Size | 8.8MB |
---|---|
Type | PE32+ executable (DLL) (GUI) x86-64, for MS Windows |
MD5 | cfc3159479eba801b9a77e252312a5cf |
SHA1 | 6a25d836c4943d8188315502f75b6e68dda3f26e |
SHA256 | 6b5b011659b8478407a5a918ba4f3a288983d730361a3340330b3cbb6fd4161f |
SHA512 |
5064a91cec2334b0203e97d67ef06055dbd6f5248df0effa459ebcc5c39e87c0b3487984ada22b0c88aacdea5c7630dab4a5a28f54f022d1b46df45806636cb0
|
CRC32 | 918BB0C9 |
ssdeep | None |
Yara | None matched |
This file is very suspicious, with a score of 10 out of 10!
Please notice: The scoring system is currently still in development and should be considered an alpha feature.
Expecting different results? Send us this analysis and we will inspect it. Click here
Category | Started | Completed | Duration | Routing | Logs |
---|---|---|---|---|---|
FILE | July 25, 2023, 4:48 p.m. | July 25, 2023, 4:48 p.m. | 35 seconds | internet |
Show Analyzer Log Show Cuckoo Log |
2023-07-25 16:47:54,015 [analyzer] DEBUG: Starting analyzer from: C:\tmpqqrt4a 2023-07-25 16:47:54,015 [analyzer] DEBUG: Pipe server name: \??\PIPE\MqMrqeLTxSsJQvIQkYFMKrweEhlwHRdc 2023-07-25 16:47:54,015 [analyzer] DEBUG: Log pipe server name: \??\PIPE\LoyYgmmLUBwJigLjzHOxw 2023-07-25 16:47:54,203 [analyzer] DEBUG: Started auxiliary module Curtain 2023-07-25 16:47:54,203 [analyzer] DEBUG: Started auxiliary module DbgView 2023-07-25 16:47:54,578 [analyzer] DEBUG: Started auxiliary module Disguise 2023-07-25 16:47:54,765 [analyzer] DEBUG: Loaded monitor into process with pid 504 2023-07-25 16:47:54,765 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets 2023-07-25 16:47:54,765 [analyzer] DEBUG: Started auxiliary module Human 2023-07-25 16:47:54,765 [analyzer] DEBUG: Started auxiliary module InstallCertificate 2023-07-25 16:47:54,765 [analyzer] DEBUG: Started auxiliary module Reboot 2023-07-25 16:47:54,812 [analyzer] DEBUG: Started auxiliary module RecentFiles 2023-07-25 16:47:54,812 [analyzer] DEBUG: Started auxiliary module Screenshots 2023-07-25 16:47:54,812 [analyzer] DEBUG: Started auxiliary module Sysmon 2023-07-25 16:47:54,812 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n 2023-07-25 16:47:54,905 [lib.api.process] ERROR: Failed to execute process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\rs.dll' with arguments ['bin\\inject-x64.exe', '--app', u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\rs.dll', '--only-start', '--curdir', 'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp'] (Error: Command '['bin\\inject-x64.exe', '--app', u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\rs.dll', '--only-start', '--curdir', 'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp']' returned non-zero exit status 1)
2023-07-25 16:48:08,266 [cuckoo.core.scheduler] INFO: Task #4141480: acquired machine win7x6428 (label=win7x6428) 2023-07-25 16:48:08,267 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.228 for task #4141480 2023-07-25 16:48:08,521 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 2533643 (interface=vboxnet0, host=192.168.168.228) 2023-07-25 16:48:11,491 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6428 2023-07-25 16:48:12,154 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6428 to vmcloak 2023-07-25 16:48:26,727 [cuckoo.core.guest] INFO: Starting analysis #4141480 on guest (id=win7x6428, ip=192.168.168.228) 2023-07-25 16:48:27,732 [cuckoo.core.guest] DEBUG: win7x6428: not ready yet 2023-07-25 16:48:32,752 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6428, ip=192.168.168.228) 2023-07-25 16:48:32,813 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6428, ip=192.168.168.228, monitor=latest, size=6659295) 2023-07-25 16:48:34,190 [cuckoo.core.resultserver] DEBUG: Task #4141480: live log analysis.log initialized. 2023-07-25 16:48:34,895 [cuckoo.core.resultserver] DEBUG: Task #4141480 is sending a BSON stream 2023-07-25 16:48:36,098 [cuckoo.core.resultserver] DEBUG: Task #4141480: File upload for 'shots/0001.jpg' 2023-07-25 16:48:36,114 [cuckoo.core.resultserver] DEBUG: Task #4141480 uploaded file length: 133461 2023-07-25 16:48:36,814 [cuckoo.core.guest] WARNING: win7x6428: analysis #4141480 caught an exception Traceback (most recent call last): File "C:/tmpqqrt4a/analyzer.py", line 824, in <module> success = analyzer.run() File "C:/tmpqqrt4a/analyzer.py", line 673, in run pids = self.package.start(self.target) File "C:\tmpqqrt4a\modules\packages\exe.py", line 34, in start return self.execute(path, args=shlex.split(args)) File "C:\tmpqqrt4a\lib\common\abstracts.py", line 205, in execute "Unable to execute the initial process, analysis aborted." CuckooPackageError: Unable to execute the initial process, analysis aborted. 2023-07-25 16:48:36,825 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks 2023-07-25 16:48:36,881 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer 2023-07-25 16:48:37,828 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6428 to path /srv/cuckoo/cwd/storage/analyses/4141480/memory.dmp 2023-07-25 16:48:37,830 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6428 2023-07-25 16:48:42,781 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.228 for task #4141480 2023-07-25 16:48:42,782 [cuckoo.core.resultserver] DEBUG: Cancel <Context for LOG> for task 4141480 2023-07-25 16:48:42,932 [cuckoo.core.scheduler] DEBUG: Released database task #4141480 2023-07-25 16:48:42,947 [cuckoo.core.scheduler] INFO: Task #4141480: analysis procedure completed
section | |
section | .themida |
section | .boot |
section | {u'size_of_data': u'0x00008800', u'virtual_address': u'0x00001000', u'entropy': 7.973436903448754, u'name': u' ', u'virtual_size': u'0x0000edf5'} | entropy | 7.97343690345 | description | A section with a high entropy has been found | |||||||||
section | {u'size_of_data': u'0x00003e00', u'virtual_address': u'0x00010000', u'entropy': 7.911957483850475, u'name': u' ', u'virtual_size': u'0x000099bc'} | entropy | 7.91195748385 | description | A section with a high entropy has been found | |||||||||
section | {u'size_of_data': u'0x00000600', u'virtual_address': u'0x0001a000', u'entropy': 7.743190157280024, u'name': u' ', u'virtual_size': u'0x00002564'} | entropy | 7.74319015728 | description | A section with a high entropy has been found | |||||||||
section | {u'size_of_data': u'0x00000a00', u'virtual_address': u'0x0001d000', u'entropy': 7.5968276332117926, u'name': u' ', u'virtual_size': u'0x00001194'} | entropy | 7.59682763321 | description | A section with a high entropy has been found | |||||||||
section | {u'size_of_data': u'0x008c2200', u'virtual_address': u'0x00d3b000', u'entropy': 7.959120061479964, u'name': u'.boot', u'virtual_size': u'0x008c2200'} | entropy | 7.95912006148 | description | A section with a high entropy has been found | |||||||||
entropy | 0.999556835808 | description | Overall entropy of this PE file is high |
Forticlient (Linux) | Malware_Generic.P0 |
Bkav | W32.Common.9BB20BC2 |
Elastic | malicious (moderate confidence) |
CrowdStrike | win/malicious_confidence_100% (W) |
APEX | Malicious |
McAfee-GW-Edition | BehavesLike.Win64.Generic.rc |
Trapmine | malicious.high.ml.score |
Webroot | W32.Trojan.Gen |
McAfee | Artemis!CFC3159479EB |
MaxSecure | Trojan.Malware.300983.susgen |
DeepInstinct | MALICIOUS |