Windows Analysis Report
cancellation.one

ID:	800683
Product:	CloudBasic
Start time:	18:06:16
Start date:	07.02.2023
Sample:	cancellation.one
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
Architecture:	WINDOWS
MD5:	efae5db57b82eb563d9a5e85d51018b9
SHA1:	2a46f65a5092bff8c5a88d84c78c10336129b6e5
SHA256:	52d47370954612dbb7e9bdb740c8241c999415d62f2846b1c710dbf9e18df09a
Filetype:	Microsoft OneNote note (16024/2) 100.00%

Name	Type	MD5	SHA1	SHA256
C:\Users\eyup\AppData\Local\Microsoft\Office\16.0\onenote.exe_Rules.xml	XML 1.0 document, ASCII text, with very long lines (65536), with no line terminators	5D1E1505BD5216805FC6CD14E0D90986	E7B0BC349EEA8222615174155407932A1E363DA0	69588BD4887C59630856C985606BEC0096DF05563DADE1A896A79D1DA32B1354
C:\Users\eyup\AppData\Local\Microsoft\Office\OTele\onenote.exe.db	SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2	F138A66469C10D5761C6CBB36F2163C3	EEA136206474280549586923B7A4A3C6D5DB1E25	C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6
C:\Users\eyup\AppData\Local\Microsoft\Office\OTele\onenote.exe.db-shm	data	37B77A21DAD54031033F0C6792E13D8D	0A098D41BD9787667FA072740A0BDEB0C4EC0CF9	C678904AD71C2D5E28317FA64DDBF70192CFD4BC09E112FC208641A12FEC591E
C:\Users\eyup\AppData\Local\Microsoft\Office\OTele\onenote.exe.db-wal	SQLite Write-Ahead Log, version 3007000	D5B376F5BB40F906C694232CAD2FFB96	A7238FCE5BB872B478727EEAE1FF265CA95331C6	CB5BDB2696D5ACFA666836E2D76D5E883D99FA1F729CC86E2537219C40E01EBE
C:\Users\eyup\AppData\Local\Microsoft\OneNote\16.0\cache\header	Matlab v4 mat-file (little endian) , numeric, rows 1020487318, columns 0	59C4731B2F05C4C3595AA802FBA3BF00	3B80E7948EB946AE4864B0E031C8DB2E0BD59AD0	B88CEFB4F768FDCD43F246FEB29F9E2FE2B497EAAD8B8F665F6D3B93975059AA
C:\Users\eyup\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1bc9bbbe61f14501.customDestinations-ms (copy)	data	D967028041EBFB64D53B22EF03286C9E	B45E8465EC9C2AEBD347D2881BD6505D587A3BC1	582BEE445DC0F2D78A5406FB2A37712CD79EDDDC2F39DD9920F791FA6C19C087
C:\Users\eyup\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7PWLWPSW8J08303KX079.temp	data	D967028041EBFB64D53B22EF03286C9E	B45E8465EC9C2AEBD347D2881BD6505D587A3BC1	582BEE445DC0F2D78A5406FB2A37712CD79EDDDC2F39DD9920F791FA6C19C087

There are no high impact signatures.

System Summary

Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE

File read: C:\Program Files\desktop.ini

Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE

File created: C:\Users\eyup\AppData\Local\Temp\{03CC3D92-E54C-467E-9B0B-62F4355CE739} - OProcSessId.dat

Source: classification engine

Classification label: clean0.winONE@1/7@0/22

Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE

File created: C:\Users\eyup\Documents\{655696E5-AF6E-4A78-A631-7119D5842EE9}

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Hooking and other Techniques for Hiding and Protection

Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE

Process information queried: ProcessInformation