Windows Analysis Report
ReleaseNote.txt

Overview

General Information

Sample Name: ReleaseNote.txt
Analysis ID: 612090
MD5: 9527efe3316bd902a538e546aa87b5f3
SHA1: 8aa6d090fd11e50653377fb2ca4645588107f4a5
SHA256: 2f1b6c52d11f13ec5abea7413c0f74d3a290f85b898d847ce7a22bcea2944924

Detection

Score: 1
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Queries the volume information (name, serial number etc) of a device
Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Classification

Source: notepad.exe, 00000000.00000002.521579307.0000020B953CD000.00000004.00000020.00020000.00000000.sdmp, ReleaseNote.txt String found in binary or memory: http://support.displaylink.com
Source: notepad.exe, 00000000.00000002.521579307.0000020B953CD000.00000004.00000020.00020000.00000000.sdmp, ReleaseNote.txt String found in binary or memory: http://support.displaylink.com/
Source: notepad.exe, 00000000.00000002.521579307.0000020B953CD000.00000004.00000020.00020000.00000000.sdmp, ReleaseNote.txt String found in binary or memory: http://support.displaylink.com/knowledgebase
Source: notepad.exe, 00000000.00000002.521579307.0000020B953CD000.00000004.00000020.00020000.00000000.sdmp, ReleaseNote.txt String found in binary or memory: http://support.displaylink.com/knowledgebase/articles/524951
Source: notepad.exe, 00000000.00000002.521579307.0000020B953CD000.00000004.00000020.00020000.00000000.sdmp, ReleaseNote.txt String found in binary or memory: http://support.displaylink.com/knowledgebase/articles/607686
Source: notepad.exe, 00000000.00000002.521579307.0000020B953CD000.00000004.00000020.00020000.00000000.sdmp, ReleaseNote.txt String found in binary or memory: http://support.displaylink.com/knowledgebase/articles/615714
Source: notepad.exe, 00000000.00000002.521579307.0000020B953CD000.00000004.00000020.00020000.00000000.sdmp, ReleaseNote.txt String found in binary or memory: http://support.displaylink.com/knowledgebase/articles/630820
Source: notepad.exe, 00000000.00000002.521579307.0000020B953CD000.00000004.00000020.00020000.00000000.sdmp, ReleaseNote.txt String found in binary or memory: http://www.displaylink.com/downloads/corporate
Source: C:\Windows\System32\notepad.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InProcServer32 Jump to behavior
Source: C:\Windows\System32\notepad.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: classification engine Classification label: clean1.winTXT@1/0@0/0
Source: ReleaseNote.txt Joe Sandbox Cloud Basic: Detection: clean Score: 2 Perma Link
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Windows\System32\notepad.exe Registry key monitored for changes: HKEY_CURRENT_USER_Classes Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\System32\notepad.exe Queries volume information: C:\Users\user\Desktop\ReleaseNote.txt VolumeInformation Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 612090 Sample: ReleaseNote.txt Startdate: 20/04/2022 Architecture: WINDOWS Score: 1 4 notepad.exe 2->4         started       
No contacted IP infos