Analysis

  • max time kernel
    93s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/01/2025, 21:58

General

  • Target

    FM4ffx.exe

  • Size

    319KB

  • MD5

    fe768a6b82ed2a59c58254eae67b8cf9

  • SHA1

    3dad9bf5011fb73b9be2fe6c601bb6281a3ceaf6

  • SHA256

    3ac3c700060a0487060724f3fd22faf70d5f633e69401641964d7ba4d6e6e570

  • SHA512

    3d8caadc61ea127bd0e3d01f35274a2ebfa34a0ac12b0932988300d011347f74a09c2bf3c85e58bfbe5200288c6e6f100b4f08916d23e56d7b52a70130aad14b

  • SSDEEP

    6144:Ve34G2ct7JdUwA2UL4iCPfAHfWpR+0BmiBEaiXLoyX:Et9BHjAupYMmyk7R

Malware Config

Signatures

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe
    "C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:4484

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nsaAC91.tmp

          Filesize

          486B

          MD5

          7b95e70abb780520f877046a45e252ff

          SHA1

          57d5c61aa6c911f983992f74929dd31a14fbe2ba

          SHA256

          13de566e3b3c70df33c337f2fccc3f64ddb3bb4a1347a1b1f3cc82fbb802d772

          SHA512

          5cf56931ace7a022455535e76142c3623fcc7ff4ecd7ea93414778dcf678196cb304badaecb875974fd872e5cf755dcde93a3338109fcd7525c8a978a114602d

        • C:\Users\Admin\AppData\Local\Temp\nsaADD3.tmp

          Filesize

          1KB

          MD5

          6b8f8bccfc8a295602e0c9bac0b29e5e

          SHA1

          139e51cb18c930b8426064a18a3965771ca85106

          SHA256

          54d073ab97a477100d5a98783b0b8a8fb0f59a7778b5e5420e35df65a16433b7

          SHA512

          e66c85f4356039c1e28decae8bf066c35279399582c6a52017096e2856366ade993955a5130a9184a791532fd37bcfc6bf91ef3595df05e9f725b0e6308ea942

        • C:\Users\Admin\AppData\Local\Temp\nsaAE74.tmp

          Filesize

          347B

          MD5

          d0b089ab13290ce8db3440f37092aff3

          SHA1

          82a0c4292af57de0c81e06e7483d226c1a5f8bf2

          SHA256

          75589a1ae02a42f3e1bcf40562762a1049ead02fa703afa741821858b5998d9c

          SHA512

          836a22f34ea93a9805dfeaa7f9338ed5bfbda3268f0236e91547567b8e683b28f526f0b26a79ec54ed05fc4a952131d5df86945f44279e5aefe6b11b50809e87

        • C:\Users\Admin\AppData\Local\Temp\nsaAE75.tmp

          Filesize

          412B

          MD5

          3234e27dee5ea386a940b764eccfd4cd

          SHA1

          0709f819f282152f9de54b53b8cce5b35ed7c5ef

          SHA256

          a1a1d7aa4b408d657e04f8bfb7a72099fd35cd9810cf3a868478397fe5ed17d3

          SHA512

          9ff48d42b77a041aa2788705d80ca8ea0c6344ac4a340559e2f3497feb4804a6212e9dc3e082afda440b7ef127ae4f6d7dbc8044d419f017bd45cc03930befff

        • C:\Users\Admin\AppData\Local\Temp\nsfAC10.tmp\System.dll

          Filesize

          11KB

          MD5

          c17103ae9072a06da581dec998343fc1

          SHA1

          b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

          SHA256

          dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

          SHA512

          d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

        • C:\Users\Admin\AppData\Local\Temp\nsfAC10.tmp\Time.dll

          Filesize

          10KB

          MD5

          38977533750fe69979b2c2ac801f96e6

          SHA1

          74643c30cda909e649722ed0c7f267903558e92a

          SHA256

          b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

          SHA512

          e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

        • C:\Users\Admin\AppData\Local\Temp\nsfAC10.tmp\mt.dll

          Filesize

          5KB

          MD5

          aac69f856c4540edd4ef7ce6c8571639

          SHA1

          2860f55ea9774d631219e66604051e90a43258b7

          SHA256

          6dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd

          SHA512

          ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd

        • C:\Users\Admin\AppData\Local\Temp\nsfAC10.tmp\nsisos.dll

          Filesize

          5KB

          MD5

          69806691d649ef1c8703fd9e29231d44

          SHA1

          e2193fcf5b4863605eec2a5eb17bf84c7ac00166

          SHA256

          ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

          SHA512

          5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb

        • C:\Users\Admin\AppData\Local\Temp\nsgAEE8.tmp

          Filesize

          680B

          MD5

          d55e9fe601121b466926b9e6c7edefd0

          SHA1

          ef2dfb71375e2b79c960c86e96bf2aa84c0877f3

          SHA256

          1b1f9cf95c4360c31a880a50d060cbeb367c5a69ba2585f6d8f40d9392662e87

          SHA512

          c2fc275c5459daf21c9c475875d9030b7736fb6981719345656c61ade10a51412a572eca27315f9cd00e9e37a794fef587abdc04b6a506e8ec84f1e64d9e750f

        • C:\Users\Admin\AppData\Local\Temp\nskAC80.tmp

          Filesize

          431B

          MD5

          3f52333c8059911c7342a689917bd077

          SHA1

          f4dbd19b68bfa308129fc1bfd8412f211fbba4d7

          SHA256

          a4d49fea96c25359538252c29e35f5f190d0bc69ac6084ad761635ad77f13c12

          SHA512

          3fbfb3d01e82bbd92dac325d35051c75d009e1b8d124a99768dafe297fb1fd7950aefb4beecdbae916ef8063833fd9ba6294c2e48fac46a3d3f5fa965f0c77d7

        • C:\Users\Admin\AppData\Local\Temp\nskACD2.tmp

          Filesize

          662B

          MD5

          f596773b43e4f8fe3f86d385753611c3

          SHA1

          6c82162c04898cb16ef65a659e66f3d238b7a9c1

          SHA256

          60ec84435b747d6b35306a1413e55a6c15497edbed4eddb57256f8d80f5a4589

          SHA512

          858c0a843ba591a02468b3b6b1e9861730386a281e6ab3efff8c2df40eb9c5ebd8e8d1fbba3130d80fd70c82ec9e0bebb33ff96108669418494a9023f669c4d7

        • C:\Users\Admin\AppData\Local\Temp\nskAD73.tmp

          Filesize

          930B

          MD5

          0fdaf71523dd185826b645d96f38f228

          SHA1

          2430e0c5a5eabfa6f4ff7c2cedef1dbb5f7a5007

          SHA256

          d953d65607c14a08b55fe11a34f60a0a52ecddb033395c0b242ea1ec903f1dbd

          SHA512

          b77cab62649811a24fe947082e3685ff9449e2e00adf96f36b755c6c4f7e4f00e5638a9218ef04cb708fc87c2df48475154f6142fc2357ac00c9355d5009564c

        • C:\Users\Admin\AppData\Local\Temp\nslAE63.tmp

          Filesize

          236B

          MD5

          af828808d1c8c4d5f536bd4a6df05d40

          SHA1

          97c3d1e01d014c0de231daa3c8a71cc1d9d55843

          SHA256

          8949502547c82181d738464b861b9f05fd68fbc6f9a3c98c02d83300bc7b77b3

          SHA512

          4b86a9afa666e7defe6660131ca01bf11d783909ff8c38e0b0709f6a357901465f770c42af5ae836443151451832fa1a99b7003f030377b2e48be573b40dbcba

        • C:\Users\Admin\AppData\Local\Temp\nslAE64.tmp

          Filesize

          291B

          MD5

          fe9e149194d01396d7278cc9be37c78a

          SHA1

          9ce2f00f172472a94dc547368fe76424d7ac910f

          SHA256

          9424d3dc2828ca81c0bccae3337765408f3a9485672cd4694bb63eb1d82dc09d

          SHA512

          d852af9a48a2e9d55155aa2623ae01de75dd1cc746e5682a810a639457dbc56ab6ba72955591cc4d3c26fd776a7cb20966f6e5e35bf8a384536b0536231477d7

        • C:\Users\Admin\AppData\Local\Temp\nslAEB7.tmp

          Filesize

          575B

          MD5

          767e3b374afdf6f04e6af7c1abf97615

          SHA1

          b318afb57ee2433636110c65e80ee8c85cc72902

          SHA256

          43cd90b1b564eb61dbffaeecdff99de41d182871f54ccb704c6eb462723e76bf

          SHA512

          fb846bf29d6748fae64c58d466a6e78eabf4089459a585f555d0f8e225f39cb9ae293e61058fa29440ea4f325add85cb2862ea7b136fce35d803fd95de5e3f4d

        • C:\Users\Admin\AppData\Local\Temp\nspACA1.tmp

          Filesize

          541B

          MD5

          34227ab3c120cce0e23986c0be1a5e20

          SHA1

          9280847ddd2e43d3ecb8bf49bf7417a1ccd0128d

          SHA256

          c66e1119adb0fe1d2148267d6665f99c51e2658e6c7b58aa3abae1ca9f7c5ef8

          SHA512

          797f00e958f0b349467a49cd0870cb8f74dd2c82be1790db127a14d44af207c35164347f1cfcddb917d54f3de33ff30970212884161aeec6bc234035322e9dda

        • C:\Users\Admin\AppData\Local\Temp\nsqAD43.tmp

          Filesize

          825B

          MD5

          5fc5e0cedb0607d6ae43d555cba5c565

          SHA1

          22a34678571d8d1b557981109e659bf9e309a587

          SHA256

          283fe0438a73aff5aab5fbe45935ea75f4d65abaa0fff4da8d1e4f68769d788a

          SHA512

          2f42d10062f33576c88bc0d034b3e96757d099218bf5e8e373b31f373806b651aa8295eee37e2652233a8a4518c6d39e3c0349fd467eb6b2601c526a2a74efaa

        • C:\Users\Admin\AppData\Local\Temp\nsvACC2.tmp

          Filesize

          597B

          MD5

          7666b4e27fca92fcbd6d8b646bced072

          SHA1

          b61ca2c3d1b848cc608041f9addae4622d6f7304

          SHA256

          32090b3df38f32d14c5cfc7bbdab40133e18d4a4ad50165a380472b861419aab

          SHA512

          444bf1870cf5e9ab1105c1ce2ea32aa27d63fd0a60869a55b2e63634614724fbdc282236238cdb0c132678ea6019c04fa6cc3909cf386fe7c5b7b01173cfc21b

        • C:\Users\Admin\AppData\Local\Temp\nsvAD63.tmp

          Filesize

          878B

          MD5

          a33636f226a5e452873262dee2bae93b

          SHA1

          548df3a646f6bd2739072a3e8152fc0a1e73ba89

          SHA256

          1524a620f68f97e8faf164e67d11f2577fe3c3baa1b7bfad00755d31c94f4c92

          SHA512

          5f062df1663d9d6449888b72ba04c0dd3128a7471866685f44314e8f21acb9db89e5ba8cabc08f4f237afc8f743bf98c48895424137b5b2dac603cd589ec3a7c

        • C:\Users\Admin\AppData\Local\Temp\nsvADB3.tmp

          Filesize

          980B

          MD5

          f9d6132687453a099f775a5e20691ac7

          SHA1

          fa4e942c42e3b153ae3803c92c671ea0acce5e60

          SHA256

          01367dfb4b1c1961dbe774021a99a9d9b996c3674332c06e81f8ae012db4c83d

          SHA512

          cf39ed42c840ffbce86a24c0af182bb161b1d0e08b9c12a02249c84dc5707a052417f5127b2a4b4d20614506b2802351282e72a1c4246ef4d9f240600ee961cd

        • C:\Users\Admin\AppData\Local\Temp\nsvAE52.tmp

          Filesize

          181B

          MD5

          c011ce07ecb3ec3ceb40fdd2eb119ecc

          SHA1

          8fdeb213b32c3e106a8b67fffb73e8b5f36825de

          SHA256

          7e928b374168d26e8fb1d8de0446f39e2a8819bd45adf8438f33905abc3e0ac9

          SHA512

          651210af6018d33f1270f70f8e5748af0533e53b9d8493afcf7b04d6cf738978696bfe38b168f427faa8d6ad49ced8435cd3b9c36b8c9fdc79bfe01838f936cb

        • C:\Users\Admin\AppData\Local\Temp\nsvAEF8.tmp

          Filesize

          730B

          MD5

          c132e50cc6ef7002fcee0af35aec77f7

          SHA1

          bdc0cb008af834ce11edd3fdca7e355d71e4aad1

          SHA256

          b1f8da0121251484548cc04d1d7e7999bb8b4ea7d3ccf0f87c05f6e73bb343fb

          SHA512

          80db7cce46ca22f85b63a499ffdeda4d3ab8298607fcfd3efb97f60893f6b9caf229e1fe1ef2b04828c9afb3c739ea485e88f8f7c491794d80c2af73fbbdb17e

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5keoqj3l.Admin\user.js

          Filesize

          774B

          MD5

          2eb180196b9ec606e062e1578e6156f2

          SHA1

          cb181f316e19a5365d11f4edfd06fb9d1066e857

          SHA256

          ce4089ec286eeb9b24e8d2edaeb11871349d20ab5550c8d516a2e4a2fccb64e8

          SHA512

          84ac6f35a5d70ae92052fb805b26ac8e7068e01e1be6217c57810b8e8b5dd01af47a7ef6729fe8f4ecf841b994e2a9457fb1be669416d7945f6e2702d80a3c6d

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\user.js

          Filesize

          469B

          MD5

          b7719b12bca6853612bb027eefaf105e

          SHA1

          ac6f83cae49df601e8d7d1545c109042498c07c3

          SHA256

          a6bf5e40ed427dfa9d609903a0914b6505fb2077f1f97bebfc485550e69000eb

          SHA512

          d24142222fcbb4365f52ae621b3f60d9033a97077a3fb0c71148d65630f2c4cc2da71bd971bdb77e8df2295c591a5355847a6755172c645b287ac27f672a8405

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\user.js

          Filesize

          628B

          MD5

          c07c908fd44e934fdad54992c0bb1758

          SHA1

          e5d115570c75459c0dafd410a06f1551b7f0ec72

          SHA256

          476fc3e9c3787d6dd2ea3fac4b00c516915b44c9d0e6b4309b6b2c18f174241c

          SHA512

          6206a75e9ba2e66611753118d19d601b41243b2108a1e2d13d5333226785018a30a17cee73fc9d0f4535dc13e109ef6cb173af937e2cffb1a89cd97a48f20d3a