Overview

overview

7

Static

static

3

LayetuFixedd.exe

windows7-x64

7

LayetuFixedd.exe

windows10-2004-x64

7

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

Installer.exe

windows7-x64

1

Installer.exe

windows10-2004-x64

7

LICENSES.c...m.html

windows7-x64

3

LICENSES.c...m.html

windows10-2004-x64

3

d3dcompiler_47.dll

windows10-2004-x64

1

ffmpeg.dll

windows7-x64

1

ffmpeg.dll

windows10-2004-x64

1

libEGL.dll

windows7-x64

1

libEGL.dll

windows10-2004-x64

1

libGLESv2.dll

windows7-x64

1

libGLESv2.dll

windows10-2004-x64

1

locales/af.ps1

windows7-x64

3

locales/af.ps1

windows10-2004-x64

3

locales/uk.ps1

windows7-x64

3

locales/uk.ps1

windows10-2004-x64

3

resources/elevate.exe

windows7-x64

3

resources/elevate.exe

windows10-2004-x64

3

vk_swiftshader.dll

windows7-x64

1

vk_swiftshader.dll

windows10-2004-x64

1

vulkan-1.dll

windows7-x64

1

vulkan-1.dll

windows10-2004-x64

1

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    02-09-2024 01:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/StdUtils.dll

  • Size

    93KB

  • MD5

    21d805663834f61cb443545b8883faf2

  • SHA1

    b222c5ca1e4cb8a7bff7eb7b78d46b8d99bf71e1

  • SHA256

    c18b46a68436d164c964ba9b208e5c27ccc50e6a5a2db115e8fb086663b5308f

  • SHA512

    37836150ef2837f69b82399024d0b93dbdac992971c7fe7b50959107c0520f5874d45f4230f08554514e3bd6a76d6e35c55c8afd53f993aba18f77475ef02001

  • SSDEEP

    1536:fn3DhuJJT35gGtLjbMGCDsTF7RqXqOGrgCf46qKn6LJ8Lr7f59aguhrAPfKS:fnNuJJT35gGtjMhDsTF7RqXqf8ZQEwy

Score
3/10
discovery

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2676
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1928
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 220
        3⤵
        • Program crash
        PID:1932

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads