Windows Analysis Report Notepad2.ini

Overview

Sample Name:	Notepad2.ini
Analysis ID:	435318
MD5:	a7b5e91557f8d3d23280ac818e9553d6
SHA1:	3253dfc9aa901311ba13e9eddc7b6481c6cf5778
SHA256:	61ad82669e0c260bda5472edca928785b72a0e9ad69d2d821db6bfe1e11df412
Infos:
Most interesting Screenshot:

Queries the volume information (name, serial number etc) of a device

Source: classification engine

Classification label: clean0.winINI@1/0@0/0

Source: C:\Windows\System32\notepad.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: C:\Windows\System32\notepad.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InProcServer32

Source: notepad.exe, 00000000.00000002.467344788.0000019055870000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: notepad.exe, 00000000.00000002.467344788.0000019055870000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: notepad.exe, 00000000.00000002.467344788.0000019055870000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: notepad.exe, 00000000.00000002.467344788.0000019055870000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Language, Device and Operating System Detection:

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\System32\notepad.exe

Queries volume information: C:\Users\user\Desktop\Notepad2.ini VolumeInformation

Hide Legend

Legend:

No contacted IP infos

ID:	435318
Product:	CloudBasic
Start time:	12:11:06
Start date:	16.06.2021
Sample:	Notepad2.ini
Cookbook:	default.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	a7b5e91557f8d3d23280ac818e9553d6
SHA1:	3253dfc9aa901311ba13e9eddc7b6481c6cf5778
SHA256:	61ad82669e0c260bda5472edca928785b72a0e9ad69d2d821db6bfe1e11df412
Filetype:	Text - UTF-16 (LE) encoded (2002/1) 64.44%