Summary

Archive Report.exe @ Report.zip

Summary
Download Resubmit sample

Size 202.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 3ceb871e70a9931810f07a85b2a513c4
SHA1 654adc3c697f521ac22a3459b11e7c6acbc3919b
SHA256 1c0d7dc7aa2ec9b9623be4c24917d4cef2a7fbf3f74a0b45fb0ece2f5e534e05
SHA512
9f2f87b485cf6c14ea45375bf085b2ba43e28e9f18244e9d541f2eae3dca7dd6a5e6f20a80511b8f33730b5ecb46a7af0e85bbcb7c6835360d3fe0c2c74e1cc9
CRC32 D02D1EC3
ssdeep None
Yara
  • keylogger - Run a keylogger
  • win_files_operation - Affect private profile

Score

This archive shows numerous signs of malicious behavior.

The score of this archive is 3.3 out of 10.

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis
Category Started Completed Duration Routing Logs
ARCHIVE May 1, 2025, 11:14 p.m. May 1, 2025, 11:20 p.m. 384 seconds internet Show Analyzer Log
Show Cuckoo Log

Analyzer Log

2025-05-01 23:14:25,015 [analyzer] DEBUG: Starting analyzer from: C:\tmptpreht
2025-05-01 23:14:25,030 [analyzer] DEBUG: Pipe server name: \??\PIPE\aYigjhilyMWFfRUCbdYjJmaIAsIqtxSI
2025-05-01 23:14:25,030 [analyzer] DEBUG: Log pipe server name: \??\PIPE\yRepndQWlBSUJKNwJeuxP
2025-05-01 23:14:25,296 [analyzer] DEBUG: Started auxiliary module Curtain
2025-05-01 23:14:25,296 [analyzer] DEBUG: Started auxiliary module DbgView
2025-05-01 23:14:25,858 [analyzer] DEBUG: Started auxiliary module Disguise
2025-05-01 23:14:26,092 [analyzer] DEBUG: Loaded monitor into process with pid 500
2025-05-01 23:14:26,092 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-05-01 23:14:26,092 [analyzer] DEBUG: Started auxiliary module Human
2025-05-01 23:14:26,092 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-05-01 23:14:26,092 [analyzer] DEBUG: Started auxiliary module Reboot
2025-05-01 23:14:26,233 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-05-01 23:14:26,233 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-05-01 23:14:26,233 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-05-01 23:14:26,233 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-05-01 23:14:26,405 [lib.api.process] INFO: Successfully executed process from path 'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\Report.exe' with arguments '' and pid 1440
2025-05-01 23:14:26,608 [analyzer] DEBUG: Loaded monitor into process with pid 1440
2025-05-01 22:18:05,375 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2025-05-01 22:18:05,592 [lib.api.process] ERROR: Failed to dump memory of 32-bit process with pid 1440.
2025-05-01 22:18:06,046 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-05-01 22:18:06,046 [lib.api.process] INFO: Successfully terminated process with pid 1440.
2025-05-01 22:18:06,046 [analyzer] INFO: Analysis completed.

Cuckoo Log

2025-05-01 23:14:31,112 [cuckoo.core.scheduler] INFO: Task #6408922: acquired machine win7x641 (label=win7x641)
2025-05-01 23:14:31,112 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.201 for task #6408922
2025-05-01 23:14:31,313 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 3328760 (interface=vboxnet0, host=192.168.168.201)
2025-05-01 23:14:31,342 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x641
2025-05-01 23:14:31,752 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x641 to vmcloak
2025-05-01 23:17:27,380 [cuckoo.core.guest] INFO: Starting analysis #6408922 on guest (id=win7x641, ip=192.168.168.201)
2025-05-01 23:17:28,427 [cuckoo.core.guest] DEBUG: win7x641: not ready yet
2025-05-01 23:17:33,462 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x641, ip=192.168.168.201)
2025-05-01 23:17:33,558 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x641, ip=192.168.168.201, monitor=latest, size=6660546)
2025-05-01 23:17:34,957 [cuckoo.core.resultserver] DEBUG: Task #6408922: live log analysis.log initialized.
2025-05-01 23:17:36,003 [cuckoo.core.resultserver] DEBUG: Task #6408922 is sending a BSON stream
2025-05-01 23:17:36,487 [cuckoo.core.resultserver] DEBUG: Task #6408922 is sending a BSON stream
2025-05-01 23:17:37,323 [cuckoo.core.resultserver] DEBUG: Task #6408922: File upload for 'shots/0001.jpg'
2025-05-01 23:17:37,339 [cuckoo.core.resultserver] DEBUG: Task #6408922 uploaded file length: 136686
2025-05-01 23:17:49,671 [cuckoo.core.guest] DEBUG: win7x641: analysis #6408922 still processing
2025-05-01 23:18:04,809 [cuckoo.core.guest] DEBUG: win7x641: analysis #6408922 still processing
2025-05-01 23:18:05,800 [cuckoo.core.resultserver] DEBUG: Task #6408922: File upload for 'curtain/1746130685.8.curtain.log'
2025-05-01 23:18:05,804 [cuckoo.core.resultserver] DEBUG: Task #6408922 uploaded file length: 36
2025-05-01 23:18:06,019 [cuckoo.core.resultserver] DEBUG: Task #6408922: File upload for 'sysmon/1746130686.02.sysmon.xml'
2025-05-01 23:18:06,047 [cuckoo.core.resultserver] DEBUG: Task #6408922 uploaded file length: 1492542
2025-05-01 23:18:06,187 [cuckoo.core.resultserver] DEBUG: Task #6408922: File upload for 'shots/0002.jpg'
2025-05-01 23:18:06,199 [cuckoo.core.resultserver] DEBUG: Task #6408922 uploaded file length: 134191
2025-05-01 23:18:06,216 [cuckoo.core.resultserver] DEBUG: Task #6408922 had connection reset for <Context for LOG>
2025-05-01 23:18:07,882 [cuckoo.core.guest] INFO: win7x641: analysis completed successfully
2025-05-01 23:18:07,908 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-05-01 23:18:07,973 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-05-01 23:18:08,562 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x641 to path /srv/cuckoo/cwd/storage/analyses/6408922/memory.dmp
2025-05-01 23:18:08,563 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x641
2025-05-01 23:20:54,903 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.201 for task #6408922
2025-05-01 23:20:55,381 [cuckoo.core.scheduler] DEBUG: Released database task #6408922
2025-05-01 23:20:55,403 [cuckoo.core.scheduler] INFO: Task #6408922: analysis procedure completed

Signatures

Yara rules detected for file (2 events)
description Run a keylogger rule keylogger
description Affect private profile rule win_files_operation
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)
section .sxdata
The executable uses a known packer (1 event)
packer Armadillo v1.71
File has been identified by 2 AntiVirus engines on VirusTotal as malicious (2 events)
Bkav W32.AIDetectMalware
CrowdStrike win/malicious_confidence_60% (W)
Screenshots
Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action VT Location
No hosts contacted.
Cuckoo

We're processing your submission... This could take a few seconds.