Summary

Score

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Autosubmit

Parent_Task_ID:6772907

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

2025-07-27 16:00:34,015 [analyzer] DEBUG: Starting analyzer from: C:\tmpl4240h
2025-07-27 16:00:34,015 [analyzer] DEBUG: Pipe server name: \??\PIPE\fppGNheAdFAzzqVTypkpYBBdstmCLX
2025-07-27 16:00:34,015 [analyzer] DEBUG: Log pipe server name: \??\PIPE\nxwxeBbwyxOmjrXbs
2025-07-27 16:00:34,030 [analyzer] DEBUG: No analysis package specified, trying to detect it automagically.
2025-07-27 16:00:34,030 [analyzer] INFO: Automatically selected analysis package "exe"
2025-07-27 16:00:34,296 [analyzer] DEBUG: Started auxiliary module Curtain
2025-07-27 16:00:34,312 [analyzer] DEBUG: Started auxiliary module DbgView
2025-07-27 16:00:34,780 [analyzer] DEBUG: Started auxiliary module Disguise
2025-07-27 16:00:34,983 [analyzer] DEBUG: Loaded monitor into process with pid 508
2025-07-27 16:00:34,983 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-07-27 16:00:34,983 [analyzer] DEBUG: Started auxiliary module Human
2025-07-27 16:00:34,983 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-07-27 16:00:34,983 [analyzer] DEBUG: Started auxiliary module Reboot
2025-07-27 16:00:35,078 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-07-27 16:00:35,078 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-07-27 16:00:35,078 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-07-27 16:00:35,078 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-07-27 16:00:35,217 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\39c04065abccd35e_ahnsvc.exe_' with arguments '' and pid 2604
2025-07-27 16:00:35,390 [analyzer] DEBUG: Loaded monitor into process with pid 2604
2025-07-27 16:00:35,437 [analyzer] INFO: Added new file to list with pid 2604 and path C:\ProgramData\AhnLab\AhnSvc.exe
2025-07-27 16:00:35,500 [analyzer] INFO: Injected into process with pid 1940 and name u'AhnSvc.exe'
2025-07-27 16:00:35,655 [analyzer] DEBUG: Loaded monitor into process with pid 1940
2025-07-27 16:00:35,703 [analyzer] INFO: Added pid 1940 for u'C:\\ProgramData\\AhnLab\\AhnSvc.exe'
2025-07-27 16:00:35,703 [analyzer] INFO: Added new file to list with pid 1940 and path C:\ProgramData\AhnLab\AhnSvc.exe
2025-07-27 16:01:06,265 [analyzer] INFO: Injected into process with pid 2072 and name u'cmd.exe'
2025-07-27 16:01:06,515 [analyzer] DEBUG: Loaded monitor into process with pid 2072
2025-07-27 16:01:07,217 [analyzer] INFO: Process with pid 2604 has terminated
2025-07-27 16:01:07,217 [analyzer] INFO: Process with pid 2072 has terminated
2025-07-27 16:03:54,217 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2025-07-27 16:03:55,265 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-07-27 16:03:55,265 [lib.api.process] INFO: Successfully terminated process with pid 1940.
2025-07-27 16:03:55,280 [analyzer] INFO: Analysis completed.

2025-07-31 01:03:46,470 [cuckoo.core.scheduler] INFO: Task #6792698: acquired machine win7x649 (label=win7x649)
2025-07-31 01:03:46,471 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.209 for task #6792698
2025-07-31 01:03:47,222 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 2597290 (interface=vboxnet0, host=192.168.168.209)
2025-07-31 01:03:47,300 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x649
2025-07-31 01:03:48,271 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x649 to vmcloak
2025-07-31 01:06:06,053 [cuckoo.core.guest] INFO: Starting analysis #6792698 on guest (id=win7x649, ip=192.168.168.209)
2025-07-31 01:06:07,059 [cuckoo.core.guest] DEBUG: win7x649: not ready yet
2025-07-31 01:06:12,383 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x649, ip=192.168.168.209)
2025-07-31 01:06:12,476 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x649, ip=192.168.168.209, monitor=latest, size=6660546)
2025-07-31 01:06:13,787 [cuckoo.core.resultserver] DEBUG: Task #6792698: live log analysis.log initialized.
2025-07-31 01:06:14,716 [cuckoo.core.resultserver] DEBUG: Task #6792698 is sending a BSON stream
2025-07-31 01:06:15,106 [cuckoo.core.resultserver] DEBUG: Task #6792698 is sending a BSON stream
2025-07-31 01:06:15,372 [cuckoo.core.resultserver] DEBUG: Task #6792698 is sending a BSON stream
2025-07-31 01:06:16,137 [cuckoo.core.resultserver] DEBUG: Task #6792698: File upload for 'shots/0001.jpg'
2025-07-31 01:06:16,147 [cuckoo.core.resultserver] DEBUG: Task #6792698 uploaded file length: 133454
2025-07-31 01:06:28,588 [cuckoo.core.guest] DEBUG: win7x649: analysis #6792698 still processing
2025-07-31 01:06:44,121 [cuckoo.core.guest] DEBUG: win7x649: analysis #6792698 still processing
2025-07-31 01:06:46,232 [cuckoo.core.resultserver] DEBUG: Task #6792698 is sending a BSON stream
2025-07-31 01:06:46,615 [cuckoo.core.resultserver] DEBUG: Task #6792698: File upload for 'files/39c04065abccd35e_39c04065abccd35e_ahnsvc.exe_'
2025-07-31 01:06:46,649 [cuckoo.core.resultserver] DEBUG: Task #6792698 uploaded file length: 61600
2025-07-31 01:07:00,166 [cuckoo.core.guest] DEBUG: win7x649: analysis #6792698 still processing
2025-07-31 01:07:16,049 [cuckoo.core.guest] DEBUG: win7x649: analysis #6792698 still processing
2025-07-31 01:07:31,860 [cuckoo.core.guest] DEBUG: win7x649: analysis #6792698 still processing
2025-07-31 01:07:47,266 [cuckoo.core.guest] DEBUG: win7x649: analysis #6792698 still processing
2025-07-31 01:08:03,163 [cuckoo.core.guest] DEBUG: win7x649: analysis #6792698 still processing
2025-07-31 01:08:18,466 [cuckoo.core.guest] DEBUG: win7x649: analysis #6792698 still processing
2025-07-31 01:08:33,880 [cuckoo.core.guest] DEBUG: win7x649: analysis #6792698 still processing
2025-07-31 01:08:49,241 [cuckoo.core.guest] DEBUG: win7x649: analysis #6792698 still processing
2025-07-31 01:09:04,491 [cuckoo.core.guest] DEBUG: win7x649: analysis #6792698 still processing
2025-07-31 01:09:20,422 [cuckoo.core.guest] DEBUG: win7x649: analysis #6792698 still processing
2025-07-31 01:09:34,208 [cuckoo.core.resultserver] DEBUG: Task #6792698: File upload for 'curtain/1753625034.41.curtain.log'
2025-07-31 01:09:34,211 [cuckoo.core.resultserver] DEBUG: Task #6792698 uploaded file length: 36
2025-07-31 01:09:34,962 [cuckoo.core.resultserver] DEBUG: Task #6792698: File upload for 'sysmon/1753625035.16.sysmon.xml'
2025-07-31 01:09:35,069 [cuckoo.core.resultserver] DEBUG: Task #6792698 uploaded file length: 10265004
2025-07-31 01:09:35,086 [cuckoo.core.resultserver] DEBUG: Task #6792698: File upload for 'files/ae57079462485faa_ahnsvc.exe_'
2025-07-31 01:09:35,089 [cuckoo.core.resultserver] DEBUG: Task #6792698 uploaded file length: 61604
2025-07-31 01:09:35,090 [cuckoo.core.resultserver] DEBUG: Task #6792698: File upload for 'files/fb715aeb62198d18_ahnsvc.exe'
2025-07-31 01:09:35,092 [cuckoo.core.resultserver] DEBUG: Task #6792698 uploaded file length: 61605
2025-07-31 01:09:35,221 [cuckoo.core.resultserver] DEBUG: Task #6792698 had connection reset for <Context for LOG>
2025-07-31 01:09:35,776 [cuckoo.core.guest] INFO: win7x649: analysis completed successfully
2025-07-31 01:09:35,785 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-07-31 01:09:35,814 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-07-31 01:09:37,902 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x649 to path /srv/cuckoo/cwd/storage/analyses/6792698/memory.dmp
2025-07-31 01:09:37,903 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x649
2025-07-31 01:11:52,756 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.209 for task #6792698
2025-07-31 01:11:53,377 [cuckoo.core.scheduler] DEBUG: Released database task #6792698
2025-07-31 01:11:53,401 [cuckoo.core.scheduler] INFO: Task #6792698: analysis procedure completed