2ae166f7a476be2f7e635be4972a151d591319798105b4ab7153898bbd025cbe

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
02/09/2024, 01:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LayetuFixedd.exe
Size

79.2MB
MD5

899e7fbb94dfec366be227daf0f375a7
SHA1

008b0d4ea23244812ad957a3c5ad93db7bf4cede
SHA256

9b29b25bcf1f1c77df7a60109e30873dcfcff439152f18136fa77168712a7966
SHA512

222fa0b356b944f1531f84251275bbed1dc919e8b3ad4c830d9fd26df191e8ac4695188ad86d59e947d09d33d3b388cbd2b138bd589ff46c684a1a4205369737
SSDEEP

1572864:96LBYHwmDo/8avRWbYQHaZHBFdNYZvpXuyp3uOtWqwP:4uQL8avMbRHazFCHYAn4

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
1728	LayetuFixedd.exe
1728	LayetuFixedd.exe
1728	LayetuFixedd.exe
1728	LayetuFixedd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LayetuFixedd.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1728	LayetuFixedd.exe

C:\Users\Admin\AppData\Local\Temp\LayetuFixedd.exe
"C:\Users\Admin\AppData\Local\Temp\LayetuFixedd.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:1728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsdC2A4.tmp\StdUtils.dll

Filesize
93KB

MD5
21d805663834f61cb443545b8883faf2

SHA1
b222c5ca1e4cb8a7bff7eb7b78d46b8d99bf71e1

SHA256
c18b46a68436d164c964ba9b208e5c27ccc50e6a5a2db115e8fb086663b5308f

SHA512
37836150ef2837f69b82399024d0b93dbdac992971c7fe7b50959107c0520f5874d45f4230f08554514e3bd6a76d6e35c55c8afd53f993aba18f77475ef02001

Download Submit
\Users\Admin\AppData\Local\Temp\nsdC2A4.tmp\System.dll

Filesize
11KB

MD5
fbe295e5a1acfbd0a6271898f885fe6a

SHA1
d6d205922e61635472efb13c2bb92c9ac6cb96da

SHA256
a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1

SHA512
2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06

Download Submit
\Users\Admin\AppData\Local\Temp\nsdC2A4.tmp\UAC.dll

Filesize
14KB

MD5
4814167aa1c7ec892e84907094646faa

SHA1
a57a5ecbdfa9a8777a3c587f1acb02b783afc5ee

SHA256
32dd7269abf5a0e5db888e307d9df313e87cef4f1b597965a9d8e00934658822

SHA512
fb1f35e393997ecd2301f371892b59574ee6b666095c3a435336160481f6ef7ed5635c90ce5d2cf88e5ef4a5affb46cb841b7d17e7981bd6e998531193f5d067

Download Submit
\Users\Admin\AppData\Local\Temp\nsdC2A4.tmp\nsDialogs.dll

Filesize
9KB

MD5
ab101f38562c8545a641e95172c354b4

SHA1
ec47ac5449f6ee4b14f6dd7ddde841a3e723e567

SHA256
3cdf3e24c87666ed5c582b8b028c01ee6ac16d5a9b8d8d684ae67605376786ea

SHA512
72d4b6dc439f40b7d68b03353a748fc3ad7ed10b0401741c5030705d9b1adef856406075e9ce4f1a08e4345a16e1c759f636c38ad92a57ef369867a9533b7037

Download Submit