Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
manifest.ini

Overview

General Information

Sample name:manifest.ini
(renamed file extension from json to ini)
Original sample name:manifest.json
Analysis ID:1428285
MD5:8c3368e85b1eecef2b20cf5853239357
SHA1:4d467ded6605e36be52c7e311675de36f3672a13
SHA256:9d20955ca0084fceaa327ec2cc2fe6c46ad0e56749eb526650ecd9ea71e26f5c
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Queries the volume information (name, serial number etc) of a device

Classification

Process Tree

  • System is w10x64
  • notepad.exe (PID: 3128 cmdline: "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\manifest.ini MD5: 27F71B12CB585541885A31BE22F61C83)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: manifest.iniBinary string: [{"included":true,"path":"\\Device\\HarddiskVolume3\\Users\\aiciaboyd\\Downloads\\PDFixers.exe","reason":"","sha1":"5a6c01f821f10f6ed1f1283ecba36c5bacfb5838","sha256":"a024a18e27707738adcd7b5a740c5a93534b4b8c9d3b947f6d85740af19d17d0","size":8507584}]
Source: classification engineClassification label: clean0.winINI@1/0@0/0
Source: C:\Windows\System32\notepad.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: mrmcorer.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: efswrt.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\notepad.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\notepad.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InProcServer32Jump to behavior
Source: C:\Windows\System32\notepad.exeQueries volume information: C:\Users\user\Desktop\manifest.ini VolumeInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
DLL Side-Loading		1
DLL Side-Loading		OS Credential Dumping11
System Information Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1428285
Start date and time:2024-04-18 19:06:10 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 3m 37s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:4
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • GSI enabled (Javascript)
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:manifest.ini
(renamed file extension from json to ini)
Original Sample Name:manifest.json
Detection:CLEAN
Classification:clean0.winINI@1/0@0/0
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
  • VT rate limit hit for: manifest.ini

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:JSON data
Entropy (8bit):5.043479054564923
TrID:
  • Generic INI configuration (1001/1) 100.00%
File name:manifest.ini
File size:250 bytes
MD5:8c3368e85b1eecef2b20cf5853239357
SHA1:4d467ded6605e36be52c7e311675de36f3672a13
SHA256:9d20955ca0084fceaa327ec2cc2fe6c46ad0e56749eb526650ecd9ea71e26f5c
SHA512:3b819356d688e85821f72aa6e06d2c1acb4e034e83f4e68df694c2e68f88634c14eb8cbdd99e51ba7bf8de700c58e6b023af417457110f43cc9848db2d7d2860
SSDEEP:6:lQ2P70eTM1OaHoszfsmiZTEiIXUjCQkqvd6QUDLMxeRfH:LP1TbZQiIEjC3cZA4ERv
TLSH:91D095B28076D7DBB06814C35B35463701FD0D3545911F0D13CDCA44E4263D52127422
File Content Preview:[{"included":true,"path":"\\Device\\HarddiskVolume3\\Users\\aiciaboyd\\Downloads\\PDFixers.exe","reason":"","sha1":"5a6c01f821f10f6ed1f1283ecba36c5bacfb5838","sha256":"a024a18e27707738adcd7b5a740c5a93534b4b8c9d3b947f6d85740af19d17d0","size":8507584}]

File Icon

Icon Hash:69e999a385898987

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

System Behavior

General

Target ID:0
Start time:19:06:56
Start date:18/04/2024
Path:C:\Windows\System32\notepad.exe
Wow64 process (32bit):false
Commandline:"C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\manifest.ini
Imagebase:0x7ff7144b0000
File size:201'216 bytes
MD5 hash:27F71B12CB585541885A31BE22F61C83
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:moderate
Has exited:false

Disassembly

Code Analysis

Call Graph

  • Executed
  • Not Executed
callgraph clusterC0 E1C0 entry:C0

Script:

Code
0
[ {
    1
    "included" : true,
      2
      "path" : "\\Device\\HarddiskVolume3\\Users\\aiciaboyd\\Downloads\\PDFixers.exe",
        3
        "reason" : "",
          4
          "sha1" : "5a6c01f821f10f6ed1f1283ecba36c5bacfb5838",
            5
            "sha256" : "a024a18e27707738adcd7b5a740c5a93534b4b8c9d3b947f6d85740af19d17d0",
              6
              "size" : 8507584
                7
                } ];
                  Reset < >