Overview

overview

7

Static

static

7

5fd786cf86...18.exe

windows7-x64

7

5fd786cf86...18.exe

windows10-2004-x64

7

$LOCALAPPD...ds.exe

windows7-x64

7

$LOCALAPPD...ds.exe

windows10-2004-x64

7

$PLUGINSDI...Ex.dll

windows7-x64

3

$PLUGINSDI...Ex.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

1

$PLUGINSDI...ns.dll

windows10-2004-x64

1

$PLUGINSDI...ad.dll

windows7-x64

3

$PLUGINSDI...ad.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/Time.dll

windows7-x64

3

$PLUGINSDIR/Time.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...ef.dll

windows7-x64

3

$PLUGINSDI...ef.dll

windows10-2004-x64

3

$PLUGINSDIR/mt.dll

windows7-x64

1

$PLUGINSDIR/mt.dll

windows10-2004-x64

1

$PLUGINSDI...os.dll

windows7-x64

3

$PLUGINSDI...os.dll

windows10-2004-x64

1

FM4ffx.exe

windows7-x64

7

FM4ffx.exe

windows10-2004-x64

7

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Resubmissions

20/07/2024, 08:59

240720-kx75yayepb 7

Analysis

  • max time kernel
    143s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/07/2024, 08:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FM4ffx.exe

  • Size

    319KB

  • MD5

    fe768a6b82ed2a59c58254eae67b8cf9

  • SHA1

    3dad9bf5011fb73b9be2fe6c601bb6281a3ceaf6

  • SHA256

    3ac3c700060a0487060724f3fd22faf70d5f633e69401641964d7ba4d6e6e570

  • SHA512

    3d8caadc61ea127bd0e3d01f35274a2ebfa34a0ac12b0932988300d011347f74a09c2bf3c85e58bfbe5200288c6e6f100b4f08916d23e56d7b52a70130aad14b

  • SSDEEP

    6144:Ve34G2ct7JdUwA2UL4iCPfAHfWpR+0BmiBEaiXLoyX:Et9BHjAupYMmyk7R

Score
7/10
spywarestealer

Malware Config

Signatures

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe
    "C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe"
    1⤵
    • Loads dropped DLL
    PID:740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nse9CF2.tmp
    Filesize

    541B

    MD5

    b32e00c460ddedaef5cfead4fcdb774d

    SHA1

    63effe71d6f433e14198e7a71bf55724f5d3f441

    SHA256

    e454ad0520d9185df56018b356d5be72ed9092ccc7610f6121fdc755e13a38ba

    SHA512

    eaa44f75e8044c21f2da4e1c80d9082c18c6c014349ddae379462443c4bdebf7c3f05e50e09e7c778051c55889e191e53de900525d993684bbef4135d6303f77

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nse9D43.tmp
    Filesize

    718B

    MD5

    77b3ea998f34d337492408f7cf8de5d9

    SHA1

    1b9260cd480f43ea47e81a2c74524c1acc534534

    SHA256

    c5ff632097dbe3c5873b3459d85ea97207f29983a4508e3f7bf604a112329be1

    SHA512

    bc81bd2e823b2b5735ee1aeb2e6e04ae027059ac63fe93f56d598292a8e85895c529605689f91d31854405a55ce3f3de50d594f5c2e015cb6d24ac2c31a7a279

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nse9DE4.tmp
    Filesize

    979B

    MD5

    cd32300bf48eda3afaeda9a2924db7f1

    SHA1

    0638d61b27ce1cb63eb239b46793959c6731cac7

    SHA256

    93abbd9a028ccfa647c128d04e48055b49c70cf04443af30954e06a3675cd21e

    SHA512

    61dc1bafcf06b23474af8506292569a82e7b6f113f40af4ca866e0cdb753fcad17f5c53f4858b470238933acc8eccf33dea6c4d791ac0c722efb3fde4b5da2f5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nse9EDB.tmp
    Filesize

    729B

    MD5

    197af585c70ba6fed44dde29f822d7fd

    SHA1

    c4c5e041b216a0cacf0e458e2b227d38ad72d5df

    SHA256

    279e1caaf2eb59f6d636fdcf5baf380b0d994c33ed7cad10beeb6ff106338189

    SHA512

    40517897d7c0825d4287723ba886334d7c9a03024f23346820ae2419af7ebf8ba20b4d2fb57cfefe5bc9f9d8f8ca919b3b88d3f961168b036075da44189b214e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsj9E53.tmp
    Filesize

    105B

    MD5

    d66b7c36887a3a1f869cd8b637cc43b6

    SHA1

    2e7ad1e83bbe8ae41a119efcaaede2bc82e9d8db

    SHA256

    d7516cb11c81e5ef2e0c7cffa7175c3a7f36f945e788a27024fdc79443fdda45

    SHA512

    155ba55e437c52f3f53d27750fb8365f3489c08a00a8a842610d9d2687aaa067add493273caf5b49fe4bff39eca917eb3f4b4bcb58537119b3ce82e3ed40ceb8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsj9E54.tmp
    Filesize

    181B

    MD5

    daa96f10272b1183939b48e6d3756cb7

    SHA1

    bdc0a6672fc09e2967410dc5a064df1f825519c2

    SHA256

    bb144b0d388599183611bde5d2099d1e9983ffc585c8d5a826df58c9aaaf0067

    SHA512

    67c4fc759e323442dca80563360b394a387747336f9225b3a015f6ae1097d69f77f000cf62be5c4ca0800f261173d9c0a02021b513601ec614bd2d7fb7d45658

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsk9EAB.tmp
    Filesize

    627B

    MD5

    6c5a77cca377f67bf483b4dc4eb7b062

    SHA1

    64ce4f182ea06b11d7347cac4fb819176a453562

    SHA256

    ae156413ee4640726f69cccae059c53e2badff615fec7aaf5bbb34cb4846b663

    SHA512

    d31d7b9a26d3b66ef30647a58024e22d79a4f9b41573189cc46b69292058e253ce8bf163a64d61146d11382748a7d6c66d69a9ee1c14d8c3a542609606865f94

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsk9EFC.tmp
    Filesize

    778B

    MD5

    c3e74f987253fb2785fb2c0da58d4013

    SHA1

    b4e1bf67287c41af39ac554dd7fc497dd57e4586

    SHA256

    f4ac4363cff21d891acea3dc7ed5fdb1ca9fb6c9ade6000e363cdf5c2fabe118

    SHA512

    4ce4687d14e88e6218e91e0c7b0f456308d1b00d900cde92ccc7bb553f28be2c7421f896128d71bc1eb7ec4e4b35daa868ba3dad62fe360d8fea1b5ebdefaab4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst9C12.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst9C12.tmp\Time.dll
    Filesize

    10KB

    MD5

    38977533750fe69979b2c2ac801f96e6

    SHA1

    74643c30cda909e649722ed0c7f267903558e92a

    SHA256

    b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

    SHA512

    e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst9C12.tmp\mt.dll
    Filesize

    5KB

    MD5

    aac69f856c4540edd4ef7ce6c8571639

    SHA1

    2860f55ea9774d631219e66604051e90a43258b7

    SHA256

    6dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd

    SHA512

    ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst9C12.tmp\nsisos.dll
    Filesize

    5KB

    MD5

    69806691d649ef1c8703fd9e29231d44

    SHA1

    e2193fcf5b4863605eec2a5eb17bf84c7ac00166

    SHA256

    ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

    SHA512

    5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst9CB1.tmp
    Filesize

    431B

    MD5

    22519ba307e1555e05bef61f2ebec579

    SHA1

    c7f202481f305cb4e1cf70ff90bf13e2a1edab3c

    SHA256

    87f3ed2cce0a7f3be9ee19ec37daad4b43c616315ad756a876ad12f318f388e8

    SHA512

    5be4e104a9247e6b743e7179720928c2ff852202239d7573f11b3febaf4dfae8e554f2239fb322f7f806271630369cbc690e695bd9e2f64dc714efffc1b9ca4f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst9D02.tmp
    Filesize

    597B

    MD5

    ee080fab4ad9ac2401980a3e63a8c766

    SHA1

    ab6b37298d84fca7552c29e07d23c30823d6eebf

    SHA256

    f1b5a9365296fcaa67de4674944c2fa84682cdbc8464b97c5ba921e3d162d7d2

    SHA512

    a9ffe90b308506012aa2d2189485a7dbef023190d761b443bf28e5674d4e1a067be473846e496de4da03e4281535de1bc20175ff6384dec86cdaa745be3b4ab3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsu9DF5.tmp
    Filesize

    1KB

    MD5

    33262d303e6665b00feac64ab0860b23

    SHA1

    6a2c456d7d5677a6b766a9396dc75caf6edca090

    SHA256

    cf53575780f5762a1490d12a021adb3c52c1b203acd6257aab78628cef19e196

    SHA512

    0aeb6eba8e87078fe2f68fc26518007e19709f5fbfc85a169b2798b27b521e04800b3d8631b1554bb6fbcaed340d6ea19232dc22214b9b7a2674fc95376d902e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsy9CD1.tmp
    Filesize

    486B

    MD5

    50271bf6c0862d27f2a20b27955413cd

    SHA1

    0707e0ffa03abe8d541172405491d07f739eaf27

    SHA256

    9f4d99f8360698723a67764ef120f480cd8056b1571ef4c129c6f61ac37c8189

    SHA512

    70e66de2364619751da3d7b9c593c893b2ae108bc612b5dd78cdae43e5432d7b64f594f3982944034be771a7ec1059bec96b2fa41371d3775d254df8710a8438

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsz9E66.tmp
    Filesize

    291B

    MD5

    b7fd1ea17abdbcad58b9bd261ef1f929

    SHA1

    0ad9d9714ec2c56e9277e55abb02bdfff0c7760e

    SHA256

    cbd5d506d6908fe164d3c0ee4f21dd0cc91aca39a0fdb8a393e0e76c6966207e

    SHA512

    7d26505d36d34482c19a7334d94150eb76cd1c0deaab8393f643422854813a47580c52ebd2401d0f53ada9b0487a32467b3f41f7ee90f3715c6e594242299e3e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsz9EBB.tmp
    Filesize

    679B

    MD5

    da01b21890f50d6e88bef0cf5cf7feda

    SHA1

    471d3ff885cf4c90e5e9bf6e765b252f68bd014b

    SHA256

    b93e834d2115ac711f07bc34087fb15ff69310e88463838ede4edc7bb7258369

    SHA512

    2fda4ae33f8332384ee3e26a92d731bab3e4fe8f3ecfb554bcaf739a5c9bbf75b483f9695240abac14e3fd322a5b8d75498ae2cb0393d6f763f27d1747b39e5b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v6jjbltp.Admin\user.js
    Filesize

    661B

    MD5

    acbae2bf82344fcc6c43d91157718b25

    SHA1

    95cc2200397a80df6e96342ef0e3aff98e5beb2f

    SHA256

    9940d3bf074454b7a2b681e3acce19cd269c0d6376ef3ae721da916590c7942e

    SHA512

    75df5a4bfbf4b4624c3b86a624f351c893a1f9091258538e830f6f979d77b383950ab8b8fcb3accd53724cd529f36b2b9c0ce74fea65e98ae841771bd6bd865d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v6jjbltp.Admin\user.js
    Filesize

    877B

    MD5

    b40c4e729283130ace855072d7f8ffa7

    SHA1

    a07d5428ba207582524cd804cf7e881c6a50f9fb

    SHA256

    050f02a7e0762481cbe4abd2decbe3ded1c1495ca8a2eb47d3183ae037fe4861

    SHA512

    4936147fc64043593aeff855fd6db6338af3b02840146187bead6aae3730164497d5148727c6f4c897283ba8e455a341aaeb1acfc9bf0fb188347ba55bffd873

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\user.js
    Filesize

    574B

    MD5

    524119ba1fdb2d14bcac831a5dcce72f

    SHA1

    486f441837f46d9233c3deb4f6ec7ce13e16d244

    SHA256

    a9dd657a7957ff87f21be5f9dea019fa5c32e3b42f84af3e58fe20728723dd5e

    SHA512

    aab59d444ddb91bfaf91c9ffa4e02d44d575a7e0c1c1bd5eae3b10afe1a53e0c79b3dd54cf500d66a6fc5b612f7cb172d1430ed43f5110e036513589627cdc21

    Download Submit