Summary

637ca2cf00531f2d_contrapose

File 637ca2cf00531f2d_contrapose

Summary
Download Resubmit sample

Size 93.5KB
Type ASCII text, with very long lines (65536), with no line terminators
MD5 cba31709d0df15b199fbddeb3db49edc
SHA1 a68922a5d48af589d904144c35e836dd3650a88e
SHA256 637ca2cf00531f2d66a3550ed2dc03e57a2f5bb3cc0078042daf6c4214839a60
SHA512
c4c32d7d6d57aa7c9281694e10f05e529733dee396814d301a3e0585b2ebd2eb1ac31e84cea5d11168fe09ac421fc5935576b2c880c246f0b01ba5fab556fd89
CRC32 39EDBEA8
ssdeep None
Yara None matched

Score

This file shows some signs of potential malicious behavior.

The score of this file is 1.1 out of 10.

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Autosubmit

Parent_Task_ID:6513174

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis
Category Started Completed Duration Routing Logs
FILE May 26, 2025, 2:23 a.m. May 26, 2025, 2:27 a.m. 228 seconds internet Show Analyzer Log
Show Cuckoo Log

Analyzer Log

2025-05-26 02:23:34,015 [analyzer] DEBUG: Starting analyzer from: C:\tmpsftntc
2025-05-26 02:23:34,015 [analyzer] DEBUG: Pipe server name: \??\PIPE\voNjcOpyQgdZdOugWHMbtxdeJm
2025-05-26 02:23:34,015 [analyzer] DEBUG: Log pipe server name: \??\PIPE\XiKLHkTDIIlekBYNBStjyHIBd
2025-05-26 02:23:34,015 [analyzer] DEBUG: No analysis package specified, trying to detect it automagically.
2025-05-26 02:23:34,030 [analyzer] INFO: Automatically selected analysis package "generic"
2025-05-26 02:23:34,342 [analyzer] DEBUG: Started auxiliary module Curtain
2025-05-26 02:23:34,342 [analyzer] DEBUG: Started auxiliary module DbgView
2025-05-26 02:23:34,828 [analyzer] DEBUG: Started auxiliary module Disguise
2025-05-26 02:23:35,046 [analyzer] DEBUG: Loaded monitor into process with pid 508
2025-05-26 02:23:35,046 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-05-26 02:23:35,046 [analyzer] DEBUG: Started auxiliary module Human
2025-05-26 02:23:35,046 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-05-26 02:23:35,046 [analyzer] DEBUG: Started auxiliary module Reboot
2025-05-26 02:23:35,155 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-05-26 02:23:35,155 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-05-26 02:23:35,155 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-05-26 02:23:35,155 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-05-26 02:23:35,250 [lib.api.process] INFO: Successfully executed process from path 'C:\\Windows\\System32\\cmd.exe' with arguments ['/c', 'start', '/wait', '"lkHbPunTFQCqc"', u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\637ca2cf00531f2d_contrapose'] and pid 2980
2025-05-26 02:23:35,500 [analyzer] DEBUG: Loaded monitor into process with pid 2980
2025-05-26 02:23:36,030 [analyzer] CRITICAL: Error creating function stub for advapi32!ControlService.
2025-05-26 02:23:36,078 [analyzer] CRITICAL: Unable to change memory protection of advapi32!DeleteService at 0x09f498 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:36,092 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenSCManagerA at 0x09f336 5 to RWX (error code 0xc0000045)!
2025-05-26 02:23:36,092 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenSCManagerW at 0x09f4a8 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:36,092 [analyzer] CRITICAL: Error creating function stub for advapi32!OpenServiceA.
2025-05-26 02:23:36,108 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenServiceW at 0x09f488 5 to RWX (error code 0xc0000045)!
2025-05-26 02:23:36,108 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegCloseKey at 0x09f6b4 5 to RWX (error code 0xc0000045)!
2025-05-26 02:23:36,125 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegDeleteValueA at 0x09f5ee 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:36,125 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegDeleteValueW at 0x09f5dc 10 to RWX (error code 0xc0000045)!
2025-05-26 02:23:36,171 [analyzer] CRITICAL: Unable to change memory protection of advapi32!StartServiceCtrlDispatcherW at 0x09f276 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:36,187 [analyzer] CRITICAL: Error creating function stub for advapi32!StartServiceW.
2025-05-26 02:23:36,265 [analyzer] CRITICAL: Error creating function stub for advapi32!ControlService.
2025-05-26 02:23:36,265 [analyzer] CRITICAL: Unable to change memory protection of advapi32!DeleteService at 0x09f498 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:36,280 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenSCManagerA at 0x09f336 5 to RWX (error code 0xc0000045)!
2025-05-26 02:23:36,280 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenSCManagerW at 0x09f4a8 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:36,280 [analyzer] CRITICAL: Error creating function stub for advapi32!OpenServiceA.
2025-05-26 02:23:36,296 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenServiceW at 0x09f488 5 to RWX (error code 0xc0000045)!
2025-05-26 02:23:36,296 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegCloseKey at 0x09f6b4 5 to RWX (error code 0xc0000045)!
2025-05-26 02:23:36,312 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegDeleteValueA at 0x09f5ee 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:36,312 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegDeleteValueW at 0x09f5dc 10 to RWX (error code 0xc0000045)!
2025-05-26 02:23:36,312 [analyzer] CRITICAL: Unable to change memory protection of advapi32!StartServiceCtrlDispatcherW at 0x09f276 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:36,312 [analyzer] CRITICAL: Error creating function stub for advapi32!StartServiceW.
2025-05-26 02:23:36,765 [analyzer] CRITICAL: Error creating function stub for advapi32!ControlService.
2025-05-26 02:23:36,780 [analyzer] CRITICAL: Unable to change memory protection of advapi32!DeleteService at 0x09f498 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:36,780 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenSCManagerA at 0x09f336 5 to RWX (error code 0xc0000045)!
2025-05-26 02:23:36,780 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenSCManagerW at 0x09f4a8 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:36,796 [analyzer] CRITICAL: Error creating function stub for advapi32!OpenServiceA.
2025-05-26 02:23:36,796 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenServiceW at 0x09f488 5 to RWX (error code 0xc0000045)!
2025-05-26 02:23:36,796 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegCloseKey at 0x09f6b4 5 to RWX (error code 0xc0000045)!
2025-05-26 02:23:36,796 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegDeleteValueA at 0x09f5ee 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:36,812 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegDeleteValueW at 0x09f5dc 10 to RWX (error code 0xc0000045)!
2025-05-26 02:23:36,812 [analyzer] CRITICAL: Unable to change memory protection of advapi32!StartServiceCtrlDispatcherW at 0x09f276 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:36,812 [analyzer] CRITICAL: Error creating function stub for advapi32!StartServiceW.
2025-05-26 02:23:36,953 [analyzer] CRITICAL: Error creating function stub for advapi32!ControlService.
2025-05-26 02:23:36,953 [analyzer] CRITICAL: Unable to change memory protection of advapi32!DeleteService at 0x09f498 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:36,953 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenSCManagerA at 0x09f336 5 to RWX (error code 0xc0000045)!
2025-05-26 02:23:36,967 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenSCManagerW at 0x09f4a8 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:36,967 [analyzer] CRITICAL: Error creating function stub for advapi32!OpenServiceA.
2025-05-26 02:23:36,967 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenServiceW at 0x09f488 5 to RWX (error code 0xc0000045)!
2025-05-26 02:23:36,983 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegCloseKey at 0x09f6b4 5 to RWX (error code 0xc0000045)!
2025-05-26 02:23:36,983 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegDeleteValueA at 0x09f5ee 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:36,983 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegDeleteValueW at 0x09f5dc 10 to RWX (error code 0xc0000045)!
2025-05-26 02:23:37,000 [analyzer] CRITICAL: Unable to change memory protection of advapi32!StartServiceCtrlDispatcherW at 0x09f276 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:37,000 [analyzer] CRITICAL: Error creating function stub for advapi32!StartServiceW.
2025-05-26 02:23:41,953 [analyzer] CRITICAL: Error creating function stub for advapi32!ControlService.
2025-05-26 02:23:41,953 [analyzer] CRITICAL: Unable to change memory protection of advapi32!DeleteService at 0x09f498 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:41,953 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenSCManagerA at 0x09f336 5 to RWX (error code 0xc0000045)!
2025-05-26 02:23:41,967 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenSCManagerW at 0x09f4a8 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:41,967 [analyzer] CRITICAL: Error creating function stub for advapi32!OpenServiceA.
2025-05-26 02:23:41,983 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenServiceW at 0x09f488 5 to RWX (error code 0xc0000045)!
2025-05-26 02:23:41,983 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegCloseKey at 0x09f6b4 5 to RWX (error code 0xc0000045)!
2025-05-26 02:23:41,983 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegDeleteValueA at 0x09f5ee 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:41,983 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegDeleteValueW at 0x09f5dc 10 to RWX (error code 0xc0000045)!
2025-05-26 02:23:42,000 [analyzer] CRITICAL: Unable to change memory protection of advapi32!StartServiceCtrlDispatcherW at 0x09f276 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:42,000 [analyzer] CRITICAL: Error creating function stub for advapi32!StartServiceW.
2025-05-26 02:23:45,765 [analyzer] INFO: Injected into process with pid 296 and name u'rundll32.exe'
2025-05-26 02:23:46,000 [lib.api.process] ERROR: Failed to dump memory of 64-bit process with pid 296.
2025-05-26 02:23:46,203 [analyzer] DEBUG: Loaded monitor into process with pid 296
2025-05-26 02:23:46,608 [analyzer] CRITICAL: Error creating function stub for advapi32!ControlService.
2025-05-26 02:23:46,625 [analyzer] CRITICAL: Unable to change memory protection of advapi32!DeleteService at 0x09f498 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:46,640 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenSCManagerA at 0x09f336 5 to RWX (error code 0xc0000045)!
2025-05-26 02:23:46,640 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenSCManagerW at 0x09f4a8 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:46,640 [analyzer] CRITICAL: Error creating function stub for advapi32!OpenServiceA.
2025-05-26 02:23:46,640 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenServiceW at 0x09f488 5 to RWX (error code 0xc0000045)!
2025-05-26 02:23:46,640 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegCloseKey at 0x09f6b4 5 to RWX (error code 0xc0000045)!
2025-05-26 02:23:46,655 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegDeleteValueA at 0x09f5ee 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:46,655 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegDeleteValueW at 0x09f5dc 10 to RWX (error code 0xc0000045)!
2025-05-26 02:23:46,671 [analyzer] CRITICAL: Unable to change memory protection of advapi32!StartServiceCtrlDispatcherW at 0x09f276 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:46,671 [analyzer] CRITICAL: Error creating function stub for advapi32!StartServiceW.
2025-05-26 02:23:46,703 [analyzer] CRITICAL: Error creating function stub for advapi32!ControlService.
2025-05-26 02:23:46,703 [analyzer] CRITICAL: Unable to change memory protection of advapi32!DeleteService at 0x09f498 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:46,703 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenSCManagerA at 0x09f336 5 to RWX (error code 0xc0000045)!
2025-05-26 02:23:46,717 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenSCManagerW at 0x09f4a8 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:46,717 [analyzer] CRITICAL: Error creating function stub for advapi32!OpenServiceA.
2025-05-26 02:23:46,717 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenServiceW at 0x09f488 5 to RWX (error code 0xc0000045)!
2025-05-26 02:23:46,717 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegCloseKey at 0x09f6b4 5 to RWX (error code 0xc0000045)!
2025-05-26 02:23:46,717 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegDeleteValueA at 0x09f5ee 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:46,717 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegDeleteValueW at 0x09f5dc 10 to RWX (error code 0xc0000045)!
2025-05-26 02:23:46,733 [analyzer] CRITICAL: Unable to change memory protection of advapi32!StartServiceCtrlDispatcherW at 0x09f276 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:46,733 [analyzer] CRITICAL: Error creating function stub for advapi32!StartServiceW.
2025-05-26 02:23:47,578 [analyzer] CRITICAL: Error creating function stub for advapi32!ControlService.
2025-05-26 02:23:47,608 [analyzer] CRITICAL: Unable to change memory protection of advapi32!DeleteService at 0x09f498 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:47,608 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenSCManagerA at 0x09f336 5 to RWX (error code 0xc0000045)!
2025-05-26 02:23:47,625 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenSCManagerW at 0x09f4a8 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:47,625 [analyzer] CRITICAL: Error creating function stub for advapi32!OpenServiceA.
2025-05-26 02:23:47,625 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenServiceW at 0x09f488 5 to RWX (error code 0xc0000045)!
2025-05-26 02:23:47,640 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegCloseKey at 0x09f6b4 5 to RWX (error code 0xc0000045)!
2025-05-26 02:23:47,640 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegDeleteValueA at 0x09f5ee 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:47,640 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegDeleteValueW at 0x09f5dc 10 to RWX (error code 0xc0000045)!
2025-05-26 02:23:47,655 [analyzer] CRITICAL: Unable to change memory protection of advapi32!StartServiceCtrlDispatcherW at 0x09f276 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:47,655 [analyzer] CRITICAL: Error creating function stub for advapi32!StartServiceW.
2025-05-26 02:23:47,796 [analyzer] CRITICAL: Error creating function stub for advapi32!ControlService.
2025-05-26 02:23:47,796 [analyzer] CRITICAL: Unable to change memory protection of advapi32!DeleteService at 0x09f498 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:47,796 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenSCManagerA at 0x09f336 5 to RWX (error code 0xc0000045)!
2025-05-26 02:23:47,812 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenSCManagerW at 0x09f4a8 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:47,812 [analyzer] CRITICAL: Error creating function stub for advapi32!OpenServiceA.
2025-05-26 02:23:47,828 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenServiceW at 0x09f488 5 to RWX (error code 0xc0000045)!
2025-05-26 02:23:47,828 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegCloseKey at 0x09f6b4 5 to RWX (error code 0xc0000045)!
2025-05-26 02:23:47,842 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegDeleteValueA at 0x09f5ee 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:47,842 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegDeleteValueW at 0x09f5dc 10 to RWX (error code 0xc0000045)!
2025-05-26 02:23:47,858 [analyzer] CRITICAL: Unable to change memory protection of advapi32!StartServiceCtrlDispatcherW at 0x09f276 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:47,858 [analyzer] CRITICAL: Error creating function stub for advapi32!StartServiceW.
2025-05-26 02:23:49,437 [analyzer] CRITICAL: Error creating function stub for advapi32!ControlService.
2025-05-26 02:23:49,437 [analyzer] CRITICAL: Unable to change memory protection of advapi32!DeleteService at 0x09f498 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:49,437 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenSCManagerA at 0x09f336 5 to RWX (error code 0xc0000045)!
2025-05-26 02:23:49,453 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenSCManagerW at 0x09f4a8 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:49,453 [analyzer] CRITICAL: Error creating function stub for advapi32!OpenServiceA.
2025-05-26 02:23:49,453 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenServiceW at 0x09f488 5 to RWX (error code 0xc0000045)!
2025-05-26 02:23:49,453 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegCloseKey at 0x09f6b4 5 to RWX (error code 0xc0000045)!
2025-05-26 02:23:49,467 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegDeleteValueA at 0x09f5ee 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:49,467 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegDeleteValueW at 0x09f5dc 10 to RWX (error code 0xc0000045)!
2025-05-26 02:23:49,467 [analyzer] CRITICAL: Unable to change memory protection of advapi32!StartServiceCtrlDispatcherW at 0x09f276 6 to RWX (error code 0xc0000045)!
2025-05-26 02:23:49,483 [analyzer] CRITICAL: Error creating function stub for advapi32!StartServiceW.
2025-05-26 01:27:20,926 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2025-05-26 01:27:21,332 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-05-26 01:27:21,346 [lib.api.process] INFO: Successfully terminated process with pid 2980.
2025-05-26 01:27:21,346 [lib.api.process] INFO: Successfully terminated process with pid 296.
2025-05-26 01:27:21,346 [analyzer] INFO: Analysis completed.

Cuckoo Log

2025-05-26 02:23:42,826 [cuckoo.core.scheduler] INFO: Task #6513176: acquired machine win7x6421 (label=win7x6421)
2025-05-26 02:23:42,826 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.221 for task #6513176
2025-05-26 02:23:43,277 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 4016831 (interface=vboxnet0, host=192.168.168.221)
2025-05-26 02:23:43,368 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6421
2025-05-26 02:23:43,932 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6421 to vmcloak
2025-05-26 02:23:53,134 [cuckoo.core.guest] INFO: Starting analysis #6513176 on guest (id=win7x6421, ip=192.168.168.221)
2025-05-26 02:23:54,140 [cuckoo.core.guest] DEBUG: win7x6421: not ready yet
2025-05-26 02:23:59,165 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6421, ip=192.168.168.221)
2025-05-26 02:23:59,249 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6421, ip=192.168.168.221, monitor=latest, size=6660546)
2025-05-26 02:24:00,608 [cuckoo.core.resultserver] DEBUG: Task #6513176: live log analysis.log initialized.
2025-05-26 02:24:01,615 [cuckoo.core.resultserver] DEBUG: Task #6513176 is sending a BSON stream
2025-05-26 02:24:02,007 [cuckoo.core.resultserver] DEBUG: Task #6513176 is sending a BSON stream
2025-05-26 02:24:02,907 [cuckoo.core.resultserver] DEBUG: Task #6513176: File upload for 'shots/0001.jpg'
2025-05-26 02:24:02,938 [cuckoo.core.resultserver] DEBUG: Task #6513176 uploaded file length: 110736
2025-05-26 02:24:12,693 [cuckoo.core.resultserver] DEBUG: Task #6513176 is sending a BSON stream
2025-05-26 02:24:15,148 [cuckoo.core.guest] DEBUG: win7x6421: analysis #6513176 still processing
2025-05-26 02:24:30,246 [cuckoo.core.guest] DEBUG: win7x6421: analysis #6513176 still processing
2025-05-26 02:24:35,915 [cuckoo.core.resultserver] DEBUG: Task #6513176: File upload for 'shots/0002.jpg'
2025-05-26 02:24:35,934 [cuckoo.core.resultserver] DEBUG: Task #6513176 uploaded file length: 109541
2025-05-26 02:24:37,043 [cuckoo.core.resultserver] DEBUG: Task #6513176: File upload for 'shots/0003.jpg'
2025-05-26 02:24:37,064 [cuckoo.core.resultserver] DEBUG: Task #6513176 uploaded file length: 118979
2025-05-26 02:24:45,332 [cuckoo.core.guest] DEBUG: win7x6421: analysis #6513176 still processing
2025-05-26 02:25:00,416 [cuckoo.core.guest] DEBUG: win7x6421: analysis #6513176 still processing
2025-05-26 02:25:15,509 [cuckoo.core.guest] DEBUG: win7x6421: analysis #6513176 still processing
2025-05-26 02:25:30,636 [cuckoo.core.guest] DEBUG: win7x6421: analysis #6513176 still processing
2025-05-26 02:25:45,729 [cuckoo.core.guest] DEBUG: win7x6421: analysis #6513176 still processing
2025-05-26 02:26:00,813 [cuckoo.core.guest] DEBUG: win7x6421: analysis #6513176 still processing
2025-05-26 02:26:15,897 [cuckoo.core.guest] DEBUG: win7x6421: analysis #6513176 still processing
2025-05-26 02:26:30,979 [cuckoo.core.guest] DEBUG: win7x6421: analysis #6513176 still processing
2025-05-26 02:26:46,061 [cuckoo.core.guest] DEBUG: win7x6421: analysis #6513176 still processing
2025-05-26 02:27:01,143 [cuckoo.core.guest] DEBUG: win7x6421: analysis #6513176 still processing
2025-05-26 02:27:16,241 [cuckoo.core.guest] DEBUG: win7x6421: analysis #6513176 still processing
2025-05-26 02:27:21,179 [cuckoo.core.resultserver] DEBUG: Task #6513176: File upload for 'curtain/1748215641.18.curtain.log'
2025-05-26 02:27:21,183 [cuckoo.core.resultserver] DEBUG: Task #6513176 uploaded file length: 36
2025-05-26 02:27:21,345 [cuckoo.core.resultserver] DEBUG: Task #6513176: File upload for 'sysmon/1748215641.33.sysmon.xml'
2025-05-26 02:27:21,354 [cuckoo.core.resultserver] DEBUG: Task #6513176 uploaded file length: 571290
2025-05-26 02:27:22,123 [cuckoo.core.resultserver] DEBUG: Task #6513176: File upload for 'shots/0004.jpg'
2025-05-26 02:27:22,144 [cuckoo.core.resultserver] DEBUG: Task #6513176 uploaded file length: 133465
2025-05-26 02:27:22,161 [cuckoo.core.resultserver] DEBUG: Task #6513176 had connection reset for <Context for LOG>
2025-05-26 02:27:22,276 [cuckoo.core.guest] INFO: win7x6421: analysis completed successfully
2025-05-26 02:27:22,289 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-05-26 02:27:22,313 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-05-26 02:27:23,376 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6421 to path /srv/cuckoo/cwd/storage/analyses/6513176/memory.dmp
2025-05-26 02:27:23,377 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6421
2025-05-26 02:27:31,115 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.221 for task #6513176
2025-05-26 02:27:31,405 [cuckoo.core.scheduler] DEBUG: Released database task #6513176
2025-05-26 02:27:31,427 [cuckoo.core.scheduler] INFO: Task #6513176: analysis procedure completed

Signatures

Checks if process is being debugged by a debugger (1 event)
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Harvests credentials from local email clients (1 event)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Microsoft Outlook\Capabilities\Hidden
Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)
Process injection Process 2980 resumed a thread in remote process 296
Time & API Arguments Status Return Repeated

NtResumeThread

 thread_handle: 0x0000000000000214
suspend_count: 1
process_identifier: 296
1 0 0
Screenshots
Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action VT Location
No hosts contacted.
Cuckoo

We're processing your submission... This could take a few seconds.