Summary

f1274c9ec9ceffc7c351cca23824cceafffa97f79a4f312af5a234588fc55ca0

File f1274c9ec9ceffc7c351cca23824cceafffa97f79a4f312af5a234588fc55ca0

Summary
Download Resubmit sample

Size 40.1KB
Type MS-DOS executable PE32 executable (GUI) Intel 80386, for MS Windows
MD5 daedc403ff0a6277dd81c115155b7f7a
SHA1 26114b5347b4607f9cf8a9e1311a70b4443f5021
SHA256 f1274c9ec9ceffc7c351cca23824cceafffa97f79a4f312af5a234588fc55ca0
SHA512
2d41efcddfa7ae5675b9ac4ea6f7d88e0fd154fa633f09c41e2412a8776030596ced1ac3694faf871944d4d9e46e465fd7992afca4e5f8d4ab0e4b50daeee649
CRC32 3300A01E
ssdeep None
Yara None matched

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis
Category Started Completed Duration Routing Logs
FILE March 26, 2025, 10:37 p.m. March 26, 2025, 10:43 p.m. 367 seconds internet Show Analyzer Log
Show Cuckoo Log

Analyzer Log

2025-03-25 07:21:45,015 [analyzer] DEBUG: Starting analyzer from: C:\tmpl4240h
2025-03-25 07:21:45,046 [analyzer] DEBUG: Pipe server name: \??\PIPE\BtwteghxmNRhkejEbDz
2025-03-25 07:21:45,046 [analyzer] DEBUG: Log pipe server name: \??\PIPE\vEQXADQjrHrhdluvAsMOdjOBk
2025-03-25 07:21:45,390 [analyzer] DEBUG: Started auxiliary module Curtain
2025-03-25 07:21:45,405 [analyzer] DEBUG: Started auxiliary module DbgView
2025-03-25 07:21:45,937 [analyzer] DEBUG: Started auxiliary module Disguise
2025-03-25 07:21:46,155 [analyzer] DEBUG: Loaded monitor into process with pid 508
2025-03-25 07:21:46,155 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-03-25 07:21:46,155 [analyzer] DEBUG: Started auxiliary module Human
2025-03-25 07:21:46,155 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-03-25 07:21:46,155 [analyzer] DEBUG: Started auxiliary module Reboot
2025-03-25 07:21:46,280 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-03-25 07:21:46,296 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-03-25 07:21:46,296 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-03-25 07:21:46,296 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-03-25 07:21:46,405 [lib.api.process] ERROR: Failed to execute process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\f1274c9ec9ceffc7c351cca23824cceafffa97f79a4f312af5a234588fc55ca0.exe' with arguments ['bin\\inject-x86.exe', '--app', u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\f1274c9ec9ceffc7c351cca23824cceafffa97f79a4f312af5a234588fc55ca0.exe', '--only-start', '--curdir', 'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp'] (Error: Command '['bin\\inject-x86.exe', '--app', u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\f1274c9ec9ceffc7c351cca23824cceafffa97f79a4f312af5a234588fc55ca0.exe', '--only-start', '--curdir', 'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp']' returned non-zero exit status 1)

Cuckoo Log

2025-03-26 22:37:06,433 [cuckoo.core.scheduler] INFO: Task #6163208: acquired machine win7x649 (label=win7x649)
2025-03-26 22:37:06,434 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.209 for task #6163208
2025-03-26 22:37:07,032 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 890833 (interface=vboxnet0, host=192.168.168.209)
2025-03-26 22:37:07,117 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x649
2025-03-26 22:37:08,069 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x649 to vmcloak
2025-03-26 22:40:25,736 [cuckoo.core.guest] INFO: Starting analysis #6163208 on guest (id=win7x649, ip=192.168.168.209)
2025-03-26 22:40:26,742 [cuckoo.core.guest] DEBUG: win7x649: not ready yet
2025-03-26 22:40:31,768 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x649, ip=192.168.168.209)
2025-03-26 22:40:31,845 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x649, ip=192.168.168.209, monitor=latest, size=6660546)
2025-03-26 22:40:33,472 [cuckoo.core.resultserver] DEBUG: Task #6163208: live log analysis.log initialized.
2025-03-26 22:40:34,577 [cuckoo.core.resultserver] DEBUG: Task #6163208 is sending a BSON stream
2025-03-26 22:40:35,987 [cuckoo.core.resultserver] DEBUG: Task #6163208: File upload for 'shots/0001.jpg'
2025-03-26 22:40:36,257 [cuckoo.core.resultserver] DEBUG: Task #6163208 uploaded file length: 133461
2025-03-26 22:40:36,301 [cuckoo.core.guest] WARNING: win7x649: analysis #6163208 caught an exception
Traceback (most recent call last):
  File "C:/tmpl4240h/analyzer.py", line 824, in <module>
    success = analyzer.run()
  File "C:/tmpl4240h/analyzer.py", line 673, in run
    pids = self.package.start(self.target)
  File "C:\tmpl4240h\modules\packages\exe.py", line 34, in start
    return self.execute(path, args=shlex.split(args))
  File "C:\tmpl4240h\lib\common\abstracts.py", line 205, in execute
    "Unable to execute the initial process, analysis aborted."
CuckooPackageError: Unable to execute the initial process, analysis aborted.

2025-03-26 22:40:36,315 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-03-26 22:40:36,396 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-03-26 22:40:37,897 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x649 to path /srv/cuckoo/cwd/storage/analyses/6163208/memory.dmp
2025-03-26 22:40:37,898 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x649
2025-03-26 22:43:13,689 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.209 for task #6163208
2025-03-26 22:43:13,690 [cuckoo.core.resultserver] DEBUG: Cancel <Context for LOG> for task 6163208
2025-03-26 22:43:14,275 [cuckoo.core.scheduler] DEBUG: Released database task #6163208
2025-03-26 22:43:14,298 [cuckoo.core.scheduler] INFO: Task #6163208: analysis procedure completed

Signatures

File has been identified by 4 AntiVirus engine on IRMA as malicious (4 events)
ESET Security (Windows) a variant of Win32/Kryptik.WUJ trojan
Sophos Anti-Virus (Linux) Mal/EncPk-ACE
DrWeb Antivirus (Linux) BackDoor.Ddoser.131
Kaspersky Standard (Windows) UDS:Trojan.Win32.Generic
File has been identified by 35 AntiVirus engines on VirusTotal as malicious (35 events)
Lionic Trojan.Win32.Generic.4!c
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win32.Generic.pz
CrowdStrike win/malicious_confidence_100% (D)
VirIT Trojan.Win32.SHeur4.JFT
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/Kryptik.WUJ
APEX Malicious
Kaspersky UDS:Trojan.Win32.Generic
Alibaba Trojan:Win32/Kryptik.7963d74d
NANO-Antivirus Virus.Win32.Gen.ccmw
Rising Trojan.Kryptik!8.8 (CLOUD)
DrWeb BackDoor.Ddoser.131
Zillya Trojan.Kryptik.Win32.192368
Trapmine malicious.moderate.ml.score
Sophos Mal/EncPk-ACE
SentinelOne Static AI - Malicious PE
FireEye Generic.mg.daedc403ff0a6277
Jiangmin Trojan/Menti.mkk
Google Detected
Antiy-AVL Trojan/Win32.Menti
Kingsoft Win32.Trojan.Generic.a
Xcitium TrojWare.Win32.Kryptik.WUJA@4maono
Microsoft Trojan:Win32/Wacatac.B!ml
ViRobot Trojan.Win32.A.Menti.50686
ZoneAlarm Mal/EncPk-ACE
Varist W32/Zbot.DK.gen!Eldorado
McAfee Artemis!DAEDC403FF0A
DeepInstinct MALICIOUS
VBA32 BScope.TrojanSpy.SpyEyes.2714
Ikarus Trojan.Win32.Menti
TrendMicro-HouseCall Trojan.Win32.VSX.PE04C9V
MaxSecure Trojan.Malware.7164915.susgen
Fortinet W32/Kryptik.NBG!tr
alibabacloud Trojan:Win/Kryptik.WUJ
Screenshots
Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action VT Location
No hosts contacted.
Cuckoo

We're processing your submission... This could take a few seconds.