Cuckoo Sandbox

File c5021aea40ab7c8894552cde7955b55c8b72dc178c7dd526d6e3e65e6c55396b

Summary
Download Resubmit sample

Size	418.8KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`362599e00ccbbe9bfe67d3e329e2df57`
SHA1	`04491bb8e2bf65fe75c4eed4862821d48fc5f5aa`
SHA256	`c5021aea40ab7c8894552cde7955b55c8b72dc178c7dd526d6e3e65e6c55396b`
SHA512	`f0aba97c3907deab570ad1fd258675b1303436f9e7d35bcee0361763aa28c6c08b418a3bdcfb973070ae9ce10f7e2152fcc019927870e3357be1c7116bb68171`
CRC32	`938D1D32`
ssdeep	`None`
Yara	DebuggerException__SetConsoleCtrl - (no description) win_mutex - Create or check mutex win_registry - Affect system registries win_files_operation - Affect private profile

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Autosubmit

6650108

6650109

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis

Category	Started	Completed	Duration	Routing	Logs
FILE	June 30, 2025, 6 p.m.	June 30, 2025, 6:01 p.m.	82 seconds	internet	Show Analyzer Log Show Cuckoo Log

Analyzer Log

2025-06-23 02:41:51,030 [analyzer] DEBUG: Starting analyzer from: C:\tmpt1gcja
2025-06-23 02:41:51,030 [analyzer] DEBUG: Pipe server name: \??\PIPE\MhrnKlHWAajVJPqhhXeCav
2025-06-23 02:41:51,030 [analyzer] DEBUG: Log pipe server name: \??\PIPE\yRYKtRnIpOjkzYTGkWxgnlZFm
2025-06-23 02:41:51,342 [analyzer] DEBUG: Started auxiliary module Curtain
2025-06-23 02:41:51,358 [analyzer] DEBUG: Started auxiliary module DbgView
2025-06-23 02:41:51,812 [analyzer] DEBUG: Started auxiliary module Disguise
2025-06-23 02:41:52,000 [analyzer] DEBUG: Loaded monitor into process with pid 508
2025-06-23 02:41:52,000 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-06-23 02:41:52,000 [analyzer] DEBUG: Started auxiliary module Human
2025-06-23 02:41:52,000 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-06-23 02:41:52,000 [analyzer] DEBUG: Started auxiliary module Reboot
2025-06-23 02:41:52,092 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-06-23 02:41:52,092 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-06-23 02:41:52,092 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-06-23 02:41:52,092 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-06-23 02:41:52,250 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\c5021aea40ab7c8894552cde7955b55c8b72dc178c7dd526d6e3e65e6c55396b.exe' with arguments '' and pid 2468
2025-06-23 02:41:52,421 [analyzer] DEBUG: Loaded monitor into process with pid 2468
2025-06-23 02:41:52,592 [analyzer] INFO: Added new file to list with pid 2468 and path C:\Windowsd50l2bvpd8
2025-06-23 02:41:52,671 [analyzer] INFO: Added new file to list with pid 2468 and path C:\Program Files\Common Files\Microsoft Shared\sperm hot (!) 63k9qbq9xg .mpeg.exe
2025-06-23 02:41:52,875 [analyzer] INFO: Added new file to list with pid 2468 and path C:\Program Files\DVD Maker\Shared\wwa6b1o6 jspx4i beast nk2tll nfr97bg86 .zip.exe
2025-06-23 02:41:53,171 [analyzer] INFO: Added new file to list with pid 2468 and path C:\Program Files\Microsoft Office\Templates\black t1apup6 q0vgw72 big  (Karin).zip.exe
2025-06-23 02:41:53,203 [analyzer] INFO: Added new file to list with pid 2468 and path C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\98edvx c4ou4r0 horse nugdmg18bgxp glans sm  (e6rl5yo1).mpg.exe
2025-06-23 02:41:53,296 [analyzer] INFO: Added new file to list with pid 2468 and path C:\Program Files\Windows Journal\Templates\sperm ibxj3s2 hole 8fldm8kp  (y07q3wv).zip.exe
2025-06-23 02:41:53,405 [analyzer] INFO: Added new file to list with pid 2468 and path C:\Program Files\Windows Sidebar\Shared Gadgets\black mkx87b chkaba9s0 [free] x036l6b .avi.exe
2025-06-23 02:41:53,515 [analyzer] INFO: Added new file to list with pid 2468 and path C:\Program Files (x86)\Common Files\microsoft shared\gay jbp79p titts v14bqy5ueys  (Liz).zip.exe
2025-06-23 02:41:53,780 [analyzer] INFO: Added new file to list with pid 2468 and path C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\ibxj3s2 g28gx7w6vur32j glans .rar.exe
2025-06-23 02:41:53,858 [analyzer] INFO: Added new file to list with pid 2468 and path C:\ProgramData\Microsoft\RAC\Temp\y3hndyq jspx4i qtcr1re [milf] cock .avi.exe
2025-06-23 02:41:53,905 [analyzer] INFO: Added new file to list with pid 2468 and path C:\ProgramData\Microsoft\Search\Data\Temp\98edvx mkx87b sperm girls feet 4x3h6c  (Sarah).rar.exe
2025-06-23 02:41:53,953 [analyzer] INFO: Added new file to list with pid 2468 and path C:\ProgramData\Microsoft\Windows\Templates\26uao4g58 porn chkaba9s0 i4caruo titts xfjhjetslgmo243nnj  (y07q3wv).mpeg.exe
2025-06-23 02:41:54,030 [analyzer] INFO: Added new file to list with pid 2468 and path C:\ProgramData\Microsoft\Windows\Templates\horse ni0p0dq8 titts xfjhjetslgmo243nnj  (wrtdiha).mpeg.exe
2025-06-23 02:41:54,608 [analyzer] INFO: Injected into process with pid 2740 and name ''
2025-06-23 02:41:54,625 [analyzer] INFO: Added new file to list with pid 2468 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\h3ps6tmu q0vgw72 big glans hotel  (1bcw83k).avi.exe
2025-06-23 02:41:54,717 [analyzer] INFO: Added new file to list with pid 2468 and path C:\Users\Administrator\AppData\Local\Temp\xxx [free] x036l6b .zip.exe
2025-06-23 02:41:54,733 [analyzer] INFO: Added new file to list with pid 2468 and path C:\Users\Administrator\AppData\Local\Temp\mozilla-temp-files\chkaba9s0 nugdmg18bgxp feet .zip.exe
2025-06-23 02:41:54,765 [analyzer] DEBUG: Loaded monitor into process with pid 2740
2025-06-23 02:41:54,765 [analyzer] INFO: Added new file to list with pid 2468 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\mue28dl mkx87b sperm jbp79p glans .mpg.exe
2025-06-23 02:41:54,967 [analyzer] INFO: Added new file to list with pid 2468 and path C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ibxj3s2 nugdmg18bgxp hotel .avi.exe
2025-06-23 02:41:55,078 [analyzer] INFO: Added new file to list with pid 2468 and path C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\mue28dl nude 76qp9o6j ibxj3s2 feet .rar.exe
2025-06-23 02:41:55,171 [analyzer] INFO: Added new file to list with pid 2468 and path C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\98edvx jspx4i w6es4ton mtn66856s5 lady .rar.exe
2025-06-23 02:41:55,280 [analyzer] INFO: Added new file to list with pid 2468 and path C:\ProgramData\Microsoft\RAC\Temp\q0vgw72 nugdmg18bgxp .zip.exe
2025-06-23 02:41:55,312 [analyzer] INFO: Added new file to list with pid 2468 and path C:\ProgramData\Microsoft\Search\Data\Temp\sperm uncut .mpg.exe
2025-06-23 02:41:55,390 [analyzer] INFO: Added new file to list with pid 2468 and path C:\ProgramData\Microsoft\Windows\Templates\76qp9o6j girls sm .avi.exe
2025-06-23 02:41:55,453 [analyzer] INFO: Added new file to list with pid 2468 and path C:\ProgramData\Microsoft\Windows\Templates\26uao4g58 mkx87b chkaba9s0 i4caruo  (1bcw83k).zip.exe
2025-06-23 02:41:55,500 [analyzer] INFO: Added new file to list with pid 2468 and path C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\y3hndyq t1apup6 q0vgw72 dtovzr .rar.exe
2025-06-23 02:41:55,515 [analyzer] INFO: Added new file to list with pid 2468 and path C:\Users\Default\AppData\Local\Temp\y3hndyq t1apup6 w6es4ton nk2tll ust2p4 .zip.exe
2025-06-23 02:41:55,515 [analyzer] INFO: Added new file to list with pid 2468 and path C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\26uao4g58 mkx87b xxx jbp79p 50+ .avi.exe
2025-06-23 02:41:55,562 [analyzer] INFO: Added new file to list with pid 2468 and path C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\likl9f mkx87b xxx ni0p0dq8 .rar.exe
2025-06-23 02:41:55,592 [analyzer] INFO: Added new file to list with pid 2468 and path C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\xxx nk2tll .mpg.exe
2025-06-23 02:41:55,717 [analyzer] INFO: Added new file to list with pid 2468 and path C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\xxx nk2tll 0gllx1w .mpeg.exe
2025-06-23 02:41:55,750 [analyzer] INFO: Added new file to list with pid 2468 and path C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\wiya6rsl porn q0vgw72 mtn66856s5 titts .zip.exe
2025-06-23 02:41:55,858 [analyzer] INFO: Added new file to list with pid 2468 and path C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\q0vgw72 [bangbus] .zip.exe
2025-06-23 02:41:55,905 [analyzer] INFO: Added new file to list with pid 2468 and path C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\gay i4caruo .rar.exe
2025-06-23 02:42:21,250 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2025-06-23 02:42:21,671 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-06-23 02:42:21,671 [lib.api.process] INFO: Successfully terminated process with pid 2468.
2025-06-23 02:42:21,671 [lib.api.process] INFO: Successfully terminated process with pid 2740.
2025-06-23 02:42:22,342 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\mozilla-temp-files\chkaba9s0 nugdmg18bgxp feet .zip.exe
2025-06-23 02:42:22,342 [analyzer] WARNING: Too many files: c:\program files (x86)\windows sidebar\shared gadgets\ibxj3s2 g28gx7w6vur32j glans .rar.exe
2025-06-23 02:42:22,342 [analyzer] WARNING: Too many files: c:\program files\windows sidebar\shared gadgets\black mkx87b chkaba9s0 [free] x036l6b .avi.exe
2025-06-23 02:42:22,342 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\microsoft\windows\temporary internet files\mue28dl mkx87b sperm jbp79p glans .mpg.exe
2025-06-23 02:42:22,342 [analyzer] WARNING: Too many files: c:\programdata\microsoft\rac\temp\q0vgw72 nugdmg18bgxp .zip.exe
2025-06-23 02:42:22,358 [analyzer] WARNING: Too many files: c:\users\default\appdata\local\temp\y3hndyq t1apup6 w6es4ton nk2tll ust2p4 .zip.exe
2025-06-23 02:42:22,358 [analyzer] WARNING: Too many files: c:\program files\windows journal\templates\sperm ibxj3s2 hole 8fldm8kp  (y07q3wv).zip.exe
2025-06-23 02:42:22,358 [analyzer] INFO: Analysis completed.

Cuckoo Log

2025-06-30 18:00:35,711 [cuckoo.core.scheduler] INFO: Task #6620477: acquired machine win7x642 (label=win7x642)
2025-06-30 18:00:35,712 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.202 for task #6620477
2025-06-30 18:00:36,061 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 3240698 (interface=vboxnet0, host=192.168.168.202)
2025-06-30 18:00:36,227 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x642
2025-06-30 18:00:36,763 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x642 to vmcloak
2025-06-30 18:01:03,651 [cuckoo.core.guest] INFO: Starting analysis #6620477 on guest (id=win7x642, ip=192.168.168.202)
2025-06-30 18:01:04,699 [cuckoo.core.guest] DEBUG: win7x642: not ready yet
2025-06-30 18:01:09,735 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x642, ip=192.168.168.202)
2025-06-30 18:01:09,826 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x642, ip=192.168.168.202, monitor=latest, size=6660546)
2025-06-30 18:01:11,149 [cuckoo.core.resultserver] DEBUG: Task #6620477: live log analysis.log initialized.
2025-06-30 18:01:12,216 [cuckoo.core.resultserver] DEBUG: Task #6620477 is sending a BSON stream
2025-06-30 18:01:12,500 [cuckoo.core.resultserver] DEBUG: Task #6620477 is sending a BSON stream
2025-06-30 18:01:13,338 [cuckoo.core.resultserver] DEBUG: Task #6620477: File upload for 'shots/0001.jpg'
2025-06-30 18:01:13,354 [cuckoo.core.resultserver] DEBUG: Task #6620477 uploaded file length: 133563
2025-06-30 18:01:14,849 [cuckoo.core.resultserver] DEBUG: Task #6620477 is sending a BSON stream
2025-06-30 18:01:25,798 [cuckoo.core.guest] DEBUG: win7x642: analysis #6620477 still processing
2025-06-30 18:01:40,910 [cuckoo.core.guest] DEBUG: win7x642: analysis #6620477 still processing
2025-06-30 18:01:41,670 [cuckoo.core.resultserver] DEBUG: Task #6620477: File upload for 'curtain/1750639341.5.curtain.log'
2025-06-30 18:01:41,680 [cuckoo.core.resultserver] DEBUG: Task #6620477 uploaded file length: 36
2025-06-30 18:01:41,855 [cuckoo.core.resultserver] DEBUG: Task #6620477: File upload for 'sysmon/1750639341.66.sysmon.xml'
2025-06-30 18:01:41,859 [cuckoo.core.resultserver] DEBUG: Task #6620477: File upload for 'files/7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm  (e6rl5yo1).mpg.exe'
2025-06-30 18:01:41,863 [cuckoo.core.resultserver] DEBUG: Task #6620477: File upload for 'files/d764e1aff665cb8b_wiya6rsl porn q0vgw72 mtn66856s5 titts .zip.exe'
2025-06-30 18:01:41,867 [cuckoo.core.resultserver] DEBUG: Task #6620477 uploaded file length: 262521
2025-06-30 18:01:41,870 [cuckoo.core.resultserver] DEBUG: Task #6620477 uploaded file length: 597922
2025-06-30 18:01:41,873 [cuckoo.core.resultserver] DEBUG: Task #6620477: File upload for 'files/36dee5861ebda256_wwa6b1o6 jspx4i beast nk2tll nfr97bg86 .zip.exe'
2025-06-30 18:01:41,876 [cuckoo.core.resultserver] DEBUG: Task #6620477 uploaded file length: 705766
2025-06-30 18:01:41,883 [cuckoo.core.resultserver] DEBUG: Task #6620477 uploaded file length: 779206
2025-06-30 18:01:41,888 [cuckoo.core.resultserver] DEBUG: Task #6620477: File upload for 'files/2ea870d815b4c034_gay jbp79p titts v14bqy5ueys  (liz).zip.exe'
2025-06-30 18:01:41,896 [cuckoo.core.resultserver] DEBUG: Task #6620477 uploaded file length: 1112807
2025-06-30 18:01:41,918 [cuckoo.core.resultserver] DEBUG: Task #6620477: File upload for 'files/02767e12adab619b_26uao4g58 porn chkaba9s0 i4caruo titts xfjhjetslgmo243nnj  (y07q3wv).mpeg.exe'
2025-06-30 18:01:41,939 [cuckoo.core.resultserver] DEBUG: Task #6620477 uploaded file length: 2159003
2025-06-30 18:01:41,946 [cuckoo.core.resultserver] DEBUG: Task #6620477: File upload for 'files/22214b1d0cb5f96c_98edvx mkx87b sperm girls feet 4x3h6c  (sarah).rar.exe'
2025-06-30 18:01:41,949 [cuckoo.core.resultserver] DEBUG: Task #6620477 uploaded file length: 374031
2025-06-30 18:01:41,954 [cuckoo.core.resultserver] DEBUG: Task #6620477: File upload for 'files/3690ead339cc87e0_likl9f mkx87b xxx ni0p0dq8 .rar.exe'
2025-06-30 18:01:41,958 [cuckoo.core.resultserver] DEBUG: Task #6620477 uploaded file length: 164999
2025-06-30 18:01:41,976 [cuckoo.core.resultserver] DEBUG: Task #6620477: File upload for 'files/3c8d487cc0370a6c_y3hndyq jspx4i qtcr1re [milf] cock .avi.exe'
2025-06-30 18:01:41,995 [cuckoo.core.resultserver] DEBUG: Task #6620477 uploaded file length: 2047604
2025-06-30 18:01:42,006 [cuckoo.core.resultserver] DEBUG: Task #6620477: File upload for 'files/a19c82aa2b6bc959_gay i4caruo .rar.exe'
2025-06-30 18:01:42,055 [cuckoo.core.resultserver] DEBUG: Task #6620477: File upload for 'files/e005e885794d9e6c_xxx nk2tll 0gllx1w .mpeg.exe'
2025-06-30 18:01:42,070 [cuckoo.core.resultserver] DEBUG: Task #6620477 uploaded file length: 751393
2025-06-30 18:01:42,223 [cuckoo.core.resultserver] DEBUG: Task #6620477 uploaded file length: 1609398
2025-06-30 18:01:42,229 [cuckoo.core.resultserver] DEBUG: Task #6620477: File upload for 'files/ea47f5f6833a0d07_y3hndyq t1apup6 q0vgw72 dtovzr .rar.exe'
2025-06-30 18:01:42,231 [cuckoo.core.resultserver] DEBUG: Task #6620477: File upload for 'files/cc113e2656610c58_horse ni0p0dq8 titts xfjhjetslgmo243nnj  (wrtdiha).mpeg.exe'
2025-06-30 18:01:42,233 [cuckoo.core.resultserver] DEBUG: Task #6620477: File upload for 'files/cb0cd5ed23e9fe9e_ibxj3s2 nugdmg18bgxp hotel .avi.exe'
2025-06-30 18:01:42,238 [cuckoo.core.resultserver] DEBUG: Task #6620477 uploaded file length: 344439
2025-06-30 18:01:42,241 [cuckoo.core.resultserver] DEBUG: Task #6620477 uploaded file length: 538511
2025-06-30 18:01:42,245 [cuckoo.core.resultserver] DEBUG: Task #6620477 uploaded file length: 1439812
2025-06-30 18:01:42,256 [cuckoo.core.resultserver] DEBUG: Task #6620477: File upload for 'files/3a076b319ea11da7_h3ps6tmu q0vgw72 big glans hotel  (1bcw83k).avi.exe'
2025-06-30 18:01:42,264 [cuckoo.core.resultserver] DEBUG: Task #6620477 uploaded file length: 1092691
2025-06-30 18:01:42,277 [cuckoo.core.resultserver] DEBUG: Task #6620477: File upload for 'files/6a572bbf72e3a9ad_98edvx jspx4i w6es4ton mtn66856s5 lady .rar.exe'
2025-06-30 18:01:42,294 [cuckoo.core.resultserver] DEBUG: Task #6620477 uploaded file length: 2039042
2025-06-30 18:01:42,308 [cuckoo.core.resultserver] DEBUG: Task #6620477: File upload for 'files/0794dbd48e4b221e_windowsd50l2bvpd8'
2025-06-30 18:01:42,322 [cuckoo.core.resultserver] DEBUG: Task #6620477 uploaded file length: 1879584
2025-06-30 18:01:42,328 [cuckoo.core.resultserver] DEBUG: Task #6620477: File upload for 'files/69e6f8c9fec7bded_26uao4g58 mkx87b xxx jbp79p 50+ .avi.exe'
2025-06-30 18:01:42,333 [cuckoo.core.resultserver] DEBUG: Task #6620477 uploaded file length: 474282
2025-06-30 18:01:42,336 [cuckoo.core.resultserver] DEBUG: Task #6620477: File upload for 'files/52153702625ecb5e_sperm uncut .mpg.exe'
2025-06-30 18:01:42,354 [cuckoo.core.resultserver] DEBUG: Task #6620477: File upload for 'files/ab7cbc5f7cd30ef1_76qp9o6j girls sm .avi.exe'
2025-06-30 18:01:42,356 [cuckoo.core.resultserver] DEBUG: Task #6620477: File upload for 'files/3ea22c636d8f86f5_xxx nk2tll .mpg.exe'
2025-06-30 18:01:42,360 [cuckoo.core.resultserver] DEBUG: Task #6620477 uploaded file length: 617995
2025-06-30 18:01:42,363 [cuckoo.core.resultserver] DEBUG: Task #6620477 uploaded file length: 397076
2025-06-30 18:01:42,368 [cuckoo.core.resultserver] DEBUG: Task #6620477 uploaded file length: 1099287
2025-06-30 18:01:42,372 [cuckoo.core.resultserver] DEBUG: Task #6620477: File upload for 'files/2d536c9e09b4a923_sperm hot (!) 63k9qbq9xg .mpeg.exe'
2025-06-30 18:01:42,378 [cuckoo.core.resultserver] DEBUG: Task #6620477 uploaded file length: 262228
2025-06-30 18:01:42,386 [cuckoo.core.resultserver] DEBUG: Task #6620477: File upload for 'files/ffd68f13111c9023_26uao4g58 mkx87b chkaba9s0 i4caruo  (1bcw83k).zip.exe'
2025-06-30 18:01:42,396 [cuckoo.core.resultserver] DEBUG: Task #6620477 uploaded file length: 1092001
2025-06-30 18:01:42,408 [cuckoo.core.resultserver] DEBUG: Task #6620477: File upload for 'files/d50efe9a37121196_black t1apup6 q0vgw72 big  (karin).zip.exe'
2025-06-30 18:01:42,417 [cuckoo.core.resultserver] DEBUG: Task #6620477 uploaded file length: 1054303
2025-06-30 18:01:42,458 [cuckoo.core.resultserver] DEBUG: Task #6620477: File upload for 'files/f76554243a4e86ea_q0vgw72 [bangbus] .zip.exe'
2025-06-30 18:01:42,478 [cuckoo.core.resultserver] DEBUG: Task #6620477 uploaded file length: 2105643
2025-06-30 18:01:42,486 [cuckoo.core.resultserver] DEBUG: Task #6620477: File upload for 'files/5847c2694d117e69_xxx [free] x036l6b .zip.exe'
2025-06-30 18:01:42,492 [cuckoo.core.resultserver] DEBUG: Task #6620477 uploaded file length: 919134
2025-06-30 18:01:42,500 [cuckoo.core.resultserver] DEBUG: Task #6620477: File upload for 'files/84afde73f5790af7_mue28dl nude 76qp9o6j ibxj3s2 feet .rar.exe'
2025-06-30 18:01:42,511 [cuckoo.core.resultserver] DEBUG: Task #6620477 uploaded file length: 1639438
2025-06-30 18:01:42,533 [cuckoo.core.resultserver] DEBUG: Task #6620477 had connection reset for <Context for LOG>
2025-06-30 18:01:43,971 [cuckoo.core.guest] INFO: win7x642: analysis completed successfully
2025-06-30 18:01:43,998 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-06-30 18:01:44,029 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-06-30 18:01:44,918 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x642 to path /srv/cuckoo/cwd/storage/analyses/6620477/memory.dmp
2025-06-30 18:01:44,919 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x642
2025-06-30 18:01:58,073 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.202 for task #6620477
2025-06-30 18:01:58,410 [cuckoo.core.scheduler] DEBUG: Released database task #6620477
2025-06-30 18:01:58,428 [cuckoo.core.scheduler] INFO: Task #6620477: analysis procedure completed

Signatures

Yara rules detected for file (4 events)

description	(no description)	rule	DebuggerException__SetConsoleCtrl
description	Create or check mutex	rule	win_mutex
description	Affect system registries	rule	win_registry
description	Affect private profile	rule	win_files_operation

The executable uses a known packer (1 event)

packer

Pelles C 3.00, 4.00, 4.50 EXE (X86 CRT-LIB)

A process attempted to delay the analysis task. (1 event)

description

c5021aea40ab7c8894552cde7955b55c8b72dc178c7dd526d6e3e65e6c55396b.exe tried to sleep 150 seconds, actually delayed analysis time by 150 seconds

Creates executable files on the filesystem (32 events)

file	C:\Users\Administrator\Templates\98edvx jspx4i w6es4ton mtn66856s5 lady .rar.exe
file	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\gay i4caruo .rar.exe
file	C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ibxj3s2 nugdmg18bgxp hotel .avi.exe
file	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\h3ps6tmu q0vgw72 big glans hotel (1bcw83k).avi.exe
file	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\y3hndyq t1apup6 q0vgw72 dtovzr .rar.exe
file	C:\Program Files\Windows Sidebar\Shared Gadgets\black mkx87b chkaba9s0 [free] x036l6b .avi.exe
file	C:\ProgramData\Microsoft\RAC\Temp\y3hndyq jspx4i qtcr1re [milf] cock .avi.exe
file	C:\Users\Default\Templates\xxx nk2tll .mpg.exe
file	C:\Users\Administrator\AppData\Local\Temp\xxx [free] x036l6b .zip.exe
file	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\ibxj3s2 g28gx7w6vur32j glans .rar.exe
file	C:\Program Files\Windows Journal\Templates\sperm ibxj3s2 hole 8fldm8kp (y07q3wv).zip.exe
file	C:\Users\All Users\Microsoft\Windows\Templates\76qp9o6j girls sm .avi.exe
file	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\wiya6rsl porn q0vgw72 mtn66856s5 titts .zip.exe
file	C:\Program Files\DVD Maker\Shared\wwa6b1o6 jspx4i beast nk2tll nfr97bg86 .zip.exe
file	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\mue28dl nude 76qp9o6j ibxj3s2 feet .rar.exe
file	C:\Program Files (x86)\Common Files\microsoft shared\gay jbp79p titts v14bqy5ueys (Liz).zip.exe
file	C:\ProgramData\Microsoft\Windows\Templates\26uao4g58 porn chkaba9s0 i4caruo titts xfjhjetslgmo243nnj (y07q3wv).mpeg.exe
file	C:\ProgramData\Microsoft\Search\Data\Temp\98edvx mkx87b sperm girls feet 4x3h6c (Sarah).rar.exe
file	C:\Users\All Users\Microsoft\RAC\Temp\q0vgw72 nugdmg18bgxp .zip.exe
file	C:\Users\Default\AppData\Local\Temp\y3hndyq t1apup6 w6es4ton nk2tll ust2p4 .zip.exe
file	C:\Users\Administrator\AppData\Local\Temp\mozilla-temp-files\chkaba9s0 nugdmg18bgxp feet .zip.exe
file	C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe
file	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\q0vgw72 [bangbus] .zip.exe
file	C:\Program Files\Common Files\Microsoft Shared\sperm hot (!) 63k9qbq9xg .mpeg.exe
file	C:\Users\Administrator\AppData\Local\Temporary Internet Files\mue28dl mkx87b sperm jbp79p glans .mpg.exe
file	C:\Users\All Users\Microsoft\Search\Data\Temp\sperm uncut .mpg.exe
file	C:\ProgramData\Templates\horse ni0p0dq8 titts xfjhjetslgmo243nnj (wrtdiha).mpeg.exe
file	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\likl9f mkx87b xxx ni0p0dq8 .rar.exe
file	C:\Program Files\Microsoft Office\Templates\black t1apup6 q0vgw72 big (Karin).zip.exe
file	C:\Users\All Users\Templates\26uao4g58 mkx87b chkaba9s0 i4caruo (1bcw83k).zip.exe
file	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\xxx nk2tll 0gllx1w .mpeg.exe
file	C:\Users\Default\AppData\Local\Temporary Internet Files\26uao4g58 mkx87b xxx jbp79p 50+ .avi.exe

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (10 events)

Time & API	Arguments	Status	Return
Process32NextW June 23, 2025, 3:41 a.m.	snapshot_handle: 0x00000128 process_name: svchost.exe process_identifier: 580	1	1
Process32NextW June 23, 2025, 3:41 a.m.	snapshot_handle: 0x00000128 process_name: taskhost.exe process_identifier: 1620	1	1
Process32NextW June 23, 2025, 3:41 a.m.	snapshot_handle: 0x00000128 process_name: pythonw.exe process_identifier: 1176	1	1
Process32NextW June 23, 2025, 3:41 a.m.	snapshot_handle: 0x00000128 process_name: OSPPSVC.EXE process_identifier: 1160	1	1
Process32NextW June 23, 2025, 3:41 a.m.	snapshot_handle: 0x00000128 process_name: WmiPrvSE.exe process_identifier: 956	1	1
Process32NextW June 23, 2025, 3:41 a.m.	snapshot_handle: 0x00000128 process_name: WmiPrvSE.exe process_identifier: 2484	1	1
Process32NextW June 23, 2025, 3:41 a.m.	snapshot_handle: 0x00000128 process_name: SearchFilterHost.exe process_identifier: 2424	1	1
Process32NextW June 23, 2025, 3:41 a.m.	snapshot_handle: 0x00000128 process_name: c5021aea40ab7c8894552cde7955b55c8b72dc178c7dd526d6e3e65e6c55396b.exe process_identifier: 2468	1	1
Process32NextW June 23, 2025, 3:41 a.m.	snapshot_handle: 0x000002c4 process_name: c5021aea40ab7c8894552cde7955b55c8b72dc178c7dd526d6e3e65e6c55396b.exe process_identifier: 2740	1	1
Process32NextW June 23, 2025, 3:42 a.m.	snapshot_handle: 0x00000298 process_name: taskeng.exe process_identifier: 3044	1	1

Repeatedly searches for a not-found process, you may want to run a web browser during analysis (15 events)

Time & API	Arguments	Status	Return	Repeated
Process32NextW June 23, 2025, 3:41 a.m.	snapshot_handle: 0x00000128 process_name: c5021aea40ab7c8894552cde7955b55c8b72dc178c7dd526d6e3e65e6c55396b.exe process_identifier: 2468		0	0
Process32NextW June 23, 2025, 3:41 a.m.	snapshot_handle: 0x000002c4 process_name: c5021aea40ab7c8894552cde7955b55c8b72dc178c7dd526d6e3e65e6c55396b.exe process_identifier: 2740		0	0
Process32NextW June 23, 2025, 3:41 a.m.	snapshot_handle: 0x00000298 process_name: c5021aea40ab7c8894552cde7955b55c8b72dc178c7dd526d6e3e65e6c55396b.exe process_identifier: 176		0	0
Process32NextW June 23, 2025, 3:42 a.m.	snapshot_handle: 0x00000298 process_name: taskeng.exe process_identifier: 3044		0	0
Process32NextW June 23, 2025, 3:42 a.m.	snapshot_handle: 0x00000298 process_name: taskeng.exe process_identifier: 3044		0	0
Process32NextW June 23, 2025, 3:42 a.m.	snapshot_handle: 0x00000298 process_name: taskeng.exe process_identifier: 3044		0	0
Process32NextW June 23, 2025, 3:42 a.m.	snapshot_handle: 0x00000298 process_name: taskeng.exe process_identifier: 3044		0	0
Process32NextW June 23, 2025, 3:42 a.m.	snapshot_handle: 0x00000298 process_name: taskeng.exe process_identifier: 3044		0	0
Process32NextW June 23, 2025, 3:42 a.m.	snapshot_handle: 0x00000298 process_name: taskeng.exe process_identifier: 3044		0	0
Process32NextW June 23, 2025, 3:42 a.m.	snapshot_handle: 0x00000298 process_name: taskeng.exe process_identifier: 3044		0	0
Process32NextW June 23, 2025, 3:42 a.m.	snapshot_handle: 0x00000298 process_name: taskeng.exe process_identifier: 3044		0	0
Process32NextW June 23, 2025, 3:42 a.m.	snapshot_handle: 0x00000298 process_name: taskeng.exe process_identifier: 3044		0	0
Process32NextW June 23, 2025, 3:42 a.m.	snapshot_handle: 0x00000298 process_name: taskeng.exe process_identifier: 3044		0	0
Process32NextW June 23, 2025, 3:42 a.m.	snapshot_handle: 0x00000298 process_name: taskeng.exe process_identifier: 3044		0	0
Process32NextW June 23, 2025, 3:41 a.m.	snapshot_handle: 0x00000118 process_name: c5021aea40ab7c8894552cde7955b55c8b72dc178c7dd526d6e3e65e6c55396b.exe process_identifier: 2740		0	0

Enumerates services, possibly for anti-virtualization (1 event)

Time & API	Arguments	Status	Return	Repeated
EnumServicesStatusA June 23, 2025, 3:41 a.m.	service_handle: 0x0082ca10 service_type: 48 service_status: 1		0	0

File has been identified by 11 AntiVirus engine on IRMA as malicious (11 events)

G Data Antivirus (Windows)	Virus: Generic.Malware.PfVPk!!prn!.A4E7F61A (Engine A)
Avast Core Security (Linux)	Win32:MalwareX-gen [Misc]
Trellix (Linux)	GenericRXMK-QV
WithSecure (Linux)	Worm.WORM/Rbot.Gen
eScan Antivirus (Linux)	Generic.Malware.PfVPk!!prn!.A4E7F61A(DB)
ESET Security (Windows)	a variant of Win32/Agent.CP worm
Sophos Anti-Virus (Linux)	Troj/Agent-AJFK
DrWeb Antivirus (Linux)	Win32.HLLW.Siggen.1607
Bitdefender Antivirus (Linux)	Generic.Malware.PfVPk!!prn!.A4E7F61A
Kaspersky Standard (Windows)	HEUR:Trojan.Win32.Agent.gen
Emsisoft Commandline Scanner (Windows)	Generic.Malware.PfVPk!!prn!.A4E7F61A (B)

Screenshots

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action	VT	Location
No hosts contacted.

Browser recommendation

File c5021aea40ab7c8894552cde7955b55c8b72dc178c7dd526d6e3e65e6c55396b

Summary Download Resubmit sample

Score

Autosubmit

Feedback

Information on Execution

Analyzer Log

Cuckoo Log

Signatures

Feedback

Summary
Download Resubmit sample