IOC Report
DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe

loading gif

Files

File Path
Type
Category
Malicious
DisplayLink USB Graphics Software for Windows11.5 M1-EXE.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6C3C.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Config.Msi\44e40d.rbs
data
dropped
C:\Program Files\DisplayLink Core Software\AddOnApi64.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Program Files\DisplayLink Core Software\DisplayLinkTrayApp.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
C:\Program Files\DisplayLink Core Software\End User Licence Agreement_EN.rtf
Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
dropped
C:\Program Files\DisplayLink Core Software\RunAfterMsiexec.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\FileOperations.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\New
MS Windows icon resource - 1 icon, 16x16, 16 colors
dropped
C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\Up
MS Windows icon resource - 1 icon, 16x16, 16 colors
dropped
C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\banner.jpg
PC bitmap, Windows 3.x format, 500 x 59 x 8, 1 compression, image size 2298, resolution 3779 x 3779 px/m, 5 important colors, cbSize 2372, bits offset 74
dropped
C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\cmdlinkarrow
MS Windows icon resource - 3 icons, 16x16, 16 colors, 4 bits/pixel, 16x16, 8 bits/pixel
dropped
C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\completi
MS Windows icon resource - 2 icons, 32x32, 16 colors, 32x32
dropped
C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\custicon
MS Windows icon resource - 2 icons, 32x32, 16 colors, 32x32
dropped
C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\dialog.jpg
PC bitmap, Windows 3.x format, 500 x 316 x 8, 1 compression, image size 36830, resolution 3779 x 3779 px/m, 5 important colors, cbSize 36904, bits offset 74
dropped
C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\dialogBackground.bmp
PC bitmap, Windows 3.x format, 10 x 10 x 24, image size 320, resolution 3780 x 3780 px/m, cbSize 374, bits offset 54
dropped
C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\dialogBackgroundGray.bmp
PC bitmap, Windows 3.x format, 10 x 10 x 24, image size 320, resolution 3780 x 3780 px/m, cbSize 374, bits offset 54
dropped
C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\dlImageButton.bmp
PC bitmap, Windows 3.x format, 1176 x 46 x 24, image size 162288, resolution 3779 x 3779 px/m, cbSize 162342, bits offset 54
dropped
C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\dlProgress.png
PNG image data, 121 x 16, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\exclamic
MS Windows icon resource - 1 icon, 32x32, 16 colors
dropped
C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\info
MS Windows icon resource - 2 icons, 32x32, 16 colors, 16x16, 16 colors
dropped
C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\insticon
MS Windows icon resource - 2 icons, 32x32, 16 colors, 32x32
dropped
C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\lzmaextractor.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\publicSoftwareBanner.bmp
PC bitmap, Windows 3.x format, 2000 x 180 x 24, resolution 3780 x 3780 px/m, cbSize 1080054, bits offset 54
dropped
C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioDoing.bmp
PC bitmap, Windows 3.x format, 115 x 115 x 24, image size 40020, resolution 3780 x 3780 px/m, cbSize 40074, bits offset 54
dropped
C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioDoing.svg
SVG Scalable Vector Graphics image
dropped
C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioDone.bmp
PNG image data, 115 x 115, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioDone.svg
SVG Scalable Vector Graphics image
dropped
C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioError.bmp
PNG image data, 115 x 115, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioError.svg
SVG Scalable Vector Graphics image
dropped
C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioPending.bmp
PC bitmap, Windows 3.x format, 115 x 115 x 24, image size 40020, cbSize 40074, bits offset 54
dropped
C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioPending.svg
SVG Scalable Vector Graphics image
dropped
C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\radioWaiting.gif
GIF image data, version 89a, 115 x 115
dropped
C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\removico
MS Windows icon resource - 2 icons, 32x32, 16 colors, 32x32
dropped
C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\repairic
MS Windows icon resource - 2 icons, 32x32, 16 colors, 32x32
dropped
C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\tabback
PC bitmap, Windows 3.x format, 1 x 200 x 24, cbSize 854, bits offset 54
dropped
C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6296\tempFiles.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\AiFilesRemoveImpers_34CD39A3_D094_47B4_86F9_5BC6461CC0AD.bak
data
dropped
C:\Users\user\AppData\Local\Temp\DL2.tmp\DL6D95.tmp
Microsoft Cabinet archive data, many, 2407 bytes, 3 files, at 0x44 +A "AddProduct.reg" +A "ImportSettings.reg", flags 0x4, ID 4937, number 1, extra bytes 20 in head, 1 datablock, 0x1 compression
dropped
C:\Users\user\AppData\Local\Temp\DL2.tmp\DLCDCNCM_W10\ARM64\dlcdcncm.cat
data
dropped
C:\Users\user\AppData\Local\Temp\DL2.tmp\DLCDCNCM_W10\x64\dlcdcncm.cat
data
dropped
C:\Users\user\AppData\Local\Temp\DL2.tmp\DLCDCNCM_W10\x64\dlcdcncm.inf
Windows setup INFormation
dropped
C:\Users\user\AppData\Local\Temp\DL2.tmp\DLCDCNCM_W10\x64\dlcdcncm660.sys
PE32+ executable (native) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\DL2.tmp\DLIDUSB\ARM64\dlidusb.cat
data
dropped
C:\Users\user\AppData\Local\Temp\DL2.tmp\DLIDUSB\ARM64\dlidusb.dll
PE32+ executable (DLL) (GUI) Aarch64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\DL2.tmp\DLIDUSB\ARM64\dlidusb.inf
Windows setup INFormation
dropped
C:\Users\user\AppData\Local\Temp\DL2.tmp\DLIDUSB\ARM64\dlidusb2.dll
PE32+ executable (DLL) (GUI) Aarch64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\DL2.tmp\DLIDUSB\ARM64\dlidusb3.dll
PE32+ executable (DLL) (GUI) Aarch64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\DL2.tmp\DLIDUSB\ARM64\dlidusb4.dll
PE32+ executable (DLL) (GUI) Aarch64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\DL2.tmp\DLIDUSB\ARM64\ella-dock-release.spkg
data
dropped
C:\Users\user\AppData\Local\Temp\DL2.tmp\DLIDUSB\x64\dlidusb.cat
data
dropped
C:\Users\user\AppData\Local\Temp\DL2.tmp\DLIDUSB\x64\dlidusb.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\DL2.tmp\DLIDUSB\x64\dlidusb.inf
Windows setup INFormation
dropped
C:\Users\user\AppData\Local\Temp\DL2.tmp\DLIDUSB\x64\dlidusb2.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\DL2.tmp\DLIDUSB\x64\dlidusb3.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\DL2.tmp\DLIDUSB\x64\dlidusb4.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\DL2.tmp\DLIDUSB\x64\firefly-monitor-release.spkg
data
dropped
C:\Users\user\AppData\Local\Temp\DL2.tmp\DLIDUSB\x64\navarro-dock-release.spkg
data
dropped
C:\Users\user\AppData\Local\Temp\DL2.tmp\DLIDUSB\x64\ridge-dock-release.spkg
data
dropped
C:\Users\user\AppData\Local\Temp\DL2.tmp\DLUSBAUDIO\dlusbaudio.cat
data
dropped
C:\Users\user\AppData\Local\Temp\DL2.tmp\DLUSBAUDIO\dlusbaudio.inf
Windows setup INFormation
dropped
C:\Users\user\AppData\Local\Temp\DL2.tmp\DLUSBAUDIO\dlusbaudio_x64.sys
PE32+ executable (native) x86-64, for MS Windows
modified
C:\Users\user\AppData\Local\Temp\DL2.tmp\additional.exe
PE32 executable (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\DLC6CDE.LOG
Unicode text, UTF-16, little-endian text, with very long lines (1096), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\MSI9096.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\banner.html
HTML document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\cl_5963.exe
PE32+ executable (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\shi8D41.tmp
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\systemCheck.html
HTML document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\{34CD39A3-D094-47B4-86F9-5BC6461CC0AD}\61CC0AD\3rd_party_licences.txt
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\{34CD39A3-D094-47B4-86F9-5BC6461CC0AD}\61CC0AD\CommonAppDataFolder\Microsoft\Windows\DeviceMetadataStore\EN-US\A67A987B-BB8C-4c62-919A-026F6208E6D6.devicemetadata-ms
Microsoft Cabinet archive data, many, 18530 bytes, 4 files, at 0x2c +A "PackageInfo.xml" +A "DeviceInformation\DeviceInfo.xml", ID 11927, number 1, 13 datablocks, 0x1 compression
dropped
C:\Users\user\AppData\Local\Temp\{34CD39A3-D094-47B4-86F9-5BC6461CC0AD}\61CC0AD\DisplayLinkDriverSwapService.exe
PE32+ executable (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\{34CD39A3-D094-47B4-86F9-5BC6461CC0AD}\61CC0AD\DisplayLinkHotDeskService.exe
PE32+ executable (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\{34CD39A3-D094-47B4-86F9-5BC6461CC0AD}\61CC0AD\DisplayLinkIDD.msi
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: DisplayLink Graphics, Author: DisplayLink Corp., Keywords: Installer, MSI, Database, Comments: Installs DisplayLink Graphics., Create Time/Date: Fri Dec 11 11:47:46 2009, Name of Creating Application: DisplayLink Graphics, Security: 0, Template: x64;2057, Last Saved By: x64;1036, Revision Number: {34CD39A3-D094-47B4-86F9-5BC6461CC0AD}11.5.5963.0;{C716870B-69B4-4343-B047-5B9CED97DC13}11.5.5963.0;{0AECE230-D5D2-4880-B3ED-F23905ED66A9}, Number of Pages: 500, Number of Characters: 63
dropped
C:\Users\user\AppData\Local\Temp\{34CD39A3-D094-47B4-86F9-5BC6461CC0AD}\decoder.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\{34CD39A3-D094-47B4-86F9-5BC6461CC0AD}\holder0.aiph
data
dropped
C:\Windows\INF\oem0.PNF
Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1158 "Signature", at 0x68 WinDirPath, LanguageID 809
dropped
C:\Windows\INF\oem1.PNF
Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1100 "Signature", at 0x68 WinDirPath, LanguageID 809
dropped
C:\Windows\INF\oem3.PNF
Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1210 "Signature", at 0x68 WinDirPath, LanguageID 809
dropped
C:\Windows\INF\setupapi.app.log
Generic INItialization configuration [BeginLog]
dropped
C:\Windows\INF\setupapi.dev.log
Generic INItialization configuration [BeginLog]
dropped
C:\Windows\Installer\MSIEF75.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Windows\Installer\MSIFC4C.tmp
data
dropped
C:\Windows\Installer\MSIFC9B.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Windows\Installer\SourceHash{34CD39A3-D094-47B4-86F9-5BC6461CC0AD}
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Installer\{34CD39A3-D094-47B4-86F9-5BC6461CC0AD}\controlPanelIcon.exe
MS Windows icon resource - 10 icons, 256x256, 24 bits/pixel, -128x-128, 24 bits/pixel
dropped
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Windows\System32\catroot2\dberr.txt
ASCII text, with CRLF line terminators
modified
C:\Windows\Temp\~DF3D715342309C81A1.TMP
data
dropped
C:\Windows\Temp\~DF42073A95027C295A.TMP
data
dropped
C:\Windows\Temp\~DF98DF86F2A3BBAFEB.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DFFED2169F68C79768.TMP
data
dropped
There are 82 hidden files, click here to show them.

Domains

Name
IP
Malicious
206.23.85.13.in-addr.arpa
unknown