Summary

b5dec4c834742cef9060471390cf9e797bbdad3cdae4353c675df9c83ea50521

File b5dec4c834742cef9060471390cf9e797bbdad3cdae4353c675df9c83ea50521

Summary
Download Resubmit sample

Size 336.7KB
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
MD5 d90567c638719a8b4b30e15699773a15
SHA1 3c1f5e46490e5b9faaf8705c67feee08e280fbab
SHA256 b5dec4c834742cef9060471390cf9e797bbdad3cdae4353c675df9c83ea50521
SHA512
2b3ad332da9daa89a3b4d2a3f9eef8e8a9ed67e4c23aa274e340c7353faa89a65dd51a563dc6aec1287438463b36f2016baf5e09a298d8eb9024fa59c1c8cd9f
CRC32 7F6E2987
ssdeep None
Yara
  • suspicious_packer_section - The packer/protector section names/keywords
  • SEH__vba - (no description)
  • escalate_priv - Escalade priviledges
  • win_registry - Affect system registries
  • win_token - Affect system token
  • win_files_operation - Affect private profile

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis
Category Started Completed Duration Routing Logs
FILE June 21, 2025, 12:25 p.m. June 21, 2025, 12:34 p.m. 549 seconds internet Show Analyzer Log
Show Cuckoo Log

Analyzer Log

2025-06-20 15:40:45,000 [analyzer] DEBUG: Starting analyzer from: C:\tmpht3fil
2025-06-20 15:40:45,015 [analyzer] DEBUG: Pipe server name: \??\PIPE\ynBZDbhCmnBMjqrcCEtCIPfTfAheR
2025-06-20 15:40:45,015 [analyzer] DEBUG: Log pipe server name: \??\PIPE\NgYnCoxpeSNGePAjioIxngobRyhRECz
2025-06-20 15:40:45,217 [analyzer] DEBUG: Started auxiliary module Curtain
2025-06-20 15:40:45,217 [analyzer] DEBUG: Started auxiliary module DbgView
2025-06-20 15:40:45,671 [analyzer] DEBUG: Started auxiliary module Disguise
2025-06-20 15:40:45,858 [analyzer] DEBUG: Loaded monitor into process with pid 504
2025-06-20 15:40:45,858 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-06-20 15:40:45,858 [analyzer] DEBUG: Started auxiliary module Human
2025-06-20 15:40:45,858 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-06-20 15:40:45,858 [analyzer] DEBUG: Started auxiliary module Reboot
2025-06-20 15:40:45,953 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-06-20 15:40:45,953 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-06-20 15:40:45,953 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-06-20 15:40:45,953 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-06-20 15:40:46,078 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\b5dec4c834742cef9060471390cf9e797bbdad3cdae4353c675df9c83ea50521.exe' with arguments '' and pid 176
2025-06-20 15:40:46,280 [analyzer] DEBUG: Loaded monitor into process with pid 176
2025-06-20 15:40:48,092 [analyzer] INFO: Process with pid 176 has terminated
2025-06-20 15:40:48,092 [analyzer] INFO: Process list is empty, terminating analysis.
2025-06-20 15:40:49,342 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-06-20 15:40:49,342 [analyzer] INFO: Analysis completed.

Cuckoo Log

2025-06-21 12:25:39,702 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:25:40,744 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:25:41,764 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:25:42,939 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:25:44,327 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:25:45,409 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:25:46,524 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:25:47,848 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:25:48,911 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:25:49,978 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:25:51,337 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:25:52,383 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:25:53,426 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:25:54,493 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:25:55,567 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:25:56,642 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:25:57,712 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:25:58,759 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:25:59,806 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:00,844 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:02,053 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:03,512 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:04,614 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:05,694 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:06,871 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:07,983 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:09,054 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:10,170 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:11,485 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:12,801 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:13,958 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:15,079 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:16,231 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:17,308 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:18,798 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:20,220 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:21,286 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:22,628 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:24,094 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:25,123 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:26,161 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:27,191 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:28,215 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:29,252 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:30,950 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:32,054 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:33,325 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:34,994 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:36,033 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:37,057 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:38,088 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:39,112 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:40,141 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:41,527 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:42,587 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:43,632 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:44,935 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:46,026 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:47,129 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:48,206 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:49,283 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:50,357 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:51,456 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:52,558 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:53,671 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:54,773 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:55,871 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:57,226 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:58,291 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:26:59,335 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:00,732 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:02,033 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:03,114 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:04,195 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:05,290 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:06,426 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:07,641 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:08,736 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:09,833 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:11,250 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:12,347 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:13,482 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:14,588 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:15,957 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:17,621 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:19,047 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:20,118 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:21,164 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:22,211 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:23,277 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:24,610 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:25,684 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:26,739 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:27,835 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:28,899 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:30,310 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:31,358 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:32,397 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:33,440 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:34,483 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:35,528 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:36,586 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:37,642 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:38,690 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:39,742 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:40,794 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:41,853 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:42,911 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:43,970 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:45,018 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:46,084 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:47,763 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:48,807 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:49,835 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:50,862 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:51,890 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:52,919 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:54,079 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:55,106 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:56,165 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:57,792 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:58,819 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:27:59,846 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:00,870 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:01,897 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:02,919 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:03,942 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:04,971 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:06,313 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:07,360 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:08,382 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:09,403 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:10,421 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:11,444 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:12,469 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:13,498 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:14,522 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:15,542 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:16,603 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:17,657 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:18,727 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:19,799 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:20,863 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:21,930 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:23,003 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:24,059 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:25,127 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:26,172 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:27,239 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:28,352 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:29,414 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:30,577 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:31,957 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:33,006 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:34,057 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:35,503 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:36,549 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:37,583 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:38,922 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:40,746 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:42,019 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:43,041 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:44,089 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:45,136 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:46,185 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:47,239 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:48,574 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:49,933 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:50,996 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:52,039 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:53,094 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:54,139 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:55,180 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:56,232 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:57,571 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:28:59,606 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:29:00,937 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:29:02,244 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:29:03,290 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:29:04,351 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:29:05,676 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:29:06,962 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:29:08,297 [cuckoo.core.scheduler] DEBUG: Task #6570699: no machine available yet
2025-06-21 12:29:09,558 [cuckoo.core.scheduler] INFO: Task #6570699: acquired machine win7x6411 (label=win7x6411)
2025-06-21 12:29:09,562 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.211 for task #6570699
2025-06-21 12:29:10,194 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 274365 (interface=vboxnet0, host=192.168.168.211)
2025-06-21 12:29:11,258 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6411
2025-06-21 12:29:19,085 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6411 to vmcloak
2025-06-21 12:31:13,085 [cuckoo.core.guest] INFO: Starting analysis #6570699 on guest (id=win7x6411, ip=192.168.168.211)
2025-06-21 12:31:14,094 [cuckoo.core.guest] DEBUG: win7x6411: not ready yet
2025-06-21 12:31:19,166 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6411, ip=192.168.168.211)
2025-06-21 12:31:19,261 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6411, ip=192.168.168.211, monitor=latest, size=6660546)
2025-06-21 12:31:20,413 [cuckoo.core.resultserver] DEBUG: Task #6570699: live log analysis.log initialized.
2025-06-21 12:31:21,210 [cuckoo.core.resultserver] DEBUG: Task #6570699 is sending a BSON stream
2025-06-21 12:31:21,616 [cuckoo.core.resultserver] DEBUG: Task #6570699 is sending a BSON stream
2025-06-21 12:31:22,513 [cuckoo.core.resultserver] DEBUG: Task #6570699: File upload for 'shots/0001.jpg'
2025-06-21 12:31:22,544 [cuckoo.core.resultserver] DEBUG: Task #6570699 uploaded file length: 133465
2025-06-21 12:31:23,481 [cuckoo.core.resultserver] DEBUG: Task #6570699: File upload for 'files/d9a7f50105294d68_~DFF3ADCF59C8C3F23F.TMP'
2025-06-21 12:31:23,485 [cuckoo.core.resultserver] DEBUG: Task #6570699 uploaded file length: 9216
2025-06-21 12:31:24,620 [cuckoo.core.resultserver] DEBUG: Task #6570699: File upload for 'curtain/1750426849.19.curtain.log'
2025-06-21 12:31:24,635 [cuckoo.core.resultserver] DEBUG: Task #6570699 uploaded file length: 36
2025-06-21 12:31:24,758 [cuckoo.core.resultserver] DEBUG: Task #6570699: File upload for 'sysmon/1750426849.33.sysmon.xml'
2025-06-21 12:31:24,765 [cuckoo.core.resultserver] DEBUG: Task #6570699 uploaded file length: 423860
2025-06-21 12:31:25,669 [cuckoo.core.resultserver] DEBUG: Task #6570699 had connection reset for <Context for LOG>
2025-06-21 12:31:26,231 [cuckoo.core.guest] INFO: win7x6411: analysis completed successfully
2025-06-21 12:31:26,242 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-06-21 12:31:26,274 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-06-21 12:31:27,525 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6411 to path /srv/cuckoo/cwd/storage/analyses/6570699/memory.dmp
2025-06-21 12:31:27,526 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6411
2025-06-21 12:34:45,764 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.211 for task #6570699
2025-06-21 12:34:47,177 [cuckoo.core.scheduler] DEBUG: Released database task #6570699
2025-06-21 12:34:47,512 [cuckoo.core.scheduler] INFO: Task #6570699: analysis procedure completed

Signatures

Yara rules detected for file (6 events)
description The packer/protector section names/keywords rule suspicious_packer_section
description (no description) rule SEH__vba
description Escalade priviledges rule escalate_priv
description Affect system registries rule win_registry
description Affect system token rule win_token
description Affect private profile rule win_files_operation
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)
section .imports
One or more processes crashed (1 event)
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
IID_IVbaHost+0x236f3 UserDllMain-0x41bc4 msvbvm60+0x51d33 @ 0x72991d33
b5dec4c834742cef9060471390cf9e797bbdad3cdae4353c675df9c83ea50521+0x4d94 @ 0x404d94
IID_IVbaHost+0x239f4 UserDllMain-0x418c3 msvbvm60+0x52034 @ 0x72992034
IID_IVbaHost+0x23e5b UserDllMain-0x4145c msvbvm60+0x5249b @ 0x7299249b
IID_IVbaHost+0x24027 UserDllMain-0x41290 msvbvm60+0x52667 @ 0x72992667
IID_IVbaHost+0x3b77 UserDllMain-0x61740 msvbvm60+0x321b7 @ 0x729721b7
IID_IVbaHost+0x386d UserDllMain-0x61a4a msvbvm60+0x31ead @ 0x72971ead
IID_IVbaHost+0x36291 UserDllMain-0x2f026 msvbvm60+0x648d1 @ 0x729a48d1
IID_IVbaHost+0x418d8 UserDllMain-0x239df msvbvm60+0x6ff18 @ 0x729aff18
BASIC_CLASS_Release+0xfcaa IID_IVbaHost-0xff3d msvbvm60+0x1e703 @ 0x7295e703
BASIC_CLASS_QueryInterface+0xeca EbLoadRunTime-0x13a4 msvbvm60+0x7b3e @ 0x72947b3e
ThunRTMain+0x3dd EbCreateContext-0x2e36 msvbvm60+0x3981 @ 0x72943981
ThunRTMain+0x156 EbCreateContext-0x30bd msvbvm60+0x36fa @ 0x729436fa
ThunRTMain+0x5c EbCreateContext-0x31b7 msvbvm60+0x3600 @ 0x72943600
b5dec4c834742cef9060471390cf9e797bbdad3cdae4353c675df9c83ea50521+0x2516 @ 0x402516
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77759f72
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77759f45

exception.instruction_r: 89 85 78 22 0d 0d 3f 52 10 a3 68 15 03 00 2a 0a
exception.symbol: b5dec4c834742cef9060471390cf9e797bbdad3cdae4353c675df9c83ea50521+0xc1fd
exception.instruction: mov dword ptr [ebp + 0xd0d2278], eax
exception.module: b5dec4c834742cef9060471390cf9e797bbdad3cdae4353c675df9c83ea50521.exe
exception.exception_code: 0xc0000005
exception.offset: 49661
exception.address: 0x40c1fd
registers.esp: 1636176
registers.edi: 1637096
registers.eax: 5668460
registers.ebp: 1637084
registers.edx: 2518536
registers.ebx: 1
registers.esi: 1637304
registers.ecx: 2004170922
1 0 0
Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 176
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 24576
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x003e0000
process_handle: 0xffffffff
1 0 0
The executable is compressed using UPX (2 events)
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
Checks for the presence of known windows from debuggers and forensic tools (1 event)
Time & API Arguments Status Return Repeated

FindWindowA

 class_name: ThunderRT6FormDC
window_name: xk.exe 
0 0
Installs itself for autorun at Windows startup (8 events)
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\xk reg_value C:\Windows\xk.exe
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MSMSGS reg_value C:\Users\Administrator\Local Settings\Application Data\WINDOWS\WINLOGON.EXE
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ServiceAdministrator reg_value C:\Users\Administrator\Local Settings\Application Data\WINDOWS\SERVICES.EXE
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\LogonAdministrator reg_value C:\Users\Administrator\Local Settings\Application Data\WINDOWS\CSRSS.EXE
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\System Monitoring reg_value C:\Users\Administrator\Local Settings\Application Data\WINDOWS\LSASS.EXE
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell reg_value Explorer.exe "C:\Windows\system32\IExplorer.exe"
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit reg_value C:\Windows\system32\userinit.exe,C:\Windows\system32\IExplorer.exe
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\(Default) reg_value "C:\Windows\system32\shell.exe" "%1" %*
Attempts to disable System Restore (2 events)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableSR
registry HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableConfig
Attempts to modify Explorer settings to prevent file extensions from being displayed (1 event)
registry HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt
Attempts to modify Explorer settings to prevent hidden files from being displayed (2 events)
registry HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
registry HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
File has been identified by 13 AntiVirus engine on IRMA as malicious (13 events)
G Data Antivirus (Windows) Virus: Worm.Ludbaruma.B (Engine A), Win32.Worm.Ludbaruma.A (Engine B)
Avast Core Security (Linux) MSIL:GenMalicious-EUW [Trj]
C4S ClamAV (Linux) Win.Trojan.Zusy-6443152-0
Trend Micro SProtect (Linux) TROJ_TINBA.SMH
Trellix (Linux) W32/Rontokbro.gen@MM virus
WithSecure (Linux) Trojan.TR/Agent.gdnw
eScan Antivirus (Linux) Worm.Ludbaruma.B(DB)
ESET Security (Windows) Win32/VB.ORD worm
Sophos Anti-Virus (Linux) W32/Mato-N
DrWeb Antivirus (Linux) Trojan.DownLoader7.3730
ClamAV (Linux) Win.Trojan.Zusy-6443152-0
Bitdefender Antivirus (Linux) Worm.Ludbaruma.B
Emsisoft Commandline Scanner (Windows) Worm.Ludbaruma.B (B)
Screenshots
Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action VT Location
No hosts contacted.
Cuckoo

We're processing your submission... This could take a few seconds.