Edit tour

Windows Analysis Report
Payment Advice for Imax November 23, 2022, 1%3A46%3A16 PM.txt

Overview

General Information

Sample Name:	Payment Advice for Imax November 23, 2022, 1%3A46%3A16 PM.txt
Analysis ID:	753411
MD5:	32c514a2cccc4dc45ead40c3f876d7e7
SHA1:	2a626cb812d5add14991989397242070c6584f05
SHA256:	4641d4821a3be256f99bfb07cbfc9b2f77670b91af83fac011a55f2c910a9ecc

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Queries the volume information (name, serial number etc) of a device

Classification

Process Tree

System is w10x64

notepad.exe (PID: 2156 cmdline: "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\Payment Advice for Imax November 23, 2022, 1%3A46%3A16 PM.txt MD5: BB9A06B8F2DD9D24C77F389D7B2B58D2)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Windows\System32\notepad.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InProcServer32

Source: C:\Windows\System32\notepad.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: classification engine

Classification label: clean0.winTXT@1/0@0/0

Source: C:\Windows\System32\notepad.exe

Queries volume information: C:\Users\user\Desktop\Payment Advice for Imax November 23, 2022, 1%3A46%3A16 PM.txt VolumeInformation

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping	11 System Information Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Data Obfuscation	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report
Payment Advice for Imax November 23, 2022, 1%3A46%3A16 PM.txt

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

System Summary

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Payment Advice for Imax November 23, 2022, 1%3A46%3A16 PM.txt

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

System Summary

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Windows Analysis Report
Payment Advice for Imax November 23, 2022, 1%3A46%3A16 PM.txt