Windows Analysis Report
test1.txt

Overview

General Information

Sample name: test1.txt
Analysis ID: 1541404
MD5: 44d88612fea8a8f36de82e1278abb02f
SHA1: 3395856ce81f2b7382dee72602f798b642f14140
SHA256: 275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f
Infos:

Detection

EICAR
Score: 0
Range: 0 - 100
Whitelisted: true
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
EICAR test file detected
Multi AV Scanner detection for submitted file
Yara detected EICAR
Machine Learning detection for sample
Installs a global mouse hook
Queries the volume information (name, serial number etc) of a device

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: test1.txt Avira: detected
Multi AV Scanner detection for submitted file
Source: test1.txt ReversingLabs: Detection: 97%
Machine Learning detection for sample
Source: test1.txt Joe Sandbox ML: detected
Installs a global mouse hook
Source: C:\Windows\System32\notepad.exe Windows user hook set: 0 mouse C:\Windows\System32\SHELL32.dll Jump to behavior

System Summary
barindex
EICAR test file detected
Source: test1.txt Initial sample: EICAR test sig
Yara detected EICAR
Source: Yara match File source: test1.txt, type: SAMPLE
Source: Yara match File source: C:\Users\user\Desktop\test22.txt, type: DROPPED
Source: classification engine Classification label: clean76.troj.winTXT@4/1@0/0
Source: C:\Windows\System32\notepad.exe File created: C:\Users\user\Desktop\test22.txt Jump to behavior
Source: C:\Windows\System32\notepad.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Windows\System32\notepad.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: test1.txt ReversingLabs: Detection: 97%
Source: unknown Process created: C:\Windows\System32\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\test1.txt
Source: unknown Process created: C:\Windows\System32\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\test22.txt
Source: unknown Process created: C:\Windows\System32\SystemSettingsBroker.exe C:\Windows\System32\SystemSettingsBroker.exe -Embedding
Source: unknown Process created: C:\Windows\System32\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\test22.txt
Source: C:\Windows\System32\notepad.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: mrmcorer.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: efswrt.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: dui70.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: duser.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: explorerframe.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: thumbcache.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: msftedit.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: windows.globalization.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: bcp47mrm.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: globinputhost.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: structuredquery.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: atlthunk.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: windows.fileexplorer.common.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: windows.storage.search.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: samlib.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: linkinfo.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: twinapi.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: ehstorshell.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: networkexplorer.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: cscui.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: ntshrui.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: cscapi.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: cldapi.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: fltlib.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: mrmcorer.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: efswrt.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe Section loaded: systemsettings.datamodel.dll Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe Section loaded: settingshandlers_sharedexperiences_rome.dll Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe Section loaded: windows.devices.radios.dll Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe Section loaded: cdp.dll Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe Section loaded: dsreg.dll Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: mrmcorer.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: efswrt.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InProcServer32 Jump to behavior
Source: C:\Windows\System32\notepad.exe File opened: C:\Windows\system32\MsftEdit.dll Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Windows\System32\notepad.exe Window detected: Number of UI elements: 16
Source: C:\Windows\System32\notepad.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\notepad.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\notepad.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\SystemSettingsBroker.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\System32\notepad.exe Queries volume information: C:\Users\user\Desktop\test1.txt VolumeInformation Jump to behavior
Source: C:\Windows\System32\notepad.exe Queries volume information: C:\Users\user\Desktop\test22.txt VolumeInformation Jump to behavior
Source: C:\Windows\System32\notepad.exe Queries volume information: C:\Users\user\Desktop\test22.txt VolumeInformation Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1541404 Sample: test1.txt Startdate: 24/10/2024 Architecture: WINDOWS Score: 0 13 EICAR test file detected 2->13 15 Antivirus / Scanner detection for submitted sample 2->15 17 Multi AV Scanner detection for submitted file 2->17 19 2 other signatures 2->19 5 notepad.exe 34 12 2->5         started        7 notepad.exe 2->7         started        9 notepad.exe 2->9         started        11 SystemSettingsBroker.exe 2->11         started        process3
No contacted IP infos