4f9fa75bd65e71c4cc8105a4547547637c730003deeed79318155352ccd108c9

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14-08-2024 10:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FM4ffx.exe
Size

319KB
MD5

fe768a6b82ed2a59c58254eae67b8cf9
SHA1

3dad9bf5011fb73b9be2fe6c601bb6281a3ceaf6
SHA256

3ac3c700060a0487060724f3fd22faf70d5f633e69401641964d7ba4d6e6e570
SHA512

3d8caadc61ea127bd0e3d01f35274a2ebfa34a0ac12b0932988300d011347f74a09c2bf3c85e58bfbe5200288c6e6f100b4f08916d23e56d7b52a70130aad14b
SSDEEP

6144:Ve34G2ct7JdUwA2UL4iCPfAHfWpR+0BmiBEaiXLoyX:Et9BHjAupYMmyk7R

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Loads dropped DLL 64 IoCs

pid	Process
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe
2028	FM4ffx.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FM4ffx.exe

C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe
"C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsc98FA.tmp

Filesize
541B

MD5
5d392dbb6c09462ef0107445ed0e2621

SHA1
fb560856b8bbe271135a87c02db838bba46e2af5

SHA256
637465595418b861d549792cea1e1306d94036ffa2ac3922ea5b9cbf719a3d84

SHA512
52d0324b04eb4d09035917b1629959148ddf71142a29105c54ae9fe7a59c60e0debb9bc1dad4d1871bc851841f2335ca9acf84212aa799b2cb6b2e833a8bc6b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc994B.tmp

Filesize
719B

MD5
c4901c155ad9676f657018229dfbf8bf

SHA1
65d60411f88d4b9f556bf01a64d3a845cda3c876

SHA256
20a80c9a7f8fc8ea9ae8432dfed9141407ed924cf6fd6ee88477221ff0729c6a

SHA512
81905d3bd5ae5c56250575cf6bf6a1ef564c9f8cf99ef6ff7057457044d4912e3ee42dcb7c3349e0fefcbfe646f3d48b2d5d4f67081a3bcad23e835de1ce525a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc999D.tmp

Filesize
930B

MD5
f6a4c1fdb11e87bcc4b919f5fac3554c

SHA1
7d282bbd1a4944236a253e95ea8bf8893b93df69

SHA256
1d2148f559a0d0919af0e81ce0ff98ca6e5f70f00895f552ac4ca09013cb37f5

SHA512
c246bd5e3d58977446b7b70e6e03663d4aa8e7c95b326ea0889c9f606e3d87487dce507803616b24c962189203e515dd9e8b73f3a517782a46b5d0b3a8ae6492

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd9A44.tmp

Filesize
524B

MD5
f85aace252cb28dbfb6c8a1b2c1a9155

SHA1
2ca3b89fa01055f4985bc91d911fa9351df176bb

SHA256
63f7019ac9af5ec50402a2f77e4b1ef8a042f35ded7ecf9f00daec059bf59b21

SHA512
f91a081e2900049f2889a354e9ee42c49d9fc18c5ebd466e1fd27726ad24c11b9b27e7a6ea6bc763aa8744fa84a1231096ac1c380375f591082f6314059372fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsh98C9.tmp

Filesize
431B

MD5
eebf2c19f1fc14c61f7ea9340bea7454

SHA1
4513cf66a6d863e51a5b3dde8a949f004c6e6128

SHA256
6b8d4c1bfd24f7a323b94b0c90b84e3fd8c722eb827083732f1028b4c09136ac

SHA512
ebbf350490eb1ca7f0938ec7a851c4bd4202e4314742a452caa372a741df78e1cc9fa9fa057524b0edcaa4454f687dd7b6b07a727d891533a69d44d5978252ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi9A65.tmp

Filesize
628B

MD5
8d14fce154d196db97a4ed65d5bbeb35

SHA1
d9fb1db908f8915858986570e38cb6e9ad56c68b

SHA256
341022afbda56eb59c869d6b25077ebaadd902e68b50c54b2fc61454cf29627f

SHA512
fbd8ab167de562824d9e176b395136bbeb8e0aafe6aa620a93cce231f0c27225bc53585a1eadc4ad6369aeef5f0f590db4af1a708b605e1a03033c58dfba22f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm9849.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm9849.tmp\Time.dll

Filesize
10KB

MD5
38977533750fe69979b2c2ac801f96e6

SHA1
74643c30cda909e649722ed0c7f267903558e92a

SHA256
b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

SHA512
e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm9849.tmp\mt.dll

Filesize
5KB

MD5
aac69f856c4540edd4ef7ce6c8571639

SHA1
2860f55ea9774d631219e66604051e90a43258b7

SHA256
6dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd

SHA512
ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm9849.tmp\nsisos.dll

Filesize
5KB

MD5
69806691d649ef1c8703fd9e29231d44

SHA1
e2193fcf5b4863605eec2a5eb17bf84c7ac00166

SHA256
ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

SHA512
5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn9A33.tmp

Filesize
469B

MD5
9c00cc47f691ea2f643f20ad1d83785d

SHA1
e5f1c7e5e8d197c7265d12081185e9faa75a85d6

SHA256
6dd3d3222c7ff1c07bc603c547e0f7f78d75c4f5d518b71a72e2012cb0d18097

SHA512
1553461ca350ddb17e081e4109a00ad62855ad7565fc6795b431750fa506ce8525bb9779f7730a1e9d063b30aff416191fae038d6d50e82a9a1b5322f1977afb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn9A87.tmp

Filesize
779B

MD5
772f226012d3f817c63134dba09a2e71

SHA1
b3849189b2964ee70b833f7ae20a5c126873bcaa

SHA256
169f3232016b4cfa70bd11afd35e5007a3c4c3a2b8e776930b08987089904e7b

SHA512
eab3e2474a559e4b61b4d49459e6de6fd85c0146fe754e6a7c5291bad45153c22e84898e2116d6aa85b41fdd768c9c73f8845f836cadcf031e98f453f39352fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss995C.tmp

Filesize
774B

MD5
e5d9eab955c25c3990e331e002bdc978

SHA1
2094e5de399be483186d4886f062426239c76ebe

SHA256
da32298120eeb2fe95853059007f41a731546713a2db24775f443bac22c01c95

SHA512
79500bd17c23bfda5534a0eccb447f1a9ca1944bc1e5763a8794a81cf1faffe781ac1f199528f89cfcb299f74fd9d9ace8ad3d1450ff7081a451d9812f086011

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss99AE.tmp

Filesize
980B

MD5
18f3e70b7e24bc2686c3f9d7e0a29028

SHA1
9986cce925a9804ee108e193615ba9b1cb41b3d9

SHA256
b473428664048eddb9d3c7ea2dc1b8aea4e36100e651f514c9a5510122e15f61

SHA512
917410f958451e49cd2ea1f9ba0b123283a148bbd815b1494afb1e943533dd6e43e80134e8f21049b4c049469d0bf72f55aa58208490711e40cabef5a6c9ed84

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss9A54.tmp

Filesize
575B

MD5
e4ba9f3edc36bdaf4e9fc7a1ced37439

SHA1
4f3760e7fc26bff16320fa2d13606fa733400017

SHA256
cf8cd4cd199b74412e3fed54f24b3adc1786009ff8849398a0218f0474cdc7e9

SHA512
a9d1f617379787f0b96afbe92f64f773ed357477ad05df075f1270bc75310c3ae84817ea4776fbe87cfba452849fc3a81dd899256340170331364f105bab4d96

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx98DA.tmp

Filesize
486B

MD5
dec8b68b5ee7c33567e34b0cb42363a3

SHA1
39a829de6619bf95c328d8372efbbe065680a728

SHA256
21ad625039e7fb2e524712d575c84aa9f790e0eaccc7e29ec2d6e65bea1928da

SHA512
64f891d82524314b864e72af4eb9db4045bfb35904d140dcc081d75a7f7133cac33d0aec0b59eaa9fb7cf54a766571ecf7b47fcc6fea63783d7849db2f24035e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx9A21.tmp

Filesize
347B

MD5
0d1ed72fd80b9c6f19e04c34e529913f

SHA1
82e96caf5968fbcf3cb101876db211af926accdc

SHA256
de2503594c4a5db73c72596671ced56bc4a24dfaf0614e0db6a27ebdf9c90ec5

SHA512
34bab8d7f6d6e87f49f26306c61ee4c419f84ecd7825b9d784016edd840a5161780161c6e83bafb6e6e62441b15e8b6a604014278c7e6de2a3db4f3989775460

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx9A22.tmp

Filesize
412B

MD5
94747155460fb992bbb8174171a64255

SHA1
cc0ede6d52f7f709d2a59de39a4875e3eb23382f

SHA256
7482f67a9bfdfa4d9d104cf597bd4e929e18b86810fd096c83c77077e4314fa9

SHA512
7239cfd6356ba132125ba9e3e78ab1cf0b604256b7effc05d9295c009010399f6f7de5d9384ba6641734164e5afe49504e1845ed13f2d43792d3865fee9006ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx9A75.tmp

Filesize
680B

MD5
e1b24837c56c4956b655bb40eb34bf4f

SHA1
518b6f47f928aac80e20d150a4d8b419656c0d35

SHA256
9a8da8b56fd700cd938e255847cbbede1a6ba48964666c0ed28d5d14070333c3

SHA512
2fefc6dc0d796a754b7917df30612b4812403c94969e2c695eea80dee8e45fdb8d957c80e8392beb5ed280b731ed174f2315cfc61a53c9ce8b892ab0786fab9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx9A76.tmp

Filesize
730B

MD5
26bbb04cf1012715755ae64e36ccad75

SHA1
fa8e4913f83eab8043624bbb8aa4b6cbff8d3c74

SHA256
0519d3df655c7ffefca44861d814283027ec767a295c9f529a3c7b1e21bae1e1

SHA512
11ec62e797799a9c8b05dac506654fd00aba85c5605bee2c1a9bbf7e002f2e40bf9819ac27624f4aa7c830cc6764866359e428287f78549ca42b4d3aeaeae96d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v6rlcu3a.Admin\user.js

Filesize
662B

MD5
b9bd0fbe7ff57cfef5d7ac9789f4871e

SHA1
b68343de4bfd8fe8619d11bb1b2778502beb8934

SHA256
a5aa78f757275e0583f07301cbef297ce009e199a4e7bf142d3dfc1323a4f859

SHA512
055c044455ea52cee6831036bb78bcd879047fcacc1c4ee6a3148429fb9d3a9d0c6e3a51278bc01e612347cca95b051cc4c074282989366b8c480e866c0b89bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v6rlcu3a.Admin\user.js

Filesize
1KB

MD5
c620f2e7acda26f13c9322543c154c6d

SHA1
0539c703829aed674056c6693c08fc1f834d9745

SHA256
759eb4e29d8356c3835ffeaa5f08d52230cc265e9b312a1f382eeff066c9ae4b

SHA512
10a1f4232f7ba890811eea7d1d29fbabccf39c54410e4cfa5f776131d0e97011c7609bb71989fb7698af4a3cfca4d33dfb1c084873878059526973bf67357a52

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\user.js

Filesize
291B

MD5
325ed3c60286e4238fc407a853d3ba57

SHA1
000ddd5a1f6a25aa1f9cc7112ae673ccef90ba95

SHA256
84d55e97380062625025963d417fe2560d3a8d8ab5f8955dfd5a54131dea256e

SHA512
2171d5fa3c4ea6a56bd0086c5796e2c55537d9bdd8c1f9d4e763260a41fba1be79c7e9e0c62e315498de01eb5220fdab06ae19fa9760430afc43b1b1c8a63cad

Download Submit