Summary

02.08.2022.exe

File 02.08.2022.exe

Summary
Download Resubmit sample

Size 14.1KB
Type data
MD5 0e699dc82df1635154d2cdb28ad9005f
SHA1 5a758139b2ace19203ce62247590d23a573a914f
SHA256 9530305ac975176022aa67856ca4b55c059d0865832c1cdb76f948ea8a0c6d92
SHA512
609aacdab271f5ad4d46adf1ee26f3cc18829fd3c9d290e5524aded926d0567bcc50e91073eb877391f44703594795140606d5c4e3773f170082e46f0ee6895a
CRC32 FF2B6129
ssdeep None
Yara None matched

Score

This file shows numerous signs of malicious behavior.

The score of this file is 3.6 out of 10.

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis
Category Started Completed Duration Routing Logs
FILE Feb. 15, 2026, 11:53 a.m. Feb. 15, 2026, 11:54 a.m. 94 seconds internet Show Analyzer Log
Show Cuckoo Log

Analyzer Log

2026-02-15 11:53:06,004 [root] DEBUG: Starting analyzer from: /tmp/tmpw191Ld
2026-02-15 11:53:06,005 [root] DEBUG: Storing results at: /tmp/wUvuExJORu
2026-02-15 11:53:06,006 [lib.core.packages] INFO: _guess_package_name failed
2026-02-15 11:53:06,006 [lib.core.packages] INFO: data
2026-02-15 11:53:06,006 [lib.core.packages] INFO: 02.08.2022.exe
2026-02-15 11:53:08,080 [modules.auxiliary.filecollector] INFO: FileCollector started v0.08
2026-02-15 11:53:08,083 [modules.auxiliary.human] INFO: Human started v0.02
2026-02-15 11:53:08,585 [modules.auxiliary.screenshots] INFO: Screenshots started v0.03
2026-02-15 11:53:17,759 [lib.core.packages] INFO: Process startup took 9.17 seconds
2026-02-15 11:53:17,761 [root] INFO: Added new process to list with pid: 2082
2026-02-15 11:53:26,775 [root] INFO: Process with pid 2082 has terminated
2026-02-15 11:53:26,776 [root] INFO: Process list is empty, terminating analysis.
2026-02-15 11:53:29,803 [lib.core.packages] INFO: Package requested stop
2026-02-15 11:53:29,804 [lib.core.packages] WARNING: Exception uploading log: [Errno 3] No such process

Cuckoo Log

2026-02-15 11:53:08,815 [cuckoo.core.scheduler] INFO: Task #7455879: acquired machine Ubuntu1904x643 (label=Ubuntu1904x643)
2026-02-15 11:53:08,816 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.103 for task #7455879
2026-02-15 11:53:09,192 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 2579263 (interface=vboxnet0, host=192.168.168.103)
2026-02-15 11:53:09,407 [cuckoo.machinery.virtualbox] DEBUG: Starting vm Ubuntu1904x643
2026-02-15 11:53:10,040 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine Ubuntu1904x643 to Snapshot
2026-02-15 11:53:27,744 [cuckoo.core.guest] INFO: Starting analysis #7455879 on guest (id=Ubuntu1904x643, ip=192.168.168.103)
2026-02-15 11:53:28,751 [cuckoo.core.guest] DEBUG: Ubuntu1904x643: not ready yet
2026-02-15 11:53:33,774 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=Ubuntu1904x643, ip=192.168.168.103)
2026-02-15 11:53:33,800 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=Ubuntu1904x643, ip=192.168.168.103, monitor=latest, size=73219)
2026-02-15 11:53:34,041 [cuckoo.core.resultserver] DEBUG: Task #7455879: live log analysis.log initialized.
2026-02-15 11:53:39,046 [cuckoo.core.resultserver] DEBUG: Task #7455879: File upload for 'shots/0001.jpg'
2026-02-15 11:53:39,055 [cuckoo.core.resultserver] DEBUG: Task #7455879 uploaded file length: 171569
2026-02-15 11:53:49,006 [cuckoo.core.guest] DEBUG: Ubuntu1904x643: analysis #7455879 still processing
2026-02-15 11:53:57,859 [cuckoo.core.resultserver] DEBUG: Task #7455879: File upload for 'logs/all.stap'
2026-02-15 11:53:57,881 [cuckoo.core.resultserver] DEBUG: Task #7455879 uploaded file length: 1201
2026-02-15 11:54:04,090 [cuckoo.core.guest] DEBUG: Ubuntu1904x643: analysis #7455879 still processing
2026-02-15 11:54:19,172 [cuckoo.core.guest] DEBUG: Ubuntu1904x643: analysis #7455879 still processing
2026-02-15 11:54:34,239 [cuckoo.core.guest] INFO: Ubuntu1904x643: end of analysis reached!
2026-02-15 11:54:34,252 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2026-02-15 11:54:34,269 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2026-02-15 11:54:35,362 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label Ubuntu1904x643 to path /srv/cuckoo/cwd/storage/analyses/7455879/memory.dmp
2026-02-15 11:54:35,363 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm Ubuntu1904x643
2026-02-15 11:54:43,391 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.103 for task #7455879
2026-02-15 11:54:43,391 [cuckoo.core.resultserver] DEBUG: Cancel <Context for LOG> for task 7455879
2026-02-15 11:54:43,691 [cuckoo.core.scheduler] DEBUG: Released database task #7455879
2026-02-15 11:54:43,707 [cuckoo.core.scheduler] INFO: Task #7455879: analysis procedure completed

Signatures

File has been identified by 4 AntiVirus engine on IRMA as malicious (4 events)
Trend Micro SProtect (Linux) Trojan.Win32.COBALT.SMD.hp
Trellix (Linux) W32/CobaltStrike.aa trojan
Sophos Anti-Virus (Linux) ATK/Cobalt-D
Kaspersky Standard (Windows) HEUR:Trojan.Win64.CobaltStrike.gen
Screenshots
Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action VT Location
No hosts contacted.
Cuckoo

We're processing your submission... This could take a few seconds.