Overview
overview
7Static
static
3Resources/...er.dll
windows7-x64
3Resources/...er.dll
windows10-2004-x64
3Toastify.exe
windows7-x64
1Toastify.exe
windows10-2004-x64
1Toastify.exe
windows7-x64
3Toastify.exe
windows10-2004-x64
7runtimes/b...eb.dll
windows7-x64
1runtimes/b...eb.dll
windows10-2004-x64
1runtimes/w...es.dll
windows7-x64
1runtimes/w...es.dll
windows10-2004-x64
1runtimes/w...nt.dll
windows7-x64
1runtimes/w...nt.dll
windows10-2004-x64
1Analysis
-
max time kernel
140s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
15/10/2024, 05:57
Static task
static1
Behavioral task
behavioral1
Sample
Resources/ManagedWinapiNativeHelper.dll
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral2
Sample
Resources/ManagedWinapiNativeHelper.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Toastify.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral4
Sample
Toastify.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Toastify.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral6
Sample
Toastify.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
runtimes/browser/lib/net6.0/System.Text.Encodings.Web.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral8
Sample
runtimes/browser/lib/net6.0/System.Text.Encodings.Web.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
runtimes/win/lib/net6.0/System.Diagnostics.EventLog.Messages.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral10
Sample
runtimes/win/lib/net6.0/System.Diagnostics.EventLog.Messages.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
runtimes/win/lib/net6.0/System.Management.dll
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral12
Sample
runtimes/win/lib/net6.0/System.Management.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
General
-
Target
Toastify.exe
-
Size
195KB
-
MD5
58d404490e4b55dbbadef8061afb8512
-
SHA1
79dff8fde694fa7e4327733f6c43dd42788ed4ea
-
SHA256
a6ca59d2f73992a3ab2e4649561cbeb61bac8da1d8facd7be0e3b6c7ad306983
-
SHA512
113c9ee440acfdc8cb03a624710fb2efad74f747f97dad7bc413feeb334a4081a76049d459450402779349caecfd5916a2923bf64c0efc25163cc1ba9f02af34
-
SSDEEP
3072:Jczkitvo4BpYN/6mBPry8TXROLdW5m4mURu9OOGj0kBQGp17Ei9mi5jx:JA4NCmBPry/N2KOO6ZpD9
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation Toastify.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 3848 Toastify.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3848 Toastify.exe -
Suspicious use of FindShellTrayWindow 53 IoCs
pid Process 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe -
Suspicious use of SendNotifyMessage 53 IoCs
pid Process 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe 3848 Toastify.exe