Analysis

  • max time kernel
    93s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/01/2025, 18:43

General

  • Target

    FM4ffx.exe

  • Size

    319KB

  • MD5

    fe768a6b82ed2a59c58254eae67b8cf9

  • SHA1

    3dad9bf5011fb73b9be2fe6c601bb6281a3ceaf6

  • SHA256

    3ac3c700060a0487060724f3fd22faf70d5f633e69401641964d7ba4d6e6e570

  • SHA512

    3d8caadc61ea127bd0e3d01f35274a2ebfa34a0ac12b0932988300d011347f74a09c2bf3c85e58bfbe5200288c6e6f100b4f08916d23e56d7b52a70130aad14b

  • SSDEEP

    6144:Ve34G2ct7JdUwA2UL4iCPfAHfWpR+0BmiBEaiXLoyX:Et9BHjAupYMmyk7R

Malware Config

Signatures

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe
    "C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:1504

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nsaBAC8.tmp

          Filesize

          431B

          MD5

          2aafcc9f2af5e093e8e63b61ab72b2a8

          SHA1

          feea750dd09498c95b5b73ac15d599a0bdea5c6c

          SHA256

          21e219ddee3b9fc7a32fb441d41edce22a5dcd67832865c087228265e93962c5

          SHA512

          8a2493572a3d3b651f943efe0b51bc0bdfcc163ae52d3cb9ba7e8729bf34574c306a0a1ac559f7496ffe83cc46f0fca29360c94ebb2a76f67c08f562863c2ed6

        • C:\Users\Admin\AppData\Local\Temp\nsbBCB1.tmp

          Filesize

          575B

          MD5

          bd06869820a524f379e6d9855f794dae

          SHA1

          6d6e40a2ac9a22a45b8fbebae5f39071f150de38

          SHA256

          4669b7e9892078534e01779de41c18b56ca1f18b5dbf106680a0316c8b192701

          SHA512

          632a62b82d45515827a101b997fe95d55d40e3a291b5c6b667a5d2618aaff7efe4cf536cb8f4bb626fc2d9bde7c35005369df5ac6f49e4cd722f0a9181b81da2

        • C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\System.dll

          Filesize

          11KB

          MD5

          c17103ae9072a06da581dec998343fc1

          SHA1

          b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

          SHA256

          dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

          SHA512

          d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

        • C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\Time.dll

          Filesize

          10KB

          MD5

          38977533750fe69979b2c2ac801f96e6

          SHA1

          74643c30cda909e649722ed0c7f267903558e92a

          SHA256

          b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

          SHA512

          e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

        • C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\mt.dll

          Filesize

          5KB

          MD5

          aac69f856c4540edd4ef7ce6c8571639

          SHA1

          2860f55ea9774d631219e66604051e90a43258b7

          SHA256

          6dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd

          SHA512

          ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd

        • C:\Users\Admin\AppData\Local\Temp\nsfBA48.tmp\nsisos.dll

          Filesize

          5KB

          MD5

          69806691d649ef1c8703fd9e29231d44

          SHA1

          e2193fcf5b4863605eec2a5eb17bf84c7ac00166

          SHA256

          ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

          SHA512

          5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb

        • C:\Users\Admin\AppData\Local\Temp\nsgBAEA.tmp

          Filesize

          541B

          MD5

          11ac5af2392becff7b55231636738d41

          SHA1

          feea079ef606ca88246294ce90131ca33261f7aa

          SHA256

          af7c8be029e207c465b60d1e36fd5ea02cdd6b02d4dc7007ce0362613f956fb4

          SHA512

          f07af33d0f202d155079c59789559f379aa1af90dcec4dd8a2d14b84a5ecf9acd620ac4983560f32dba63114b5588508697297b54a0759783ea06f945a14ce0e

        • C:\Users\Admin\AppData\Local\Temp\nsgBB8C.tmp

          Filesize

          878B

          MD5

          438093665db213dcee85e208cc3d38ce

          SHA1

          24ebd4827c268632582bd631aa9547b57bf8cef3

          SHA256

          eb087d71423ae58226529655d58bd8d15d8bff3ae2861d718183cd6882bf6bf9

          SHA512

          424eceef8edd7e580c3a7424ebd2bb5b377fcc3a556e99b67af500839674f4c5807421c3431046d1dd71089d8f09ba6377de315bb9f1754b63e05d5c06d22b1b

        • C:\Users\Admin\AppData\Local\Temp\nsgBCD2.tmp

          Filesize

          680B

          MD5

          3d407f3b68e8e1074b76651f9a78e2b1

          SHA1

          3c33761c34abfc73d7ac6c8c68b8b8680f5d84b7

          SHA256

          3ec1b1413d1290f4c6dff27065c7a74c87c124baafb5428e481c89a62db17c70

          SHA512

          fb53b9352a7f2da8124d349d6b0cdea2cd64667da67d3d8369e17a82ad91e5ee568c5606830dbcbe525957e9771a7a7d0066c92553481a9e4ee2f7cccca982eb

        • C:\Users\Admin\AppData\Local\Temp\nslBB5C.tmp

          Filesize

          825B

          MD5

          35a712d9c54071b726f175a2fd3e59b6

          SHA1

          b64f78ea35a7112669d282681240aa90dc8ee4da

          SHA256

          abb1152d119daca6d9d36170d30a16d8b7d68bb2c1753d088cc0ed0414c7bd53

          SHA512

          ccc834c3f96c389e2ff8e14c29d898134c2a738bb9c8f289de64c2652da6fe527e884d8be2c0cf30570c8725c584e855a0e81044c564bb479961121639c62076

        • C:\Users\Admin\AppData\Local\Temp\nsqBAD9.tmp

          Filesize

          486B

          MD5

          babdc2d45dfbfaf95a4dca12c4eeb499

          SHA1

          147ca5e52818166dff58213bb1e006be117a022e

          SHA256

          dffd0d7dab70b41f4cd839dd4fd426672378f234abf1c7663d6316df7daf749e

          SHA512

          95d742b6ff658244a5a09ae9c11712e254f9664557ff8b5653cd1db88ccd8e34c21d2243846a6533fa58002e45dbc9f755e222bcdb71b3ab147abce3c58061a3

        • C:\Users\Admin\AppData\Local\Temp\nsqBBCC.tmp

          Filesize

          980B

          MD5

          967a92d9baacda49b77703f4cf7d66e7

          SHA1

          cb7fea99189cc2397b3b324a71cd15cf061cb0cd

          SHA256

          2fec90c910bc196f02d0f2e86b7432d07a80a4b70d88c655bf0624648b788ada

          SHA512

          c746bce5669cf182354d00618a122f07970ef4d2059019dc47a2769c6fbbf8483608b0c0e5dcbbb814cf9d6f8936e735b6fc3a177c6d4d75ac3011e4c18964e2

        • C:\Users\Admin\AppData\Local\Temp\nsrBCC2.tmp

          Filesize

          628B

          MD5

          a96c61425d7d5fbd82caedfc27250c29

          SHA1

          d34bf018cc12641db81acec106a0c4ca6f332312

          SHA256

          e0f834c6ed550dbc84785b4b25f7c679b69ba9b9342572c08e466c343e770986

          SHA512

          3dd63f9ee678b783cb04d00423ca89b73fca1c28ea00e2b804b400b910519c2ddb203aa187ab58802e2f44ffbf3497a2fff3b783526a46941aba18e8f284f3ce

        • C:\Users\Admin\AppData\Local\Temp\nsvBAFA.tmp

          Filesize

          597B

          MD5

          29666a5784635e45f867cd7893744dc9

          SHA1

          e077f2794f5014af3f583627ae6af012372e0954

          SHA256

          f55abead3966c8be72cf080c99b789cc1f0e3dc6e3cb90bde66862b0798de7f4

          SHA512

          5d47f70867179cccec9386262dfac245fe3dbc2f15efd6b1dff5b9732127118b0d5d3f8da928128398f192acaea7902820fbfa282dfda2db7795d9539d2298dc

        • C:\Users\Admin\AppData\Local\Temp\nsvBB4B.tmp

          Filesize

          774B

          MD5

          8abfd3ecbfe388766cfa9a05f59ddf16

          SHA1

          33e9e7ae8c0530a4c33fbb1395124e038360d2ef

          SHA256

          240803f9148a8a7106379ae0106465e1436da315e8cbbb3b680ca6cca0f7e69a

          SHA512

          bab9f5f3f366d42c89581e989d4d366e739c3d18035248ef5139a6d3a7e41b4fefbae3f4068f121894460777745cf700d810c83c557d8845648da432d4486b0c

        • C:\Users\Admin\AppData\Local\Temp\nswBC8E.tmp

          Filesize

          347B

          MD5

          358ff4facaa2866ffcb21618d05119aa

          SHA1

          907ba690cd5af3dec5cd15b09b19e250988710d9

          SHA256

          bbd19ef17161f858923693577894c243dd5e0cd665cdc4cb7bc3976d9760bd6f

          SHA512

          b2003a0b3210814514d1cc8fd06b718088189d22f8fda998d512b19a4c0888f065f1498d12dadb328828644e8736d0c5db925f3a9dacc62c97bf2d90ca3e32d3

        • C:\Users\Admin\AppData\Local\Temp\nswBCE3.tmp

          Filesize

          730B

          MD5

          8d00db69a56bb6d389774748af519b1d

          SHA1

          6ae3ceadbbed69e3ef7ad0621c96e567dcbc06fc

          SHA256

          69ac561de54685b04135c6ed620a6cf5ff7995f366b0f87b4715b072108362cf

          SHA512

          0bdeff65e2c1d74af957d995066669837d73e67a69b6e8dd3bdc35461b7afc42a527e36c8742e4e58c3e760b45a42709a575d3d4b3c575a0c8c320435f7740b1

        • C:\Users\Admin\AppData\Local\Temp\nswBCE4.tmp

          Filesize

          779B

          MD5

          2ccc411bb7945b349f1c6a05c4f2859b

          SHA1

          ccac166c52df09359c3b63771c14f3b364eff7b1

          SHA256

          fd05925766783119cee0d0809ab5bf0192b92efe6f1c7ce2ea4dd7ebdaca23db

          SHA512

          f710a19603aab63f8d66516ca3ec9be4b16a2054ea6d1f9a9231b456640c0a2fd552281283635c084e2818b0d77d425008d4192c2f6732c6a941e892e14e29d5

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vobr65rb.Admin\user.js

          Filesize

          719B

          MD5

          ec12441ba0aacf41fade18b2db8d104a

          SHA1

          f3fae88fbf731f7512b2002bb93e7a522e087932

          SHA256

          f8602642b5b66b24a76c9dc44142b844c0b6b0ded13532a951fe47e4755b0ee6

          SHA512

          28737503c7dd598e5b362029a54add41c66cd1c64b05f3a896709e2b5703c2d496e965f8ade9d4fbacf258e0eb0f34f610d9271d2c8654394871d56681993591

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vobr65rb.Admin\user.js

          Filesize

          930B

          MD5

          138470fcada0e4e43d603c39355df265

          SHA1

          27dca800817a097cfec45a3587a1c072c5ce8676

          SHA256

          72d00357e5ad20b68d3063c52f6fe0b1320f2ca2e6bc95b0fb04791887ea9302

          SHA512

          c519837b41237dcbb846a0c4e6aec1ac5464c831f03d70840fc6643fa6fc13f96b60b6c00f07a4447675b5b8b81f323dcbc71a3eeb71f4cd44ede9a030622fa6

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\user.js

          Filesize

          469B

          MD5

          ae05d7cb42ea43c24c4e2a24be013c63

          SHA1

          3b85d6687be240a15b782089d8f700f7a292f84c

          SHA256

          d72ab773c5d548009d7772c4fcae0ea55eacddd855d53388a3e8c139573ee31d

          SHA512

          590f46525196c15538a779a75ad8c3a87a8588f708c35d28fcd6062a473f7a1ecdc5e13ad15cf3f31c5d66e1cfb62103f09ac78532e5b6e9c9b0bc16684e2f33

        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\user.js

          Filesize

          291B

          MD5

          ce0220ef06d5a62881bf4fef8bb3df4b

          SHA1

          0352ccfdcbae80a245f0432c5301bd8961033fab

          SHA256

          5794978bf16b8a46d15cbbd5f9162004372a33d8294a34fa1c8d97d01ef24a88

          SHA512

          ed991799030d385ad2a41faf123842ea7fee9d5a4e7f56a1848af2da1ee49192d97e5782c362619ac8bd63d57e462c543bde7f8ed4c7b07bbdfd302fbfbd7b5b