30aa87cd2b867a0ec7ced665a7b9540b8340916b

    SHA256

    3332994fa029a3c03c950ca3cc7e4cb621934d4ca632cf8afcb68140386c671b

    SHA512

    a4d35c23e967383064c58667f30a8fb94a87fb6b8b20ec0af31225a8606aaa6f416b6e5067ef27e5f5d75abb4a2601e59348ea1d5f77cdc91bbaa2a7fa5a0829

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzuz3epu.Admin\user.js
    Filesize

    718B

    MD5

    212fc208dd48548bcdc5bdfe4f64e3f9

    SHA1

    8a7c5255138b7f286987a99e7ca24abc1c85d1ac

    SHA256

    b141a3927be330ff3e7e51f6a9eaeee033e9b63074457a40b05a377138058099

    SHA512

    4e8aa843f3e7ee22821e1695b5fed2e391f7901c8836c7c7d02f70e2c977232c8335e5a62b9f5b0afee87022e22ae12e877c760532814c89e0506bf1a297ac8d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzuz3epu.Admin\user.js
    Filesize

    929B

    MD5

    db1e998cd996619ec4ee26d80d929daa

    SHA1

    faab3f3517357e637dfaee9722c9242448bbb6b0

    SHA256

    b58b652018fb9f11bdc5beecb7d95a0f06f2989a2d905b93151e9ebf2d38ab91

    SHA512

    342030723c222481cf83b8e3ab7bc97b1541681cbd09d918847cc1fe26b843251341e27a1eadee9b630b15a45b7fc0fb8d7015736d73554f15f73fd988923232

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzuz3epu.default-release\user.js
    Filesize

    468B

    MD5

    5d4bdf4d3f27c71201c143d2e4f58b0c

    SHA1

    e146c9f9f0370e34e1626659e611a36b27192021

    SHA256

    36581235382f2b6e1c6251a32b3108158dc5d3b5275caac106d7ae655982c7e1

    SHA512

    930c87f4dc0098b134fe886a42a7d88aa9383e36431627f601fc3de96b5c67abe8bc6eae79e0f64acbdeb00e7e5d829d2b57f28a5e4c7f8036eca49ade42c8c1

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzuz3epu.default-release\user.js
    Filesize

    574B

    MD5

    bb90783192f0e1fccf3e2ef6e3ef410d

    SHA1

    e86fdf03f99e7c5f20d19e1c79997d7db7a655cf

    SHA256

    aae87a8202c37c1699242ac8174280f3b25f42e09c908f2d307bd6b30704e3a9

    SHA512

    1e90dc97eb695994f771bd12bbbf270e5149b75dffc7e3c09ee213588e2d8c0b8732c52e8eba494cd2bcdea071df193c58afdfc63e12e105fa9d4b2908900bd3

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzuz3epu.default-release\user.js
    Filesize

    627B

    MD5

    c01c0e53841dc41f6f464bf86f586aae

    SHA1

    859dfafc5511110606e2d951078240273cc3135c

    SHA256

    922dcaaa7500107b3158529de6e0c0c56bce2623ca3a51710672c7dd2289b398

    SHA512

    5ff0d56c53710b3208e96313193f5199d8a02230aa20d4aaf4bc43f5e7090f6382102d697a9da4a8bb13be8e3da43b3916359a7befe94c0c7a66723462d274cc

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzuz3epu.default-release\user.js
    Filesize

    778B

    MD5

    acabfb3b42f3080e35a00219048a80e9

    SHA1

    309631c44a6debe947b431aeb4ecbe42c218b38d

    SHA256

    3baeca05c33efcda2ffe722cfff2dea7b64753675b9d8391daf9de0f8f9ee307

    SHA512

    ae0f1ea7f531baceb847160549d3dd8c680315064ace738ff3d7a3cd3bb53d00e4e1359d43d75ba15d2d5dd13dd22ec9d9c6e3b6161849dd4f34de57451b5e96

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzuz3epu.default-release\user.js
    Filesize

    181B

    MD5

    1e6ba7a67a35e98394b33bfa85692143

    SHA1

    98d688540b8e2c069c4582e30fb26cc5b38cb814

    SHA256

    ee362d00a8d34c15045a1665c73fc33472c30fb63efa240a635c25dc73c600cd

    SHA512

    4c5437d85468def4fd3fdcbdd171aa041adc21ee2a1dbd5324ab91f01c98041c194afa623e743efb8ac296bd5ed4a2da996dba813d25f1f56e00d9ae9bd535ba

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsz9474.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsz9474.tmp\Time.dll
    Filesize

    10KB

    MD5

    38977533750fe69979b2c2ac801f96e6

    SHA1

    74643c30cda909e649722ed0c7f267903558e92a

    SHA256

    b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

    SHA512

    e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsz9474.tmp\mt.dll
    Filesize

    5KB

    MD5

    aac69f856c4540edd4ef7ce6c8571639

    SHA1

    2860f55ea9774d631219e66604051e90a43258b7

    SHA256

    6dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd

    SHA512

    ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsz9474.tmp\nsisos.dll
    Filesize

    5KB

    MD5

    69806691d649ef1c8703fd9e29231d44

    SHA1

    e2193fcf5b4863605eec2a5eb17bf84c7ac00166

    SHA256

    ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

    SHA512

    5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb

    Download Submit