Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    19/01/2025, 18:43

General

  • Target

    FM4ffx.exe

  • Size

    319KB

  • MD5

    fe768a6b82ed2a59c58254eae67b8cf9

  • SHA1

    3dad9bf5011fb73b9be2fe6c601bb6281a3ceaf6

  • SHA256

    3ac3c700060a0487060724f3fd22faf70d5f633e69401641964d7ba4d6e6e570

  • SHA512

    3d8caadc61ea127bd0e3d01f35274a2ebfa34a0ac12b0932988300d011347f74a09c2bf3c85e58bfbe5200288c6e6f100b4f08916d23e56d7b52a70130aad14b

  • SSDEEP

    6144:Ve34G2ct7JdUwA2UL4iCPfAHfWpR+0BmiBEaiXLoyX:Et9BHjAupYMmyk7R

Malware Config

Signatures

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe
    "C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:1236

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nsdC660.tmp

          Filesize

          412B

          MD5

          90a90356584c8deee4a7c94511a7190b

          SHA1

          42c9d13fdf929dbfd868f1f3f669c3b9012d3537

          SHA256

          914fc2e6862782b15992ee5895753d01feab79388ba4c399cab6ffa39565b934

          SHA512

          1ef381326626c58059d4c5f455283be498a78f4034131b427e31d4eb402061b36287c09fa41aa84082b177c6623be11123b34f85f0f4b83829bb5ea662eb860b

        • C:\Users\Admin\AppData\Local\Temp\nsdC661.tmp

          Filesize

          469B

          MD5

          6aa6bee839b4029504502bd29d44d34c

          SHA1

          c519445ef489ab292821e915a0d4dcad51d4ce6f

          SHA256

          3fb19a16dd36542c13f4937672290eae706ba2f7384aa7266a6b744a27079b6a

          SHA512

          2c91700d4068fbe3587e202745a9b12d02963b2f9a30d30f794df841a9c0c95acb02d68ad8ff3d1a5ea24cab69e87e98412427b76f0ae1d9fa2dda5f9adce7fd

        • C:\Users\Admin\AppData\Local\Temp\nsdC703.tmp

          Filesize

          779B

          MD5

          c75c1ca82a388f226afa7b3fb20eef1c

          SHA1

          88110fedfff799cc1f81a65e5969cfd1b62709c7

          SHA256

          df467c3fd48c50c9a5a3d3d4913bc7a8bf19cdf57aa16941d795d3a4aac32a4d

          SHA512

          2226313fe115e20f5d688d75a68679dea3317d32fe03119969f16bbe6a86d691e28692e3eed8e3cf6d4deacaa12d2cd4f2c3e16f81d574bda694a1349e8a85e0

        • C:\Users\Admin\AppData\Local\Temp\nsoC50E.tmp

          Filesize

          774B

          MD5

          04560bbf0d37eadb465bf629daadf17a

          SHA1

          31a9024fbf7ac598711ec6775acfa84dd25b191d

          SHA256

          d07a40b284fe30078d1ec11ac904feae3eb7397276614d6019a482909e3d643d

          SHA512

          be16596464e307716a25bd2521c4d4272dbd083830b271a219a363a2d19352867bb008bae20e3abbfae9de6a68827cf8a47716820d82afc32982bdcd8b7eb205

        • C:\Users\Admin\AppData\Local\Temp\nsoC55E.tmp

          Filesize

          878B

          MD5

          079b3f0544271be026683fe1ce733ce8

          SHA1

          42fd2588f7dc91b0ba3bbe9861ffc49b7e1c016e

          SHA256

          a151a29302afc8dff6f00ea340e4ee86672451aae15abcd5367fd9d9dec6ef0e

          SHA512

          d9b38fc31ff59ef0d56bc0c68ba90e83629a1c7a23e935570865d7893e41499c8a89e0c1e4550bdcc7540539b1a4d909d19dc5acec71ce15a4ccb2ef055f3775

        • C:\Users\Admin\AppData\Local\Temp\nsoC650.tmp

          Filesize

          347B

          MD5

          c888ccfcc8810b5cb1a448dcf3dc2910

          SHA1

          d7c438eb23a48a5b1b5e0c91946aa09976559f30

          SHA256

          43548791fe0d2ea6ff5ca32da15d8a698667af383d9ae7fa3a528e9b84191bdf

          SHA512

          c0252a80d66c8aec1f0d76d7d236db184d70f05604d58432a471638f4b93500584ff376ca2d2b28558a5cb5f7de0647fbf00495362316999b1cd66762f63f38e

        • C:\Users\Admin\AppData\Local\Temp\nstC48D.tmp

          Filesize

          541B

          MD5

          6c9fdb796d70286364826c1e486ee9a1

          SHA1

          cce84dcae5f34567f5cf411794306bcfc1a99caf

          SHA256

          e2b00238c862cca564f7ae153406213f4034bc9b14f9138a82e66d71f6ac0e0e

          SHA512

          fda94aafb18d3072d294ff01a459393bd29018de6a6098b7ad573081e6c1c3e2f4e410af07a4265b80b95bbcbd93cc85549ee98152f62276264cfaaab5c63551

        • C:\Users\Admin\AppData\Local\Temp\nstC52E.tmp

          Filesize

          825B

          MD5

          d87ea4212a333dd727cae183a70a7e30

          SHA1

          2721029cbd50ba298def06c1f8f6129e466350c9

          SHA256

          ebcaf8c0b46280b54762f5b93c2282a6ea4aa71cfcd05e7b0d55145916053292

          SHA512

          5f27cd4f61b7f201475704fab9061679b0586b5abf7092763e33268c3e1d1adff97a8556a19c174c7bafe5e980284d4b78db6b9d17a179b682f2a7c28e5c2fdf

        • C:\Users\Admin\AppData\Local\Temp\nstC5CE.tmp

          Filesize

          1KB

          MD5

          2894f293743e52e89472a2a7f1949dd6

          SHA1

          a7b01222426755a6955ce772542ff13d82ff988f

          SHA256

          009bc7b5a7e8825c9452d58f56d5b6cf7ebc1677a03da6ba6ced5170c5e41d67

          SHA512

          b105fe79608a096e8a46334a435f0f519fa1f2c16a49409275901c62e6c301b4b1007b54822114cd84702030892aacb5e8adaf7f62a0de64d8255aaab9a9652d

        • C:\Users\Admin\AppData\Local\Temp\nstC672.tmp

          Filesize

          524B

          MD5

          849b7fccdf5a1561dced828477e451bc

          SHA1

          9b8fe6863a60984894b0c68c7e345021ed1914bf

          SHA256

          7808dae5cc3ad3acce24e7c1910fbef2ce7cc291bc391d55e46ee0ac125a64e4

          SHA512

          1150c5579d3cd888913951fff4f18f8f461b20c6f4888a9e7b203a7ac40d52de9d58a3beef618368b4a6cda0f1b71a70f1f44dc46effa20632890c441f7674dd

        • C:\Users\Admin\AppData\Local\Temp\nsyC4AD.tmp

          Filesize

          597B

          MD5

          62011d745e0ba66fb4cb2542a85c6e79

          SHA1

          75c4303e9d6bd397005e4a03ef225286fc2e6769

          SHA256

          dc413f774479e3a89b3bf60fbb0676f05c0500acbe75519c06fa94d3d8298f27

          SHA512

          c1ff6939e32262f2943c52d295815e12aa6fd0a9d154fa81a4006483a38dd59fb1ec813d695c51b76b95c9abaa7748d68803747ed43041f2c914f58c717e27c6

        • C:\Users\Admin\AppData\Local\Temp\nsyC4FD.tmp

          Filesize

          719B

          MD5

          3e5b2bd3e7efc93053677961b7828aa9

          SHA1

          e8cf45ab1188f73575db5f7900669e20dcdc44a0

          SHA256

          b9c860a007a95f328acf245ef9ce0f3b008e51e99fb69aeafaaf2dbcfc8155b4

          SHA512

          e8c894094ee635e177161ce6bfed94b768b7ead2a7bed89c31ad26b35b871e54969ec6f1a5c67a11f23ea79a7ecce7430e807b7e762904fc55bb4b36a72cb9f5

        • C:\Users\Admin\AppData\Local\Temp\nsyC63E.tmp

          Filesize

          236B

          MD5

          f23000f6c5e74bf3da77c72d173923c2

          SHA1

          90c9fd1c737e2d2312453ede82fccbffe9fcae08

          SHA256

          d25bf8d340711b557789a9b47e10301ebf45a11a6539771a68667debb7bd43a2

          SHA512

          262371df7bdcd487879a51284d7a43417746ba94524286b6149ecde9874f4599afb09bd1def4898d39bdbec44d65709bdbcdead5c30825b43e1257ed2dba8e00

        • C:\Users\Admin\AppData\Local\Temp\nsyC692.tmp

          Filesize

          575B

          MD5

          5a7d11a7cf849e0462633f6d421fcc89

          SHA1

          64e55990aec40e8996a36524e73f629d2a01fce5

          SHA256

          2d76f0c80bfd2f10f13bb68b95f1dcbba3871e6e8b6e93b09fae78a7a730412f

          SHA512

          b6af759603da3a8af9f511338acf78379c799d4f7146826e9370092168e2791ace08d639dd1da4549190eb1f89075e4604123f3efba2215f03bab7aa688c2b1e

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z3l10m6w.Admin\user.js

          Filesize

          431B

          MD5

          cf4866433341f8eb5c17c23854f94f38

          SHA1

          d7920dc91a718c9f905ed149f290ef5ada485c18

          SHA256

          1ad08ff14e17fe420902a50f8d3f27e0987c1f3b835b525c86599809ec4dad4b

          SHA512

          eaa2ef47b0cd952d4fd0c6b8999fa2b2ce2516bb03790c369e6f45af2a935e1f415502458f5e27dbbf1a6b21274e988b632e019c9abbf0c2296e182265edda6b

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z3l10m6w.Admin\user.js

          Filesize

          662B

          MD5

          6353d988043818d81955355eb7c22948

          SHA1

          83af747e86d6e765a190ab0d6e230e4e6d6ba3ec

          SHA256

          6860b61b5755c87168d3da710188ce2b1f1421ebb8383ca989db120f70e7e118

          SHA512

          7c37a95b7797ca7cac268154be6bf05033655ead91bfe4cd32e50df3748c82a7e6acb7d3f8fa87f2b592ff2b86d801a6ddf1f1f3cd19c00bb90f342eeff1945b

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z3l10m6w.Admin\user.js

          Filesize

          930B

          MD5

          8a071abcd37f0d158178cf454001d899

          SHA1

          b734db3ddbd0ed1642981aa9c4d071c7fc40507e

          SHA256

          34c0ae1c3da06cbc974a08cec5533df4a6fbbf2e906904e08b18e79bcb5e9208

          SHA512

          b76b929a346a4527c32bc88f5a962468acdb51aa980c64bd58ff14d4bc093d56783a6d5e835775be9aa0b333045399cedf19fd1a4f7d928435f956c76bb7101d

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z3l10m6w.default-release\user.js

          Filesize

          628B

          MD5

          f5a63991a2a0342d6ffee13e72c3942d

          SHA1

          edd524b24d74c3785d2e1e2937bb4ebb8850d750

          SHA256

          09a991f0f3b574dc23cd231a5cd264896f81ceb3b59cfd4ff4842adedf789933

          SHA512

          f6f2469f4994e1785b1ef765c554b6ecc72be802721328c3892ce8ec499b985ae64142895093ca720367377a0989bedfc6f8e578c4f92b9ba75418ec483d7628

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z3l10m6w.default-release\user.js

          Filesize

          730B

          MD5

          70557275e077d61aa86e8cac56fe1040

          SHA1

          27bdff16c865e274caf00df8363b04285cfd35c8

          SHA256

          bf4ac5534627c2fd7aa730cd8b6c83059eb107fa07f7b6e2687159ac685436bf

          SHA512

          98329ff46a13076fe29bcfcab27dfa59f6c2a00558b80e0dff23b364dddd1fd0e06fb7d7094fb4f853c8e6d935263335f79a8fb59b9c4403e1630db9f30a1418

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z3l10m6w.default-release\user.js

          Filesize

          181B

          MD5

          df7290a66caed5d59ee1cf3265c02aa5

          SHA1

          22058636eb1534ebace4b00f4db619615bdbd8e1

          SHA256

          45b54c9677d7d2b745ede9ce97b174d4335864618b73de65f04f1fb0dbe78000

          SHA512

          74eab2bdefed69a3b7eedcec98d5d1571bbc7bc7abf0bd23d622da5ba6476378d360a3dca28ffb89f30f16f679e49b7dae61cef5ae09e6c26d38453854465284

        • \Users\Admin\AppData\Local\Temp\nsoC331.tmp\System.dll

          Filesize

          11KB

          MD5

          c17103ae9072a06da581dec998343fc1

          SHA1

          b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

          SHA256

          dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

          SHA512

          d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

        • \Users\Admin\AppData\Local\Temp\nsoC331.tmp\Time.dll

          Filesize

          10KB

          MD5

          38977533750fe69979b2c2ac801f96e6

          SHA1

          74643c30cda909e649722ed0c7f267903558e92a

          SHA256

          b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

          SHA512

          e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

        • \Users\Admin\AppData\Local\Temp\nsoC331.tmp\mt.dll

          Filesize

          5KB

          MD5

          aac69f856c4540edd4ef7ce6c8571639

          SHA1

          2860f55ea9774d631219e66604051e90a43258b7

          SHA256

          6dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd

          SHA512

          ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd

        • \Users\Admin\AppData\Local\Temp\nsoC331.tmp\nsisos.dll

          Filesize

          5KB

          MD5

          69806691d649ef1c8703fd9e29231d44

          SHA1

          e2193fcf5b4863605eec2a5eb17bf84c7ac00166

          SHA256

          ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

          SHA512

          5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb