Overview
overview
7Static
static
7JaffaCakes...3b.exe
windows7-x64
7JaffaCakes...3b.exe
windows10-2004-x64
7$LOCALAPPD...ds.exe
windows7-x64
7$LOCALAPPD...ds.exe
windows10-2004-x64
7$PLUGINSDI...Ex.dll
windows7-x64
3$PLUGINSDI...Ex.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...ad.dll
windows7-x64
3$PLUGINSDI...ad.dll
windows10-2004-x64
3$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...es.dll
windows7-x64
3$PLUGINSDI...es.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/Time.dll
windows7-x64
3$PLUGINSDIR/Time.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...ef.dll
windows7-x64
3$PLUGINSDI...ef.dll
windows10-2004-x64
3$PLUGINSDIR/mt.dll
windows7-x64
3$PLUGINSDIR/mt.dll
windows10-2004-x64
3$PLUGINSDI...os.dll
windows7-x64
3$PLUGINSDI...os.dll
windows10-2004-x64
3FM4ffx.exe
windows7-x64
7FM4ffx.exe
windows10-2004-x64
7$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3Analysis
-
max time kernel
122s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system -
submitted
19/01/2025, 18:43
Behavioral task
behavioral1
Sample
JaffaCakes118_cfe4e2914eeb43cf09a993c82311273b.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_cfe4e2914eeb43cf09a993c82311273b.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$LOCALAPPDATA/funmoods.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$LOCALAPPDATA/funmoods.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/ExtractDLLEx.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/ExtractDLLEx.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/IEFunctions.dll
Resource
win7-20241023-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/IEFunctions.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/InetLoad.dll
Resource
win7-20241010-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/InetLoad.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/Processes.dll
Resource
win7-20241023-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/Processes.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/Time.dll
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/Time.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/chrmPref.dll
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/chrmPref.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/mt.dll
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/mt.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/nsisos.dll
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/nsisos.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
FM4ffx.exe
Resource
win7-20241023-en
Behavioral task
behavioral28
Sample
FM4ffx.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/System.dll
Resource
win7-20241010-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
General
-
Target
FM4ffx.exe
-
Size
319KB
-
MD5
fe768a6b82ed2a59c58254eae67b8cf9
-
SHA1
3dad9bf5011fb73b9be2fe6c601bb6281a3ceaf6
-
SHA256
3ac3c700060a0487060724f3fd22faf70d5f633e69401641964d7ba4d6e6e570
-
SHA512
3d8caadc61ea127bd0e3d01f35274a2ebfa34a0ac12b0932988300d011347f74a09c2bf3c85e58bfbe5200288c6e6f100b4f08916d23e56d7b52a70130aad14b
-
SSDEEP
6144:Ve34G2ct7JdUwA2UL4iCPfAHfWpR+0BmiBEaiXLoyX:Et9BHjAupYMmyk7R
Malware Config
Signatures
-
Loads dropped DLL 64 IoCs
pid Process 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe 1236 FM4ffx.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language FM4ffx.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
412B
MD590a90356584c8deee4a7c94511a7190b
SHA142c9d13fdf929dbfd868f1f3f669c3b9012d3537
SHA256914fc2e6862782b15992ee5895753d01feab79388ba4c399cab6ffa39565b934
SHA5121ef381326626c58059d4c5f455283be498a78f4034131b427e31d4eb402061b36287c09fa41aa84082b177c6623be11123b34f85f0f4b83829bb5ea662eb860b
-
Filesize
469B
MD56aa6bee839b4029504502bd29d44d34c
SHA1c519445ef489ab292821e915a0d4dcad51d4ce6f
SHA2563fb19a16dd36542c13f4937672290eae706ba2f7384aa7266a6b744a27079b6a
SHA5122c91700d4068fbe3587e202745a9b12d02963b2f9a30d30f794df841a9c0c95acb02d68ad8ff3d1a5ea24cab69e87e98412427b76f0ae1d9fa2dda5f9adce7fd
-
Filesize
779B
MD5c75c1ca82a388f226afa7b3fb20eef1c
SHA188110fedfff799cc1f81a65e5969cfd1b62709c7
SHA256df467c3fd48c50c9a5a3d3d4913bc7a8bf19cdf57aa16941d795d3a4aac32a4d
SHA5122226313fe115e20f5d688d75a68679dea3317d32fe03119969f16bbe6a86d691e28692e3eed8e3cf6d4deacaa12d2cd4f2c3e16f81d574bda694a1349e8a85e0
-
Filesize
774B
MD504560bbf0d37eadb465bf629daadf17a
SHA131a9024fbf7ac598711ec6775acfa84dd25b191d
SHA256d07a40b284fe30078d1ec11ac904feae3eb7397276614d6019a482909e3d643d
SHA512be16596464e307716a25bd2521c4d4272dbd083830b271a219a363a2d19352867bb008bae20e3abbfae9de6a68827cf8a47716820d82afc32982bdcd8b7eb205
-
Filesize
878B
MD5079b3f0544271be026683fe1ce733ce8
SHA142fd2588f7dc91b0ba3bbe9861ffc49b7e1c016e
SHA256a151a29302afc8dff6f00ea340e4ee86672451aae15abcd5367fd9d9dec6ef0e
SHA512d9b38fc31ff59ef0d56bc0c68ba90e83629a1c7a23e935570865d7893e41499c8a89e0c1e4550bdcc7540539b1a4d909d19dc5acec71ce15a4ccb2ef055f3775
-
Filesize
347B
MD5c888ccfcc8810b5cb1a448dcf3dc2910
SHA1d7c438eb23a48a5b1b5e0c91946aa09976559f30
SHA25643548791fe0d2ea6ff5ca32da15d8a698667af383d9ae7fa3a528e9b84191bdf
SHA512c0252a80d66c8aec1f0d76d7d236db184d70f05604d58432a471638f4b93500584ff376ca2d2b28558a5cb5f7de0647fbf00495362316999b1cd66762f63f38e
-
Filesize
541B
MD56c9fdb796d70286364826c1e486ee9a1
SHA1cce84dcae5f34567f5cf411794306bcfc1a99caf
SHA256e2b00238c862cca564f7ae153406213f4034bc9b14f9138a82e66d71f6ac0e0e
SHA512fda94aafb18d3072d294ff01a459393bd29018de6a6098b7ad573081e6c1c3e2f4e410af07a4265b80b95bbcbd93cc85549ee98152f62276264cfaaab5c63551
-
Filesize
825B
MD5d87ea4212a333dd727cae183a70a7e30
SHA12721029cbd50ba298def06c1f8f6129e466350c9
SHA256ebcaf8c0b46280b54762f5b93c2282a6ea4aa71cfcd05e7b0d55145916053292
SHA5125f27cd4f61b7f201475704fab9061679b0586b5abf7092763e33268c3e1d1adff97a8556a19c174c7bafe5e980284d4b78db6b9d17a179b682f2a7c28e5c2fdf
-
Filesize
1KB
MD52894f293743e52e89472a2a7f1949dd6
SHA1a7b01222426755a6955ce772542ff13d82ff988f
SHA256009bc7b5a7e8825c9452d58f56d5b6cf7ebc1677a03da6ba6ced5170c5e41d67
SHA512b105fe79608a096e8a46334a435f0f519fa1f2c16a49409275901c62e6c301b4b1007b54822114cd84702030892aacb5e8adaf7f62a0de64d8255aaab9a9652d
-
Filesize
524B
MD5849b7fccdf5a1561dced828477e451bc
SHA19b8fe6863a60984894b0c68c7e345021ed1914bf
SHA2567808dae5cc3ad3acce24e7c1910fbef2ce7cc291bc391d55e46ee0ac125a64e4
SHA5121150c5579d3cd888913951fff4f18f8f461b20c6f4888a9e7b203a7ac40d52de9d58a3beef618368b4a6cda0f1b71a70f1f44dc46effa20632890c441f7674dd
-
Filesize
597B
MD562011d745e0ba66fb4cb2542a85c6e79
SHA175c4303e9d6bd397005e4a03ef225286fc2e6769
SHA256dc413f774479e3a89b3bf60fbb0676f05c0500acbe75519c06fa94d3d8298f27
SHA512c1ff6939e32262f2943c52d295815e12aa6fd0a9d154fa81a4006483a38dd59fb1ec813d695c51b76b95c9abaa7748d68803747ed43041f2c914f58c717e27c6
-
Filesize
719B
MD53e5b2bd3e7efc93053677961b7828aa9
SHA1e8cf45ab1188f73575db5f7900669e20dcdc44a0
SHA256b9c860a007a95f328acf245ef9ce0f3b008e51e99fb69aeafaaf2dbcfc8155b4
SHA512e8c894094ee635e177161ce6bfed94b768b7ead2a7bed89c31ad26b35b871e54969ec6f1a5c67a11f23ea79a7ecce7430e807b7e762904fc55bb4b36a72cb9f5
-
Filesize
236B
MD5f23000f6c5e74bf3da77c72d173923c2
SHA190c9fd1c737e2d2312453ede82fccbffe9fcae08
SHA256d25bf8d340711b557789a9b47e10301ebf45a11a6539771a68667debb7bd43a2
SHA512262371df7bdcd487879a51284d7a43417746ba94524286b6149ecde9874f4599afb09bd1def4898d39bdbec44d65709bdbcdead5c30825b43e1257ed2dba8e00
-
Filesize
575B
MD55a7d11a7cf849e0462633f6d421fcc89
SHA164e55990aec40e8996a36524e73f629d2a01fce5
SHA2562d76f0c80bfd2f10f13bb68b95f1dcbba3871e6e8b6e93b09fae78a7a730412f
SHA512b6af759603da3a8af9f511338acf78379c799d4f7146826e9370092168e2791ace08d639dd1da4549190eb1f89075e4604123f3efba2215f03bab7aa688c2b1e
-
Filesize
431B
MD5cf4866433341f8eb5c17c23854f94f38
SHA1d7920dc91a718c9f905ed149f290ef5ada485c18
SHA2561ad08ff14e17fe420902a50f8d3f27e0987c1f3b835b525c86599809ec4dad4b
SHA512eaa2ef47b0cd952d4fd0c6b8999fa2b2ce2516bb03790c369e6f45af2a935e1f415502458f5e27dbbf1a6b21274e988b632e019c9abbf0c2296e182265edda6b
-
Filesize
662B
MD56353d988043818d81955355eb7c22948
SHA183af747e86d6e765a190ab0d6e230e4e6d6ba3ec
SHA2566860b61b5755c87168d3da710188ce2b1f1421ebb8383ca989db120f70e7e118
SHA5127c37a95b7797ca7cac268154be6bf05033655ead91bfe4cd32e50df3748c82a7e6acb7d3f8fa87f2b592ff2b86d801a6ddf1f1f3cd19c00bb90f342eeff1945b
-
Filesize
930B
MD58a071abcd37f0d158178cf454001d899
SHA1b734db3ddbd0ed1642981aa9c4d071c7fc40507e
SHA25634c0ae1c3da06cbc974a08cec5533df4a6fbbf2e906904e08b18e79bcb5e9208
SHA512b76b929a346a4527c32bc88f5a962468acdb51aa980c64bd58ff14d4bc093d56783a6d5e835775be9aa0b333045399cedf19fd1a4f7d928435f956c76bb7101d
-
Filesize
628B
MD5f5a63991a2a0342d6ffee13e72c3942d
SHA1edd524b24d74c3785d2e1e2937bb4ebb8850d750
SHA25609a991f0f3b574dc23cd231a5cd264896f81ceb3b59cfd4ff4842adedf789933
SHA512f6f2469f4994e1785b1ef765c554b6ecc72be802721328c3892ce8ec499b985ae64142895093ca720367377a0989bedfc6f8e578c4f92b9ba75418ec483d7628
-
Filesize
730B
MD570557275e077d61aa86e8cac56fe1040
SHA127bdff16c865e274caf00df8363b04285cfd35c8
SHA256bf4ac5534627c2fd7aa730cd8b6c83059eb107fa07f7b6e2687159ac685436bf
SHA51298329ff46a13076fe29bcfcab27dfa59f6c2a00558b80e0dff23b364dddd1fd0e06fb7d7094fb4f853c8e6d935263335f79a8fb59b9c4403e1630db9f30a1418
-
Filesize
181B
MD5df7290a66caed5d59ee1cf3265c02aa5
SHA122058636eb1534ebace4b00f4db619615bdbd8e1
SHA25645b54c9677d7d2b745ede9ce97b174d4335864618b73de65f04f1fb0dbe78000
SHA51274eab2bdefed69a3b7eedcec98d5d1571bbc7bc7abf0bd23d622da5ba6476378d360a3dca28ffb89f30f16f679e49b7dae61cef5ae09e6c26d38453854465284
-
Filesize
11KB
MD5c17103ae9072a06da581dec998343fc1
SHA1b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
SHA256dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
SHA512d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
Filesize
10KB
MD538977533750fe69979b2c2ac801f96e6
SHA174643c30cda909e649722ed0c7f267903558e92a
SHA256b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35
SHA512e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53
-
Filesize
5KB
MD5aac69f856c4540edd4ef7ce6c8571639
SHA12860f55ea9774d631219e66604051e90a43258b7
SHA2566dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd
SHA512ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd
-
Filesize
5KB
MD569806691d649ef1c8703fd9e29231d44
SHA1e2193fcf5b4863605eec2a5eb17bf84c7ac00166
SHA256ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6
SHA5125e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb