Overview
overview
7Static
static
7JaffaCakes...c3.exe
windows7-x64
7JaffaCakes...c3.exe
windows10-2004-x64
7$LOCALAPPD...ds.exe
windows7-x64
7$LOCALAPPD...ds.exe
windows10-2004-x64
7$PLUGINSDI...Ex.dll
windows7-x64
3$PLUGINSDI...Ex.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...ad.dll
windows7-x64
3$PLUGINSDI...ad.dll
windows10-2004-x64
3$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...es.dll
windows7-x64
3$PLUGINSDI...es.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/Time.dll
windows7-x64
3$PLUGINSDIR/Time.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...ef.dll
windows7-x64
3$PLUGINSDI...ef.dll
windows10-2004-x64
3$PLUGINSDIR/mt.dll
windows7-x64
3$PLUGINSDIR/mt.dll
windows10-2004-x64
3$PLUGINSDI...os.dll
windows7-x64
3$PLUGINSDI...os.dll
windows10-2004-x64
3FM4ffx.exe
windows7-x64
7FM4ffx.exe
windows10-2004-x64
7$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
15/01/2025, 16:27
Behavioral task
behavioral1
Sample
JaffaCakes118_5c2e217e59694b6e78542bec4c2599c3.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_5c2e217e59694b6e78542bec4c2599c3.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$LOCALAPPDATA/funmoods.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$LOCALAPPDATA/funmoods.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/ExtractDLLEx.dll
Resource
win7-20241023-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/ExtractDLLEx.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/IEFunctions.dll
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/IEFunctions.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/InetLoad.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/InetLoad.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240729-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/Processes.dll
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/Processes.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/Time.dll
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/Time.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/chrmPref.dll
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/chrmPref.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/mt.dll
Resource
win7-20240729-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/mt.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/nsisos.dll
Resource
win7-20241010-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/nsisos.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
FM4ffx.exe
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
FM4ffx.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
General
-
Target
FM4ffx.exe
-
Size
319KB
-
MD5
fe768a6b82ed2a59c58254eae67b8cf9
-
SHA1
3dad9bf5011fb73b9be2fe6c601bb6281a3ceaf6
-
SHA256
3ac3c700060a0487060724f3fd22faf70d5f633e69401641964d7ba4d6e6e570
-
SHA512
3d8caadc61ea127bd0e3d01f35274a2ebfa34a0ac12b0932988300d011347f74a09c2bf3c85e58bfbe5200288c6e6f100b4f08916d23e56d7b52a70130aad14b
-
SSDEEP
6144:Ve34G2ct7JdUwA2UL4iCPfAHfWpR+0BmiBEaiXLoyX:Et9BHjAupYMmyk7R
Malware Config
Signatures
-
Loads dropped DLL 64 IoCs
pid Process 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe 3412 FM4ffx.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language FM4ffx.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
719B
MD5906c8ae31044ee8b22d1d40ab8026d57
SHA1e63538b9911d14c3f1237912b1016a2ff1b484f4
SHA2564fca0d8f161b7ccd6328542f89caa9556e010defba186c0f4b420716cc15eb71
SHA512c7c606c86010d6b79c03b2f792e77f03fbbd78bc27c5f919fb8010be77616f0539421d7bf6e14796b94fe0a0af13f48d74828b70ce679e0a5133d49119ac394e
-
Filesize
930B
MD590f0689b0c00151c159b5ce293c9ec05
SHA10eb0b5eb98cf4ecc78152d1a2bc3a06beccd29bb
SHA2560eee937b8007d6e30c81381853c2e8a18329fa5611f16142fc57102d62227bd1
SHA512df981e5086313d872c96da90aea08227fe0d53106a904d7802af8e12b238041bb14e6174d5aac167711b2f118f9ae9fa52fafb772dd34b78f40ed88cdcb8c753
-
Filesize
1KB
MD56c3cc4cc826038f86940e15ea63fb991
SHA1781f8f892e73bc7950fcbaf14100b612dd43e7bc
SHA25677419c97782e79b0d958f4a6dcec1b342262866d134e1b47b780361bd9fae335
SHA5125ac62be4924666a980c396df29d243f8b9c36183726fdec8064133c68458a3f44da7619cdab30f26d9d0e07c5ef0843c8a2ae1c498a18c3728a6e4c08fc8c98f
-
Filesize
412B
MD59f623b42b722fb836223afc20a2772b4
SHA1c893a9ef301ac842dad421a41deb0d0d489f63fb
SHA2562416e6c9dbf75e9f90c7f963bca150f0293dba736d673a0df3d66c9bc4fbbab5
SHA5125166b87370f00b01ec80683fde0951f2f1b46e740ba784cb5a0fc00dc4f5c5ea02a06b0e53caf205fcc402db01d124b1ce7dc50695009a30468eaaf26d97c0cb
-
Filesize
486B
MD5560a29f6508234571ad81199b4229ac2
SHA17fc5c21d28916aa5bc648cfc96cdd37dbb8fb993
SHA256d0ddc5bf4840660463aa75ee5badc84ae21ad5d46afa1e1753606bb4c52fcb8d
SHA512dc0449a6055ecc113167579fad90892442150f88900751b82e67631140581183c182cef306af28bfc9946aba5eba850133bb6c51d2365363243c5081dddc2398
-
Filesize
662B
MD5a617e64447c3985ac31838a030a25009
SHA1ba3a380c091d3ffa3369026e58a02c24c9a08f62
SHA256b36d20a1a47e23be889c4e94fe5151f0876af6bc568427d0bb4c5215b021281f
SHA512a85f705b850fc38e74580860a50aa765560892048f3b5874d41771959aaf1f8047a7aa2d5de31cc36cd193e3d80283ee272028a6800b79b2a6eac5b9660a3c20
-
Filesize
730B
MD55e8d2f5e4759fbcd0e56b4485ee8f330
SHA1266de18c8a596d8ca128ffbec59fbb41e4b95a8d
SHA25689ec0c9a725c4f515f22367acc578935c7012f483392e8c3d0cd3412c10c7c81
SHA51219a2d07de92e26650abb1f0ef09c7c275c7e7be6c8b55b83fda2698d6f72692d512746ca8f62385c6ae2a0a061da336760bfef2dd931f53da3b36631fe1eb4f2
-
Filesize
779B
MD566c786c0f2bd3aa65b019d28bd25f611
SHA141860064ae9808e0832a7bcac9a4b912ac3ef67b
SHA256efa080262c0a50917f8030ddf4fe99e1806ed644365566975337b93324ff6b1b
SHA512739ffeb8e7440ace95e7a050665331e960ad0634a22ed25ac86fb24b674b66210dca26c459cd56ba020cfdc3ab0b5ed7864cb554d7519a0488088d5003f60f95
-
Filesize
825B
MD50bbe5671d34a68b448a4e832f56d7cb5
SHA18cfe24006d0fce08e27885805a2433e493836d34
SHA2563c35ed7a0be3e2df40b319376d02be12a67a4114f57682c40c2634109a71cdf4
SHA512c8b0eb81ad964c65bae01cee4efdea8013bf2198b2537c26d2a2f0f6631fb9d42cc984e402bc2057c9bae68bc47fd04f3f6127c4bd9a8886c43f35a0a872de2b
-
Filesize
181B
MD56e89c219056842988179c8be4bbe4bf6
SHA100a7500b19388c7fd512c24713306b08d5d6bd63
SHA256f7265569f94ffb25566e63655656a1915e18fe2d380e4de2269b971b64efd6c4
SHA512d0fbc558e6507c165ef006297c5bc5c53a687931d2573e6a37dfeb953a66a262408163c8d56a1e548bb5b549d04c06ae2e3bb811a889c3eb3f9ead4c290a3605
-
Filesize
236B
MD52f07900a025f5d8e094d500d29453817
SHA1cbacce1e219dd8c19b45f3a975415f720744616e
SHA25613ce21faabc211180532780441630bfce4d6757fff687bb8e621f2e72fd0ab41
SHA5123ffb6f42541e0dbd2814e1bc0be546b10a791722274d0921c329b66d6eae104accb1d38b3487055a703d9ffb3fb73b59cd0991f58b8d9d5825524dfb3730ee22
-
Filesize
11KB
MD5c17103ae9072a06da581dec998343fc1
SHA1b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
SHA256dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
SHA512d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
Filesize
10KB
MD538977533750fe69979b2c2ac801f96e6
SHA174643c30cda909e649722ed0c7f267903558e92a
SHA256b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35
SHA512e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53
-
Filesize
5KB
MD5aac69f856c4540edd4ef7ce6c8571639
SHA12860f55ea9774d631219e66604051e90a43258b7
SHA2566dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd
SHA512ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd
-
Filesize
5KB
MD569806691d649ef1c8703fd9e29231d44
SHA1e2193fcf5b4863605eec2a5eb17bf84c7ac00166
SHA256ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6
SHA5125e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb
-
Filesize
431B
MD530ca9bf65c3ae89c6cc781227774c831
SHA1346c210b31cd3419041d8f048fd171b57b5ca9f8
SHA256e90c7dd33a67f0bc0117827c9f8db69269a6bd7d8068e008f663fc0867fc359e
SHA512fb770d114fd977e82bf0e993e034b5743f2da3ae923de6320fa94e62f48f9e1da105417b8ed1da156461cfcc8800700eed22d629358c63b4ac21fce9d7ae6b73
-
Filesize
774B
MD594279f35b60c9216175acc98c714e228
SHA19499d979902cddb39050f3a22da4475bb95fd31e
SHA256a8f1359e24c149c98169382b28497d889359c907a301dd717ee1347b025e8f21
SHA512fe6e20ea6d82a0e9b03d706b419e801c2fb08b7d853e491380e8fcef6d5b7a0a036b2473d61ffaac5263f3bc4bb9d80925dc822d5bfed9725eb134fed581b652
-
Filesize
878B
MD57e20fef557a9d33b0541102f1df1bd4b
SHA1770bd943c0f129239ca6752607f78e695ac54add
SHA2560da3ebd4e2dab2e1784eb147ae5f0d0695bb2c61506a8011ca4cb72791eda508
SHA512fbfa00e6a69281efa1a25fed9fb006ba1fbaf614c024b6e3e8c01df516bd53f1ea59a0977dbf75ebbeb3dad29f1ed72c104eb10e5e23e4e6e31365d2fa356370
-
Filesize
980B
MD57acbc16ae0853810657a1b51a71cb962
SHA1a18840c0a5771a75b681e4de675179dabbe590ed
SHA25665f0f7718625b36aaa6b29d74337db868688e6e8b49a37da3327d4593e4d132d
SHA512ebfc32c8243ffeb8b5c2c186535ff3061470837ca0ac582ddd2bb03f447a24a62ff16dce7c3abe9d999a12396172eb73837f94a4fa94d03cd9004b72e28d4bbc
-
Filesize
597B
MD5824e0853563f505460a2a97004089b63
SHA149eac08a6bb519c4425cc1a4c30aa01dae4f0f9a
SHA256f8ec79f7a17f057402a9763b6b52ff41755539386ed969576c45ecfeee58109c
SHA512c258c978e4dbd16ddbbe8cc8a0e57b814cb7c553698b5fed0407d4c98d6f6aa5d64b0e6428e8361a6c6952b1e28936fbf875cf7675aa60d541549829c7613438
-
Filesize
524B
MD51c64527bd06d8e4327bb770b1ed749aa
SHA1972f6b6975b8d4cfbd81a3c672b0ba3ebf7d61f5
SHA2569cc8f21b5381b9b01207426d28ee76ee304e3bc56b892724bb38a3eeae020b4e
SHA5129cde4ccdf17e0527686de01881f00ceafc2a0294e9b32871d68fa03aa7a9324c42f576a8371a900ac6096471ce7f12005c24b0bf63451d6fd47945b7106716c2
-
Filesize
680B
MD501d32497eb36d7a2567f70e6352a0409
SHA1a00d6bffe97f078d8bf716f8eb6b70940616baa7
SHA25697c5107e801c2a59dad4f2d96767681a4ee1038d34dac0eeca109cbb7af92462
SHA5128fd7b8a33350804e9330cb89abd8cd36272a1584c2e7ba2b6df6e2efa9b9eef8d98a69f1b068ba859bcd01a9928075016e6eaad2c806a115ad1e0c36f4059ccc