Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Payment Advice for Imax November 23, 2022, 1%3A46%3A16 PM.txt

Overview

General Information

Sample Name:Payment Advice for Imax November 23, 2022, 1%3A46%3A16 PM.txt
Analysis ID:753411
MD5:32c514a2cccc4dc45ead40c3f876d7e7
SHA1:2a626cb812d5add14991989397242070c6584f05
SHA256:4641d4821a3be256f99bfb07cbfc9b2f77670b91af83fac011a55f2c910a9ecc

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Queries the volume information (name, serial number etc) of a device

Classification

  • System is w10x64
  • notepad.exe (PID: 2156 cmdline: "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\Payment Advice for Imax November 23, 2022, 1%3A46%3A16 PM.txt MD5: BB9A06B8F2DD9D24C77F389D7B2B58D2)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Windows\System32\notepad.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InProcServer32Jump to behavior
Source: C:\Windows\System32\notepad.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: classification engineClassification label: clean0.winTXT@1/0@0/0
Source: C:\Windows\System32\notepad.exeQueries volume information: C:\Users\user\Desktop\Payment Advice for Imax November 23, 2022, 1%3A46%3A16 PM.txt VolumeInformationJump to behavior
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume AccessOS Credential Dumping11
System Information Discovery
Remote ServicesData from Local SystemExfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.