Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

c158fb372a...18.exe

windows7-x64

7

c158fb372a...18.exe

windows10-2004-x64

7

$LOCALAPPD...ds.exe

windows7-x64

7

$LOCALAPPD...ds.exe

windows10-2004-x64

7

$PLUGINSDI...Ex.dll

windows7-x64

3

$PLUGINSDI...Ex.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...ad.dll

windows7-x64

3

$PLUGINSDI...ad.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/Time.dll

windows7-x64

3

$PLUGINSDIR/Time.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...ef.dll

windows7-x64

3

$PLUGINSDI...ef.dll

windows10-2004-x64

3

$PLUGINSDIR/mt.dll

windows7-x64

3

$PLUGINSDIR/mt.dll

windows10-2004-x64

3

$PLUGINSDI...os.dll

windows7-x64

3

$PLUGINSDI...os.dll

windows10-2004-x64

3

FM4ffx.exe

windows7-x64

7

FM4ffx.exe

windows10-2004-x64

7

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    143s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/08/2024, 18:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FM4ffx.exe

  • Size

    319KB

  • MD5

    fe768a6b82ed2a59c58254eae67b8cf9

  • SHA1

    3dad9bf5011fb73b9be2fe6c601bb6281a3ceaf6

  • SHA256

    3ac3c700060a0487060724f3fd22faf70d5f633e69401641964d7ba4d6e6e570

  • SHA512

    3d8caadc61ea127bd0e3d01f35274a2ebfa34a0ac12b0932988300d011347f74a09c2bf3c85e58bfbe5200288c6e6f100b4f08916d23e56d7b52a70130aad14b

  • SSDEEP

    6144:Ve34G2ct7JdUwA2UL4iCPfAHfWpR+0BmiBEaiXLoyX:Et9BHjAupYMmyk7R

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe
    "C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:3856

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nse8425.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nse8425.tmp\Time.dll
    Filesize

    10KB

    MD5

    38977533750fe69979b2c2ac801f96e6

    SHA1

    74643c30cda909e649722ed0c7f267903558e92a

    SHA256

    b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

    SHA512

    e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nse8425.tmp\mt.dll
    Filesize

    5KB

    MD5

    aac69f856c4540edd4ef7ce6c8571639

    SHA1

    2860f55ea9774d631219e66604051e90a43258b7

    SHA256

    6dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd

    SHA512

    ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nse8425.tmp\nsisos.dll
    Filesize

    5KB

    MD5

    69806691d649ef1c8703fd9e29231d44

    SHA1

    e2193fcf5b4863605eec2a5eb17bf84c7ac00166

    SHA256

    ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

    SHA512

    5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nse84C4.tmp
    Filesize

    431B

    MD5

    1fa10fb140f57d7b702d58e9033b3621

    SHA1

    82b747d14ad7143ea18c135849bf9a05a52856b7

    SHA256

    d02517bf84543569e4ddef3c1e25b6b82a6885101384b38c514c1728845f7212

    SHA512

    98bfe2f95b8d12e7cc10ae2422b4340d692154563be35a545b36fc974fa03cc281078d73d4b2d636138976a8f0f27fc5e578b4ca2653d2e7757fd8ad6f153233

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsf85B6.tmp
    Filesize

    825B

    MD5

    2a74f28d3df3f750eb175bd2f33aa0b9

    SHA1

    740c3b4100887c6c0c278b8541417a8500ffcd79

    SHA256

    3bd948b12dcd9edb3911df8a52c0c9dc988ed255911f7e93e377028bec180c91

    SHA512

    18d454c3efce63cf3a9f490d3efe250db1d39e6ae88bf76d602cc4f7443e2a58e65d66ef35d042439606792ca4b8fbc8e9ba7ce169aeff4e107f9e4043293ea4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsf86FB.tmp
    Filesize

    575B

    MD5

    c4610b673ea954d21ce46006b082b4c5

    SHA1

    3b93c8447e2ec0279f4e61d5af11658a57a90e28

    SHA256

    e79ff4819792a6f0266c52a2fc9c2e9577c57cc6cbff04f509e4f996072f4f7a

    SHA512

    0b0b20c951c0f13aa203c199e2f7e4de58b744fe8ff913a2ad3c7c30c0d7ba77647547038514fca725e19c562f5ab676874e04800b36a1155234fab787238eb4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsf86FC.tmp
    Filesize

    628B

    MD5

    b73bf78d3c0c68ea82d8a4502a098a8c

    SHA1

    85d2d9e4577c6150ec207a38a504402236a048a3

    SHA256

    7ff466f31ed002744d5442a7e77c5acc8959ac5763e4becf53131f7b66049a03

    SHA512

    19bf10d2989326b37c5e5a57647ef86df39fad88943ab265627f5ad64644a1b961c32e1383340d1c27e4dd4c47ac885e43356f53e128ad4423d50a4d13542051

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsk85D6.tmp
    Filesize

    878B

    MD5

    6790bc6bb3c74a504c3ca4bb2955a1b0

    SHA1

    0ba44df5ac57fb49eac085e6495b2e27121f7540

    SHA256

    2aca2574379e1607945a65ef19418e0a3288dfd983f184f7b4c6adfbb1276cda

    SHA512

    2e267fb05dd359acf0136e2ac98940dfb2823e9d84b0b035975a789a6215daee56e03dcef274995ea513a4884ee61f42e8f024c9cdc11bf65d8f1544b2af551b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsk8626.tmp
    Filesize

    980B

    MD5

    32eddc63b700f0e206e511ba9a40d82a

    SHA1

    fe76371991e3769a1b71500f4690280e65cee72f

    SHA256

    6f31072f47cd0e5f038f5becd3636ab7bdf0b9095a8bff84f6cdc1b83f0a8faa

    SHA512

    8cf0e50f2b3d3e2bbb95148af9d68fde76e28448762cdfd161b947d340ce7d5a3c6d08c00df7d09e7274ad7b9695cd5045f7cb313dd2f97cc51f83b88260ed0b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsk86C9.tmp
    Filesize

    412B

    MD5

    2ea61d2898c103113cb2b3a8dc8ac077

    SHA1

    2e4755a1542ce0df3ab78d0c06aa4821fd932c8c

    SHA256

    4b6abba03b34bd8e3d72529d0685a8f8e9741e2d35324e22df0a89029fad00e0

    SHA512

    3e78f4e92202f0a1b5a544d0144b027a43d4f5a9b562532d5940f53056710bfe4d54074c7ac524cc2578239fe6565e70669611164549f37d5a922bcd2ef6ad56

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsp85F6.tmp
    Filesize

    930B

    MD5

    5be3c7e1da682065d97c35266f92faa6

    SHA1

    9e16528ad8a85d0a15442dd97f73231ed74af5bd

    SHA256

    ef10c72fd9cb7fe88819bce163d0c7bfe13eea15cfa8c916e991ce76127f3410

    SHA512

    2239c84a5cab40c21fd592bac8b6c36f2e36d1319832a84611a0b1a3ad5a1e95595abefdd95f948664a76457dab63778f5bdea704cc3b0271ebafeb85a8fa9f3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsp8646.tmp
    Filesize

    1KB

    MD5

    b44caa6d3af9db9f9e74e9ec6ddb9be9

    SHA1

    2eb4d997be6cd97541fc82e553336edad29028e1

    SHA256

    771675bd06e5eb24c3c55823cc6a6709f4ffeecfcdf0f4c4849fa8c9bc3e8444

    SHA512

    77d0d91e0ac0852290ef6eb450df90f491f55facea78ed24b3b1e15648f03a5b85e3b73656e600ddf76bd0d972e58754baa2232204fd1a286bef6385a6ab0222

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsq873E.tmp
    Filesize

    779B

    MD5

    47490ca234b83d1423292e4126dbf22d

    SHA1

    1bb257cdbcd77546810005cf55114cdf9b1e394d

    SHA256

    3043295ffe2aec2322f933db719f6c8ab75f5a2ed11fff5e39cdc93671fd5b58

    SHA512

    8e3bc39cbf9957909dd9c682336e983c7ea4dd5e881d2df834c4e844b75daf9b8e46bce3648a4813794b7bcd9573973190348839227482399f0dd7c2f336af7f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsz8595.tmp
    Filesize

    774B

    MD5

    c8464cdbf58c4bd97f3aca7d40ad9a31

    SHA1

    e7a2ee2cba3bf9b43374a1d8f3714e7bf148e710

    SHA256

    b110ab287f1a18ce0c405c026bec250c6659ea122fb20a08a1dd33a5e7479741

    SHA512

    ca95fc2aaa8a648ee961b6c376e10b92292c7490e60aff044e355fdaf5de93b68b0ed694ff4f94db94bfd3ad4e32be783200aa59546a079dc77a4b420aecb08d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5rgpeij.Admin\user.js
    Filesize

    597B

    MD5

    6d238e4b9323d2d42929314f6aff5850

    SHA1

    f9833f0ed6bc2147f0b6aca2f29abee4f9f1f9c8

    SHA256

    a8624d61c44e71d736d773d866472fa56eb5f83d6c6c8436e7c37fc35c2c6c1b

    SHA512

    4a20f89be8682a888aaf097af9ebcda1248d3ddb471de8eac339875118b67cc152bf4d72b2031c14f1212ead747f26b88b535c961a48dafc7112922b1e9ae02f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5rgpeij.Admin\user.js
    Filesize

    719B

    MD5

    ad246c408cb143753585b32ce18b2dc6

    SHA1

    ee1b3e5e70ed681e4d5380aec57852a0aa9ce6b0

    SHA256

    e61ec1a2e56582f2ae0eb5ca3d440c9aed476894a215fda37513fafb65536239

    SHA512

    58a68739e75fcc2514c92cff5feaac2de4de654a58bedc66624d5bfb7b65b16aa566ca9f50d87c87bbbef180d764380034d7c0abe031c12c8c33ed0293939c5f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\user.js
    Filesize

    291B

    MD5

    91c19fd31956a82c8024454920acdfef

    SHA1

    5890975d9a1fd48edb1c09e52a2c53f8edbd2ece

    SHA256

    331c25a813b387d796a4a05a52b0c98bbb03741cc503d39046b1cc02ca047e83

    SHA512

    348739a83917bceae67ce6ad5418f19daba5f67bd4cdb44dcf78af5191e37c35e5d0e22c30b02d401e10e2687a6174af5b7cbf1183875c409f9120834204ab3b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\user.js
    Filesize

    469B

    MD5

    fc6e8a0c14f33468aefaaee9d7fd548a

    SHA1

    afe3cb42645eb4caf9bcceb04fe768a6ee64ed17

    SHA256

    705a800ebb94e94d04a7c8f6be520187157336e13f96a9097242eb6e713fbef0

    SHA512

    0340a9501a21c1395d02edb2fadb8a57d83799ff6fd0ed0efdf5ef8c4c92f7067f4ad0305f914d109465dab4fe494547ae6d300aa063c211c4bb6d23175adf81

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\user.js
    Filesize

    680B

    MD5

    ef4538fd27e47efbacdfb30eb35a2e49

    SHA1

    169e36751253c60124242dcf6b5b31b8eb80772d

    SHA256

    5bc670fc4078ac4a2a9ea6de25d85e156777eeacacba868a3b86c5d2feb19622

    SHA512

    8f127cc7b286b7d0af0969acd8eb96967d215c94512cc005044e867ea4a00281369074e4d518e0f0a03623ac0ea16724b5eeda904f0816f8383a88be8c27d773

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\user.js
    Filesize

    236B

    MD5

    7f019aed1c6831111fd15745c11254a2

    SHA1

    b1e3d56b44d7b06c6187a17ab0e4ceacc5af3762

    SHA256

    382ae4d64f6c854883d948c10312b05f81756a94ec4a90291b54a96193fd99b4

    SHA512

    fba82a9e041121e0fd54e1e7810b1d5243f68830f22759fab5c2d2067ada0c89327cff560c6b80297f4187192a5c73776f99cf7f903bbaaa81b775203d474cb8

    Download Submit