Windows Analysis Report Everything.ini

Overview

Sample Name:	Everything.ini
Analysis ID:	534004
MD5:	2dd1085be0d738b72396100119ef4f4f
SHA1:	9a2a15f7376bc2f2d3e781cb02d42c192c691925
SHA256:	4da456f41f0278330f77edadea352c93c812fb526595edbf6396a97b76acf9bd
Infos:
Most interesting Screenshot:

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\System32\notepad.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InProcServer32

Source: C:\Windows\System32\notepad.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: classification engine

Classification label: clean0.winINI@1/0@0/0

Source: notepad.exe, 00000001.00000002.548628315.000001FE89150000.00000002.00020000.sdmp	Binary or memory string: Program Manager
Source: notepad.exe, 00000001.00000002.548628315.000001FE89150000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd
Source: notepad.exe, 00000001.00000002.548628315.000001FE89150000.00000002.00020000.sdmp	Binary or memory string: Progman
Source: notepad.exe, 00000001.00000002.548628315.000001FE89150000.00000002.00020000.sdmp	Binary or memory string: Progmanlock

Language, Device and Operating System Detection:

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\System32\notepad.exe

Queries volume information: C:\Users\user\Desktop\Everything.ini VolumeInformation

Hide Legend

Legend:

No contacted IP infos

ID:	534004
Product:	CloudBasic
Start time:	23:37:04
Start date:	04.12.2021
Sample:	Everything.ini
Cookbook:	default.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	2dd1085be0d738b72396100119ef4f4f
SHA1:	9a2a15f7376bc2f2d3e781cb02d42c192c691925
SHA256:	4da456f41f0278330f77edadea352c93c812fb526595edbf6396a97b76acf9bd