IOC Report
malo.zip

loading gif

Files

File Path
Type
Category
Malicious
malo.zip
Zip archive data, at least v2.0 to extract, compression method=deflate
initial sample
C:\LADM\lenovo_accessories_and_display_manager_v1_0_3_24_setup.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\Desktop\malo\config.ini
ASCII text, with CRLF line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe
"C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe"
C:\Windows\System32\notepad.exe
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\malo\config.ini
C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe
"C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe"
C:\Windows\System32\notepad.exe
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\malo\config.ini

URLs

Name
IP
Malicious
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
unknown
https://download.lenovo.com/consumer/options/ladmversion.txt
unknown
https://download.lenovo.com:443/consumer/options/ladmversion.txt
unknown
https://download.lenovo.com/consumer/options/ladmversion.txtl
unknown
https://download.lenovo.com/O.k
unknown
https://download.lenovo.com/consumer/monitor/lenovo_accessories_and_display_manager_v1_0_3_24_setup.
unknown
https://download.lenovo.com/
unknown
https://download.lenovo.com:443/consumer/monitor/lenovo_accessories_and_display_manager_v1_0_3_24_se
unknown

IPs

IP
Domain
Country
Malicious
23.212.88.224
unknown
United States

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
fWindowsOnlyEOL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
fPasteOriginalEOL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
fReverse
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
fWrapAround
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
fMatchCase
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
iWindowPosX
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
iWindowPosY
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
iWindowPosDX
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
iWindowPosDY

Memdumps

Base Address
Regiontype
Protect
Malicious
22A0CEB0000
heap
page read and write
1E87A79000
stack
page read and write
1DD952A0000
heap
page read and write
2F26FDD0000
heap
page read and write
FA9EFFB000
stack
page read and write
2F26D59F000
heap
page read and write
FA9F2FE000
stack
page read and write
1DD939D1000
heap
page read and write
2F26D5B3000
heap
page read and write
1DD93A0A000
heap
page read and write
1DD939CE000
heap
page read and write
2F26EF25000
heap
page read and write
21476ACE000
heap
page read and write
FA9F0FB000
stack
page read and write
2F26FDE5000
heap
page read and write
2F2703D0000
heap
page read and write
22A0E8D0000
heap
page read and write
1DD97260000
trusted library allocation
page read and write
2F26EF2B000
heap
page read and write
2F26FDC7000
heap
page read and write
1DD953C0000
heap
page read and write
1DD93A0D000
heap
page read and write
2F26D5DB000
heap
page read and write
21476A70000
heap
page read and write
CDA9DFE000
stack
page read and write
21476A99000
heap
page read and write
E8F78FE000
stack
page read and write
2F26D5CE000
heap
page read and write
2F26FDCC000
heap
page read and write
13685780000
heap
page read and write
2F26FDDA000
heap
page read and write
21476AC9000
heap
page read and write
2F26D533000
heap
page read and write
21476AC5000
heap
page read and write
22A0CEE6000
heap
page read and write
21476B03000
heap
page read and write
2F26FD8D000
heap
page read and write
2F26D5A6000
heap
page read and write
21476ACA000
heap
page read and write
2F26FD75000
heap
page read and write
2F2702D0000
heap
page read and write
2F26FDDF000
heap
page read and write
2F26D5DF000
heap
page read and write
FA9F5FC000
stack
page read and write
2F26D5B5000
heap
page read and write
2F26FDC9000
heap
page read and write
FA9F4FE000
stack
page read and write
7FF7A2B60000
unkown
page readonly
E8F75F9000
stack
page read and write
1E87D7E000
stack
page read and write
2F26D52F000
heap
page read and write
2F2701CC000
heap
page read and write
1DD939E7000
heap
page read and write
2F26EE33000
heap
page read and write
22A0CEE1000
heap
page read and write
FA9F1FE000
stack
page read and write
21476B00000
heap
page read and write
1E87B7E000
stack
page read and write
7FFF2989B000
unkown
page read and write
2F26FDC2000
heap
page read and write
1DD952B0000
trusted library allocation
page read and write
E8F7AFE000
stack
page read and write
32DF97E000
stack
page read and write
2F26FE2C000
heap
page read and write
13685789000
heap
page read and write
CDA9AFC000
stack
page read and write
2F26D4F0000
heap
page read and write
1E87BFE000
stack
page read and write
136858A0000
heap
page read and write
2F26D5E5000
heap
page read and write
1DD939C1000
heap
page read and write
21476AF9000
heap
page read and write
21476950000
heap
page read and write
13687280000
heap
page read and write
CDA9BFE000
stack
page read and write
2F2704E6000
heap
page read and write
1DD953F0000
heap
page read and write
1DD938E0000
heap
page read and write
E8F787E000
stack
page read and write
21476AC6000
heap
page read and write
2F26FDCB000
heap
page read and write
2F26FE1E000
heap
page read and write
2F26EF20000
heap
page read and write
2F26FDC9000
heap
page read and write
2147AC60000
heap
page read and write
E8F79FD000
stack
page read and write
2F26D4D0000
heap
page read and write
7FF7A2BF0000
unkown
page readonly
1DD93A02000
heap
page read and write
7FFF296B1000
unkown
page execute read
7FFF298A1000
unkown
page read and write
2F26FE08000
heap
page read and write
2F26D5A3000
heap
page read and write
1DD93920000
heap
page read and write
2F26FFC0000
heap
page read and write
1DD939FF000
heap
page read and write
21476AC1000
heap
page read and write
32DF87C000
stack
page read and write
2F26FDA4000
heap
page read and write
2F26D59E000
heap
page read and write
21476AF3000
heap
page read and write
1DD953FC000
heap
page read and write
1DD952A3000
heap
page read and write
21476B11000
heap
page read and write
2F26D534000
heap
page read and write
21476AE5000
heap
page read and write
2F26FD89000
heap
page read and write
2F26FDC1000
heap
page read and write
1DD939C5000
heap
page read and write
7FFF298A2000
unkown
page readonly
21476A30000
heap
page read and write
1DD93A0F000
heap
page read and write
2F26FFC1000
heap
page read and write
2F26D5EE000
heap
page read and write
1DD93A0D000
heap
page read and write
22A0CEB8000
heap
page read and write
7FFF2989A000
unkown
page write copy
32DF8FE000
stack
page read and write
2F26FD7E000
heap
page read and write
2F26D5A2000
heap
page read and write
2F26D4F6000
heap
page read and write
FA9F3FD000
stack
page read and write
2F26D5C1000
heap
page read and write
1DD93A11000
heap
page read and write
2F26F460000
trusted library allocation
page read and write
2147A460000
trusted library allocation
page read and write
2F26D5AA000
heap
page read and write
7FF7A2B61000
unkown
page execute read
21476B08000
heap
page read and write
1DD93A10000
heap
page read and write
1DD93800000
heap
page read and write
1DD939C1000
heap
page read and write
2F26D5AE000
heap
page read and write
136859C5000
heap
page read and write
2F26D5C1000
heap
page read and write
2F26D5CE000
heap
page read and write
1DD93A04000
heap
page read and write
1DD97A60000
heap
page read and write
1E87C7D000
stack
page read and write
2F26EE30000
heap
page read and write
2F26FDE6000
heap
page read and write
7FF7A2BC9000
unkown
page readonly
2F26D539000
heap
page read and write
7FF7A2BA8000
unkown
page readonly
21476B0A000
heap
page read and write
2F26D4FC000
heap
page read and write
1E87CFF000
stack
page read and write
22A0CD20000
heap
page read and write
2F26D440000
heap
page read and write
7FFF29898000
unkown
page read and write
FA9E989000
stack
page read and write
7FF7A2BBF000
unkown
page read and write
22A0CE40000
heap
page read and write
2F26FC60000
heap
page read and write
21478425000
heap
page read and write
7FFF296B0000
unkown
page readonly
136859C0000
heap
page read and write
2F26D5DF000
heap
page read and write
2F26FD60000
heap
page read and write
13685880000
heap
page read and write
7FFF2981B000
unkown
page readonly
2F26FDBA000
heap
page read and write
2F26FD8D000
heap
page read and write
21478600000
heap
page read and write
2F26FDC1000
heap
page read and write
21476AEE000
heap
page read and write
2F26FDA3000
heap
page read and write
E8F797E000
stack
page read and write
2F26FDA8000
heap
page read and write
21478520000
heap
page read and write
21476AC1000
heap
page read and write
1DD93A07000
heap
page read and write
2F26FD9B000
heap
page read and write
7FF7A2BBF000
unkown
page write copy
7FFF29898000
unkown
page read and write
2F26D360000
heap
page read and write
22A0CE00000
heap
page read and write
214783F0000
trusted library allocation
page read and write
7FF7A2BBF000
unkown
page read and write
2F26D5AB000
heap
page read and write
21478420000
heap
page read and write
21476ADD000
heap
page read and write
21476A90000
heap
page read and write
1E87AFE000
stack
page read and write
32DF9FF000
stack
page read and write
2F26FD95000
heap
page read and write
1DD93990000
heap
page read and write
21476AFD000
heap
page read and write
21476AC9000
heap
page read and write
7FF7A2BA8000
unkown
page readonly
21476AE6000
heap
page read and write
21476AF1000
heap
page read and write
2147842C000
heap
page read and write
21476B10000
heap
page read and write
2F26D480000
heap
page read and write
7FFF2989B000
unkown
page read and write
2F26FD90000
heap
page read and write
7FF7A2BC3000
unkown
page readonly
21478603000
heap
page read and write
1DD953F5000
heap
page read and write
2F26D5B2000
heap
page read and write
136856A0000
heap
page read and write
1DD939F9000
heap
page read and write
CDA9CFD000
stack
page read and write
21476AE6000
heap
page read and write
2F26FDA6000
heap
page read and write
E8F7A7E000
stack
page read and write
There are 197 hidden memdumps, click here to show them.