Summary

eeb12e08e6a772e73204ea44b09d037a3952a1353a6ca6cc4d4595e711c73b0d

File eeb12e08e6a772e73204ea44b09d037a3952a1353a6ca6cc4d4595e711c73b0d

Summary
Download Resubmit sample

Size 444.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 4415d1164d3d44c2e2083514b5fd2c16
SHA1 716a695877c916410e14116834b915048f1210d0
SHA256 eeb12e08e6a772e73204ea44b09d037a3952a1353a6ca6cc4d4595e711c73b0d
SHA512
3dcc73d09c5b31591ce2f36811328f863a5f1ad47c84b53dbbad0c21365989d6fd8119c952b52b1b6deea0e3f5a25d299df4737724460b9670169aab5fc58e6e
CRC32 F9540757
ssdeep None
Yara
  • anti_dbg - Checks if being debugged
  • escalate_priv - Escalade priviledges
  • screenshot - Take screenshot
  • win_registry - Affect system registries
  • win_token - Affect system token
  • win_private_profile - Affect private profile
  • win_files_operation - Affect private profile

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis
Category Started Completed Duration Routing Logs
FILE April 11, 2025, 2:03 p.m. April 11, 2025, 2:10 p.m. 393 seconds internet Show Analyzer Log
Show Cuckoo Log

Analyzer Log

2025-04-10 13:22:26,015 [analyzer] DEBUG: Starting analyzer from: C:\tmpmdfut4
2025-04-10 13:22:26,015 [analyzer] DEBUG: Pipe server name: \??\PIPE\lEghzCilFlgxqWYEk
2025-04-10 13:22:26,015 [analyzer] DEBUG: Log pipe server name: \??\PIPE\cJsQHvjZQPERNtZPDNOmioyP
2025-04-10 13:22:26,358 [analyzer] DEBUG: Started auxiliary module Curtain
2025-04-10 13:22:26,358 [analyzer] DEBUG: Started auxiliary module DbgView
2025-04-10 13:22:26,828 [analyzer] DEBUG: Started auxiliary module Disguise
2025-04-10 13:22:27,030 [analyzer] DEBUG: Loaded monitor into process with pid 504
2025-04-10 13:22:27,046 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-04-10 13:22:27,046 [analyzer] DEBUG: Started auxiliary module Human
2025-04-10 13:22:27,046 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-04-10 13:22:27,062 [analyzer] DEBUG: Started auxiliary module Reboot
2025-04-10 13:22:27,187 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-04-10 13:22:27,187 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-04-10 13:22:27,187 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-04-10 13:22:27,187 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-04-10 13:22:27,280 [lib.api.process] ERROR: Failed to execute process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\eeb12e08e6a772e73204ea44b09d037a3952a1353a6ca6cc4d4595e711c73b0d.exe' with arguments ['bin\\inject-x86.exe', '--app', u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\eeb12e08e6a772e73204ea44b09d037a3952a1353a6ca6cc4d4595e711c73b0d.exe', '--only-start', '--curdir', 'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp'] (Error: Command '['bin\\inject-x86.exe', '--app', u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\eeb12e08e6a772e73204ea44b09d037a3952a1353a6ca6cc4d4595e711c73b0d.exe', '--only-start', '--curdir', 'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp']' returned non-zero exit status 1)

Cuckoo Log

2025-04-11 14:03:38,994 [cuckoo.core.scheduler] INFO: Task #6259077: acquired machine win7x644 (label=win7x644)
2025-04-11 14:03:38,995 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.204 for task #6259077
2025-04-11 14:03:39,421 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 3092537 (interface=vboxnet0, host=192.168.168.204)
2025-04-11 14:03:39,691 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x644
2025-04-11 14:03:40,331 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x644 to vmcloak
2025-04-11 14:06:33,031 [cuckoo.core.guest] INFO: Starting analysis #6259077 on guest (id=win7x644, ip=192.168.168.204)
2025-04-11 14:06:34,037 [cuckoo.core.guest] DEBUG: win7x644: not ready yet
2025-04-11 14:06:39,078 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x644, ip=192.168.168.204)
2025-04-11 14:06:39,441 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x644, ip=192.168.168.204, monitor=latest, size=6660546)
2025-04-11 14:06:40,894 [cuckoo.core.resultserver] DEBUG: Task #6259077: live log analysis.log initialized.
2025-04-11 14:06:41,876 [cuckoo.core.resultserver] DEBUG: Task #6259077 is sending a BSON stream
2025-04-11 14:06:43,248 [cuckoo.core.resultserver] DEBUG: Task #6259077: File upload for 'shots/0001.jpg'
2025-04-11 14:06:43,262 [cuckoo.core.resultserver] DEBUG: Task #6259077 uploaded file length: 133486
2025-04-11 14:06:43,481 [cuckoo.core.guest] WARNING: win7x644: analysis #6259077 caught an exception
Traceback (most recent call last):
  File "C:/tmpmdfut4/analyzer.py", line 824, in <module>
    success = analyzer.run()
  File "C:/tmpmdfut4/analyzer.py", line 673, in run
    pids = self.package.start(self.target)
  File "C:\tmpmdfut4\modules\packages\exe.py", line 34, in start
    return self.execute(path, args=shlex.split(args))
  File "C:\tmpmdfut4\lib\common\abstracts.py", line 205, in execute
    "Unable to execute the initial process, analysis aborted."
CuckooPackageError: Unable to execute the initial process, analysis aborted.

2025-04-11 14:06:43,494 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-04-11 14:06:43,523 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-04-11 14:06:44,621 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x644 to path /srv/cuckoo/cwd/storage/analyses/6259077/memory.dmp
2025-04-11 14:06:44,622 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x644
2025-04-11 14:10:10,888 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.204 for task #6259077
2025-04-11 14:10:10,888 [cuckoo.core.resultserver] DEBUG: Cancel <Context for LOG> for task 6259077
2025-04-11 14:10:11,914 [cuckoo.core.scheduler] DEBUG: Released database task #6259077
2025-04-11 14:10:11,932 [cuckoo.core.scheduler] INFO: Task #6259077: analysis procedure completed

Signatures

Yara rules detected for file (7 events)
description Checks if being debugged rule anti_dbg
description Escalade priviledges rule escalate_priv
description Take screenshot rule screenshot
description Affect system registries rule win_registry
description Affect system token rule win_token
description Affect private profile rule win_private_profile
description Affect private profile rule win_files_operation
File has been identified by at least one AntiVirus engine on IRMA as malicious (1 event)
Avast Core Security (Linux) Win32:Malware-gen
File has been identified by 23 AntiVirus engines on VirusTotal as malicious (23 events)
Cynet Malicious (score: 100)
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_60% (D)
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
APEX Malicious
Avast Win32:Malware-gen
Rising Trojan.Fuerboos!8.EFC8 (RDMK:cmRtazozsbQ4xArZHdYbJWGpGdZT)
McAfeeD ti!EEB12E08E6A7
Trapmine suspicious.low.ml.score
Sophos Generic ML PUA (PUA)
SentinelOne Static AI - Malicious PE
Google Detected
Kingsoft malware.kb.a.962
Gridinsoft Risk.Win32.Gen.ka!s1
Microsoft Trojan:Win32/Sabsik.RD.A!ml
Varist W32/S-9ddce725!Eldorado
DeepInstinct MALICIOUS
Ikarus Virus.Win32.VB
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Ipamor.A9EC!tr
AVG Win32:Malware-gen
Screenshots
Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action VT Location
No hosts contacted.
Cuckoo

We're processing your submission... This could take a few seconds.