Summary

Cloudflare_WARP_2025.6.1400.0.msi

File Cloudflare_WARP_2025.6.1400.0.msi

Summary
Download Resubmit sample

Size 128.0MB
Type Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Cloudflare WARP 25.6.1400.0, Author: Cloudflare, Inc., Keywords: Cloudflare WARP, Comments: This installer database contains the logic and data required to install Cloudflare WARP., Template: x64;1033, Revision Number: {33645434-2736-4C7C-B35A-D880D54FBC6C}, Create Time/Date: Thu Aug 21 23:03:52 2025, Last Saved Time/Date: Thu Aug 21 23:03:52 2025, Number of Pages: 300, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2
MD5 5a81853c95b3f7b4bfa3d3965e0139d8
SHA1 ddd2082b7ea5a05a7173dbb3e8ccea7e697e54bb
SHA256 011eb387ab6064ad3fc18321a377fcf6d8a9bd3b03b22208d05f3bb9965c0633
SHA512
60ad2cc0acb4026016fbf3dc2ec1d927f9330e578b9e8db305b58c079f8eb1ea1b8f44e09be3ed39afd28cd7bfe9034efe41dfacf7bf76676455dda363e0e9d0
CRC32 62F02AEB
ssdeep None
Yara
  • Office_OLE_DDE - Detects DDE in MS Office documents
  • shellcode - Matched shellcode byte patterns
  • anti_dbg - Checks if being debugged
  • escalate_priv - Escalade priviledges
  • win_registry - Affect system registries
  • win_token - Affect system token
  • win_files_operation - Affect private profile

Score

This file appears fairly benign with a score of 0.1 out of 10.

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis
Category Started Completed Duration Routing Logs
FILE Aug. 28, 2025, 4:55 p.m. Aug. 28, 2025, 4:56 p.m. 41 seconds internet Show Analyzer Log
Show Cuckoo Log

Analyzer Log

2025-08-28 16:55:23,005 [root] DEBUG: Starting analyzer from: /tmp/tmpmh6kjp
2025-08-28 16:55:23,006 [root] DEBUG: Storing results at: /tmp/mzcnMLtuq
2025-08-28 16:55:23,007 [root] ERROR: Traceback (most recent call last):
  File "/tmp/tmpmh6kjp/analyzer.py", line 340, in <module>
    success = analyzer.run()
  File "/tmp/tmpmh6kjp/analyzer.py", line 129, in run
    self.config.file_name, **kwargs)
  File "/tmp/tmpmh6kjp/lib/core/packages.py", line 42, in choose_package_class
    "exist.".format(name))
Exception: Unable to import package "bat": it does not exist.
Traceback (most recent call last):
  File "/tmp/tmpmh6kjp/analyzer.py", line 340, in <module>
    success = analyzer.run()
  File "/tmp/tmpmh6kjp/analyzer.py", line 129, in run
    self.config.file_name, **kwargs)
  File "/tmp/tmpmh6kjp/lib/core/packages.py", line 42, in choose_package_class
    "exist.".format(name))
Exception: Unable to import package "bat": it does not exist.

Cuckoo Log

2025-08-28 16:55:35,280 [cuckoo.core.scheduler] INFO: Task #6945078: acquired machine Ubuntu1904x642 (label=Ubuntu1904x642)
2025-08-28 16:55:35,281 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.102 for task #6945078
2025-08-28 16:55:35,509 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 2707101 (interface=vboxnet0, host=192.168.168.102)
2025-08-28 16:55:35,545 [cuckoo.machinery.virtualbox] DEBUG: Starting vm Ubuntu1904x642
2025-08-28 16:55:35,993 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine Ubuntu1904x642 to Snapshot
2025-08-28 16:55:47,076 [cuckoo.core.guest] INFO: Starting analysis #6945078 on guest (id=Ubuntu1904x642, ip=192.168.168.102)
2025-08-28 16:55:48,081 [cuckoo.core.guest] DEBUG: Ubuntu1904x642: not ready yet
2025-08-28 16:55:53,107 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=Ubuntu1904x642, ip=192.168.168.102)
2025-08-28 16:55:53,138 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=Ubuntu1904x642, ip=192.168.168.102, monitor=latest, size=73219)
2025-08-28 16:55:57,974 [cuckoo.core.resultserver] DEBUG: Task #6945078: live log analysis.log initialized.
2025-08-28 16:56:00,898 [cuckoo.core.guest] INFO: Ubuntu1904x642: analysis completed successfully
2025-08-28 16:56:00,921 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-08-28 16:56:00,956 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-08-28 16:56:01,673 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label Ubuntu1904x642 to path /srv/cuckoo/cwd/storage/analyses/6945078/memory.dmp
2025-08-28 16:56:01,675 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm Ubuntu1904x642
2025-08-28 16:56:13,042 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.102 for task #6945078
2025-08-28 16:56:13,527 [cuckoo.core.scheduler] DEBUG: Released database task #6945078
2025-08-28 16:56:13,550 [cuckoo.core.scheduler] INFO: Task #6945078: analysis procedure completed

Signatures

Yara rules detected for file (7 events)
description Detects DDE in MS Office documents rule Office_OLE_DDE
description Matched shellcode byte patterns rule shellcode
description Checks if being debugged rule anti_dbg
description Escalade priviledges rule escalate_priv
description Affect system registries rule win_registry
description Affect system token rule win_token
description Affect private profile rule win_files_operation
Screenshots
No screenshots available.
Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action VT Location
No hosts contacted.
Cuckoo

We're processing your submission... This could take a few seconds.