Overview

overview

7

Static

static

7

d0eb5dafe8...18.exe

windows7-x64

7

d0eb5dafe8...18.exe

windows10-2004-x64

7

$LOCALAPPD...ds.exe

windows7-x64

7

$LOCALAPPD...ds.exe

windows10-2004-x64

7

$PLUGINSDI...Ex.dll

windows7-x64

3

$PLUGINSDI...Ex.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...ad.dll

windows7-x64

3

$PLUGINSDI...ad.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/Time.dll

windows7-x64

3

$PLUGINSDIR/Time.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...ef.dll

windows7-x64

3

$PLUGINSDI...ef.dll

windows10-2004-x64

3

$PLUGINSDIR/mt.dll

windows7-x64

3

$PLUGINSDIR/mt.dll

windows10-2004-x64

3

$PLUGINSDI...os.dll

windows7-x64

3

$PLUGINSDI...os.dll

windows10-2004-x64

3

FM4ffx.exe

windows7-x64

7

FM4ffx.exe

windows10-2004-x64

7

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    96s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/09/2024, 02:49

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    FM4ffx.exe

  • Size

    319KB

  • MD5

    fe768a6b82ed2a59c58254eae67b8cf9

  • SHA1

    3dad9bf5011fb73b9be2fe6c601bb6281a3ceaf6

  • SHA256

    3ac3c700060a0487060724f3fd22faf70d5f633e69401641964d7ba4d6e6e570

  • SHA512

    3d8caadc61ea127bd0e3d01f35274a2ebfa34a0ac12b0932988300d011347f74a09c2bf3c85e58bfbe5200288c6e6f100b4f08916d23e56d7b52a70130aad14b

  • SSDEEP

    6144:Ve34G2ct7JdUwA2UL4iCPfAHfWpR+0BmiBEaiXLoyX:Et9BHjAupYMmyk7R

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe
    "C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:4172

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nsa60B3.tmp
          Filesize

          486B

          MD5

          bd9c70b67c2e7dea2c4a042eb816d72c

          SHA1

          b1216d661db7f93b13093403726b8b6d3c98161a

          SHA256

          f59f7a66ee432d30f92cc9b3522aec3866a35aa241169292495333612832cd9d

          SHA512

          cbc242eabad0b5bfe2b25f9f34d19412b69360efc44acb6d2cc7f2666bda2b2bd770b7a610de8cd48a1711934904316ebf5d139408f6a81fe3d08c26d211c747

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsa61A5.tmp
          Filesize

          929B

          MD5

          4bc42717fec50dad1c6bcf64c15ac255

          SHA1

          3fcb66902e4e459923ee4f953045e817fc0e0aa1

          SHA256

          04f57cd19f79def9a37438a1fe7a16cc04f2ab0b2ee18c11a48400e3fefbf308

          SHA512

          9571e047bd57d51030995bf35474e7e8269f54b0e1ea3ff078991784e70201751d2c098fb6a3fdfba5aa1d6ae9bc456247902e71f3aed0903f0e190e5a11bde1

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsb629A.tmp
          Filesize

          523B

          MD5

          c499d0507f0a700a5f4ffc0aaf4a61aa

          SHA1

          5b7207e8f2046ef5f7983bd24f92cf63afd60c3b

          SHA256

          5251e88cc08950a1a55c1bc3718f6d521e1d83e5bb4cfc1f81d8fdabdd9e66eb

          SHA512

          aa4fec3b25bafcc410ffcd182636749fd51f046b55076ffd1b5ef4ee5a0229275d72a2e8333a6b024ec6e9282ba6b8ffa919da44d553f2bc896efd9a89b90843

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsg62BB.tmp
          Filesize

          627B

          MD5

          52713bbd4f95d262d0eed83c06db3956

          SHA1

          c5f702e2c39258c7294e88522313fde3e88db47f

          SHA256

          1f5e4b0b1e7ad1472f7280c53c7228a51fad70addd4565f94c045ff556b3882a

          SHA512

          5a0b16f4c807f89d38f89d174f3bb862463e0bb15124c2334c7abe92de9b5eefc320478f11add06a3475fc3cf8f806ff5bc8260d2e12f42d660f9a14abb5fe7f

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsk6003.tmp\System.dll
          Filesize

          11KB

          MD5

          c17103ae9072a06da581dec998343fc1

          SHA1

          b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

          SHA256

          dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

          SHA512

          d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsk6003.tmp\Time.dll
          Filesize

          10KB

          MD5

          38977533750fe69979b2c2ac801f96e6

          SHA1

          74643c30cda909e649722ed0c7f267903558e92a

          SHA256

          b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

          SHA512

          e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsk6003.tmp\mt.dll
          Filesize

          5KB

          MD5

          aac69f856c4540edd4ef7ce6c8571639

          SHA1

          2860f55ea9774d631219e66604051e90a43258b7

          SHA256

          6dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd

          SHA512

          ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsk6003.tmp\nsisos.dll
          Filesize

          5KB

          MD5

          69806691d649ef1c8703fd9e29231d44

          SHA1

          e2193fcf5b4863605eec2a5eb17bf84c7ac00166

          SHA256

          ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

          SHA512

          5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsk60F4.tmp
          Filesize

          661B

          MD5

          729952b77b34a5a374f098b54a801676

          SHA1

          4dd7c95b5afced3fee27405a127fad688f8025df

          SHA256

          6a19bf2a42a516a4321f004cd279c6bd990e58e4f24a8c8f25806253d59845ed

          SHA512

          1b20c5652a582b3c82f2c9487a40d7493a513b14bf2aafc5845c64afad9243aeaa989300b3133fcd0e700e596330c76a7c49fb08887be662f1972b83b61bdf29

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsl6287.tmp
          Filesize

          347B

          MD5

          a38843bb6c5f7ba57fac7a92167bedb8

          SHA1

          251b2a3de53e5b0f087679ef0242b626c4473fdf

          SHA256

          9cfef921cb302fb3ff9d5fe891adeaef02e3808d70e16a7c3254fafbbcd47dca

          SHA512

          bf76d9056c5d139e268e75984d8ec019e9e42f08c98d09dec5b01b64f6742d3678ee3564ba680d3d7d603b85f8b63940258b517765b42b645dfe46ebc4dd7af6

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsq6115.tmp
          Filesize

          718B

          MD5

          ed62c502b1484c716418a67325f6d83d

          SHA1

          ccc20c8087e0362db52ed6b4263d7580bbab250a

          SHA256

          dbe5380579f5bd2218a2efe6d0ea74132a95ebd26215f7ed3b9a358731e17c1f

          SHA512

          271829b1f57b3a89dcb50ee225066b40f64da0d21bb59f783b523d0c7906776a912356a2c4c87bc71a39c2094b460b7f6a956ddeb7adecf5c517d914444a308d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsq62AA.tmp
          Filesize

          574B

          MD5

          e74b02be052b888f69e3315265d4cd45

          SHA1

          abd646c041a06f3356c3ff00607e2d5bcc06b551

          SHA256

          d5b0ae73b3f0e277c998cd4fba188890a52e83d0e614601abe53f78b127b5efe

          SHA512

          0f4658d8e2b37f82c8a083b6f0f38755ef3a3761a6a2eea4971426165dcd24130b6e3ea87faa746160d699138aaeaa8262d9b3f817f176d472dd1490b0097e98

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsv6093.tmp
          Filesize

          431B

          MD5

          e8b48c396a01ef8c9f4d79c1c49b1938

          SHA1

          173da0781fdb3b40794801b4b2754381515cb795

          SHA256

          fe98eccec3722810bc9b89204deefa10a5bf15cd0e9e4cea0015b006c483ecd9

          SHA512

          abfd6e25d2f889bc6c756e547e4874f876d2bfb4e7dca72f17fc0d5e915d2f0d4bd5c1c04a8a6fefde1edad52f73af2f4ed1d2ab9b187ac0c4be2497e5bbf478

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsv6185.tmp
          Filesize

          877B

          MD5

          c40b3192847b976ad043bdad520aaa25

          SHA1

          f315743968316dcabfdc23081de4d837568a88a7

          SHA256

          b55934039112aaf956be01442e1d409e5861f27b3cb7209c675ddee94f4c82f2

          SHA512

          db28884dec3f688858059835fb4f1c5ef18b04ce483981072d8704041191513ef0530141731c50032c1e9c8ee7ee05b2a123d314c8dd60cb4752379a46a4cfa6

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lzsht85k.Admin\user.js
          Filesize

          597B

          MD5

          eb926ecd70fa6b405e6222fa774987f0

          SHA1

          493e849f0dcbb29d3dd773911e627df4122eded3

          SHA256

          c5f82dfb8ed0162fdd159c889d45d7ff7c54a77358454925110149225a69ec21

          SHA512

          4491854dee8d6d5abeb01b2b89b7fb38ea41eaecb6dabd61539060bde75704eda5a4a929e807f20ed9e510ee5099a97160361559ff7566eaf0e54473ae0e4f61

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lzsht85k.Admin\user.js
          Filesize

          773B

          MD5

          137fd965ed8112cf883769b27f4daf0b

          SHA1

          8918dbe196ae9972028c2b51d37e0c45f0377219

          SHA256

          85e8e0c7b3ceb5bc48661e120f3c20f07bdb3114a44887ddbd82157c35a89255

          SHA512

          6dccb2d0b34b94b099156f27263d7898a8f1c0faab76a109ae06838539f605f3140926878f8c2b87490bc78007f8307e25b2ebe69b58e4aa98545733eb198f0a

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lzsht85k.Admin\user.js
          Filesize

          979B

          MD5

          142cc1ea455f216a7e9411ffefe38088

          SHA1

          56b06acdefc951ecebbdb727216e82d56b9c2cbf

          SHA256

          3d855c6133819677cfd1bc707c981753e96a41a4b8d030f2d1e358cd9fa442eb

          SHA512

          55e36d232635ef0cb4f32236241f4702ff3aa5e35268d9fa7795c2c2cc784b8a7914e7cde162f29b908074dafcebf067e836d8b0e983d02215861fa7174de15c

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\user.js
          Filesize

          468B

          MD5

          172445d5dc6a3f5b5e8d28c5a3df229f

          SHA1

          2d5e5e04747f2d5178a40be786225a6a3737db7c

          SHA256

          61e751ba41fb2933f2cb20214b9404fe9ee638765b54b12f8f02f5826308a5a2

          SHA512

          60d96dd2b5ff3e94552447de357322594625dd042724ea166497a24c62c43f9d3389e87c3db6df138235b0eb99d9b786ccfd4de0c37f00c793fe22ca07ebd90b

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\user.js
          Filesize

          830B

          MD5

          e56268f326e8549cb2d0bc92548018a4

          SHA1

          2535427ac5ebfc8007795f486696d813a46a8a75

          SHA256

          5a66a3632bb42b9f850d7a1b4b147f394ae32c88e795ee1452bba90a4dd49bea

          SHA512

          aceee6a6d9d67a3a2c93d96be657c2c7b9e90b8f029537c36b2a48ec6ae65e71bb0f3c257e024130786498d5f16527fc62799a158c80acec5636ddaeae0f8448

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\user.js
          Filesize

          236B

          MD5

          aa2b07e670ad744ef0715e30cef3dc43

          SHA1

          b8215c8047f35d96696386eb15bc4f376f5de70c

          SHA256

          b7129be6741a9f5022753aa85920baef5ca2c5aa0a867b8e66a3992f5d1844fa

          SHA512

          ddf45a3edc375f85ca83932a3fe45d498989636ddc001bffcf910d275acadd8ca83614ead545d30ed3619ff7af3bad18cb74c8778fdc7c7640fced0c963bf95d

          Download Submit