Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Payment Advice for Imax November 23, 2022, 1%3A46%3A16 PM.txt


General Information

Sample Name:Payment Advice for Imax November 23, 2022, 1%3A46%3A16 PM.txt
Analysis ID:753411


Range:0 - 100


Queries the volume information (name, serial number etc) of a device


  • System is w10x64
  • notepad.exe (PID: 2156 cmdline: "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\Payment Advice for Imax November 23, 2022, 1%3A46%3A16 PM.txt MD5: BB9A06B8F2DD9D24C77F389D7B2B58D2)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Windows\System32\notepad.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InProcServer32
Source: C:\Windows\System32\notepad.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: classification engineClassification label: clean0.winTXT@1/0@0/0
Source: C:\Windows\System32\notepad.exeQueries volume information: C:\Users\user\Desktop\Payment Advice for Imax November 23, 2022, 1%3A46%3A16 PM.txt VolumeInformation
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionDirect Volume AccessOS Credential Dumping11
System Information Discovery
Remote ServicesData from Local SystemExfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Hide Legend


  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.