IOC Report
LADMAutoInstallService.exe.7z

loading gif

Files

File Path
Type
Category
Malicious
LADMAutoInstallService.exe.7z
7-zip archive data, version 0.4
initial sample
malicious
C:\LADM\lenovo_accessories_and_display_manager_v1_0_3_24_setup.exe
PE32 executable (GUI) Intel 80386, for MS Windows
modified
C:\Program Files (x86)\UDCCLauncher\UDCC Launcher\UDCC Launcher.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
C:\Program Files (x86)\UDCCLauncher\UDCC Launcher\UiLib_d_x64.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Program Files (x86)\UDCCLauncher\UDCC Launcher\config.ini
ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\UDCCLauncher\Version.txt
ASCII text, with CR line terminators
dropped
C:\Program Files (x86)\UDCCLauncher\udcc_launcher.zip
Zip archive data, at least v1.0 to extract, compression method=store
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\33CUD2J1\views[1]
HTML document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\views[1]
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
modified
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
data
modified
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qeptjjcr.rsg.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF67f3d1.TMP (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\DZ5DQ3T403L02FEGO6YO.temp
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\F6QRG33SFZMC7O71K8JV.temp
data
dropped
C:\Users\user\Desktop\LADMAutoInstallService.exe\LADMAutoInstallService.exe
PE32+ executable (console) x86-64, for MS Windows
dropped
\Device\ConDrv
ASCII text, with very long lines (733), with no line terminators, with escape sequences
dropped
There are 9 hidden files, click here to show them.

Domains

Name
IP
Malicious
s-part-t-9999.t-msedge.net
13.107.246.254
arm-9999.arm-msedge.net
4.150.240.254
download.lenovo.com
unknown

IPs

IP
Domain
Country
Malicious
23.212.88.224
unknown
United States