Overview

overview

7

Static

static

7

95c95c69f8...18.exe

windows7-x64

7

95c95c69f8...18.exe

windows10-2004-x64

7

$LOCALAPPD...ds.exe

windows7-x64

7

$LOCALAPPD...ds.exe

windows10-2004-x64

7

$PLUGINSDI...Ex.dll

windows7-x64

3

$PLUGINSDI...Ex.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...ad.dll

windows7-x64

3

$PLUGINSDI...ad.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/Time.dll

windows7-x64

3

$PLUGINSDIR/Time.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...ef.dll

windows7-x64

3

$PLUGINSDI...ef.dll

windows10-2004-x64

3

$PLUGINSDIR/mt.dll

windows7-x64

3

$PLUGINSDIR/mt.dll

windows10-2004-x64

3

$PLUGINSDI...os.dll

windows7-x64

3

$PLUGINSDI...os.dll

windows10-2004-x64

3

FM4ffx.exe

windows7-x64

7

FM4ffx.exe

windows10-2004-x64

7

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    14/08/2024, 10:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FM4ffx.exe

  • Size

    319KB

  • MD5

    fe768a6b82ed2a59c58254eae67b8cf9

  • SHA1

    3dad9bf5011fb73b9be2fe6c601bb6281a3ceaf6

  • SHA256

    3ac3c700060a0487060724f3fd22faf70d5f633e69401641964d7ba4d6e6e570

  • SHA512

    3d8caadc61ea127bd0e3d01f35274a2ebfa34a0ac12b0932988300d011347f74a09c2bf3c85e58bfbe5200288c6e6f100b4f08916d23e56d7b52a70130aad14b

  • SSDEEP

    6144:Ve34G2ct7JdUwA2UL4iCPfAHfWpR+0BmiBEaiXLoyX:Et9BHjAupYMmyk7R

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe
    "C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:1628

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsd8B40.tmp
    Filesize

    181B

    MD5

    f8a16efdc126f0ddda9e5effc951f81f

    SHA1

    3b4cb6abe5009bd2cfdcd5fb18580e7395c0943c

    SHA256

    9f0b8a85412f5de7939e0e8858d25a8672947b6dd4c42083267bf375330867d9

    SHA512

    711a17428e5c29b253e2bc74d97fddee58dccc38bb9532c896a8f11ca782fa574559c34beb7168f9405a118e548ee0174d8259878a63f963f73205aea4c63639

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nso8ADE.tmp
    Filesize

    878B

    MD5

    3c7f5f5bc04aa460d39232dd7cf60e35

    SHA1

    fda7d750395a7878d209762e5f1a9e7511b60437

    SHA256

    c17f024fac9bb300b0d7475646690b469cfe82e85a38b22265a63437fc34aa32

    SHA512

    839510b7262e6263f5f8af555e7f60015c7e871a7aba128875fc92793cb1de565235ea85ec6566ac8d1a5cfe8349e864a8ac8fe6b3ce4955aa067f2130cbc54f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.Admin\user.js
    Filesize

    662B

    MD5

    8b8eb44cee7b8bdf0e1d573821193878

    SHA1

    f5df5611b3f697a4cc38a1d0d6aa1a24f8fbee9c

    SHA256

    1765df631a7eae86ac8a62ee6944e22054b5fc4da42ad53e90fd24fb4f9faa36

    SHA512

    a79f36ce76947a742ca50b8a4722f8a954a9dc5fa477ad13a9c384baec6ba217062fa3a304399aebd9a813faa985b745a7087d219ed078f37452632580988b75

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.Admin\user.js
    Filesize

    930B

    MD5

    c68f086ea2a6606a373d8fbc090c0d97

    SHA1

    ecbc1d59566d8217a47a0941b4bffff88c304fb8

    SHA256

    42b6332f8d17502e371d871210e2d45bb527d2d49b24cce330a121f13890ace5

    SHA512

    9aea2e7e727443fe750e6e5bc439eca7f970e33a5e62b2ec3521e4f10d22d32c652d113c01c67a57babbd19fa875b7e432c904607592b8255d4dbdee876c84f7

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.Admin\user.js
    Filesize

    1KB

    MD5

    f19e005415363ff09059616f21b1bc81

    SHA1

    0d8d45ce54ab59013785e283a6464ef90b06f255

    SHA256

    eb636e452c8d57b568d6fc285387eb14bfd1ee8a8db8f1deb4d996004135b4e6

    SHA512

    183d48fc91094b3f30ecc6693df61b1ff2170f8520b9a5395d6e82a397db34a990a7b042615115774b6f79478d200806421aa91eefe67b2daaeb659923da95a5

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\user.js
    Filesize

    831B

    MD5

    ca4d05ffecbd834373cfe4283e3c87ad

    SHA1

    8f4124279a82b969f18a4f1fd1bf9b1afb4625ec

    SHA256

    421c019a67613502e21968afbd7a8383ba2c5a1b03939a8ef3afcf26bd789460

    SHA512

    8a58adf14dd29390be60526c0cdb4bfcbee8c41fb9afcbca8db155f718ad4a36c63f663a40d43f985c6ac5bbc0d9d48095a0cc147e1e8010dc318f27abf8e4fc

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\user.js
    Filesize

    347B

    MD5

    2a3d6272779fd6aad2290f7daafc4d55

    SHA1

    d83dc781c1efd95f93f00ad8720115f7a60c4b46

    SHA256

    629d80c35f9d3699b9589a71bec976e584b2ba9485aa59fd0564fe266597499e

    SHA512

    3cb4dc84c86f45b1e3500ec0b557d7481a411c62ced7028b8add91ffdc23589d72bbd437ed6557705835959a30e949ce1e211c21db646f06590e17ef96d82725

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst8A08.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst8A08.tmp\Time.dll
    Filesize

    10KB

    MD5

    38977533750fe69979b2c2ac801f96e6

    SHA1

    74643c30cda909e649722ed0c7f267903558e92a

    SHA256

    b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

    SHA512

    e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst8A08.tmp\mt.dll
    Filesize

    5KB

    MD5

    aac69f856c4540edd4ef7ce6c8571639

    SHA1

    2860f55ea9774d631219e66604051e90a43258b7

    SHA256

    6dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd

    SHA512

    ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst8A08.tmp\nsisos.dll
    Filesize

    5KB

    MD5

    69806691d649ef1c8703fd9e29231d44

    SHA1

    e2193fcf5b4863605eec2a5eb17bf84c7ac00166

    SHA256

    ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

    SHA512

    5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb

    Download Submit