IOC Report
LADMAutoInstallService.exe.7z

loading gif

Files

File Path
Type
Category
Malicious
LADMAutoInstallService.exe.7z
7-zip archive data, version 0.4
initial sample
malicious
C:\Program Files (x86)\UDCCLauncher\UDCC Launcher\UDCC Launcher.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
C:\Program Files (x86)\UDCCLauncher\UDCC Launcher\UiLib_d_x64.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Program Files (x86)\UDCCLauncher\UDCC Launcher\config.ini
ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\UDCCLauncher\Version.txt
ASCII text, with CR line terminators
dropped
C:\Program Files (x86)\UDCCLauncher\udcc_launcher.zip
Zip archive data, at least v1.0 to extract, compression method=store
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Extensible storage engine DataBase, version 0x620, checksum 0x14a91fc5, page size 16384, DirtyShutdown, Windows version 10.0
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rkcp4jtb.epk.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7R6WWBHVONHC52YJFVV2.temp
data
dropped
C:\Users\user\Desktop\LADMAutoInstallService.exe\LADMAutoInstallService.exe
PE32+ executable (console) x86-64, for MS Windows
dropped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
JSON data
dropped
\Device\ConDrv
ASCII text, with CRLF line terminators
dropped
There are 5 hidden files, click here to show them.

Domains

Name
IP
Malicious
c-9999.c-msedge.net
13.107.4.254
dual-s-9999.dual-s-msedge.net
52.123.128.254
download.lenovo.com
unknown

IPs

IP
Domain
Country
Malicious
40.126.32.140
unknown
United States
23.212.88.224
unknown
United States
184.28.90.27
unknown
United States
127.0.0.1
unknown
unknown