Windows Analysis Report
readme.txt

Overview

General Information

Sample Name: readme.txt
Analysis ID: 800705
MD5: 99a47df2646f18b7f94f1d29c236c93a
SHA1: a32553c3ad3abe7fe4431aea637c82539d9d8d3f
SHA256: a7e78fdcad18f8f3be24d4fa4aee23cbf1a138497479469e4e1ad79640330add

Detection

Score: 0
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Queries the volume information (name, serial number etc) of a device

Classification

Source: notepad.exe, 00000000.00000002.575681616.0000021BE0599000.00000004.00000020.00020000.00000000.sdmp, readme.txt String found in binary or memory: http://www.nirsoft.net/utils/product_cd_key_viewer.html
Source: C:\Windows\System32\notepad.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InProcServer32 Jump to behavior
Source: C:\Windows\System32\notepad.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: classification engine Classification label: clean0.winTXT@1/0@0/0
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\System32\notepad.exe Queries volume information: C:\Users\user\Desktop\readme.txt VolumeInformation Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 800705 Sample: readme.txt Startdate: 07/02/2023 Architecture: WINDOWS Score: 0 4 notepad.exe 2->4         started       
No contacted IP infos