177da7fd9ca1cd14410bad2c87ae228ce5f234e9c0cbc375c399a929eab49f52

Analysis

max time kernel
118s
max time network
132s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
18-01-2025 08:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$PLUGINSDIR/DealioToolbar-stub-1.exe
Size

1.2MB
MD5

381735a69d098fc386afe60b4378d9a7
SHA1

c4e49699266788d9a7c0aec416daf7de509dd7dc
SHA256

61544878d48ae0d8fbe1dbe6444263996a4f2ebb6c075ed42a5740e5f5ffa2a1
SHA512

c92a378a5aaadc9776d2dddb9809e5c42bd63bf695547d67d93ac0441fc45963ed3b82c53e5fa1fcf7d516275218eb8b9513f6deb9ad32af13ef72fed72b520b
SSDEEP

24576:gMnea16HiW5Ean/KAgyFHre30v3TaP7QWFa+:gM9jWx/KmK3KTajZt

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DealioToolbar-stub-1.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2448	DealioToolbar-stub-1.exe

C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\DealioToolbar-stub-1.exe
"C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\DealioToolbar-stub-1.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:2448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_isB522.tmp

Filesize
1KB

MD5
fea4fb474de1b56f5db31a8a48c50b93

SHA1
97f5fcf2f9be485cb42cd5135f57b86ae81e36e0

SHA256
da202dc26ec34852ffe30c6e291a435b5cac303354611cd927c6f291d437994f

SHA512
b9bcf7977830dd5ba008906366b4e375c0450d3362a15eada02555ae2a7f1b14e4abc318e9c8c70f81d3fe87f6dcd7ced6b99e7a53de9ca9657836dd46a7d790

Download Submit
C:\Users\Admin\AppData\Local\Temp\{31B2DA12-F0C5-4F01-9900-7DC2EF4C9ECB}\0x0409.ini

Filesize
21KB

MD5
be345d0260ae12c5f2f337b17e07c217

SHA1
0976ba0982fe34f1c35a0974f6178e15c238ed7b

SHA256
e994689a13b9448c074f9b471edeec9b524890a0d82925e98ab90b658016d8f3

SHA512
77040dbee29be6b136a83b9e444d8b4f71ff739f7157e451778fb4fccb939a67ff881a70483de16bcb6ae1fea64a89e00711a33ec26f4d3eea8e16c9e9553eff

Download Submit
C:\Users\Admin\AppData\Local\Temp\{31B2DA12-F0C5-4F01-9900-7DC2EF4C9ECB}\Setup.INI

Filesize
5KB

MD5
e9ca542b993a2078cf18b17e878c0ff6

SHA1
2247eaa30b10c97cb80eb8c63f20425614d1d710

SHA256
70b0cfc6cdb09694da04f2447fe5bfc950766c4825c1dffa914daf5610169618

SHA512
cf8e58a0efe472a10301587eff34d6f5e2a174ef884a4f0545d0b0b64243fe2a7f531cfc3fad7a78ba006abfa4ad3998435509023cb93800fe414727041b0931

Download Submit
C:\Users\Admin\AppData\Local\Temp\{31B2DA12-F0C5-4F01-9900-7DC2EF4C9ECB}\_ISMSIDEL.INI

Filesize
592B

MD5
89cb5c39b64fe183152d59da08c59948

SHA1
6a32b5b821aa1eadc2a337b5e9964240c64a95e9

SHA256
a885e9c65f6867d42928f9ca8d1eabac0ec5dc00664ce3967a84fb3dc3989477

SHA512
177a3d7356198685b9b5400e9353f79e1ab0c91c3882648f4a117d7993f32eca9523ab5f3000595bdc4c9df444f495f40ff1dd364b8f06e6d096c91c48592ea2

Download Submit