Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/01/2025, 16:27

General

  • Target

    FM4ffx.exe

  • Size

    319KB

  • MD5

    fe768a6b82ed2a59c58254eae67b8cf9

  • SHA1

    3dad9bf5011fb73b9be2fe6c601bb6281a3ceaf6

  • SHA256

    3ac3c700060a0487060724f3fd22faf70d5f633e69401641964d7ba4d6e6e570

  • SHA512

    3d8caadc61ea127bd0e3d01f35274a2ebfa34a0ac12b0932988300d011347f74a09c2bf3c85e58bfbe5200288c6e6f100b4f08916d23e56d7b52a70130aad14b

  • SSDEEP

    6144:Ve34G2ct7JdUwA2UL4iCPfAHfWpR+0BmiBEaiXLoyX:Et9BHjAupYMmyk7R

Malware Config

Signatures

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe
    "C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:3412

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nsa6EEF.tmp

          Filesize

          719B

          MD5

          906c8ae31044ee8b22d1d40ab8026d57

          SHA1

          e63538b9911d14c3f1237912b1016a2ff1b484f4

          SHA256

          4fca0d8f161b7ccd6328542f89caa9556e010defba186c0f4b420716cc15eb71

          SHA512

          c7c606c86010d6b79c03b2f792e77f03fbbd78bc27c5f919fb8010be77616f0539421d7bf6e14796b94fe0a0af13f48d74828b70ce679e0a5133d49119ac394e

        • C:\Users\Admin\AppData\Local\Temp\nsb6F90.tmp

          Filesize

          930B

          MD5

          90f0689b0c00151c159b5ce293c9ec05

          SHA1

          0eb0b5eb98cf4ecc78152d1a2bc3a06beccd29bb

          SHA256

          0eee937b8007d6e30c81381853c2e8a18329fa5611f16142fc57102d62227bd1

          SHA512

          df981e5086313d872c96da90aea08227fe0d53106a904d7802af8e12b238041bb14e6174d5aac167711b2f118f9ae9fa52fafb772dd34b78f40ed88cdcb8c753

        • C:\Users\Admin\AppData\Local\Temp\nsb6FE0.tmp

          Filesize

          1KB

          MD5

          6c3cc4cc826038f86940e15ea63fb991

          SHA1

          781f8f892e73bc7950fcbaf14100b612dd43e7bc

          SHA256

          77419c97782e79b0d958f4a6dcec1b342262866d134e1b47b780361bd9fae335

          SHA512

          5ac62be4924666a980c396df29d243f8b9c36183726fdec8064133c68458a3f44da7619cdab30f26d9d0e07c5ef0843c8a2ae1c498a18c3728a6e4c08fc8c98f

        • C:\Users\Admin\AppData\Local\Temp\nsg7053.tmp

          Filesize

          412B

          MD5

          9f623b42b722fb836223afc20a2772b4

          SHA1

          c893a9ef301ac842dad421a41deb0d0d489f63fb

          SHA256

          2416e6c9dbf75e9f90c7f963bca150f0293dba736d673a0df3d66c9bc4fbbab5

          SHA512

          5166b87370f00b01ec80683fde0951f2f1b46e740ba784cb5a0fc00dc4f5c5ea02a06b0e53caf205fcc402db01d124b1ce7dc50695009a30468eaaf26d97c0cb

        • C:\Users\Admin\AppData\Local\Temp\nsl6E8E.tmp

          Filesize

          486B

          MD5

          560a29f6508234571ad81199b4229ac2

          SHA1

          7fc5c21d28916aa5bc648cfc96cdd37dbb8fb993

          SHA256

          d0ddc5bf4840660463aa75ee5badc84ae21ad5d46afa1e1753606bb4c52fcb8d

          SHA512

          dc0449a6055ecc113167579fad90892442150f88900751b82e67631140581183c182cef306af28bfc9946aba5eba850133bb6c51d2365363243c5081dddc2398

        • C:\Users\Admin\AppData\Local\Temp\nsl6EDF.tmp

          Filesize

          662B

          MD5

          a617e64447c3985ac31838a030a25009

          SHA1

          ba3a380c091d3ffa3369026e58a02c24c9a08f62

          SHA256

          b36d20a1a47e23be889c4e94fe5151f0876af6bc568427d0bb4c5215b021281f

          SHA512

          a85f705b850fc38e74580860a50aa765560892048f3b5874d41771959aaf1f8047a7aa2d5de31cc36cd193e3d80283ee272028a6800b79b2a6eac5b9660a3c20

        • C:\Users\Admin\AppData\Local\Temp\nsm70C7.tmp

          Filesize

          730B

          MD5

          5e8d2f5e4759fbcd0e56b4485ee8f330

          SHA1

          266de18c8a596d8ca128ffbec59fbb41e4b95a8d

          SHA256

          89ec0c9a725c4f515f22367acc578935c7012f483392e8c3d0cd3412c10c7c81

          SHA512

          19a2d07de92e26650abb1f0ef09c7c275c7e7be6c8b55b83fda2698d6f72692d512746ca8f62385c6ae2a0a061da336760bfef2dd931f53da3b36631fe1eb4f2

        • C:\Users\Admin\AppData\Local\Temp\nsm70C8.tmp

          Filesize

          779B

          MD5

          66c786c0f2bd3aa65b019d28bd25f611

          SHA1

          41860064ae9808e0832a7bcac9a4b912ac3ef67b

          SHA256

          efa080262c0a50917f8030ddf4fe99e1806ed644365566975337b93324ff6b1b

          SHA512

          739ffeb8e7440ace95e7a050665331e960ad0634a22ed25ac86fb24b674b66210dca26c459cd56ba020cfdc3ab0b5ed7864cb554d7519a0488088d5003f60f95

        • C:\Users\Admin\AppData\Local\Temp\nsq6F4F.tmp

          Filesize

          825B

          MD5

          0bbe5671d34a68b448a4e832f56d7cb5

          SHA1

          8cfe24006d0fce08e27885805a2433e493836d34

          SHA256

          3c35ed7a0be3e2df40b319376d02be12a67a4114f57682c40c2634109a71cdf4

          SHA512

          c8b0eb81ad964c65bae01cee4efdea8013bf2198b2537c26d2a2f0f6631fb9d42cc984e402bc2057c9bae68bc47fd04f3f6127c4bd9a8886c43f35a0a872de2b

        • C:\Users\Admin\AppData\Local\Temp\nsr7040.tmp

          Filesize

          181B

          MD5

          6e89c219056842988179c8be4bbe4bf6

          SHA1

          00a7500b19388c7fd512c24713306b08d5d6bd63

          SHA256

          f7265569f94ffb25566e63655656a1915e18fe2d380e4de2269b971b64efd6c4

          SHA512

          d0fbc558e6507c165ef006297c5bc5c53a687931d2573e6a37dfeb953a66a262408163c8d56a1e548bb5b549d04c06ae2e3bb811a889c3eb3f9ead4c290a3605

        • C:\Users\Admin\AppData\Local\Temp\nsr7041.tmp

          Filesize

          236B

          MD5

          2f07900a025f5d8e094d500d29453817

          SHA1

          cbacce1e219dd8c19b45f3a975415f720744616e

          SHA256

          13ce21faabc211180532780441630bfce4d6757fff687bb8e621f2e72fd0ab41

          SHA512

          3ffb6f42541e0dbd2814e1bc0be546b10a791722274d0921c329b66d6eae104accb1d38b3487055a703d9ffb3fb73b59cd0991f58b8d9d5825524dfb3730ee22

        • C:\Users\Admin\AppData\Local\Temp\nsv6DDE.tmp\System.dll

          Filesize

          11KB

          MD5

          c17103ae9072a06da581dec998343fc1

          SHA1

          b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

          SHA256

          dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

          SHA512

          d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

        • C:\Users\Admin\AppData\Local\Temp\nsv6DDE.tmp\Time.dll

          Filesize

          10KB

          MD5

          38977533750fe69979b2c2ac801f96e6

          SHA1

          74643c30cda909e649722ed0c7f267903558e92a

          SHA256

          b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

          SHA512

          e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

        • C:\Users\Admin\AppData\Local\Temp\nsv6DDE.tmp\mt.dll

          Filesize

          5KB

          MD5

          aac69f856c4540edd4ef7ce6c8571639

          SHA1

          2860f55ea9774d631219e66604051e90a43258b7

          SHA256

          6dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd

          SHA512

          ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd

        • C:\Users\Admin\AppData\Local\Temp\nsv6DDE.tmp\nsisos.dll

          Filesize

          5KB

          MD5

          69806691d649ef1c8703fd9e29231d44

          SHA1

          e2193fcf5b4863605eec2a5eb17bf84c7ac00166

          SHA256

          ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

          SHA512

          5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb

        • C:\Users\Admin\AppData\Local\Temp\nsv6E7D.tmp

          Filesize

          431B

          MD5

          30ca9bf65c3ae89c6cc781227774c831

          SHA1

          346c210b31cd3419041d8f048fd171b57b5ca9f8

          SHA256

          e90c7dd33a67f0bc0117827c9f8db69269a6bd7d8068e008f663fc0867fc359e

          SHA512

          fb770d114fd977e82bf0e993e034b5743f2da3ae923de6320fa94e62f48f9e1da105417b8ed1da156461cfcc8800700eed22d629358c63b4ac21fce9d7ae6b73

        • C:\Users\Admin\AppData\Local\Temp\nsv6F1F.tmp

          Filesize

          774B

          MD5

          94279f35b60c9216175acc98c714e228

          SHA1

          9499d979902cddb39050f3a22da4475bb95fd31e

          SHA256

          a8f1359e24c149c98169382b28497d889359c907a301dd717ee1347b025e8f21

          SHA512

          fe6e20ea6d82a0e9b03d706b419e801c2fb08b7d853e491380e8fcef6d5b7a0a036b2473d61ffaac5263f3bc4bb9d80925dc822d5bfed9725eb134fed581b652

        • C:\Users\Admin\AppData\Local\Temp\nsv6F6F.tmp

          Filesize

          878B

          MD5

          7e20fef557a9d33b0541102f1df1bd4b

          SHA1

          770bd943c0f129239ca6752607f78e695ac54add

          SHA256

          0da3ebd4e2dab2e1784eb147ae5f0d0695bb2c61506a8011ca4cb72791eda508

          SHA512

          fbfa00e6a69281efa1a25fed9fb006ba1fbaf614c024b6e3e8c01df516bd53f1ea59a0977dbf75ebbeb3dad29f1ed72c104eb10e5e23e4e6e31365d2fa356370

        • C:\Users\Admin\AppData\Local\Temp\nsw6FC0.tmp

          Filesize

          980B

          MD5

          7acbc16ae0853810657a1b51a71cb962

          SHA1

          a18840c0a5771a75b681e4de675179dabbe590ed

          SHA256

          65f0f7718625b36aaa6b29d74337db868688e6e8b49a37da3327d4593e4d132d

          SHA512

          ebfc32c8243ffeb8b5c2c186535ff3061470837ca0ac582ddd2bb03f447a24a62ff16dce7c3abe9d999a12396172eb73837f94a4fa94d03cd9004b72e28d4bbc

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nw71jawh.Admin\user.js

          Filesize

          597B

          MD5

          824e0853563f505460a2a97004089b63

          SHA1

          49eac08a6bb519c4425cc1a4c30aa01dae4f0f9a

          SHA256

          f8ec79f7a17f057402a9763b6b52ff41755539386ed969576c45ecfeee58109c

          SHA512

          c258c978e4dbd16ddbbe8cc8a0e57b814cb7c553698b5fed0407d4c98d6f6aa5d64b0e6428e8361a6c6952b1e28936fbf875cf7675aa60d541549829c7613438

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\user.js

          Filesize

          524B

          MD5

          1c64527bd06d8e4327bb770b1ed749aa

          SHA1

          972f6b6975b8d4cfbd81a3c672b0ba3ebf7d61f5

          SHA256

          9cc8f21b5381b9b01207426d28ee76ee304e3bc56b892724bb38a3eeae020b4e

          SHA512

          9cde4ccdf17e0527686de01881f00ceafc2a0294e9b32871d68fa03aa7a9324c42f576a8371a900ac6096471ce7f12005c24b0bf63451d6fd47945b7106716c2

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\user.js

          Filesize

          680B

          MD5

          01d32497eb36d7a2567f70e6352a0409

          SHA1

          a00d6bffe97f078d8bf716f8eb6b70940616baa7

          SHA256

          97c5107e801c2a59dad4f2d96767681a4ee1038d34dac0eeca109cbb7af92462

          SHA512

          8fd7b8a33350804e9330cb89abd8cd36272a1584c2e7ba2b6df6e2efa9b9eef8d98a69f1b068ba859bcd01a9928075016e6eaad2c806a115ad1e0c36f4059ccc