Overview
overview
7Static
static
7JaffaCakes...c3.exe
windows7-x64
7JaffaCakes...c3.exe
windows10-2004-x64
7$LOCALAPPD...ds.exe
windows7-x64
7$LOCALAPPD...ds.exe
windows10-2004-x64
7$PLUGINSDI...Ex.dll
windows7-x64
3$PLUGINSDI...Ex.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...ad.dll
windows7-x64
3$PLUGINSDI...ad.dll
windows10-2004-x64
3$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...es.dll
windows7-x64
3$PLUGINSDI...es.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/Time.dll
windows7-x64
3$PLUGINSDIR/Time.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...ef.dll
windows7-x64
3$PLUGINSDI...ef.dll
windows10-2004-x64
3$PLUGINSDIR/mt.dll
windows7-x64
3$PLUGINSDIR/mt.dll
windows10-2004-x64
3$PLUGINSDI...os.dll
windows7-x64
3$PLUGINSDI...os.dll
windows10-2004-x64
3FM4ffx.exe
windows7-x64
7FM4ffx.exe
windows10-2004-x64
7$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3Analysis
-
max time kernel
122s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
15/01/2025, 16:27
Behavioral task
behavioral1
Sample
JaffaCakes118_5c2e217e59694b6e78542bec4c2599c3.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_5c2e217e59694b6e78542bec4c2599c3.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$LOCALAPPDATA/funmoods.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$LOCALAPPDATA/funmoods.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/ExtractDLLEx.dll
Resource
win7-20241023-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/ExtractDLLEx.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/IEFunctions.dll
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/IEFunctions.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/InetLoad.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/InetLoad.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240729-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/Processes.dll
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/Processes.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/Time.dll
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/Time.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/chrmPref.dll
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/chrmPref.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/mt.dll
Resource
win7-20240729-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/mt.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/nsisos.dll
Resource
win7-20241010-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/nsisos.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
FM4ffx.exe
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
FM4ffx.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
General
-
Target
FM4ffx.exe
-
Size
319KB
-
MD5
fe768a6b82ed2a59c58254eae67b8cf9
-
SHA1
3dad9bf5011fb73b9be2fe6c601bb6281a3ceaf6
-
SHA256
3ac3c700060a0487060724f3fd22faf70d5f633e69401641964d7ba4d6e6e570
-
SHA512
3d8caadc61ea127bd0e3d01f35274a2ebfa34a0ac12b0932988300d011347f74a09c2bf3c85e58bfbe5200288c6e6f100b4f08916d23e56d7b52a70130aad14b
-
SSDEEP
6144:Ve34G2ct7JdUwA2UL4iCPfAHfWpR+0BmiBEaiXLoyX:Et9BHjAupYMmyk7R
Malware Config
Signatures
-
Loads dropped DLL 64 IoCs
pid Process 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe 2672 FM4ffx.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language FM4ffx.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
486B
MD5f6f7e1be45a915b165ab339bb7bca7b6
SHA1815b6e16edef665be275e920be402cb2dc5865ce
SHA256ff2f04a05c44fac34725ad01e841dfa53431a78c37f8752840544f74a414b962
SHA5128740fcf76eea3b9ac250986403b2d1f964f47479f433e5493488626da77e3d21c1bf5c60bfda198b3caf98acbd69892dfc9fa6c8920b0e41da22a00ccbe5548f
-
Filesize
291B
MD504632320e0595ae4d44f0ff5156b95e3
SHA1427402b5b433fb2ef7ab87b8b30879e60be432e3
SHA256a9c0458480463466a806b23434762121a8cba6fa0a94f7983d6713187025b019
SHA512a2bb04ec6ab57f0417218ea6451ae12eabad44a730fc00424c03f0157aceb3a04a0f5d38cd8cd858b12fa9493d10fbdb95379baa69bd5a075f10f0e605d717ab
-
Filesize
347B
MD579854ea61c9d5871c55a46a11a6f5a78
SHA1b11cfa6b47940098b175b7073e9a3d1bfafa1806
SHA2563e44293a04485f074b612ef946c2cb638187c4251cb2e3336018fb8f1f8d143b
SHA5129214be83d0cab9d768bdb923ba46cb6e23bc4f9d72ba6bb69b9b284e06a2ea87b941a739294396c4fa6915505aa10fe77239d64f419bfeaa26af993771529c02
-
Filesize
355B
MD5aa942cbf080fbb2237e6897523515ce5
SHA14a432578611a39f2626a0967b89febcd4c629892
SHA25642fe6aede59d0b4629f96288d1ab22008aca8576815f9d70fdb91810e2fed48c
SHA512ca4265c36c946f1e8c7abbff7535e3db2885c57209d7d32562e0fe399a2b17dfe95aa47956f87bb181ffe7cb71481861dbbf8423aacbd0faba354eebea78d3db
-
Filesize
524B
MD58fbf7eaedcecaf949d8985bfe6a796a7
SHA12597d17f5a98b7ea1d14db975f4530af5547439e
SHA256ee364b124961f4f8a2db92a6640074ef1772fd136011740f19a096f29365194e
SHA512cf119431d2cc77cebf4695198ea8cd9521b8711dd79c5667c2ad673919453b5d3c6ae8e0c38a5c7ff862e47b982163dbb81a7750d277cdbcda371335b1fafad8
-
Filesize
181B
MD5148af7213ebe450c968951c82d056afd
SHA1c303fcc489b69cddda1117e377fb00a683a89bdb
SHA2568184d5e34791ebca9bed0b6803f6c9b7d363d0bbed9f523786331994cc4a6273
SHA5125e8d6f2cc0e4a65c33910aa6b8a50aad66fb17dbfe859150cb9c1a6f208629cc17f0deeba293582e634908bad520cb6830c30b40e6b3f80aad90995c82269fb9
-
Filesize
236B
MD5465a924d145465f66a17f684ebbebcef
SHA193123d7afbb2297639f2dec77653ece20a64328e
SHA256da5bc2be19585466c0690226fcdd41f76b2c362064725aa6a5c46cfff0bd43e9
SHA5120235eccca7f878d855d4cde8ce31d31fb14e77309f9fd7b5963ae7c669512323ab193385015c4261ca266c3b554ff07f69c99ef8da729f6df73102facc5e5735
-
Filesize
719B
MD5590925dd055701af14d25d54274dadb6
SHA17271808f30fdcfa992bfb9f8f3a37920777ed7cc
SHA256e2ccc636f98b2518ce85ff25e364622834e23ac5457886d789f6303431593976
SHA5123762f37edb00e9fd577f1568d7bf0a2489fa7adf28b77452252d1fbe7508973d9b50e7782e71590379110498a074d36bc73cd9fc71f8f4ee3c3484f3927ec730
-
Filesize
412B
MD5dcfd19024c9f5bc643c8fcd3476d8d27
SHA1f358d2bb12b9937d34197eabd5a3fbc2f06bd363
SHA25692e1fd2f13f113318784099b5e7a9b8978d2923e9d2e52afbd33d990919f449e
SHA512094413d325cb37d86bc0f30399d126a0fb08771c1d9f417251d0db5c0dd0403a4a364c49cb1043b1ea19d89b1ed8c9aa6129bd2cdb264bf45cadf2eeabf313d2
-
Filesize
431B
MD52c207074a2165287ec765ee36803805c
SHA1a036597fb0c7daf298221e59293bee7a8b600006
SHA256bc0dcdbec44211df1802a6cd88c591b7eb0dc150ebee55cec630fc2a48e2fabe
SHA51211a57a63b8d76eee22a2cb6e6950229db884707c0266bc98a26243b1a3bd07440398bdf1e82c740a10784a03c37e5c29b94a3fa057c87f0b7935713266f3428b
-
Filesize
597B
MD5a0f8a2511cff5220f0ca3eb97f0f29d1
SHA18a6cfd6f73a1b370c558af5892bd9b759f8c4366
SHA256021d6fea3f7bb157d795a9091c48925b259ab6d5a993a5963a656fb6908df08f
SHA51297d48b19b98df909f0a3d53e18545541e4e6049e88d4d9063f4a2eebbea5167a87e52752e5b551b14d933171dcaa41743fbf0ee3d8d11116ebcf1e0a33411251
-
Filesize
105B
MD5d66b7c36887a3a1f869cd8b637cc43b6
SHA12e7ad1e83bbe8ae41a119efcaaede2bc82e9d8db
SHA256d7516cb11c81e5ef2e0c7cffa7175c3a7f36f945e788a27024fdc79443fdda45
SHA512155ba55e437c52f3f53d27750fb8365f3489c08a00a8a842610d9d2687aaa067add493273caf5b49fe4bff39eca917eb3f4b4bcb58537119b3ce82e3ed40ceb8
-
Filesize
575B
MD585ee0f54d3325a7fe27772052212b8a4
SHA1099c2fcf04bdc630328f5872f1fff871f264cdaf
SHA256b75df3c978cc919d04dd76ad8c7cf814ec395784c4d907b80fd97907973d709e
SHA512a2a89c43bc6358e9b7f619a94d13b5f3f22fa08a87b90c5799f76ae9f265df06923325b855fdd9171524f0019242c917e16dd3f0a4828befb3dfcf886b18ff9a
-
Filesize
662B
MD5c005c599d9ac296d54dc1c705d512b5e
SHA156b2fa6cf04f24d41989c9f36ee2ee515b7cf0fa
SHA256bf06c8e1ad22fce094184ad02a0a29caaff7cfdbc80dddd4ea7ae9a56ccfc4f4
SHA51230c3618c040d131ae9b6d08bddad9f6a924673deafcaf5c088285d775f2672585ca21113fe099a4d6e9cd56c9c9721b148c86eb47f530c04371c7734343c0932
-
Filesize
878B
MD5813e483acc24814e2a88b2f7dfafd7f3
SHA1c34df0a4f83ba93293e9766914fd5800c15ca2b1
SHA256127d5fe94bf870d8f73b668c4587b5205b75202a8ad64202d82b8a89ce644d1f
SHA512b39f666237727917b74987dbe7b0f781a1635774ad5896ca2a40639e2a42d9280231132127b6535e98452e414afd267bd229276573d0c5fa1c1835060d307ce4
-
Filesize
1KB
MD500766852102bf99cb64e29f9b120587d
SHA1b46aa035f333c703df93201146ebbf25e29e49d3
SHA2562290b87dbdbcf4bd95843e12eaefcfbe556dda8be68e0fd0cf410035a61e10f2
SHA5124ab0ec3cb66e77a2490d5c7cc05f95952e33b8942962e50c60755d5dc2b35f66fca671767ad6f9b25cd71d0cc594803895bec916ef36e809f4409a70f2b461e3
-
Filesize
680B
MD59b8260445ffe58faedec3f99f71a5b42
SHA12ad99a3b1fb22066373711cf2859a646e07e0d43
SHA256111788ee32321ecb67126c9b41a51c23263d045b2b0f689fd06e4b006efe1c99
SHA5121bd4b131e4ff000263b98e3615cf62caf0ce8719cbbcb6a29d728dbb6884a7bcba910c10094fa5c8ec0febbf3f140e7d2646ef4efd6b5096c7739b0030a26397
-
Filesize
779B
MD5bd290d588ebd4432ab4540fb7516f2cc
SHA16b760218cfb2acb176f90d7c1afafb244a913b55
SHA256cd04c71476d22621e768311d823c3f18b0340d58677b6a09cea98f04955ad148
SHA512351eff3d925442e0a5f5cc0f47e8df67ba46a36d9be587c6939c7d529f4be7c4799418d688ae674e1874537bca2aaa08d0e790280574bfe777b20f3454cc2a36
-
Filesize
11KB
MD5c17103ae9072a06da581dec998343fc1
SHA1b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
SHA256dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
SHA512d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
Filesize
10KB
MD538977533750fe69979b2c2ac801f96e6
SHA174643c30cda909e649722ed0c7f267903558e92a
SHA256b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35
SHA512e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53
-
Filesize
5KB
MD5aac69f856c4540edd4ef7ce6c8571639
SHA12860f55ea9774d631219e66604051e90a43258b7
SHA2566dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd
SHA512ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd
-
Filesize
5KB
MD569806691d649ef1c8703fd9e29231d44
SHA1e2193fcf5b4863605eec2a5eb17bf84c7ac00166
SHA256ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6
SHA5125e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb