Overview

overview

10

Static

static

3

PO#053497.pdf.exe

windows7-x64

10

PO#053497.pdf.exe

windows10-2004-x64

10

$TEMP/29.opends60.dll

windows7-x64

1

$TEMP/29.opends60.dll

windows10-2004-x64

1

$TEMP/Ster...ap.dll

windows7-x64

1

$TEMP/Ster...ap.dll

windows10-2004-x64

1

$TEMP/WebN...mes.js

windows7-x64

3

$TEMP/WebN...mes.js

windows10-2004-x64

3

$TEMP/aspnetisapi.dll

windows7-x64

1

$TEMP/aspnetisapi.dll

windows10-2004-x64

1

$TEMP/autolayt.dll

windows7-x64

1

$TEMP/autolayt.dll

windows10-2004-x64

1

$TEMP/coyote.exe

windows7-x64

4

$TEMP/coyote.exe

windows10-2004-x64

10

$TEMP/cvtres.exe

windows7-x64

1

$TEMP/cvtres.exe

windows10-2004-x64

1

$TEMP/disco.exe

windows7-x64

1

$TEMP/disco.exe

windows10-2004-x64

1

$TEMP/emcmp.ko

ubuntu-22.04-amd64

$TEMP/ltv350qv.ko

ubuntu-24.04-amd64

$TEMP/sl-modem.py

windows7-x64

3

$TEMP/sl-modem.py

windows10-2004-x64

3

$TEMP/syst...er.vbs

windows7-x64

1

$TEMP/syst...er.vbs

windows10-2004-x64

1

$TEMP/vsslnui.dll

windows7-x64

1

$TEMP/vsslnui.dll

windows10-2004-x64

1

$TEMP/webb...35.pyc

windows7-x64

3

$TEMP/webb...35.pyc

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-06-2024 04:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $TEMP/autolayt.dll

  • Size

    18KB

  • MD5

    53264f84bbed45cb61d18402e0e4e2b5

  • SHA1

    f1ebae3d1213bcf09104061de2cdc1620932a224

  • SHA256

    d5f654503f79f9f62d3c69838da1a8dbeba92d988ea9807c50443674cdf2c042

  • SHA512

    6a8aa473bffebbf7e1714cbe51cbe590f02ace30a82c740adaea23f1a29692b79e7bb452d9ce21afda3ecf83cd0977caef2d5d7f77921747a4549aef6a3fb2b8

  • SSDEEP

    384:zRWMr3VK449AIe0mZUr54eqgXiZace8o51fq3RXRPCR316WMgW1QW1d:zXr3bRpl9eqgyQuRXQR3/MLZ

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\autolayt.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1540
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\autolayt.dll,#1
      2⤵
        PID:3432

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads