Analysis Report test.txt

Overview

General Information

Sample Name: test.txt
Analysis ID: 321440
MD5: 8d41627e46d5b8556d0d3e30ec15538e
SHA1: cc40d8f62aa37759291bbc2d37728e8f9ad66232
SHA256: 8898a8a3459079ed8a03f66c2ae22f0f6c340af31a9756f67dae8e02807d7c97

Most interesting Screenshot:

Detection

Score: 0
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Queries the volume information (name, serial number etc) of a device

Classification

Source: classification engine Classification label: clean0.winTXT@1/0@0/0
Source: C:\Windows\System32\notepad.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Windows\System32\notepad.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InProcServer32 Jump to behavior
Source: notepad.exe, 00000000.00000002.473998873.00000214130B0000.00000002.00000001.sdmp Binary or memory string: Program Manager
Source: notepad.exe, 00000000.00000002.473998873.00000214130B0000.00000002.00000001.sdmp Binary or memory string: Shell_TrayWnd
Source: notepad.exe, 00000000.00000002.473998873.00000214130B0000.00000002.00000001.sdmp Binary or memory string: Progman
Source: notepad.exe, 00000000.00000002.473998873.00000214130B0000.00000002.00000001.sdmp Binary or memory string: Progmanlock

Language, Device and Operating System Detection:

barindex
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\System32\notepad.exe Queries volume information: C:\Users\user\Desktop\test.txt VolumeInformation Jump to behavior
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 321440 Sample: test.txt Startdate: 22/11/2020 Architecture: WINDOWS Score: 0 4 notepad.exe 2->4         started       
No contacted IP infos