Overview
overview
7Static
static
7JaffaCakes...c0.exe
windows7-x64
7JaffaCakes...c0.exe
windows10-2004-x64
7$LOCALAPPD...ds.exe
windows7-x64
7$LOCALAPPD...ds.exe
windows10-2004-x64
7$PLUGINSDI...Ex.dll
windows7-x64
3$PLUGINSDI...Ex.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...ad.dll
windows7-x64
3$PLUGINSDI...ad.dll
windows10-2004-x64
3$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...es.dll
windows7-x64
3$PLUGINSDI...es.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/Time.dll
windows7-x64
3$PLUGINSDIR/Time.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...ef.dll
windows7-x64
3$PLUGINSDI...ef.dll
windows10-2004-x64
3$PLUGINSDIR/mt.dll
windows7-x64
3$PLUGINSDIR/mt.dll
windows10-2004-x64
3$PLUGINSDI...os.dll
windows7-x64
3$PLUGINSDI...os.dll
windows10-2004-x64
3FM4ffx.exe
windows7-x64
7FM4ffx.exe
windows10-2004-x64
7$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3Analysis
-
max time kernel
93s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
15/01/2025, 16:42
Behavioral task
behavioral1
Sample
JaffaCakes118_5c7f6d6e11f4eb14a890fd8084669bc0.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_5c7f6d6e11f4eb14a890fd8084669bc0.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$LOCALAPPDATA/funmoods.exe
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
$LOCALAPPDATA/funmoods.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/ExtractDLLEx.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/ExtractDLLEx.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/IEFunctions.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/IEFunctions.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/InetLoad.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/InetLoad.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/Processes.dll
Resource
win7-20240729-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/Processes.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/System.dll
Resource
win7-20241010-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/Time.dll
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/Time.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/chrmPref.dll
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/chrmPref.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/mt.dll
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/mt.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/nsisos.dll
Resource
win7-20240729-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/nsisos.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
FM4ffx.exe
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
FM4ffx.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240729-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
General
-
Target
FM4ffx.exe
-
Size
314KB
-
MD5
a6ea8baf987c05383013259a3a96b221
-
SHA1
dc1f3df6abd8b9fa1a3d364e9021cd5f62590f9f
-
SHA256
d978712e92d634c150493e35f7dab39483559350914c1a302c0b2c0aaf1c47a3
-
SHA512
0e6200677efff5a9e2babd8ebac1aba3c32a1f4de0251ba2036b6bd0996170777de40ba5df6e933e0b89fbdf8cc4709d09cd077016c83018d9e338a37b63b277
-
SSDEEP
6144:He34G2cYkBUQf/5yT2x/lN4VOejFepSBmiBmXOf4b2EDGwyo:WY6fRym/lNcjFeMmymXOAK2
Malware Config
Signatures
-
Loads dropped DLL 64 IoCs
pid Process 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe 3988 FM4ffx.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language FM4ffx.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD5c17103ae9072a06da581dec998343fc1
SHA1b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
SHA256dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
SHA512d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
Filesize
10KB
MD538977533750fe69979b2c2ac801f96e6
SHA174643c30cda909e649722ed0c7f267903558e92a
SHA256b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35
SHA512e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53
-
Filesize
5KB
MD5aac69f856c4540edd4ef7ce6c8571639
SHA12860f55ea9774d631219e66604051e90a43258b7
SHA2566dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd
SHA512ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd
-
Filesize
5KB
MD569806691d649ef1c8703fd9e29231d44
SHA1e2193fcf5b4863605eec2a5eb17bf84c7ac00166
SHA256ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6
SHA5125e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb
-
Filesize
927B
MD500cde1e35bb43209dbf11535b85befb3
SHA1fc212ff04843e39251936687c983e3a0af071cc1
SHA2564010a5883766767cb6cda9f848b73b84be11d04ecedb56625197ea5b29946c2d
SHA512afc97d8633d0471af09ff08faf409f816486ce5a2c92fcb84028549bfa59c6a67f67ea0bad0768991adf71a039b91b2920c49e7c164be06c8c73a28facf3b8d6
-
Filesize
595B
MD52de28ef8b3d759f950370e8134cf2e7d
SHA1cf4eda85b5e6572111f22b9519eb3ad594692cde
SHA256a26b1f4385db29fba580e1940cae74adb6602b8cba9dda01effdd642b0653d4b
SHA512bafef113f3923564b01ad68dc4e8f2e6c7e3a66296597366df095f70f08f5ce52407af3e01675cc1683fcb515e7001051457aaeacc247ad311bee5856d9b895f
-
Filesize
409B
MD520b13e7769da09ba85544d16badb33c5
SHA19b357c2d38819c7eb0d4c8ef4752e3d928fc3365
SHA2567f37a66031f82f15bb9a6a93837084f807226a4956afdd6d3904f295477bebc9
SHA51271c3059b748b627a1cdca6c787c4ad78a327ea04f16d2de36c445dfe958e9456539ced6b191de3fd7be8a7b0fd245462c08daadcd8abfd2da749460579cfcc75
-
Filesize
466B
MD520d26fdcdff73e5cb3578f7f095f8ab1
SHA1d847ecd56650d8e5f838c104e3ef9ea427cb8eb7
SHA256fe1fe0598a990c4b7773995924d36ac5190e144c3e0b107698e52461472a5dda
SHA512e05e7590a4761ffbf3f2c23baabb2fc86a4f71af9138aa563044ffacd10e9acd1157783bebe85c15621544756af74aa4d08f740314a4b05d9be121705b36190b
-
Filesize
771B
MD534b29f2d0a7c2e3768a01533cbae5c76
SHA18a9cdb55e37f9cc808d61f762063ff334a339585
SHA256458b17e77d4f24873b79ce4628e746293957a8f84fdaaa07ea9059f5a174834b
SHA512283fe691ffbeec4c1fe63cf2fbd4fcd656419164377e5e79b2928f9bdc3917ad8c556e453ba474a70204cbd84142e216c2fb547b145e5ae66c19a33117273428
-
Filesize
875B
MD55412291475c07d2cac1775668394ec23
SHA108eebedb08c0a80bc569bc888a1aae364778def0
SHA256e81338668467d2b799a98e675dfc7f65bad0e39aa2b67f006c8d439037062020
SHA512d71ec044adf742f737851fd879fe55c89e189772cc7e19d89d490133987a6fd41236662504f8c6340564d7cccf84feeaf40832e491128db19a7b751044ebf5a8
-
Filesize
776B
MD5fdd1845348e840238f31593a686c4bd8
SHA1ad3ca8fd93eabae9baa026f4ec7a49d54093042a
SHA2569acf25b45b0a49ac00f2d219acb8f90b1f4377ae14da664ce0d1804c8a287d25
SHA512149f4da55c56e5724a8dae58459ae890327fc802d9682573cd823082af9bc1a44e86608afacec6af471a4bd841157db7123da4e8f0702031bfdb537f5a052512
-
Filesize
822B
MD5a5038c4f872a3951ab4bb0b07b75d960
SHA17f7fd2b186bb08d76af672ff310c39b7779e9230
SHA256a7045fae6a1852677f1ccdb565dadab0b6247a05db376dd2e66689a6bc466a05
SHA512d36802b7015cf489557fb9dd35d3d2d361c656d64fe89c805f5cb80cd8d03c947d50ead9822a6e1aa3e1809e59e420ca339c0e4f8b3eb53e21bdc71a3f822ddb
-
Filesize
659B
MD574adfd017bca6c359bc4050838d36806
SHA12f094be470a8fd5957a068c1babce8e52a7abcb8
SHA25680fe442b9ba6d7f130ef38b3db1383770f069f6e5af902b7c87e9aa611ff28fa
SHA512f8d09dccb26ec7538c287b4d50f9f55912c0d8e847b470a1ba42eab056abe120a87b06e9eb3f1dbbceed54e109bbf48024f14e6485a606a20f26652ef1ddd59f
-
Filesize
716B
MD51339374958e20825f4fa16f8f331abb8
SHA1e28472b0478e6c2ba3e72172b34f8981a3f87c33
SHA256918ebacfe518b4b270456a0f2f6d4e750d5f2aab1c67fa9ea5d90f1ef9923396
SHA5123d93daad8f8756886e54c0989cec55573f90a861eca8d89464e9efc86d1669189ac15f02f30c5fa54f097061704afb3dfd89a90017567f4675b883daa555d780
-
Filesize
1KB
MD503189589f99d48b8ac332d294c221733
SHA1a89140e9dd25b45b350e9502159c3a494f8bb682
SHA25612592c432692824efa59b723287d9f84b7d04ad7b3a3ee1b75b49ad79f731295
SHA512a529e3a4648cac36c5714ede8371ff5047f8bc86a94769415df079c3af19c9c5e7bf3b43e75165a3c605f4077704c41c5ebf61fab095af015cd00191f0304eec
-
Filesize
572B
MD5d5a18c9ce336b38715ec1701f2ced1aa
SHA1b8b9a6d039c74f0c4df25cb68de7529645705e8e
SHA256ecba2ffb3cd011090e044db47f6df2a075a6ec294cafc6fb4a2bccaecbd8abcc
SHA512691e875ff157851b0f005ad8ab0547ed28d5e6a79bebce4f78b5e10a9f36b7a8e1813dd624542cc9bc5bdc05fc8cb43eed87c8e7c716538e2853c9471703e603
-
Filesize
677B
MD56509e18ec8a949726ba51c78388e0949
SHA1ad798a569543d5932f52dae621637f7c97990e46
SHA2562a11caf1795c15a83f640af3abe5de1eebee47442dfab949cc3750d91e6cfd61
SHA5124a7d20fa054b792a25e61ba03f8ec21af7308e4b9f98314cfb99fcce4a293c3b3ad6fa7eb6d40c587d1374b91170ab4347d9346055e85416b9380c8903d46e8a
-
Filesize
345B
MD562b99b24c526eb931f669cfb4f154bdf
SHA163d795bb606c761365addd64caaf86228039f1ba
SHA25696ac5c54efc35ba78eef700530edb37731f5e392eb7426eefd13e546ff139a6c
SHA512207e4c503e1dc403136fca6630cf0c2ea7a898a75a8e6422ff6ae42c5e0f1bbeeaddbf93c52629c4bc378ab8e9ec3657e333d0c44cbf60dfb24e5d82ac9375a8