Cuckoo Sandbox

File e9832d62509f9497_jre1.8.0_46164.msi

Summary
Download Resubmit sample

Size	27.8MB
Type	Composite Document File V2 Document, Can't read SAT
MD5	`e031791c260af72b77c9b80005936f0f`
SHA1	`721ab679b5a685b37d2c6980ab43627a2e0cc305`
SHA256	`e9832d62509f94978ee9fbf53de05d1c0bc8d68831020dbdd00123698acabf6a`
SHA512	`7f955d2f3f55f0c3d6d4b37d6bcccb81b5c1632efbd3fea3d7958a6f5e64274d17b4533431f611c032124b760d2d4acd379ce904acd63c1367daf4c32ad8a1d6`
CRC32	`CD4D152B`
ssdeep	`None`
Yara	shellcode - Matched shellcode byte patterns

Score

This file appears fairly benign with a score of 0.3 out of 10.

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Autosubmit

Parent_Task_ID:6736537

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis

Category	Started	Completed	Duration	Routing	Logs
FILE	July 19, 2025, 2:14 a.m.	July 19, 2025, 2:23 a.m.	542 seconds	internet	Show Analyzer Log Show Cuckoo Log

Analyzer Log

2025-07-16 18:09:15,015 [analyzer] DEBUG: Starting analyzer from: C:\tmpt1gcja
2025-07-16 18:09:15,015 [analyzer] DEBUG: Pipe server name: \??\PIPE\ZHFiQdLvdTJDtNnqO
2025-07-16 18:09:15,015 [analyzer] DEBUG: Log pipe server name: \??\PIPE\ajzcbuWqqjFdSJGchSJGyBuwxCmJIog
2025-07-16 18:09:15,015 [analyzer] DEBUG: No analysis package specified, trying to detect it automagically.
2025-07-16 18:09:17,500 [analyzer] INFO: Automatically selected analysis package "vbs"
2025-07-16 18:09:17,765 [analyzer] DEBUG: Started auxiliary module Curtain
2025-07-16 18:09:17,765 [analyzer] DEBUG: Started auxiliary module DbgView
2025-07-16 18:09:18,203 [analyzer] DEBUG: Started auxiliary module Disguise
2025-07-16 18:09:18,405 [analyzer] DEBUG: Loaded monitor into process with pid 508
2025-07-16 18:09:18,405 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-07-16 18:09:18,405 [analyzer] DEBUG: Started auxiliary module Human
2025-07-16 18:09:18,405 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-07-16 18:09:18,405 [analyzer] DEBUG: Started auxiliary module Reboot
2025-07-16 18:09:18,500 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-07-16 18:09:18,500 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-07-16 18:09:18,500 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-07-16 18:09:18,500 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-07-16 18:09:18,500 [modules.packages.vbs] INFO: Submitted file is missing extension, added .vbs
2025-07-16 18:09:18,578 [lib.api.process] INFO: Successfully executed process from path 'C:\\Windows\\System32\\wscript.exe' with arguments [u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\e9832d62509f9497_jre1.8.0_46164.msi.vbs'] and pid 1216
2025-07-16 18:09:18,780 [analyzer] DEBUG: Loaded monitor into process with pid 1216
2025-07-16 18:09:19,187 [analyzer] INFO: io=NULL
2025-07-16 18:09:19,187 [analyzer] DEBUG: Error resolving function vbscript!COleScript_Compile through our custom callback.
2025-07-16 18:09:19,203 [analyzer] INFO: io=NULL
2025-07-16 18:09:19,203 [analyzer] DEBUG: Error resolving function vbscript!COleScript_Compile through our custom callback.
2025-07-16 18:12:37,608 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2025-07-16 18:12:39,108 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-07-16 18:12:39,108 [lib.api.process] INFO: Successfully terminated process with pid 1216.
2025-07-16 18:12:39,108 [analyzer] INFO: Analysis completed.

Cuckoo Log

2025-07-19 02:14:09,711 [cuckoo.core.scheduler] INFO: Task #6736541: acquired machine win7x642 (label=win7x642)
2025-07-19 02:14:09,712 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.202 for task #6736541
2025-07-19 02:14:10,137 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 3895047 (interface=vboxnet0, host=192.168.168.202)
2025-07-19 02:14:10,163 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x642
2025-07-19 02:14:11,201 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x642 to vmcloak
2025-07-19 02:17:07,287 [cuckoo.core.guest] INFO: Starting analysis #6736541 on guest (id=win7x642, ip=192.168.168.202)
2025-07-19 02:17:08,295 [cuckoo.core.guest] DEBUG: win7x642: not ready yet
2025-07-19 02:17:13,325 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x642, ip=192.168.168.202)
2025-07-19 02:17:13,394 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x642, ip=192.168.168.202, monitor=latest, size=6660546)
2025-07-19 02:17:16,280 [cuckoo.core.resultserver] DEBUG: Task #6736541: live log analysis.log initialized.
2025-07-19 02:17:19,637 [cuckoo.core.resultserver] DEBUG: Task #6736541 is sending a BSON stream
2025-07-19 02:17:19,949 [cuckoo.core.resultserver] DEBUG: Task #6736541 is sending a BSON stream
2025-07-19 02:17:20,903 [cuckoo.core.resultserver] DEBUG: Task #6736541: File upload for 'shots/0001.jpg'
2025-07-19 02:17:20,922 [cuckoo.core.resultserver] DEBUG: Task #6736541 uploaded file length: 133580
2025-07-19 02:17:22,016 [cuckoo.core.resultserver] DEBUG: Task #6736541: File upload for 'shots/0002.jpg'
2025-07-19 02:17:22,029 [cuckoo.core.resultserver] DEBUG: Task #6736541 uploaded file length: 135606
2025-07-19 02:17:30,950 [cuckoo.core.guest] DEBUG: win7x642: analysis #6736541 still processing
2025-07-19 02:17:46,064 [cuckoo.core.guest] DEBUG: win7x642: analysis #6736541 still processing
2025-07-19 02:18:01,159 [cuckoo.core.guest] DEBUG: win7x642: analysis #6736541 still processing
2025-07-19 02:18:16,293 [cuckoo.core.guest] DEBUG: win7x642: analysis #6736541 still processing
2025-07-19 02:18:31,489 [cuckoo.core.guest] DEBUG: win7x642: analysis #6736541 still processing
2025-07-19 02:18:46,701 [cuckoo.core.guest] DEBUG: win7x642: analysis #6736541 still processing
2025-07-19 02:19:01,784 [cuckoo.core.guest] DEBUG: win7x642: analysis #6736541 still processing
2025-07-19 02:19:16,925 [cuckoo.core.guest] DEBUG: win7x642: analysis #6736541 still processing
2025-07-19 02:19:32,052 [cuckoo.core.guest] DEBUG: win7x642: analysis #6736541 still processing
2025-07-19 02:19:47,281 [cuckoo.core.guest] DEBUG: win7x642: analysis #6736541 still processing
2025-07-19 02:20:02,532 [cuckoo.core.guest] DEBUG: win7x642: analysis #6736541 still processing
2025-07-19 02:20:17,801 [cuckoo.core.guest] DEBUG: win7x642: analysis #6736541 still processing
2025-07-19 02:20:32,948 [cuckoo.core.guest] DEBUG: win7x642: analysis #6736541 still processing
2025-07-19 02:20:39,110 [cuckoo.core.resultserver] DEBUG: Task #6736541: File upload for 'curtain/1752682357.81.curtain.log'
2025-07-19 02:20:39,114 [cuckoo.core.resultserver] DEBUG: Task #6736541 uploaded file length: 36
2025-07-19 02:20:40,317 [cuckoo.core.resultserver] DEBUG: Task #6736541: File upload for 'sysmon/1752682358.92.sysmon.xml'
2025-07-19 02:20:40,412 [cuckoo.core.resultserver] DEBUG: Task #6736541 uploaded file length: 15673304
2025-07-19 02:20:40,440 [cuckoo.core.resultserver] DEBUG: Task #6736541 had connection reset for <Context for LOG>
2025-07-19 02:20:42,008 [cuckoo.core.guest] INFO: win7x642: analysis completed successfully
2025-07-19 02:20:42,037 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-07-19 02:20:42,064 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-07-19 02:20:43,328 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x642 to path /srv/cuckoo/cwd/storage/analyses/6736541/memory.dmp
2025-07-19 02:20:43,331 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x642
2025-07-19 02:23:10,123 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.202 for task #6736541
2025-07-19 02:23:10,585 [cuckoo.core.scheduler] DEBUG: Released database task #6736541
2025-07-19 02:23:10,615 [cuckoo.core.scheduler] INFO: Task #6736541: analysis procedure completed