Summary
915f890edf0b9481d9b9892d6eddc6055cf51975cb0ff8af99feb51cb7271c44
File 915f890edf0b9481d9b9892d6eddc6055cf51975cb0ff8af99feb51cb7271c44
Summary
| Size | 272.5KB |
|---|---|
| Type | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | 922b7ae6540040efea5bbe76eccdad57 |
| SHA1 | 6ddbcd68d69caf87ccac031d1f4f74d5e53cbf6c |
| SHA256 | 915f890edf0b9481d9b9892d6eddc6055cf51975cb0ff8af99feb51cb7271c44 |
| SHA512 |
b3aa0275df4295218e50996ba1150db3399d61430152d08f735c7350c5f5a6fdf5a77c4478fe5dad3d62e78133bc75834d6ed43210cb9046247c54a522dbe631
|
| CRC32 | 8181EC04 |
| ssdeep | None |
| Yara |
|
Score
This file is very suspicious, with a score of 10 out of 10!
Please notice: The scoring system is currently still in development and should be considered an alpha feature.
Feedback
Expecting different results? Send us this analysis and we will inspect it. Click here
Information on Execution
Analysis
| Category | Started | Completed | Duration | Routing | Logs |
|---|---|---|---|---|---|
| FILE | April 22, 2025, 10:57 a.m. | April 22, 2025, 11:03 a.m. | 343 seconds | internet |
Show Analyzer Log Show Cuckoo Log |
Analyzer Log
2025-04-21 00:59:49,015 [analyzer] DEBUG: Starting analyzer from: C:\tmpriinqn 2025-04-21 00:59:49,030 [analyzer] DEBUG: Pipe server name: \??\PIPE\CCQQMYvEFhTJQZXytwpfQKPmoJov 2025-04-21 00:59:49,030 [analyzer] DEBUG: Log pipe server name: \??\PIPE\vPjVKKslvqBAOMwaukYxbuABLk 2025-04-21 00:59:49,328 [analyzer] DEBUG: Started auxiliary module Curtain 2025-04-21 00:59:49,328 [analyzer] DEBUG: Started auxiliary module DbgView 2025-04-21 00:59:49,780 [analyzer] DEBUG: Started auxiliary module Disguise 2025-04-21 00:59:50,015 [analyzer] DEBUG: Loaded monitor into process with pid 512 2025-04-21 00:59:50,015 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets 2025-04-21 00:59:50,015 [analyzer] DEBUG: Started auxiliary module Human 2025-04-21 00:59:50,015 [analyzer] DEBUG: Started auxiliary module InstallCertificate 2025-04-21 00:59:50,015 [analyzer] DEBUG: Started auxiliary module Reboot 2025-04-21 00:59:50,078 [analyzer] DEBUG: Started auxiliary module RecentFiles 2025-04-21 00:59:50,078 [analyzer] DEBUG: Started auxiliary module Screenshots 2025-04-21 00:59:50,078 [analyzer] DEBUG: Started auxiliary module Sysmon 2025-04-21 00:59:50,078 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n 2025-04-21 00:59:50,187 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\915f890edf0b9481d9b9892d6eddc6055cf51975cb0ff8af99feb51cb7271c44.exe' with arguments '' and pid 3036 2025-04-21 00:59:50,405 [analyzer] DEBUG: Loaded monitor into process with pid 3036 2025-04-21 01:00:19,187 [analyzer] INFO: Analysis timeout hit, terminating analysis. 2025-04-21 01:00:19,608 [analyzer] INFO: Terminating remaining processes before shutdown. 2025-04-21 01:00:19,608 [lib.api.process] INFO: Successfully terminated process with pid 3036. 2025-04-21 01:00:19,608 [analyzer] INFO: Analysis completed.
Cuckoo Log
2025-04-22 10:57:19,357 [cuckoo.core.scheduler] INFO: Task #6318909: acquired machine win7x6426 (label=win7x6426) 2025-04-22 10:57:19,358 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.226 for task #6318909 2025-04-22 10:57:19,748 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 2026171 (interface=vboxnet0, host=192.168.168.226) 2025-04-22 10:57:19,948 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6426 2025-04-22 10:57:20,558 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6426 to vmcloak 2025-04-22 10:59:43,543 [cuckoo.core.guest] INFO: Starting analysis #6318909 on guest (id=win7x6426, ip=192.168.168.226) 2025-04-22 10:59:44,972 [cuckoo.core.guest] DEBUG: win7x6426: not ready yet 2025-04-22 10:59:50,012 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6426, ip=192.168.168.226) 2025-04-22 10:59:50,507 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6426, ip=192.168.168.226, monitor=latest, size=6660546) 2025-04-22 10:59:51,858 [cuckoo.core.resultserver] DEBUG: Task #6318909: live log analysis.log initialized. 2025-04-22 10:59:52,831 [cuckoo.core.resultserver] DEBUG: Task #6318909 is sending a BSON stream 2025-04-22 10:59:53,142 [cuckoo.core.resultserver] DEBUG: Task #6318909 is sending a BSON stream 2025-04-22 10:59:54,458 [cuckoo.core.resultserver] DEBUG: Task #6318909: File upload for 'shots/0001.jpg' 2025-04-22 10:59:54,466 [cuckoo.core.resultserver] DEBUG: Task #6318909 uploaded file length: 133427 2025-04-22 11:00:06,612 [cuckoo.core.guest] DEBUG: win7x6426: analysis #6318909 still processing 2025-04-22 11:00:22,020 [cuckoo.core.guest] DEBUG: win7x6426: analysis #6318909 still processing 2025-04-22 11:00:22,246 [cuckoo.core.resultserver] DEBUG: Task #6318909: File upload for 'curtain/1745190019.36.curtain.log' 2025-04-22 11:00:22,248 [cuckoo.core.resultserver] DEBUG: Task #6318909 uploaded file length: 36 2025-04-22 11:00:22,443 [cuckoo.core.resultserver] DEBUG: Task #6318909: File upload for 'sysmon/1745190019.56.sysmon.xml' 2025-04-22 11:00:22,488 [cuckoo.core.resultserver] DEBUG: Task #6318909 uploaded file length: 1766516 2025-04-22 11:00:23,059 [cuckoo.core.resultserver] DEBUG: Task #6318909 had connection reset for <Context for LOG> 2025-04-22 11:00:25,048 [cuckoo.core.guest] INFO: win7x6426: analysis completed successfully 2025-04-22 11:00:25,059 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks 2025-04-22 11:00:25,088 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer 2025-04-22 11:00:26,204 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6426 to path /srv/cuckoo/cwd/storage/analyses/6318909/memory.dmp 2025-04-22 11:00:26,205 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6426 2025-04-22 11:02:56,175 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.226 for task #6318909 2025-04-22 11:03:02,611 [cuckoo.core.scheduler] DEBUG: Released database task #6318909 2025-04-22 11:03:02,813 [cuckoo.core.scheduler] INFO: Task #6318909: analysis procedure completed
Signatures
| description | Checks if being debugged | rule | anti_dbg | ||||||
| description | Affect private profile | rule | win_files_operation | ||||||
| section | {u'size_of_data': u'0x0000e400', u'virtual_address': u'0x0002d000', u'entropy': 7.542765011408683, u'name': u'.data', u'virtual_size': u'0x00010fe8'} | entropy | 7.54276501141 | description | A section with a high entropy has been found | |||||||||
| entropy | 0.209944751381 | description | Overall entropy of this PE file is high | |||||||||||
| Avast Core Security (Linux) | Win64:Evo-gen [Trj] |
| WithSecure (Linux) | Trojan.TR/Agent.gemeb |
| ESET Security (Windows) | a variant of Win64/Agent.DML.gen trojan |
| DrWeb Antivirus (Linux) | Trojan.Siggen31.15192 |
| Kaspersky Standard (Windows) | HackTool.Win64.AmsiETWPatch.hxm |
| Cylance | Unsafe |
| CrowdStrike | win/malicious_confidence_90% (W) |
| Symantec | ML.Attribute.HighConfidence |
| Elastic | malicious (high confidence) |
| ESET-NOD32 | a variant of Win64/Agent.DML.gen |
| APEX | Malicious |
| Rising | Backdoor.Lotok!8.111D5 (TFE:2:X4N1blCauRP) |
| McAfeeD | ti!915F890EDF0B |
| Sophos | Generic Reputation PUA (PUA) |
| Detected | |
| Microsoft | Trojan:Win32/Wacatac.B!ml |
| McAfee | Artemis!922B7AE65400 |
| DeepInstinct | MALICIOUS |
| Malwarebytes | Generic.Malware/Suspicious |
| Ikarus | Trojan.Win64.Agent |
| Tencent | Win64.Trojan.Agent.Bkjl |
| Fortinet | W64/Agent.DML!tr |
| Paloalto | generic.ml |
| alibabacloud | Trojan:Win/Wacapew.C9nj |
Screenshots
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
| IP Address | Status | Action | VT | Location |
|---|---|---|---|---|
| No hosts contacted. | ||||
