Cuckoo Sandbox

File 9290142bcb233a023e9a3808f373a8a57826090b1fdcaabe337db91d97e3608e

Summary
Download Resubmit sample

Size	86.9KB
Type	data
MD5	`aa8d0a34c09e13da80704bc23d6eceed`
SHA1	`cde74cb77576253e5194034a4d5d6e2409bd1786`
SHA256	`9290142bcb233a023e9a3808f373a8a57826090b1fdcaabe337db91d97e3608e`
SHA512	`9a55acd1ab93d3e378a2ed93987c78b0cc5814ccc384bae7df0567a15bfa0984af151adbc017c4901269a69170e26832479832785d0807fe3a12b0bb4defedb5`
CRC32	`4BDAE0D5`
ssdeep	`None`
Yara	None matched

Score

This file shows numerous signs of malicious behavior.

The score of this file is 3.6 out of 10.

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis

Category	Started	Completed	Duration	Routing	Logs
FILE	Jan. 10, 2025, 4:03 a.m.	Jan. 10, 2025, 4:11 a.m.	458 seconds	internet	Show Analyzer Log Show Cuckoo Log

Analyzer Log

2025-01-09 12:15:03,003 [root] DEBUG: Starting analyzer from: /tmp/tmp9uKMqv
2025-01-09 12:15:03,003 [root] DEBUG: Storing results at: /tmp/ZdOYnP
2025-01-09 12:15:03,003 [lib.core.packages] INFO: _guess_package_name failed
2025-01-09 12:15:03,004 [lib.core.packages] INFO: data
2025-01-09 12:15:03,004 [lib.core.packages] INFO: 9290142bcb233a023e9a3808f373a8a57826090b1fdcaabe337db91d97e3608e
2025-01-09 12:15:08,326 [modules.auxiliary.filecollector] INFO: FileCollector started v0.08
2025-01-09 12:15:08,828 [modules.auxiliary.human] INFO: Human started v0.02
2025-01-09 12:15:09,331 [modules.auxiliary.screenshots] INFO: Screenshots started v0.03
2025-01-09 12:15:14,662 [lib.core.packages] INFO: Process startup took 5.33 seconds
2025-01-09 12:15:14,662 [root] INFO: Added new process to list with pid: 3842
2025-01-09 12:15:20,687 [root] INFO: Process with pid 3842 has terminated
2025-01-09 12:15:20,688 [root] INFO: Process list is empty, terminating analysis.
2025-01-09 12:15:23,692 [lib.core.packages] INFO: Package requested stop
2025-01-09 12:15:23,693 [lib.core.packages] WARNING: Exception uploading log: [Errno 3] No such process
2025-01-09 12:17:03,930 [root] INFO: Terminating remaining processes before shutdown.
2025-01-09 12:17:03,931 [root] INFO: Analysis completed.

Cuckoo Log

2025-01-10 04:03:33,115 [cuckoo.core.scheduler] INFO: Task #5742005: acquired machine Ubuntu1904x644 (label=Ubuntu1904x644)
2025-01-10 04:03:33,116 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.104 for task #5742005
2025-01-10 04:03:33,663 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 101654 (interface=vboxnet0, host=192.168.168.104)
2025-01-10 04:03:33,707 [cuckoo.machinery.virtualbox] DEBUG: Starting vm Ubuntu1904x644
2025-01-10 04:03:34,660 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine Ubuntu1904x644 to Snapshot
2025-01-10 04:06:58,178 [cuckoo.core.guest] INFO: Starting analysis #5742005 on guest (id=Ubuntu1904x644, ip=192.168.168.104)
2025-01-10 04:06:59,183 [cuckoo.core.guest] DEBUG: Ubuntu1904x644: not ready yet
2025-01-10 04:07:04,206 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=Ubuntu1904x644, ip=192.168.168.104)
2025-01-10 04:07:04,234 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=Ubuntu1904x644, ip=192.168.168.104, monitor=latest, size=73219)
2025-01-10 04:07:04,967 [cuckoo.core.resultserver] DEBUG: Task #5742005: live log analysis.log initialized.
2025-01-10 04:07:14,121 [cuckoo.core.resultserver] DEBUG: Task #5742005: File upload for 'shots/0001.jpg'
2025-01-10 04:07:14,128 [cuckoo.core.resultserver] DEBUG: Task #5742005 uploaded file length: 171458
2025-01-10 04:07:20,002 [cuckoo.core.guest] DEBUG: Ubuntu1904x644: analysis #5742005 still processing
2025-01-10 04:07:25,673 [cuckoo.core.resultserver] DEBUG: Task #5742005: File upload for 'logs/all.stap'
2025-01-10 04:07:25,676 [cuckoo.core.resultserver] DEBUG: Task #5742005 uploaded file length: 6823
2025-01-10 04:07:35,102 [cuckoo.core.guest] DEBUG: Ubuntu1904x644: analysis #5742005 still processing
2025-01-10 04:07:50,367 [cuckoo.core.guest] DEBUG: Ubuntu1904x644: analysis #5742005 still processing
2025-01-10 04:08:05,689 [cuckoo.core.guest] INFO: Ubuntu1904x644: end of analysis reached!
2025-01-10 04:08:05,720 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-01-10 04:08:05,744 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-01-10 04:08:07,245 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label Ubuntu1904x644 to path /srv/cuckoo/cwd/storage/analyses/5742005/memory.dmp
2025-01-10 04:08:07,268 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm Ubuntu1904x644
2025-01-10 04:11:11,291 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.104 for task #5742005
2025-01-10 04:11:11,650 [cuckoo.core.scheduler] DEBUG: Released database task #5742005
2025-01-10 04:11:11,685 [cuckoo.core.scheduler] INFO: Task #5742005: analysis procedure completed

Signatures

File has been identified by 4 AntiVirus engines on VirusTotal as malicious (4 events)

Ikarus	Phishing.HTML.Agent
Google	Detected
Microsoft	Trojan:HTML/Phish.DG!MTB
Varist	HTML/Phish.HDW

Screenshots

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action	VT	Location
No hosts contacted.

Browser recommendation

File 9290142bcb233a023e9a3808f373a8a57826090b1fdcaabe337db91d97e3608e

Summary Download Resubmit sample

Score

Feedback

Information on Execution

Analyzer Log

Cuckoo Log

Signatures

Feedback

Summary
Download Resubmit sample