Analysis

  • max time kernel
    122s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    15/01/2025, 16:27

General

  • Target

    FM4ffx.exe

  • Size

    319KB

  • MD5

    fe768a6b82ed2a59c58254eae67b8cf9

  • SHA1

    3dad9bf5011fb73b9be2fe6c601bb6281a3ceaf6

  • SHA256

    3ac3c700060a0487060724f3fd22faf70d5f633e69401641964d7ba4d6e6e570

  • SHA512

    3d8caadc61ea127bd0e3d01f35274a2ebfa34a0ac12b0932988300d011347f74a09c2bf3c85e58bfbe5200288c6e6f100b4f08916d23e56d7b52a70130aad14b

  • SSDEEP

    6144:Ve34G2ct7JdUwA2UL4iCPfAHfWpR+0BmiBEaiXLoyX:Et9BHjAupYMmyk7R

Malware Config

Signatures

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe
    "C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:2672

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nsd7766.tmp

          Filesize

          486B

          MD5

          f6f7e1be45a915b165ab339bb7bca7b6

          SHA1

          815b6e16edef665be275e920be402cb2dc5865ce

          SHA256

          ff2f04a05c44fac34725ad01e841dfa53431a78c37f8752840544f74a414b962

          SHA512

          8740fcf76eea3b9ac250986403b2d1f964f47479f433e5493488626da77e3d21c1bf5c60bfda198b3caf98acbd69892dfc9fa6c8920b0e41da22a00ccbe5548f

        • C:\Users\Admin\AppData\Local\Temp\nsd78AC.tmp

          Filesize

          291B

          MD5

          04632320e0595ae4d44f0ff5156b95e3

          SHA1

          427402b5b433fb2ef7ab87b8b30879e60be432e3

          SHA256

          a9c0458480463466a806b23434762121a8cba6fa0a94f7983d6713187025b019

          SHA512

          a2bb04ec6ab57f0417218ea6451ae12eabad44a730fc00424c03f0157aceb3a04a0f5d38cd8cd858b12fa9493d10fbdb95379baa69bd5a075f10f0e605d717ab

        • C:\Users\Admin\AppData\Local\Temp\nsd78AD.tmp

          Filesize

          347B

          MD5

          79854ea61c9d5871c55a46a11a6f5a78

          SHA1

          b11cfa6b47940098b175b7073e9a3d1bfafa1806

          SHA256

          3e44293a04485f074b612ef946c2cb638187c4251cb2e3336018fb8f1f8d143b

          SHA512

          9214be83d0cab9d768bdb923ba46cb6e23bc4f9d72ba6bb69b9b284e06a2ea87b941a739294396c4fa6915505aa10fe77239d64f419bfeaa26af993771529c02

        • C:\Users\Admin\AppData\Local\Temp\nsj7736.tmp

          Filesize

          355B

          MD5

          aa942cbf080fbb2237e6897523515ce5

          SHA1

          4a432578611a39f2626a0967b89febcd4c629892

          SHA256

          42fe6aede59d0b4629f96288d1ab22008aca8576815f9d70fdb91810e2fed48c

          SHA512

          ca4265c36c946f1e8c7abbff7535e3db2885c57209d7d32562e0fe399a2b17dfe95aa47956f87bb181ffe7cb71481861dbbf8423aacbd0faba354eebea78d3db

        • C:\Users\Admin\AppData\Local\Temp\nsj78D0.tmp

          Filesize

          524B

          MD5

          8fbf7eaedcecaf949d8985bfe6a796a7

          SHA1

          2597d17f5a98b7ea1d14db975f4530af5547439e

          SHA256

          ee364b124961f4f8a2db92a6640074ef1772fd136011740f19a096f29365194e

          SHA512

          cf119431d2cc77cebf4695198ea8cd9521b8711dd79c5667c2ad673919453b5d3c6ae8e0c38a5c7ff862e47b982163dbb81a7750d277cdbcda371335b1fafad8

        • C:\Users\Admin\AppData\Local\Temp\nso789B.tmp

          Filesize

          181B

          MD5

          148af7213ebe450c968951c82d056afd

          SHA1

          c303fcc489b69cddda1117e377fb00a683a89bdb

          SHA256

          8184d5e34791ebca9bed0b6803f6c9b7d363d0bbed9f523786331994cc4a6273

          SHA512

          5e8d6f2cc0e4a65c33910aa6b8a50aad66fb17dbfe859150cb9c1a6f208629cc17f0deeba293582e634908bad520cb6830c30b40e6b3f80aad90995c82269fb9

        • C:\Users\Admin\AppData\Local\Temp\nso789C.tmp

          Filesize

          236B

          MD5

          465a924d145465f66a17f684ebbebcef

          SHA1

          93123d7afbb2297639f2dec77653ece20a64328e

          SHA256

          da5bc2be19585466c0690226fcdd41f76b2c362064725aa6a5c46cfff0bd43e9

          SHA512

          0235eccca7f878d855d4cde8ce31d31fb14e77309f9fd7b5963ae7c669512323ab193385015c4261ca266c3b554ff07f69c99ef8da729f6df73102facc5e5735

        • C:\Users\Admin\AppData\Local\Temp\nst77C8.tmp

          Filesize

          719B

          MD5

          590925dd055701af14d25d54274dadb6

          SHA1

          7271808f30fdcfa992bfb9f8f3a37920777ed7cc

          SHA256

          e2ccc636f98b2518ce85ff25e364622834e23ac5457886d789f6303431593976

          SHA512

          3762f37edb00e9fd577f1568d7bf0a2489fa7adf28b77452252d1fbe7508973d9b50e7782e71590379110498a074d36bc73cd9fc71f8f4ee3c3484f3927ec730

        • C:\Users\Admin\AppData\Local\Temp\nst78BE.tmp

          Filesize

          412B

          MD5

          dcfd19024c9f5bc643c8fcd3476d8d27

          SHA1

          f358d2bb12b9937d34197eabd5a3fbc2f06bd363

          SHA256

          92e1fd2f13f113318784099b5e7a9b8978d2923e9d2e52afbd33d990919f449e

          SHA512

          094413d325cb37d86bc0f30399d126a0fb08771c1d9f417251d0db5c0dd0403a4a364c49cb1043b1ea19d89b1ed8c9aa6129bd2cdb264bf45cadf2eeabf313d2

        • C:\Users\Admin\AppData\Local\Temp\nsy7746.tmp

          Filesize

          431B

          MD5

          2c207074a2165287ec765ee36803805c

          SHA1

          a036597fb0c7daf298221e59293bee7a8b600006

          SHA256

          bc0dcdbec44211df1802a6cd88c591b7eb0dc150ebee55cec630fc2a48e2fabe

          SHA512

          11a57a63b8d76eee22a2cb6e6950229db884707c0266bc98a26243b1a3bd07440398bdf1e82c740a10784a03c37e5c29b94a3fa057c87f0b7935713266f3428b

        • C:\Users\Admin\AppData\Local\Temp\nsy7797.tmp

          Filesize

          597B

          MD5

          a0f8a2511cff5220f0ca3eb97f0f29d1

          SHA1

          8a6cfd6f73a1b370c558af5892bd9b759f8c4366

          SHA256

          021d6fea3f7bb157d795a9091c48925b259ab6d5a993a5963a656fb6908df08f

          SHA512

          97d48b19b98df909f0a3d53e18545541e4e6049e88d4d9063f4a2eebbea5167a87e52752e5b551b14d933171dcaa41743fbf0ee3d8d11116ebcf1e0a33411251

        • C:\Users\Admin\AppData\Local\Temp\nsy788A.tmp

          Filesize

          105B

          MD5

          d66b7c36887a3a1f869cd8b637cc43b6

          SHA1

          2e7ad1e83bbe8ae41a119efcaaede2bc82e9d8db

          SHA256

          d7516cb11c81e5ef2e0c7cffa7175c3a7f36f945e788a27024fdc79443fdda45

          SHA512

          155ba55e437c52f3f53d27750fb8365f3489c08a00a8a842610d9d2687aaa067add493273caf5b49fe4bff39eca917eb3f4b4bcb58537119b3ce82e3ed40ceb8

        • C:\Users\Admin\AppData\Local\Temp\nsy78E0.tmp

          Filesize

          575B

          MD5

          85ee0f54d3325a7fe27772052212b8a4

          SHA1

          099c2fcf04bdc630328f5872f1fff871f264cdaf

          SHA256

          b75df3c978cc919d04dd76ad8c7cf814ec395784c4d907b80fd97907973d709e

          SHA512

          a2a89c43bc6358e9b7f619a94d13b5f3f22fa08a87b90c5799f76ae9f265df06923325b855fdd9171524f0019242c917e16dd3f0a4828befb3dfcf886b18ff9a

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.Admin\user.js

          Filesize

          662B

          MD5

          c005c599d9ac296d54dc1c705d512b5e

          SHA1

          56b2fa6cf04f24d41989c9f36ee2ee515b7cf0fa

          SHA256

          bf06c8e1ad22fce094184ad02a0a29caaff7cfdbc80dddd4ea7ae9a56ccfc4f4

          SHA512

          30c3618c040d131ae9b6d08bddad9f6a924673deafcaf5c088285d775f2672585ca21113fe099a4d6e9cd56c9c9721b148c86eb47f530c04371c7734343c0932

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.Admin\user.js

          Filesize

          878B

          MD5

          813e483acc24814e2a88b2f7dfafd7f3

          SHA1

          c34df0a4f83ba93293e9766914fd5800c15ca2b1

          SHA256

          127d5fe94bf870d8f73b668c4587b5205b75202a8ad64202d82b8a89ce644d1f

          SHA512

          b39f666237727917b74987dbe7b0f781a1635774ad5896ca2a40639e2a42d9280231132127b6535e98452e414afd267bd229276573d0c5fa1c1835060d307ce4

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.Admin\user.js

          Filesize

          1KB

          MD5

          00766852102bf99cb64e29f9b120587d

          SHA1

          b46aa035f333c703df93201146ebbf25e29e49d3

          SHA256

          2290b87dbdbcf4bd95843e12eaefcfbe556dda8be68e0fd0cf410035a61e10f2

          SHA512

          4ab0ec3cb66e77a2490d5c7cc05f95952e33b8942962e50c60755d5dc2b35f66fca671767ad6f9b25cd71d0cc594803895bec916ef36e809f4409a70f2b461e3

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.default-release\user.js

          Filesize

          680B

          MD5

          9b8260445ffe58faedec3f99f71a5b42

          SHA1

          2ad99a3b1fb22066373711cf2859a646e07e0d43

          SHA256

          111788ee32321ecb67126c9b41a51c23263d045b2b0f689fd06e4b006efe1c99

          SHA512

          1bd4b131e4ff000263b98e3615cf62caf0ce8719cbbcb6a29d728dbb6884a7bcba910c10094fa5c8ec0febbf3f140e7d2646ef4efd6b5096c7739b0030a26397

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhg31lui.default-release\user.js

          Filesize

          779B

          MD5

          bd290d588ebd4432ab4540fb7516f2cc

          SHA1

          6b760218cfb2acb176f90d7c1afafb244a913b55

          SHA256

          cd04c71476d22621e768311d823c3f18b0340d58677b6a09cea98f04955ad148

          SHA512

          351eff3d925442e0a5f5cc0f47e8df67ba46a36d9be587c6939c7d529f4be7c4799418d688ae674e1874537bca2aaa08d0e790280574bfe777b20f3454cc2a36

        • \Users\Admin\AppData\Local\Temp\nso76B7.tmp\System.dll

          Filesize

          11KB

          MD5

          c17103ae9072a06da581dec998343fc1

          SHA1

          b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

          SHA256

          dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

          SHA512

          d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

        • \Users\Admin\AppData\Local\Temp\nso76B7.tmp\Time.dll

          Filesize

          10KB

          MD5

          38977533750fe69979b2c2ac801f96e6

          SHA1

          74643c30cda909e649722ed0c7f267903558e92a

          SHA256

          b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

          SHA512

          e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

        • \Users\Admin\AppData\Local\Temp\nso76B7.tmp\mt.dll

          Filesize

          5KB

          MD5

          aac69f856c4540edd4ef7ce6c8571639

          SHA1

          2860f55ea9774d631219e66604051e90a43258b7

          SHA256

          6dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd

          SHA512

          ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd

        • \Users\Admin\AppData\Local\Temp\nso76B7.tmp\nsisos.dll

          Filesize

          5KB

          MD5

          69806691d649ef1c8703fd9e29231d44

          SHA1

          e2193fcf5b4863605eec2a5eb17bf84c7ac00166

          SHA256

          ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

          SHA512

          5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb