e678899d7ea9702184167b56655f91a69f8a0bdc9df65612762252c053c2cd7c

Analysis

max time kernel
1799s
max time network
1589s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
13-05-2023 12:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

hfs.exe
Size

2.1MB
MD5

9e8557e98ed1269372ff0ace91d63477
SHA1

d0c4192b65e36553f6fd2b83f3123f6ae8380dac
SHA256

e678899d7ea9702184167b56655f91a69f8a0bdc9df65612762252c053c2cd7c
SHA512

c1a338c0414ac68d7ce24df06f3b665a56feae15063332324fea3250f1e77c19209ea3d89fe3a06d48974cce70bd9c65d59b7e2fbaf27c3f01ac2e898057e9ec
SSDEEP

49152:UR0LvNmmh9otEKMx9XSNVBOw+V4UvEbAThhiqvyo98ZcW7SZ:UR0xmmh9GEKgpSNVBr72QN

Score

1^/10

Malware Config

Signatures

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

hfs.exe

pid	process
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

hfs.exe

pid	process
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe
420	hfs.exe

C:\Users\Admin\AppData\Local\Temp\hfs.exe
"C:\Users\Admin\AppData\Local\Temp\hfs.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/420-117-0x00000000007E0000-0x00000000007E1000-memory.dmp

Filesize
4KB

Download
memory/420-121-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-122-0x00000000007E0000-0x00000000007E1000-memory.dmp

Filesize
4KB

Download
memory/420-123-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-124-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-125-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-126-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-127-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-131-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-133-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-134-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-135-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-136-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-137-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-138-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-139-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-140-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-141-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-142-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-143-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-144-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-145-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-146-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-147-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-148-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-149-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-150-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-151-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-152-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-153-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-154-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-155-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-156-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-157-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-158-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-159-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-160-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-161-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-162-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-163-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-164-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-165-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-166-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-167-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-168-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-169-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-170-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-171-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-172-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-173-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-174-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-175-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-176-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-177-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-178-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-179-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-180-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-181-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-182-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-183-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-184-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-185-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-186-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-187-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-188-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download
memory/420-189-0x0000000000400000-0x0000000000625000-memory.dmp

Filesize
2.1MB

Download