Overview
overview
7Static
static
7JaffaCakes...c8.exe
windows7-x64
7JaffaCakes...c8.exe
windows10-2004-x64
7$LOCALAPPD...ds.exe
windows7-x64
7$LOCALAPPD...ds.exe
windows10-2004-x64
7$PLUGINSDI...Ex.dll
windows7-x64
3$PLUGINSDI...Ex.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...ad.dll
windows7-x64
3$PLUGINSDI...ad.dll
windows10-2004-x64
3$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...es.dll
windows7-x64
3$PLUGINSDI...es.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/Time.dll
windows7-x64
3$PLUGINSDIR/Time.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...ef.dll
windows7-x64
3$PLUGINSDI...ef.dll
windows10-2004-x64
3$PLUGINSDIR/mt.dll
windows7-x64
3$PLUGINSDIR/mt.dll
windows10-2004-x64
3$PLUGINSDI...os.dll
windows7-x64
3$PLUGINSDI...os.dll
windows10-2004-x64
3FM4ffx.exe
windows7-x64
7FM4ffx.exe
windows10-2004-x64
7$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3Analysis
-
max time kernel
93s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
15/01/2025, 21:58
Behavioral task
behavioral1
Sample
JaffaCakes118_62f8adeef2bc51ff34c3637a9d4179c8.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
JaffaCakes118_62f8adeef2bc51ff34c3637a9d4179c8.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$LOCALAPPDATA/funmoods.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$LOCALAPPDATA/funmoods.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/ExtractDLLEx.dll
Resource
win7-20241010-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/ExtractDLLEx.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/IEFunctions.dll
Resource
win7-20240729-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/IEFunctions.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/InetLoad.dll
Resource
win7-20241023-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/InetLoad.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/Processes.dll
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/Processes.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/Time.dll
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/Time.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/chrmPref.dll
Resource
win7-20241010-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/chrmPref.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/mt.dll
Resource
win7-20240708-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/mt.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/nsisos.dll
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/nsisos.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
FM4ffx.exe
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
FM4ffx.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/System.dll
Resource
win7-20241010-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
General
-
Target
FM4ffx.exe
-
Size
319KB
-
MD5
fe768a6b82ed2a59c58254eae67b8cf9
-
SHA1
3dad9bf5011fb73b9be2fe6c601bb6281a3ceaf6
-
SHA256
3ac3c700060a0487060724f3fd22faf70d5f633e69401641964d7ba4d6e6e570
-
SHA512
3d8caadc61ea127bd0e3d01f35274a2ebfa34a0ac12b0932988300d011347f74a09c2bf3c85e58bfbe5200288c6e6f100b4f08916d23e56d7b52a70130aad14b
-
SSDEEP
6144:Ve34G2ct7JdUwA2UL4iCPfAHfWpR+0BmiBEaiXLoyX:Et9BHjAupYMmyk7R
Malware Config
Signatures
-
Loads dropped DLL 64 IoCs
pid Process 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe 4484 FM4ffx.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language FM4ffx.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
486B
MD57b95e70abb780520f877046a45e252ff
SHA157d5c61aa6c911f983992f74929dd31a14fbe2ba
SHA25613de566e3b3c70df33c337f2fccc3f64ddb3bb4a1347a1b1f3cc82fbb802d772
SHA5125cf56931ace7a022455535e76142c3623fcc7ff4ecd7ea93414778dcf678196cb304badaecb875974fd872e5cf755dcde93a3338109fcd7525c8a978a114602d
-
Filesize
1KB
MD56b8f8bccfc8a295602e0c9bac0b29e5e
SHA1139e51cb18c930b8426064a18a3965771ca85106
SHA25654d073ab97a477100d5a98783b0b8a8fb0f59a7778b5e5420e35df65a16433b7
SHA512e66c85f4356039c1e28decae8bf066c35279399582c6a52017096e2856366ade993955a5130a9184a791532fd37bcfc6bf91ef3595df05e9f725b0e6308ea942
-
Filesize
347B
MD5d0b089ab13290ce8db3440f37092aff3
SHA182a0c4292af57de0c81e06e7483d226c1a5f8bf2
SHA25675589a1ae02a42f3e1bcf40562762a1049ead02fa703afa741821858b5998d9c
SHA512836a22f34ea93a9805dfeaa7f9338ed5bfbda3268f0236e91547567b8e683b28f526f0b26a79ec54ed05fc4a952131d5df86945f44279e5aefe6b11b50809e87
-
Filesize
412B
MD53234e27dee5ea386a940b764eccfd4cd
SHA10709f819f282152f9de54b53b8cce5b35ed7c5ef
SHA256a1a1d7aa4b408d657e04f8bfb7a72099fd35cd9810cf3a868478397fe5ed17d3
SHA5129ff48d42b77a041aa2788705d80ca8ea0c6344ac4a340559e2f3497feb4804a6212e9dc3e082afda440b7ef127ae4f6d7dbc8044d419f017bd45cc03930befff
-
Filesize
11KB
MD5c17103ae9072a06da581dec998343fc1
SHA1b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
SHA256dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
SHA512d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
Filesize
10KB
MD538977533750fe69979b2c2ac801f96e6
SHA174643c30cda909e649722ed0c7f267903558e92a
SHA256b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35
SHA512e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53
-
Filesize
5KB
MD5aac69f856c4540edd4ef7ce6c8571639
SHA12860f55ea9774d631219e66604051e90a43258b7
SHA2566dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd
SHA512ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd
-
Filesize
5KB
MD569806691d649ef1c8703fd9e29231d44
SHA1e2193fcf5b4863605eec2a5eb17bf84c7ac00166
SHA256ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6
SHA5125e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb
-
Filesize
680B
MD5d55e9fe601121b466926b9e6c7edefd0
SHA1ef2dfb71375e2b79c960c86e96bf2aa84c0877f3
SHA2561b1f9cf95c4360c31a880a50d060cbeb367c5a69ba2585f6d8f40d9392662e87
SHA512c2fc275c5459daf21c9c475875d9030b7736fb6981719345656c61ade10a51412a572eca27315f9cd00e9e37a794fef587abdc04b6a506e8ec84f1e64d9e750f
-
Filesize
431B
MD53f52333c8059911c7342a689917bd077
SHA1f4dbd19b68bfa308129fc1bfd8412f211fbba4d7
SHA256a4d49fea96c25359538252c29e35f5f190d0bc69ac6084ad761635ad77f13c12
SHA5123fbfb3d01e82bbd92dac325d35051c75d009e1b8d124a99768dafe297fb1fd7950aefb4beecdbae916ef8063833fd9ba6294c2e48fac46a3d3f5fa965f0c77d7
-
Filesize
662B
MD5f596773b43e4f8fe3f86d385753611c3
SHA16c82162c04898cb16ef65a659e66f3d238b7a9c1
SHA25660ec84435b747d6b35306a1413e55a6c15497edbed4eddb57256f8d80f5a4589
SHA512858c0a843ba591a02468b3b6b1e9861730386a281e6ab3efff8c2df40eb9c5ebd8e8d1fbba3130d80fd70c82ec9e0bebb33ff96108669418494a9023f669c4d7
-
Filesize
930B
MD50fdaf71523dd185826b645d96f38f228
SHA12430e0c5a5eabfa6f4ff7c2cedef1dbb5f7a5007
SHA256d953d65607c14a08b55fe11a34f60a0a52ecddb033395c0b242ea1ec903f1dbd
SHA512b77cab62649811a24fe947082e3685ff9449e2e00adf96f36b755c6c4f7e4f00e5638a9218ef04cb708fc87c2df48475154f6142fc2357ac00c9355d5009564c
-
Filesize
236B
MD5af828808d1c8c4d5f536bd4a6df05d40
SHA197c3d1e01d014c0de231daa3c8a71cc1d9d55843
SHA2568949502547c82181d738464b861b9f05fd68fbc6f9a3c98c02d83300bc7b77b3
SHA5124b86a9afa666e7defe6660131ca01bf11d783909ff8c38e0b0709f6a357901465f770c42af5ae836443151451832fa1a99b7003f030377b2e48be573b40dbcba
-
Filesize
291B
MD5fe9e149194d01396d7278cc9be37c78a
SHA19ce2f00f172472a94dc547368fe76424d7ac910f
SHA2569424d3dc2828ca81c0bccae3337765408f3a9485672cd4694bb63eb1d82dc09d
SHA512d852af9a48a2e9d55155aa2623ae01de75dd1cc746e5682a810a639457dbc56ab6ba72955591cc4d3c26fd776a7cb20966f6e5e35bf8a384536b0536231477d7
-
Filesize
575B
MD5767e3b374afdf6f04e6af7c1abf97615
SHA1b318afb57ee2433636110c65e80ee8c85cc72902
SHA25643cd90b1b564eb61dbffaeecdff99de41d182871f54ccb704c6eb462723e76bf
SHA512fb846bf29d6748fae64c58d466a6e78eabf4089459a585f555d0f8e225f39cb9ae293e61058fa29440ea4f325add85cb2862ea7b136fce35d803fd95de5e3f4d
-
Filesize
541B
MD534227ab3c120cce0e23986c0be1a5e20
SHA19280847ddd2e43d3ecb8bf49bf7417a1ccd0128d
SHA256c66e1119adb0fe1d2148267d6665f99c51e2658e6c7b58aa3abae1ca9f7c5ef8
SHA512797f00e958f0b349467a49cd0870cb8f74dd2c82be1790db127a14d44af207c35164347f1cfcddb917d54f3de33ff30970212884161aeec6bc234035322e9dda
-
Filesize
825B
MD55fc5e0cedb0607d6ae43d555cba5c565
SHA122a34678571d8d1b557981109e659bf9e309a587
SHA256283fe0438a73aff5aab5fbe45935ea75f4d65abaa0fff4da8d1e4f68769d788a
SHA5122f42d10062f33576c88bc0d034b3e96757d099218bf5e8e373b31f373806b651aa8295eee37e2652233a8a4518c6d39e3c0349fd467eb6b2601c526a2a74efaa
-
Filesize
597B
MD57666b4e27fca92fcbd6d8b646bced072
SHA1b61ca2c3d1b848cc608041f9addae4622d6f7304
SHA25632090b3df38f32d14c5cfc7bbdab40133e18d4a4ad50165a380472b861419aab
SHA512444bf1870cf5e9ab1105c1ce2ea32aa27d63fd0a60869a55b2e63634614724fbdc282236238cdb0c132678ea6019c04fa6cc3909cf386fe7c5b7b01173cfc21b
-
Filesize
878B
MD5a33636f226a5e452873262dee2bae93b
SHA1548df3a646f6bd2739072a3e8152fc0a1e73ba89
SHA2561524a620f68f97e8faf164e67d11f2577fe3c3baa1b7bfad00755d31c94f4c92
SHA5125f062df1663d9d6449888b72ba04c0dd3128a7471866685f44314e8f21acb9db89e5ba8cabc08f4f237afc8f743bf98c48895424137b5b2dac603cd589ec3a7c
-
Filesize
980B
MD5f9d6132687453a099f775a5e20691ac7
SHA1fa4e942c42e3b153ae3803c92c671ea0acce5e60
SHA25601367dfb4b1c1961dbe774021a99a9d9b996c3674332c06e81f8ae012db4c83d
SHA512cf39ed42c840ffbce86a24c0af182bb161b1d0e08b9c12a02249c84dc5707a052417f5127b2a4b4d20614506b2802351282e72a1c4246ef4d9f240600ee961cd
-
Filesize
181B
MD5c011ce07ecb3ec3ceb40fdd2eb119ecc
SHA18fdeb213b32c3e106a8b67fffb73e8b5f36825de
SHA2567e928b374168d26e8fb1d8de0446f39e2a8819bd45adf8438f33905abc3e0ac9
SHA512651210af6018d33f1270f70f8e5748af0533e53b9d8493afcf7b04d6cf738978696bfe38b168f427faa8d6ad49ced8435cd3b9c36b8c9fdc79bfe01838f936cb
-
Filesize
730B
MD5c132e50cc6ef7002fcee0af35aec77f7
SHA1bdc0cb008af834ce11edd3fdca7e355d71e4aad1
SHA256b1f8da0121251484548cc04d1d7e7999bb8b4ea7d3ccf0f87c05f6e73bb343fb
SHA51280db7cce46ca22f85b63a499ffdeda4d3ab8298607fcfd3efb97f60893f6b9caf229e1fe1ef2b04828c9afb3c739ea485e88f8f7c491794d80c2af73fbbdb17e
-
Filesize
774B
MD52eb180196b9ec606e062e1578e6156f2
SHA1cb181f316e19a5365d11f4edfd06fb9d1066e857
SHA256ce4089ec286eeb9b24e8d2edaeb11871349d20ab5550c8d516a2e4a2fccb64e8
SHA51284ac6f35a5d70ae92052fb805b26ac8e7068e01e1be6217c57810b8e8b5dd01af47a7ef6729fe8f4ecf841b994e2a9457fb1be669416d7945f6e2702d80a3c6d
-
Filesize
469B
MD5b7719b12bca6853612bb027eefaf105e
SHA1ac6f83cae49df601e8d7d1545c109042498c07c3
SHA256a6bf5e40ed427dfa9d609903a0914b6505fb2077f1f97bebfc485550e69000eb
SHA512d24142222fcbb4365f52ae621b3f60d9033a97077a3fb0c71148d65630f2c4cc2da71bd971bdb77e8df2295c591a5355847a6755172c645b287ac27f672a8405
-
Filesize
628B
MD5c07c908fd44e934fdad54992c0bb1758
SHA1e5d115570c75459c0dafd410a06f1551b7f0ec72
SHA256476fc3e9c3787d6dd2ea3fac4b00c516915b44c9d0e6b4309b6b2c18f174241c
SHA5126206a75e9ba2e66611753118d19d601b41243b2108a1e2d13d5333226785018a30a17cee73fc9d0f4535dc13e109ef6cb173af937e2cffb1a89cd97a48f20d3a