Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
malo.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
initial sample
|
||
C:\LADM\lenovo_accessories_and_display_manager_v1_0_3_24_setup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\Desktop\malo\config.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\System32\rundll32.exe
|
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6}
-Embedding
|
||
C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe
|
"C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe"
|
||
C:\Windows\System32\notepad.exe
|
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\malo\config.ini
|
||
C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe
|
"C:\Users\user\Desktop\malo\adcd66e515fc2c48df7cd211dd9bed8f0118c4ec6e82da8034dcfc6e3915e3f9.exe"
|
||
C:\Windows\System32\notepad.exe
|
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\malo\config.ini
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
|
unknown
|
||
https://download.lenovo.com/consumer/options/ladmversion.txt
|
unknown
|
||
https://download.lenovo.com:443/consumer/options/ladmversion.txt
|
unknown
|
||
https://download.lenovo.com/consumer/options/ladmversion.txtl
|
unknown
|
||
https://download.lenovo.com/O.k
|
unknown
|
||
https://download.lenovo.com/consumer/monitor/lenovo_accessories_and_display_manager_v1_0_3_24_setup.
|
unknown
|
||
https://download.lenovo.com/
|
unknown
|
||
https://download.lenovo.com:443/consumer/monitor/lenovo_accessories_and_display_manager_v1_0_3_24_se
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
23.212.88.224
|
unknown
|
United States
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fWindowsOnlyEOL
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fPasteOriginalEOL
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fReverse
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fWrapAround
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
fMatchCase
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
iWindowPosX
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
iWindowPosY
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
iWindowPosDX
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Notepad
|
iWindowPosDY
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
22A0CEB0000
|
heap
|
page read and write
|
||
1E87A79000
|
stack
|
page read and write
|
||
1DD952A0000
|
heap
|
page read and write
|
||
2F26FDD0000
|
heap
|
page read and write
|
||
FA9EFFB000
|
stack
|
page read and write
|
||
2F26D59F000
|
heap
|
page read and write
|
||
FA9F2FE000
|
stack
|
page read and write
|
||
1DD939D1000
|
heap
|
page read and write
|
||
2F26D5B3000
|
heap
|
page read and write
|
||
1DD93A0A000
|
heap
|
page read and write
|
||
1DD939CE000
|
heap
|
page read and write
|
||
2F26EF25000
|
heap
|
page read and write
|
||
21476ACE000
|
heap
|
page read and write
|
||
FA9F0FB000
|
stack
|
page read and write
|
||
2F26FDE5000
|
heap
|
page read and write
|
||
2F2703D0000
|
heap
|
page read and write
|
||
22A0E8D0000
|
heap
|
page read and write
|
||
1DD97260000
|
trusted library allocation
|
page read and write
|
||
2F26EF2B000
|
heap
|
page read and write
|
||
2F26FDC7000
|
heap
|
page read and write
|
||
1DD953C0000
|
heap
|
page read and write
|
||
1DD93A0D000
|
heap
|
page read and write
|
||
2F26D5DB000
|
heap
|
page read and write
|
||
21476A70000
|
heap
|
page read and write
|
||
CDA9DFE000
|
stack
|
page read and write
|
||
21476A99000
|
heap
|
page read and write
|
||
E8F78FE000
|
stack
|
page read and write
|
||
2F26D5CE000
|
heap
|
page read and write
|
||
2F26FDCC000
|
heap
|
page read and write
|
||
13685780000
|
heap
|
page read and write
|
||
2F26FDDA000
|
heap
|
page read and write
|
||
21476AC9000
|
heap
|
page read and write
|
||
2F26D533000
|
heap
|
page read and write
|
||
21476AC5000
|
heap
|
page read and write
|
||
22A0CEE6000
|
heap
|
page read and write
|
||
21476B03000
|
heap
|
page read and write
|
||
2F26FD8D000
|
heap
|
page read and write
|
||
2F26D5A6000
|
heap
|
page read and write
|
||
21476ACA000
|
heap
|
page read and write
|
||
2F26FD75000
|
heap
|
page read and write
|
||
2F2702D0000
|
heap
|
page read and write
|
||
2F26FDDF000
|
heap
|
page read and write
|
||
2F26D5DF000
|
heap
|
page read and write
|
||
FA9F5FC000
|
stack
|
page read and write
|
||
2F26D5B5000
|
heap
|
page read and write
|
||
2F26FDC9000
|
heap
|
page read and write
|
||
FA9F4FE000
|
stack
|
page read and write
|
||
7FF7A2B60000
|
unkown
|
page readonly
|
||
E8F75F9000
|
stack
|
page read and write
|
||
1E87D7E000
|
stack
|
page read and write
|
||
2F26D52F000
|
heap
|
page read and write
|
||
2F2701CC000
|
heap
|
page read and write
|
||
1DD939E7000
|
heap
|
page read and write
|
||
2F26EE33000
|
heap
|
page read and write
|
||
22A0CEE1000
|
heap
|
page read and write
|
||
FA9F1FE000
|
stack
|
page read and write
|
||
21476B00000
|
heap
|
page read and write
|
||
1E87B7E000
|
stack
|
page read and write
|
||
7FFF2989B000
|
unkown
|
page read and write
|
||
2F26FDC2000
|
heap
|
page read and write
|
||
1DD952B0000
|
trusted library allocation
|
page read and write
|
||
E8F7AFE000
|
stack
|
page read and write
|
||
32DF97E000
|
stack
|
page read and write
|
||
2F26FE2C000
|
heap
|
page read and write
|
||
13685789000
|
heap
|
page read and write
|
||
CDA9AFC000
|
stack
|
page read and write
|
||
2F26D4F0000
|
heap
|
page read and write
|
||
1E87BFE000
|
stack
|
page read and write
|
||
136858A0000
|
heap
|
page read and write
|
||
2F26D5E5000
|
heap
|
page read and write
|
||
1DD939C1000
|
heap
|
page read and write
|
||
21476AF9000
|
heap
|
page read and write
|
||
21476950000
|
heap
|
page read and write
|
||
13687280000
|
heap
|
page read and write
|
||
CDA9BFE000
|
stack
|
page read and write
|
||
2F2704E6000
|
heap
|
page read and write
|
||
1DD953F0000
|
heap
|
page read and write
|
||
1DD938E0000
|
heap
|
page read and write
|
||
E8F787E000
|
stack
|
page read and write
|
||
21476AC6000
|
heap
|
page read and write
|
||
2F26FDCB000
|
heap
|
page read and write
|
||
2F26FE1E000
|
heap
|
page read and write
|
||
2F26EF20000
|
heap
|
page read and write
|
||
2F26FDC9000
|
heap
|
page read and write
|
||
2147AC60000
|
heap
|
page read and write
|
||
E8F79FD000
|
stack
|
page read and write
|
||
2F26D4D0000
|
heap
|
page read and write
|
||
7FF7A2BF0000
|
unkown
|
page readonly
|
||
1DD93A02000
|
heap
|
page read and write
|
||
7FFF296B1000
|
unkown
|
page execute read
|
||
7FFF298A1000
|
unkown
|
page read and write
|
||
2F26FE08000
|
heap
|
page read and write
|
||
2F26D5A3000
|
heap
|
page read and write
|
||
1DD93920000
|
heap
|
page read and write
|
||
2F26FFC0000
|
heap
|
page read and write
|
||
1DD939FF000
|
heap
|
page read and write
|
||
21476AC1000
|
heap
|
page read and write
|
||
32DF87C000
|
stack
|
page read and write
|
||
2F26FDA4000
|
heap
|
page read and write
|
||
2F26D59E000
|
heap
|
page read and write
|
||
21476AF3000
|
heap
|
page read and write
|
||
1DD953FC000
|
heap
|
page read and write
|
||
1DD952A3000
|
heap
|
page read and write
|
||
21476B11000
|
heap
|
page read and write
|
||
2F26D534000
|
heap
|
page read and write
|
||
21476AE5000
|
heap
|
page read and write
|
||
2F26FD89000
|
heap
|
page read and write
|
||
2F26FDC1000
|
heap
|
page read and write
|
||
1DD939C5000
|
heap
|
page read and write
|
||
7FFF298A2000
|
unkown
|
page readonly
|
||
21476A30000
|
heap
|
page read and write
|
||
1DD93A0F000
|
heap
|
page read and write
|
||
2F26FFC1000
|
heap
|
page read and write
|
||
2F26D5EE000
|
heap
|
page read and write
|
||
1DD93A0D000
|
heap
|
page read and write
|
||
22A0CEB8000
|
heap
|
page read and write
|
||
7FFF2989A000
|
unkown
|
page write copy
|
||
32DF8FE000
|
stack
|
page read and write
|
||
2F26FD7E000
|
heap
|
page read and write
|
||
2F26D5A2000
|
heap
|
page read and write
|
||
2F26D4F6000
|
heap
|
page read and write
|
||
FA9F3FD000
|
stack
|
page read and write
|
||
2F26D5C1000
|
heap
|
page read and write
|
||
1DD93A11000
|
heap
|
page read and write
|
||
2F26F460000
|
trusted library allocation
|
page read and write
|
||
2147A460000
|
trusted library allocation
|
page read and write
|
||
2F26D5AA000
|
heap
|
page read and write
|
||
7FF7A2B61000
|
unkown
|
page execute read
|
||
21476B08000
|
heap
|
page read and write
|
||
1DD93A10000
|
heap
|
page read and write
|
||
1DD93800000
|
heap
|
page read and write
|
||
1DD939C1000
|
heap
|
page read and write
|
||
2F26D5AE000
|
heap
|
page read and write
|
||
136859C5000
|
heap
|
page read and write
|
||
2F26D5C1000
|
heap
|
page read and write
|
||
2F26D5CE000
|
heap
|
page read and write
|
||
1DD93A04000
|
heap
|
page read and write
|
||
1DD97A60000
|
heap
|
page read and write
|
||
1E87C7D000
|
stack
|
page read and write
|
||
2F26EE30000
|
heap
|
page read and write
|
||
2F26FDE6000
|
heap
|
page read and write
|
||
7FF7A2BC9000
|
unkown
|
page readonly
|
||
2F26D539000
|
heap
|
page read and write
|
||
7FF7A2BA8000
|
unkown
|
page readonly
|
||
21476B0A000
|
heap
|
page read and write
|
||
2F26D4FC000
|
heap
|
page read and write
|
||
1E87CFF000
|
stack
|
page read and write
|
||
22A0CD20000
|
heap
|
page read and write
|
||
2F26D440000
|
heap
|
page read and write
|
||
7FFF29898000
|
unkown
|
page read and write
|
||
FA9E989000
|
stack
|
page read and write
|
||
7FF7A2BBF000
|
unkown
|
page read and write
|
||
22A0CE40000
|
heap
|
page read and write
|
||
2F26FC60000
|
heap
|
page read and write
|
||
21478425000
|
heap
|
page read and write
|
||
7FFF296B0000
|
unkown
|
page readonly
|
||
136859C0000
|
heap
|
page read and write
|
||
2F26D5DF000
|
heap
|
page read and write
|
||
2F26FD60000
|
heap
|
page read and write
|
||
13685880000
|
heap
|
page read and write
|
||
7FFF2981B000
|
unkown
|
page readonly
|
||
2F26FDBA000
|
heap
|
page read and write
|
||
2F26FD8D000
|
heap
|
page read and write
|
||
21478600000
|
heap
|
page read and write
|
||
2F26FDC1000
|
heap
|
page read and write
|
||
21476AEE000
|
heap
|
page read and write
|
||
2F26FDA3000
|
heap
|
page read and write
|
||
E8F797E000
|
stack
|
page read and write
|
||
2F26FDA8000
|
heap
|
page read and write
|
||
21478520000
|
heap
|
page read and write
|
||
21476AC1000
|
heap
|
page read and write
|
||
1DD93A07000
|
heap
|
page read and write
|
||
2F26FD9B000
|
heap
|
page read and write
|
||
7FF7A2BBF000
|
unkown
|
page write copy
|
||
7FFF29898000
|
unkown
|
page read and write
|
||
2F26D360000
|
heap
|
page read and write
|
||
22A0CE00000
|
heap
|
page read and write
|
||
214783F0000
|
trusted library allocation
|
page read and write
|
||
7FF7A2BBF000
|
unkown
|
page read and write
|
||
2F26D5AB000
|
heap
|
page read and write
|
||
21478420000
|
heap
|
page read and write
|
||
21476ADD000
|
heap
|
page read and write
|
||
21476A90000
|
heap
|
page read and write
|
||
1E87AFE000
|
stack
|
page read and write
|
||
32DF9FF000
|
stack
|
page read and write
|
||
2F26FD95000
|
heap
|
page read and write
|
||
1DD93990000
|
heap
|
page read and write
|
||
21476AFD000
|
heap
|
page read and write
|
||
21476AC9000
|
heap
|
page read and write
|
||
7FF7A2BA8000
|
unkown
|
page readonly
|
||
21476AE6000
|
heap
|
page read and write
|
||
21476AF1000
|
heap
|
page read and write
|
||
2147842C000
|
heap
|
page read and write
|
||
21476B10000
|
heap
|
page read and write
|
||
2F26D480000
|
heap
|
page read and write
|
||
7FFF2989B000
|
unkown
|
page read and write
|
||
2F26FD90000
|
heap
|
page read and write
|
||
7FF7A2BC3000
|
unkown
|
page readonly
|
||
21478603000
|
heap
|
page read and write
|
||
1DD953F5000
|
heap
|
page read and write
|
||
2F26D5B2000
|
heap
|
page read and write
|
||
136856A0000
|
heap
|
page read and write
|
||
1DD939F9000
|
heap
|
page read and write
|
||
CDA9CFD000
|
stack
|
page read and write
|
||
21476AE6000
|
heap
|
page read and write
|
||
2F26FDA6000
|
heap
|
page read and write
|
||
E8F7A7E000
|
stack
|
page read and write
|
There are 197 hidden memdumps, click here to show them.