Windows Analysis Report
autorun.inf

Overview

General Information

Sample Name: autorun.inf
Analysis ID: 612089
MD5: 05b84abc08bda0f18e44fd5e526752f1
SHA1: 7c12e7193fdf6c2f1d6305a5d7010ad1403dad81
SHA256: d409d2c95ffd569d2205797915057d6289048ffa3543014aaff39f5a3f72b7a9

Detection

Score: 1
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Queries the volume information (name, serial number etc) of a device
May infect USB drives

Classification

May infect USB drives
Source: notepad.exe, 00000000.00000002.536901438.0000017F797B0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: C:\Users\user\Desktop\C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\autorun.infC:\Windows\system32\NOTEPAD.EXEWinSta0\Default
Source: notepad.exe, 00000000.00000002.536901438.0000017F797B0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\autorun.inf
Source: notepad.exe, 00000000.00000002.537345191.0000017F79B65000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: C:\Users\user\Desktop\autorun.inf
Source: notepad.exe, 00000000.00000002.537345191.0000017F79B65000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: C:\Windows\system32\NOTEPAD.EXEC:\Users\user\Desktop\autorun.inf
Source: notepad.exe, 00000000.00000002.537096792.0000017F797E7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: autorun.inf
Source: notepad.exe, 00000000.00000002.537096792.0000017F797E7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: autorun.infH
Source: notepad.exe, 00000000.00000002.537096792.0000017F797E7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: .autorun.inf
Source: notepad.exe, 00000000.00000002.537096792.0000017F797E7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: /C:/Users/user/Desktop/autorun.infW
Source: notepad.exe, 00000000.00000002.537096792.0000017F797E7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: C:\Users\user\Desktop\autorun.infD
Source: notepad.exe, 00000000.00000002.537096792.0000017F797E7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: /C:/Users/user/Desktop/autorun.inf
Source: notepad.exe, 00000000.00000002.537096792.0000017F797E7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: file:///C:/Users/user/Desktop/autorun.inf
Source: notepad.exe, 00000000.00000002.537096792.0000017F797E7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: autorun.inf
Source: notepad.exe, 00000000.00000002.537096792.0000017F797E7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: [autorun]
Source: autorun.inf Binary or memory string: [autorun]
Source: C:\Windows\System32\notepad.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InProcServer32 Jump to behavior
Source: C:\Windows\System32\notepad.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: classification engine Classification label: clean1.winINF@1/0@0/0
Source: autorun.inf Joe Sandbox Cloud Basic: Detection: clean Score: 2 Perma Link
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\System32\notepad.exe Queries volume information: C:\Users\user\Desktop\autorun.inf VolumeInformation Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 612089 Sample: autorun.inf Startdate: 20/04/2022 Architecture: WINDOWS Score: 1 4 notepad.exe 2->4         started       
No contacted IP infos