Overview
overview
7Static
static
7JaffaCakes...3b.exe
windows7-x64
7JaffaCakes...3b.exe
windows10-2004-x64
7$LOCALAPPD...ds.exe
windows7-x64
7$LOCALAPPD...ds.exe
windows10-2004-x64
7$PLUGINSDI...Ex.dll
windows7-x64
3$PLUGINSDI...Ex.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...ad.dll
windows7-x64
3$PLUGINSDI...ad.dll
windows10-2004-x64
3$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...es.dll
windows7-x64
3$PLUGINSDI...es.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/Time.dll
windows7-x64
3$PLUGINSDIR/Time.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...ef.dll
windows7-x64
3$PLUGINSDI...ef.dll
windows10-2004-x64
3$PLUGINSDIR/mt.dll
windows7-x64
3$PLUGINSDIR/mt.dll
windows10-2004-x64
3$PLUGINSDI...os.dll
windows7-x64
3$PLUGINSDI...os.dll
windows10-2004-x64
3FM4ffx.exe
windows7-x64
7FM4ffx.exe
windows10-2004-x64
7$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3Analysis
-
max time kernel
93s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
19/01/2025, 18:43
Behavioral task
behavioral1
Sample
JaffaCakes118_cfe4e2914eeb43cf09a993c82311273b.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_cfe4e2914eeb43cf09a993c82311273b.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$LOCALAPPDATA/funmoods.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$LOCALAPPDATA/funmoods.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/ExtractDLLEx.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/ExtractDLLEx.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/IEFunctions.dll
Resource
win7-20241023-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/IEFunctions.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/InetLoad.dll
Resource
win7-20241010-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/InetLoad.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/Processes.dll
Resource
win7-20241023-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/Processes.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/Time.dll
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/Time.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/chrmPref.dll
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/chrmPref.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/mt.dll
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/mt.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/nsisos.dll
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/nsisos.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
FM4ffx.exe
Resource
win7-20241023-en
Behavioral task
behavioral28
Sample
FM4ffx.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/System.dll
Resource
win7-20241010-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
General
-
Target
FM4ffx.exe
-
Size
319KB
-
MD5
fe768a6b82ed2a59c58254eae67b8cf9
-
SHA1
3dad9bf5011fb73b9be2fe6c601bb6281a3ceaf6
-
SHA256
3ac3c700060a0487060724f3fd22faf70d5f633e69401641964d7ba4d6e6e570
-
SHA512
3d8caadc61ea127bd0e3d01f35274a2ebfa34a0ac12b0932988300d011347f74a09c2bf3c85e58bfbe5200288c6e6f100b4f08916d23e56d7b52a70130aad14b
-
SSDEEP
6144:Ve34G2ct7JdUwA2UL4iCPfAHfWpR+0BmiBEaiXLoyX:Et9BHjAupYMmyk7R
Malware Config
Signatures
-
Loads dropped DLL 64 IoCs
pid Process 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe 1504 FM4ffx.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language FM4ffx.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
431B
MD52aafcc9f2af5e093e8e63b61ab72b2a8
SHA1feea750dd09498c95b5b73ac15d599a0bdea5c6c
SHA25621e219ddee3b9fc7a32fb441d41edce22a5dcd67832865c087228265e93962c5
SHA5128a2493572a3d3b651f943efe0b51bc0bdfcc163ae52d3cb9ba7e8729bf34574c306a0a1ac559f7496ffe83cc46f0fca29360c94ebb2a76f67c08f562863c2ed6
-
Filesize
575B
MD5bd06869820a524f379e6d9855f794dae
SHA16d6e40a2ac9a22a45b8fbebae5f39071f150de38
SHA2564669b7e9892078534e01779de41c18b56ca1f18b5dbf106680a0316c8b192701
SHA512632a62b82d45515827a101b997fe95d55d40e3a291b5c6b667a5d2618aaff7efe4cf536cb8f4bb626fc2d9bde7c35005369df5ac6f49e4cd722f0a9181b81da2
-
Filesize
11KB
MD5c17103ae9072a06da581dec998343fc1
SHA1b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
SHA256dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
SHA512d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
Filesize
10KB
MD538977533750fe69979b2c2ac801f96e6
SHA174643c30cda909e649722ed0c7f267903558e92a
SHA256b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35
SHA512e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53
-
Filesize
5KB
MD5aac69f856c4540edd4ef7ce6c8571639
SHA12860f55ea9774d631219e66604051e90a43258b7
SHA2566dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd
SHA512ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd
-
Filesize
5KB
MD569806691d649ef1c8703fd9e29231d44
SHA1e2193fcf5b4863605eec2a5eb17bf84c7ac00166
SHA256ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6
SHA5125e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb
-
Filesize
541B
MD511ac5af2392becff7b55231636738d41
SHA1feea079ef606ca88246294ce90131ca33261f7aa
SHA256af7c8be029e207c465b60d1e36fd5ea02cdd6b02d4dc7007ce0362613f956fb4
SHA512f07af33d0f202d155079c59789559f379aa1af90dcec4dd8a2d14b84a5ecf9acd620ac4983560f32dba63114b5588508697297b54a0759783ea06f945a14ce0e
-
Filesize
878B
MD5438093665db213dcee85e208cc3d38ce
SHA124ebd4827c268632582bd631aa9547b57bf8cef3
SHA256eb087d71423ae58226529655d58bd8d15d8bff3ae2861d718183cd6882bf6bf9
SHA512424eceef8edd7e580c3a7424ebd2bb5b377fcc3a556e99b67af500839674f4c5807421c3431046d1dd71089d8f09ba6377de315bb9f1754b63e05d5c06d22b1b
-
Filesize
680B
MD53d407f3b68e8e1074b76651f9a78e2b1
SHA13c33761c34abfc73d7ac6c8c68b8b8680f5d84b7
SHA2563ec1b1413d1290f4c6dff27065c7a74c87c124baafb5428e481c89a62db17c70
SHA512fb53b9352a7f2da8124d349d6b0cdea2cd64667da67d3d8369e17a82ad91e5ee568c5606830dbcbe525957e9771a7a7d0066c92553481a9e4ee2f7cccca982eb
-
Filesize
825B
MD535a712d9c54071b726f175a2fd3e59b6
SHA1b64f78ea35a7112669d282681240aa90dc8ee4da
SHA256abb1152d119daca6d9d36170d30a16d8b7d68bb2c1753d088cc0ed0414c7bd53
SHA512ccc834c3f96c389e2ff8e14c29d898134c2a738bb9c8f289de64c2652da6fe527e884d8be2c0cf30570c8725c584e855a0e81044c564bb479961121639c62076
-
Filesize
486B
MD5babdc2d45dfbfaf95a4dca12c4eeb499
SHA1147ca5e52818166dff58213bb1e006be117a022e
SHA256dffd0d7dab70b41f4cd839dd4fd426672378f234abf1c7663d6316df7daf749e
SHA51295d742b6ff658244a5a09ae9c11712e254f9664557ff8b5653cd1db88ccd8e34c21d2243846a6533fa58002e45dbc9f755e222bcdb71b3ab147abce3c58061a3
-
Filesize
980B
MD5967a92d9baacda49b77703f4cf7d66e7
SHA1cb7fea99189cc2397b3b324a71cd15cf061cb0cd
SHA2562fec90c910bc196f02d0f2e86b7432d07a80a4b70d88c655bf0624648b788ada
SHA512c746bce5669cf182354d00618a122f07970ef4d2059019dc47a2769c6fbbf8483608b0c0e5dcbbb814cf9d6f8936e735b6fc3a177c6d4d75ac3011e4c18964e2
-
Filesize
628B
MD5a96c61425d7d5fbd82caedfc27250c29
SHA1d34bf018cc12641db81acec106a0c4ca6f332312
SHA256e0f834c6ed550dbc84785b4b25f7c679b69ba9b9342572c08e466c343e770986
SHA5123dd63f9ee678b783cb04d00423ca89b73fca1c28ea00e2b804b400b910519c2ddb203aa187ab58802e2f44ffbf3497a2fff3b783526a46941aba18e8f284f3ce
-
Filesize
597B
MD529666a5784635e45f867cd7893744dc9
SHA1e077f2794f5014af3f583627ae6af012372e0954
SHA256f55abead3966c8be72cf080c99b789cc1f0e3dc6e3cb90bde66862b0798de7f4
SHA5125d47f70867179cccec9386262dfac245fe3dbc2f15efd6b1dff5b9732127118b0d5d3f8da928128398f192acaea7902820fbfa282dfda2db7795d9539d2298dc
-
Filesize
774B
MD58abfd3ecbfe388766cfa9a05f59ddf16
SHA133e9e7ae8c0530a4c33fbb1395124e038360d2ef
SHA256240803f9148a8a7106379ae0106465e1436da315e8cbbb3b680ca6cca0f7e69a
SHA512bab9f5f3f366d42c89581e989d4d366e739c3d18035248ef5139a6d3a7e41b4fefbae3f4068f121894460777745cf700d810c83c557d8845648da432d4486b0c
-
Filesize
347B
MD5358ff4facaa2866ffcb21618d05119aa
SHA1907ba690cd5af3dec5cd15b09b19e250988710d9
SHA256bbd19ef17161f858923693577894c243dd5e0cd665cdc4cb7bc3976d9760bd6f
SHA512b2003a0b3210814514d1cc8fd06b718088189d22f8fda998d512b19a4c0888f065f1498d12dadb328828644e8736d0c5db925f3a9dacc62c97bf2d90ca3e32d3
-
Filesize
730B
MD58d00db69a56bb6d389774748af519b1d
SHA16ae3ceadbbed69e3ef7ad0621c96e567dcbc06fc
SHA25669ac561de54685b04135c6ed620a6cf5ff7995f366b0f87b4715b072108362cf
SHA5120bdeff65e2c1d74af957d995066669837d73e67a69b6e8dd3bdc35461b7afc42a527e36c8742e4e58c3e760b45a42709a575d3d4b3c575a0c8c320435f7740b1
-
Filesize
779B
MD52ccc411bb7945b349f1c6a05c4f2859b
SHA1ccac166c52df09359c3b63771c14f3b364eff7b1
SHA256fd05925766783119cee0d0809ab5bf0192b92efe6f1c7ce2ea4dd7ebdaca23db
SHA512f710a19603aab63f8d66516ca3ec9be4b16a2054ea6d1f9a9231b456640c0a2fd552281283635c084e2818b0d77d425008d4192c2f6732c6a941e892e14e29d5
-
Filesize
719B
MD5ec12441ba0aacf41fade18b2db8d104a
SHA1f3fae88fbf731f7512b2002bb93e7a522e087932
SHA256f8602642b5b66b24a76c9dc44142b844c0b6b0ded13532a951fe47e4755b0ee6
SHA51228737503c7dd598e5b362029a54add41c66cd1c64b05f3a896709e2b5703c2d496e965f8ade9d4fbacf258e0eb0f34f610d9271d2c8654394871d56681993591
-
Filesize
930B
MD5138470fcada0e4e43d603c39355df265
SHA127dca800817a097cfec45a3587a1c072c5ce8676
SHA25672d00357e5ad20b68d3063c52f6fe0b1320f2ca2e6bc95b0fb04791887ea9302
SHA512c519837b41237dcbb846a0c4e6aec1ac5464c831f03d70840fc6643fa6fc13f96b60b6c00f07a4447675b5b8b81f323dcbc71a3eeb71f4cd44ede9a030622fa6
-
Filesize
469B
MD5ae05d7cb42ea43c24c4e2a24be013c63
SHA13b85d6687be240a15b782089d8f700f7a292f84c
SHA256d72ab773c5d548009d7772c4fcae0ea55eacddd855d53388a3e8c139573ee31d
SHA512590f46525196c15538a779a75ad8c3a87a8588f708c35d28fcd6062a473f7a1ecdc5e13ad15cf3f31c5d66e1cfb62103f09ac78532e5b6e9c9b0bc16684e2f33
-
Filesize
291B
MD5ce0220ef06d5a62881bf4fef8bb3df4b
SHA10352ccfdcbae80a245f0432c5301bd8961033fab
SHA2565794978bf16b8a46d15cbbd5f9162004372a33d8294a34fa1c8d97d01ef24a88
SHA512ed991799030d385ad2a41faf123842ea7fee9d5a4e7f56a1848af2da1ee49192d97e5782c362619ac8bd63d57e462c543bde7f8ed4c7b07bbdfd302fbfbd7b5b