Windows
Analysis Report
manifest.ini
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- notepad.exe (PID: 3128 cmdline:
"C:\Window s\system32 \NOTEPAD.E XE" C:\Use rs\user\De sktop\mani fest.ini MD5: 27F71B12CB585541885A31BE22F61C83)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Binary string: |
Source: | Classification label: |
Source: | Key opened: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 DLL Side-Loading | OS Credential Dumping | 11 System Information Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1428285 |
Start date and time: | 2024-04-18 19:06:10 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 37s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 4 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | manifest.ini (renamed file extension from json to ini) |
Original Sample Name: | manifest.json |
Detection: | CLEAN |
Classification: | clean0.winINI@1/0@0/0 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- VT rate limit hit for: manifest.ini
File type: | |
Entropy (8bit): | 5.043479054564923 |
TrID: |
|
File name: | manifest.ini |
File size: | 250 bytes |
MD5: | 8c3368e85b1eecef2b20cf5853239357 |
SHA1: | 4d467ded6605e36be52c7e311675de36f3672a13 |
SHA256: | 9d20955ca0084fceaa327ec2cc2fe6c46ad0e56749eb526650ecd9ea71e26f5c |
SHA512: | 3b819356d688e85821f72aa6e06d2c1acb4e034e83f4e68df694c2e68f88634c14eb8cbdd99e51ba7bf8de700c58e6b023af417457110f43cc9848db2d7d2860 |
SSDEEP: | 6:lQ2P70eTM1OaHoszfsmiZTEiIXUjCQkqvd6QUDLMxeRfH:LP1TbZQiIEjC3cZA4ERv |
TLSH: | 91D095B28076D7DBB06814C35B35463701FD0D3545911F0D13CDCA44E4263D52127422 |
File Content Preview: | [{"included":true,"path":"\\Device\\HarddiskVolume3\\Users\\aiciaboyd\\Downloads\\PDFixers.exe","reason":"","sha1":"5a6c01f821f10f6ed1f1283ecba36c5bacfb5838","sha256":"a024a18e27707738adcd7b5a740c5a93534b4b8c9d3b947f6d85740af19d17d0","size":8507584}] |
Icon Hash: | 69e999a385898987 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 19:06:56 |
Start date: | 18/04/2024 |
Path: | C:\Windows\System32\notepad.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7144b0000 |
File size: | 201'216 bytes |
MD5 hash: | 27F71B12CB585541885A31BE22F61C83 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | false |
Call Graph
Graph
- Executed
- Not Executed
Script: |
---|
Code | ||
---|---|---|
0 | [ { | |
1 | "included" : true, | |
2 | "path" : "\\Device\\HarddiskVolume3\\Users\\aiciaboyd\\Downloads\\PDFixers.exe", | |
3 | "reason" : "", | |
4 | "sha1" : "5a6c01f821f10f6ed1f1283ecba36c5bacfb5838", | |
5 | "sha256" : "a024a18e27707738adcd7b5a740c5a93534b4b8c9d3b947f6d85740af19d17d0", | |
6 | "size" : 8507584 | |
7 | } ]; |