Analysis
-
max time kernel
167s -
max time network
191s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
31/12/2023, 06:52
Behavioral task
behavioral1
Sample
HomeFileServer/HFS.exe
Resource
win7-20231215-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
HomeFileServer/HFS.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
HomeFileServer/HFS.exe
-
Size
559KB
-
MD5
6e491a7fecb845974f8f6f65b419c7b1
-
SHA1
e16eac79f4bea4fe848bc5248a59765d1939a76b
-
SHA256
93019ff4c7f345b6b03ada2c60efc51f0f199f5356d8bf1b85cd9649420fa84f
-
SHA512
3c73a0cf881017bc22ba529e5a79b6f2466882656cd89d1e7e0d676654a3d80b5ef2b349e5f3b0ce37748dc49f78be4752bd3232b6b2d7c6aa54a1e9b6144357
-
SSDEEP
12288:jWyRIHZ4IpOvxv/7zQlgGzEB9s5IMTyOIFlm2N72oelMc:KlOZ+LgXdF2FOc
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/3908-0-0x0000000000400000-0x00000000005B0000-memory.dmp upx behavioral2/memory/3908-1-0x0000000000400000-0x00000000005B0000-memory.dmp upx behavioral2/memory/3908-2-0x0000000000400000-0x00000000005B0000-memory.dmp upx behavioral2/memory/3908-3-0x0000000000400000-0x00000000005B0000-memory.dmp upx behavioral2/memory/3908-5-0x0000000000400000-0x00000000005B0000-memory.dmp upx behavioral2/memory/3908-8-0x0000000000400000-0x00000000005B0000-memory.dmp upx behavioral2/memory/3908-9-0x0000000000400000-0x00000000005B0000-memory.dmp upx behavioral2/memory/3908-12-0x0000000000400000-0x00000000005B0000-memory.dmp upx behavioral2/memory/3908-13-0x0000000000400000-0x00000000005B0000-memory.dmp upx behavioral2/memory/3908-14-0x0000000000400000-0x00000000005B0000-memory.dmp upx behavioral2/memory/3908-15-0x0000000000400000-0x00000000005B0000-memory.dmp upx behavioral2/memory/3908-16-0x0000000000400000-0x00000000005B0000-memory.dmp upx behavioral2/memory/3908-17-0x0000000000400000-0x00000000005B0000-memory.dmp upx behavioral2/memory/3908-18-0x0000000000400000-0x00000000005B0000-memory.dmp upx behavioral2/memory/3908-19-0x0000000000400000-0x00000000005B0000-memory.dmp upx behavioral2/memory/3908-20-0x0000000000400000-0x00000000005B0000-memory.dmp upx -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 92 checkip.dyndns.org -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3908 HFS.exe -
Suspicious use of FindShellTrayWindow 45 IoCs
pid Process 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe -
Suspicious use of SendNotifyMessage 45 IoCs
pid Process 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe 3908 HFS.exe