Overview

overview

7

Static

static

7

HomeFileSe...FS.exe

windows7-x64

7

HomeFileSe...FS.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31-12-2023 06:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    HomeFileServer/HFS.exe

  • Size

    559KB

  • MD5

    6e491a7fecb845974f8f6f65b419c7b1

  • SHA1

    e16eac79f4bea4fe848bc5248a59765d1939a76b

  • SHA256

    93019ff4c7f345b6b03ada2c60efc51f0f199f5356d8bf1b85cd9649420fa84f

  • SHA512

    3c73a0cf881017bc22ba529e5a79b6f2466882656cd89d1e7e0d676654a3d80b5ef2b349e5f3b0ce37748dc49f78be4752bd3232b6b2d7c6aa54a1e9b6144357

  • SSDEEP

    12288:jWyRIHZ4IpOvxv/7zQlgGzEB9s5IMTyOIFlm2N72oelMc:KlOZ+LgXdF2FOc

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 15 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\HomeFileServer\HFS.exe
    "C:\Users\Admin\AppData\Local\Temp\HomeFileServer\HFS.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2640

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2640-0-0x0000000000400000-0x00000000005B0000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2640-1-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2640-4-0x0000000000400000-0x00000000005B0000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2640-5-0x0000000000400000-0x00000000005B0000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2640-6-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2640-7-0x0000000000400000-0x00000000005B0000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2640-8-0x0000000000400000-0x00000000005B0000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2640-9-0x0000000000400000-0x00000000005B0000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2640-10-0x0000000000400000-0x00000000005B0000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2640-11-0x0000000000400000-0x00000000005B0000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2640-12-0x0000000000400000-0x00000000005B0000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2640-13-0x0000000000400000-0x00000000005B0000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2640-14-0x0000000000400000-0x00000000005B0000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2640-15-0x0000000000400000-0x00000000005B0000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2640-16-0x0000000000400000-0x00000000005B0000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2640-17-0x0000000000400000-0x00000000005B0000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2640-18-0x0000000000400000-0x00000000005B0000-memory.dmp

    Filesize

    1.7MB

    Download