Windows Analysis Report
IaslcsMo.txt

Overview

General Information

Sample name: IaslcsMo.txt
Analysis ID: 1562203
MD5: d7c9613ed12144aea20bee90fd5057e5
SHA1: 268f3d77e4b82f68c842a4c01f96a6ba864c09fb
SHA256: aa22e017141e1c5974e00c72f2de158072cf9279cfedff86ac1734c6947a19e8

Detection

Score: 1
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Program does not show much activity (idle)
Queries the volume information (name, serial number etc) of a device

Classification

Source: classification engine Classification label: clean1.winTXT@1/0@0/0
Source: C:\Windows\System32\notepad.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: mrmcorer.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: efswrt.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Windows\System32\notepad.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InProcServer32 Jump to behavior
Source: IaslcsMo.txt Static file information: File size 31179107 > 1048576
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\System32\notepad.exe Queries volume information: C:\Users\user\Desktop\IaslcsMo.txt VolumeInformation Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1562203 Sample: IaslcsMo.txt Startdate: 25/11/2024 Architecture: WINDOWS Score: 1 4 notepad.exe 2->4         started       
No contacted IP infos