Windows Analysis Report
malo.zip

Overview

General Information

Sample name: malo.zip
Analysis ID: 1559387
MD5: 64fc74457495cd5c7e59758845edb6f5
SHA1: 2dbb710f729dae3c4f3380c95cbd5c6f1c9eddb4
SHA256: 2fbd7b6a51a92c49809212abe6d6821d72ad45c62eb0d1c0b8634a36581125cb
Infos:

Detection

Score: 3
Range: 0 - 100
Whitelisted: false
Confidence: 60%

Signatures

Drops PE files
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device

Classification

Source: Binary string: D:\project\LADM\Drivers\Trunk\AutoInstall\x64\Release\UDCC Launcher.pdb source: adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe
Source: Binary string: D:\Output\AutoInstall\Libs\UiLib_d_x64.pdbh source: adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe
Source: Binary string: D:\project\LADM\Drivers\Trunk\AutoInstall\x64\Release\UDCC Launcher.pdb< source: adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe
Source: Binary string: D:\Output\AutoInstall\Libs\UiLib_d_x64.pdb source: adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe
Source: UiLib_d_x64.dll, adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: UiLib_d_x64.dll, adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: UiLib_d_x64.dll, adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: UiLib_d_x64.dll, adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: UiLib_d_x64.dll, adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: UiLib_d_x64.dll, adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: UiLib_d_x64.dll, adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: UiLib_d_x64.dll, adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: UiLib_d_x64.dll, adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe String found in binary or memory: http://ocsp.digicert.com0
Source: UiLib_d_x64.dll, adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe String found in binary or memory: http://ocsp.digicert.com0A
Source: UiLib_d_x64.dll, adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe String found in binary or memory: http://ocsp.digicert.com0C
Source: UiLib_d_x64.dll, adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe String found in binary or memory: http://ocsp.digicert.com0X
Source: UiLib_d_x64.dll, adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe String found in binary or memory: http://www.digicert.com/CPS0
Source: adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe, 0000000A.00000002.2416419789.000002F26FDE5000.00000004.00000020.00020000.00000000.sdmp, adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe, 0000000A.00000002.2416419789.000002F26FE1E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://download.lenovo.com/
Source: adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe, 0000000A.00000002.2416419789.000002F26FDA3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://download.lenovo.com/O.k
Source: adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe, 0000000A.00000002.2416419789.000002F26FDE5000.00000004.00000020.00020000.00000000.sdmp, adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe, 0000000A.00000002.2414514549.000002F26D5B5000.00000004.00000020.00020000.00000000.sdmp, adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe, 0000000A.00000002.2414514549.000002F26D4FC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://download.lenovo.com/consumer/monitor/lenovo_accessories_and_display_manager_v1_0_3_24_setup.
Source: adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe, 0000000A.00000002.2414514549.000002F26D4FC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://download.lenovo.com/consumer/options/ladmversion.txt
Source: adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe, 0000000A.00000002.2414514549.000002F26D4FC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://download.lenovo.com/consumer/options/ladmversion.txtl
Source: adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe, 0000000A.00000002.2416419789.000002F26FDE5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://download.lenovo.com:443/consumer/monitor/lenovo_accessories_and_display_manager_v1_0_3_24_se
Source: adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe, 0000000A.00000002.2416419789.000002F26FD89000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://download.lenovo.com:443/consumer/options/ladmversion.txt
Source: lenovo_accessories_and_display_manager_v1_0_3_24_setup.exe.10.dr String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: classification engine Classification label: clean3.winZIP@5/2@0/1
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe File created: C:\Users\user\Desktop\malo\config.ini Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Mutant created: \Sessions\1\BaseNamedObjects\UDCCLauncher
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe File read: C:\Users\user\Desktop\malo\config.ini Jump to behavior
Source: C:\Windows\System32\rundll32.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown Process created: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe "C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe"
Source: unknown Process created: C:\Windows\System32\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\malo\config.ini
Source: unknown Process created: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe "C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe"
Source: unknown Process created: C:\Windows\System32\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\malo\config.ini
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: uilib_d_x64.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: d3d9.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: webio.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: mrmcorer.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: efswrt.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: uilib_d_x64.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: d3d9.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: mrmcorer.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: efswrt.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InProcServer32 Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe File written: C:\Users\user\Desktop\malo\config.ini Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: malo.zip Static file information: File size 2731255 > 1048576
Source: Binary string: D:\project\LADM\Drivers\Trunk\AutoInstall\x64\Release\UDCC Launcher.pdb source: adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe
Source: Binary string: D:\Output\AutoInstall\Libs\UiLib_d_x64.pdbh source: adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe
Source: Binary string: D:\project\LADM\Drivers\Trunk\AutoInstall\x64\Release\UDCC Launcher.pdb< source: adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe
Source: Binary string: D:\Output\AutoInstall\Libs\UiLib_d_x64.pdb source: adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe
Source: lenovo_accessories_and_display_manager_v1_0_3_24_setup.exe.10.dr Static PE information: section name: .didata
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe File created: C:\LADM\lenovo_accessories_and_display_manager_v1_0_3_24_setup.exe Jump to dropped file
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Dropped PE file which has not been started: C:\LADM\lenovo_accessories_and_display_manager_v1_0_3_24_setup.exe Jump to dropped file
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe TID: 5492 Thread sleep time: -30000s >= -30000s Jump to behavior
Source: adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe, 0000000A.00000002.2416419789.000002F26FDE5000.00000004.00000020.00020000.00000000.sdmp, adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe, 0000000A.00000002.2414514549.000002F26D5A6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe, 0000000A.00000002.2416419789.000002F26FDA3000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWen-GBn
Source: C:\Windows\System32\notepad.exe Queries volume information: C:\Users\user\Desktop\malo\config.ini VolumeInformation Jump to behavior
Source: C:\Windows\System32\notepad.exe Queries volume information: C:\Users\user\Desktop\malo\config.ini VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs