Cuckoo Sandbox

File a274a2024b8a2a067aca9c5b24650d7746b1f2498ca7ae31f46230e2290f8a14

Summary
Download Resubmit sample

Size	550.2KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f19d474725fe17031efd01bf51074eb0`
SHA1	`70fbdc3fc9fc310c7925ebd73300417ce0c98e50`
SHA256	`a274a2024b8a2a067aca9c5b24650d7746b1f2498ca7ae31f46230e2290f8a14`
SHA512	`21c8f0ce643a431bda9eda8127c96c9982bc8f41122c5fdaf7ec2cea6d3c28e4dd10e1b479f44412851b65b89ff8a90f400c67bcff923ede40dcbc535e0a75f8`
CRC32	`1DACE773`
ssdeep	`None`
Yara	DebuggerException__SetConsoleCtrl - (no description) win_mutex - Create or check mutex win_registry - Affect system registries win_files_operation - Affect private profile

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Autosubmit

6755802

6755803

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis

Category	Started	Completed	Duration	Routing	Logs
FILE	July 20, 2025, 11:57 a.m.	July 20, 2025, 12:04 p.m.	417 seconds	internet	Show Analyzer Log Show Cuckoo Log

Analyzer Log

2025-07-18 10:40:39,015 [analyzer] DEBUG: Starting analyzer from: C:\tmpblqbwr
2025-07-18 10:40:39,015 [analyzer] DEBUG: Pipe server name: \??\PIPE\HiyqYAWujjJsmtjXiXebMlQr
2025-07-18 10:40:39,015 [analyzer] DEBUG: Log pipe server name: \??\PIPE\cyPeYFlGzqDwiqLYknANPUp
2025-07-18 10:40:39,328 [analyzer] DEBUG: Started auxiliary module Curtain
2025-07-18 10:40:39,328 [analyzer] DEBUG: Started auxiliary module DbgView
2025-07-18 10:40:39,842 [analyzer] DEBUG: Started auxiliary module Disguise
2025-07-18 10:40:40,062 [analyzer] DEBUG: Loaded monitor into process with pid 504
2025-07-18 10:40:40,062 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-07-18 10:40:40,062 [analyzer] DEBUG: Started auxiliary module Human
2025-07-18 10:40:40,062 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-07-18 10:40:40,078 [analyzer] DEBUG: Started auxiliary module Reboot
2025-07-18 10:40:40,187 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-07-18 10:40:40,187 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-07-18 10:40:40,187 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-07-18 10:40:40,187 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-07-18 10:40:40,358 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\a274a2024b8a2a067aca9c5b24650d7746b1f2498ca7ae31f46230e2290f8a14.exe' with arguments '' and pid 1472
2025-07-18 10:40:40,530 [analyzer] DEBUG: Loaded monitor into process with pid 1472
2025-07-18 10:40:40,921 [analyzer] INFO: Added new file to list with pid 1472 and path C:\Windowsd50l2bvpd8
2025-07-18 10:40:41,000 [analyzer] INFO: Added new file to list with pid 1472 and path C:\Program Files\Common Files\Microsoft Shared\beast [milf] balls .rar.exe
2025-07-18 10:40:41,280 [analyzer] INFO: Added new file to list with pid 1472 and path C:\Program Files\DVD Maker\Shared\wiya6rsl cum w6es4ton girls latex .mpeg.exe
2025-07-18 10:40:41,687 [analyzer] INFO: Added new file to list with pid 1472 and path C:\Program Files\Microsoft Office\Templates\wwa6b1o6 jspx4i sperm g28gx7w6vur32j wifey .avi.exe
2025-07-18 10:40:41,687 [analyzer] INFO: Added new file to list with pid 1472 and path C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\u8ywwbo cfj670ah3 76qp9o6j uncut .mpg.exe
2025-07-18 10:40:41,780 [analyzer] INFO: Added new file to list with pid 1472 and path C:\Program Files\Windows Journal\Templates\wwa6b1o6 nude chkaba9s0 g28gx7w6vur32j  (ihcwxtl).mpg.exe
2025-07-18 10:40:41,921 [analyzer] INFO: Added new file to list with pid 1472 and path C:\Program Files\Windows Sidebar\Shared Gadgets\u8ywwbo mgdo94z3fb2 v8jedw8 nugdmg18bgxp titts girly .mpeg.exe
2025-07-18 10:40:41,967 [analyzer] INFO: Added new file to list with pid 1472 and path C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\wwa6b1o6 jspx4i 76qp9o6j i4caruo  (y07q3wv).zip.exe
2025-07-18 10:40:42,108 [analyzer] INFO: Added new file to list with pid 1472 and path C:\Program Files (x86)\Common Files\microsoft shared\sperm mtn66856s5 63k9qbq9xg .zip.exe
2025-07-18 10:40:42,483 [analyzer] INFO: Added new file to list with pid 1472 and path C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\mue28dl c4ou4r0 76qp9o6j nk2tll  (Jade).rar.exe
2025-07-18 10:40:42,625 [analyzer] INFO: Added new file to list with pid 1472 and path C:\ProgramData\Microsoft\RAC\Temp\beast [free] 4x3h6c .zip.exe
2025-07-18 10:40:42,765 [analyzer] INFO: Injected into process with pid 1368 and name ''
2025-07-18 10:40:42,765 [analyzer] INFO: Added new file to list with pid 1472 and path C:\ProgramData\Microsoft\Search\Data\Temp\r2bdcnb horse beast i4caruo cock .mpg.exe
2025-07-18 10:40:42,858 [analyzer] INFO: Added new file to list with pid 1472 and path C:\ProgramData\Microsoft\Windows\Templates\y3hndyq cum gay i4caruo 6cp2to .avi.exe
2025-07-18 10:40:42,921 [analyzer] DEBUG: Loaded monitor into process with pid 1368
2025-07-18 10:40:42,921 [analyzer] INFO: Added new file to list with pid 1472 and path C:\ProgramData\Microsoft\Windows\Templates\q0vgw72 ni0p0dq8 titts .rar.exe
2025-07-18 10:40:43,375 [analyzer] INFO: Added new file to list with pid 1472 and path C:\tmpblqbwr\likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe
2025-07-18 10:40:43,483 [analyzer] INFO: Added new file to list with pid 1472 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\wiya6rsl jspx4i qtcr1re nk2tll p834ynn .mpg.exe
2025-07-18 10:40:43,578 [analyzer] INFO: Added new file to list with pid 1472 and path C:\Users\Administrator\AppData\Local\Temp\y3hndyq jspx4i q0vgw72 uncut .rar.exe
2025-07-18 10:40:43,608 [analyzer] INFO: Added new file to list with pid 1472 and path C:\Users\Administrator\AppData\Local\Temp\mozilla-temp-files\v8jedw8 hot (!) hairy  (Jenna,Jade).zip.exe
2025-07-18 10:40:43,640 [analyzer] INFO: Added new file to list with pid 1472 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\wwa6b1o6 cfj670ah3 sperm g28gx7w6vur32j glans 63k9qbq9xg  (Sarah).zip.exe
2025-07-18 10:40:43,858 [analyzer] INFO: Added new file to list with pid 1472 and path C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\26uao4g58 c4ou4r0 horse ibxj3s2 hole p834ynn  (Liz).avi.exe
2025-07-18 10:40:43,983 [analyzer] INFO: Added new file to list with pid 1472 and path C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\98edvx nude w6es4ton ibxj3s2 hole .rar.exe
2025-07-18 10:40:44,062 [analyzer] INFO: Added new file to list with pid 1472 and path C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\wiya6rsl mgdo94z3fb2 ibxj3s2 nugdmg18bgxp feet  (Sandy,Liz).rar.exe
2025-07-18 10:40:44,187 [analyzer] INFO: Added new file to list with pid 1472 and path C:\ProgramData\Microsoft\RAC\Temp\black mgdo94z3fb2 horse girls ct48q6s .rar.exe
2025-07-18 10:40:44,280 [analyzer] INFO: Added new file to list with pid 1472 and path C:\ProgramData\Microsoft\Windows\Templates\black 2eoamoy v8jedw8 [milf] shoes  (h91n03x,1bcw83k).zip.exe
2025-07-18 10:40:44,328 [analyzer] INFO: Added new file to list with pid 1472 and path C:\ProgramData\Microsoft\Windows\Templates\likl9f cum ibxj3s2 dtovzr  (Liz).rar.exe
2025-07-18 10:40:44,342 [analyzer] INFO: Added new file to list with pid 1472 and path C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\r2bdcnb 2eoamoy gay i4caruo titts 63k9qbq9xg  (e6rl5yo1).rar.exe
2025-07-18 10:40:44,405 [analyzer] INFO: Added new file to list with pid 1472 and path C:\Users\Default\AppData\Local\Temp\wwa6b1o6 jspx4i xxx dtovzr titts sweet .zip.exe
2025-07-18 10:40:44,437 [analyzer] INFO: Added new file to list with pid 1472 and path C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\y3hndyq mgdo94z3fb2 gay girls glans .mpeg.exe
2025-07-18 10:40:44,483 [analyzer] INFO: Added new file to list with pid 1472 and path C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\26uao4g58 porn q0vgw72 nugdmg18bgxp 8fldm8kp .mpeg.exe
2025-07-18 10:40:44,530 [analyzer] INFO: Added new file to list with pid 1472 and path C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\likl9f nude 76qp9o6j g28gx7w6vur32j p834ynn  (Sonja,1bcw83k).avi.exe
2025-07-18 10:40:44,640 [analyzer] INFO: Added new file to list with pid 1472 and path C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\chkaba9s0 jbp79p hole ioey6bh0bls  (Liz).avi.exe
2025-07-18 10:40:44,655 [analyzer] INFO: Added new file to list with pid 1472 and path C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\26uao4g58 c4ou4r0 horse ni0p0dq8 hairy  (xr0uanj,1bcw83k).mpeg.exe
2025-07-18 10:40:44,780 [analyzer] INFO: Added new file to list with pid 1472 and path C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\likl9f nude v8jedw8 i4caruo 9w4xilz6j2 .mpeg.exe
2025-07-18 10:40:44,812 [analyzer] INFO: Added new file to list with pid 1472 and path C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\chkaba9s0 [bangbus] latex .mpg.exe
2025-07-18 10:41:09,358 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2025-07-18 10:41:09,828 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-07-18 10:41:09,842 [lib.api.process] INFO: Successfully terminated process with pid 1472.
2025-07-18 10:41:09,842 [lib.api.process] INFO: Successfully terminated process with pid 1368.
2025-07-18 10:41:10,578 [analyzer] WARNING: Too many files: c:\windows\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\likl9f nude v8jedw8 i4caruo 9w4xilz6j2 .mpeg.exe
2025-07-18 10:41:10,578 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\roaming\microsoft\windows\templates\wiya6rsl mgdo94z3fb2 ibxj3s2 nugdmg18bgxp feet  (sandy,liz).rar.exe
2025-07-18 10:41:10,578 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\mozilla-temp-files\v8jedw8 hot (!) hairy  (jenna,jade).zip.exe
2025-07-18 10:41:10,592 [analyzer] WARNING: Too many files: c:\users\default\appdata\local\microsoft\windows\temporary internet files\y3hndyq mgdo94z3fb2 gay girls glans .mpeg.exe
2025-07-18 10:41:10,592 [analyzer] WARNING: Too many files: c:\users\default\appdata\local\temp\wwa6b1o6 jspx4i xxx dtovzr titts sweet .zip.exe
2025-07-18 10:41:10,592 [analyzer] WARNING: Too many files: c:\program files\windows sidebar\shared gadgets\u8ywwbo mgdo94z3fb2 v8jedw8 nugdmg18bgxp titts girly .mpeg.exe
2025-07-18 10:41:10,592 [analyzer] WARNING: Too many files: c:\users\default\appdata\roaming\microsoft\windows\templates\26uao4g58 porn q0vgw72 nugdmg18bgxp 8fldm8kp .mpeg.exe
2025-07-18 10:41:10,592 [analyzer] WARNING: Too many files: c:\program files\microsoft office\templates\wwa6b1o6 jspx4i sperm g28gx7w6vur32j wifey .avi.exe
2025-07-18 10:41:10,592 [analyzer] INFO: Analysis completed.

Cuckoo Log

2025-07-20 11:57:12,873 [cuckoo.core.scheduler] INFO: Task #6746729: acquired machine win7x6418 (label=win7x6418)
2025-07-20 11:57:12,874 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.218 for task #6746729
2025-07-20 11:57:13,376 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 2903692 (interface=vboxnet0, host=192.168.168.218)
2025-07-20 11:57:13,675 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6418
2025-07-20 11:57:14,857 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6418 to vmcloak
2025-07-20 12:00:28,733 [cuckoo.core.guest] INFO: Starting analysis #6746729 on guest (id=win7x6418, ip=192.168.168.218)
2025-07-20 12:00:29,738 [cuckoo.core.guest] DEBUG: win7x6418: not ready yet
2025-07-20 12:00:34,766 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6418, ip=192.168.168.218)
2025-07-20 12:00:34,854 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6418, ip=192.168.168.218, monitor=latest, size=6660546)
2025-07-20 12:00:36,128 [cuckoo.core.resultserver] DEBUG: Task #6746729: live log analysis.log initialized.
2025-07-20 12:00:37,145 [cuckoo.core.resultserver] DEBUG: Task #6746729 is sending a BSON stream
2025-07-20 12:00:37,723 [cuckoo.core.resultserver] DEBUG: Task #6746729 is sending a BSON stream
2025-07-20 12:00:38,441 [cuckoo.core.resultserver] DEBUG: Task #6746729: File upload for 'shots/0001.jpg'
2025-07-20 12:00:38,458 [cuckoo.core.resultserver] DEBUG: Task #6746729 uploaded file length: 133507
2025-07-20 12:00:39,985 [cuckoo.core.resultserver] DEBUG: Task #6746729 is sending a BSON stream
2025-07-20 12:00:50,899 [cuckoo.core.guest] DEBUG: win7x6418: analysis #6746729 still processing
2025-07-20 12:01:06,345 [cuckoo.core.guest] DEBUG: win7x6418: analysis #6746729 still processing
2025-07-20 12:01:06,805 [cuckoo.core.resultserver] DEBUG: Task #6746729: File upload for 'curtain/1752828069.56.curtain.log'
2025-07-20 12:01:06,807 [cuckoo.core.resultserver] DEBUG: Task #6746729 uploaded file length: 36
2025-07-20 12:01:06,908 [cuckoo.core.resultserver] DEBUG: Task #6746729: File upload for 'sysmon/1752828069.77.sysmon.xml'
2025-07-20 12:01:06,998 [cuckoo.core.resultserver] DEBUG: Task #6746729 uploaded file length: 1681240
2025-07-20 12:01:07,015 [cuckoo.core.resultserver] DEBUG: Task #6746729: File upload for 'files/2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe'
2025-07-20 12:01:07,038 [cuckoo.core.resultserver] DEBUG: Task #6746729 uploaded file length: 1025445
2025-07-20 12:01:07,050 [cuckoo.core.resultserver] DEBUG: Task #6746729: File upload for 'files/8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe'
2025-07-20 12:01:07,056 [cuckoo.core.resultserver] DEBUG: Task #6746729: File upload for 'files/cc322f925fccebbf_wwa6b1o6 nude chkaba9s0 g28gx7w6vur32j  (ihcwxtl).mpg.exe'
2025-07-20 12:01:07,060 [cuckoo.core.resultserver] DEBUG: Task #6746729 uploaded file length: 508665
2025-07-20 12:01:07,084 [cuckoo.core.resultserver] DEBUG: Task #6746729 uploaded file length: 1688045
2025-07-20 12:01:07,101 [cuckoo.core.resultserver] DEBUG: Task #6746729: File upload for 'files/df1b9c343a3f45df_q0vgw72 ni0p0dq8 titts .rar.exe'
2025-07-20 12:01:07,113 [cuckoo.core.resultserver] DEBUG: Task #6746729 uploaded file length: 1076602
2025-07-20 12:01:07,127 [cuckoo.core.resultserver] DEBUG: Task #6746729: File upload for 'files/3c48827886439b39_wiya6rsl cum w6es4ton girls latex .mpeg.exe'
2025-07-20 12:01:07,140 [cuckoo.core.resultserver] DEBUG: Task #6746729 uploaded file length: 1424624
2025-07-20 12:01:07,162 [cuckoo.core.resultserver] DEBUG: Task #6746729: File upload for 'files/6ca4a3231bdd678e_likl9f cum ibxj3s2 dtovzr  (liz).rar.exe'
2025-07-20 12:01:07,170 [cuckoo.core.resultserver] DEBUG: Task #6746729: File upload for 'files/78f1cddedc46264c_chkaba9s0 [bangbus] latex .mpg.exe'
2025-07-20 12:01:07,172 [cuckoo.core.resultserver] DEBUG: Task #6746729 uploaded file length: 127817
2025-07-20 12:01:07,178 [cuckoo.core.resultserver] DEBUG: Task #6746729: File upload for 'files/f70474403487a7c9_r2bdcnb horse beast i4caruo cock .mpg.exe'
2025-07-20 12:01:07,183 [cuckoo.core.resultserver] DEBUG: Task #6746729 uploaded file length: 466020
2025-07-20 12:01:07,253 [cuckoo.core.resultserver] DEBUG: Task #6746729 uploaded file length: 2173650
2025-07-20 12:01:07,273 [cuckoo.core.resultserver] DEBUG: Task #6746729: File upload for 'files/f50413bed7113bc3_wwa6b1o6 jspx4i 76qp9o6j i4caruo  (y07q3wv).zip.exe'
2025-07-20 12:01:07,284 [cuckoo.core.resultserver] DEBUG: Task #6746729 uploaded file length: 1131343
2025-07-20 12:01:07,304 [cuckoo.core.resultserver] DEBUG: Task #6746729: File upload for 'files/11b31f7bbb1b38cf_likl9f nude 76qp9o6j g28gx7w6vur32j p834ynn  (sonja,1bcw83k).avi.exe'
2025-07-20 12:01:07,307 [cuckoo.core.resultserver] DEBUG: Task #6746729: File upload for 'files/105a57edd17a4793_u8ywwbo cfj670ah3 76qp9o6j uncut .mpg.exe'
2025-07-20 12:01:07,309 [cuckoo.core.resultserver] DEBUG: Task #6746729 uploaded file length: 90021
2025-07-20 12:01:07,334 [cuckoo.core.resultserver] DEBUG: Task #6746729: File upload for 'files/6a84e59dbd8b6399_wwa6b1o6 cfj670ah3 sperm g28gx7w6vur32j glans 63k9qbq9xg  (sarah).zip.exe'
2025-07-20 12:01:07,340 [cuckoo.core.resultserver] DEBUG: Task #6746729 uploaded file length: 895089
2025-07-20 12:01:07,366 [cuckoo.core.resultserver] DEBUG: Task #6746729 uploaded file length: 2008345
2025-07-20 12:01:07,373 [cuckoo.core.resultserver] DEBUG: Task #6746729: File upload for 'files/2867ae2279547acb_98edvx nude w6es4ton ibxj3s2 hole .rar.exe'
2025-07-20 12:01:07,376 [cuckoo.core.resultserver] DEBUG: Task #6746729 uploaded file length: 247554
2025-07-20 12:01:07,379 [cuckoo.core.resultserver] DEBUG: Task #6746729: File upload for 'files/36c3d7c2469ae7fe_chkaba9s0 jbp79p hole ioey6bh0bls  (liz).avi.exe'
2025-07-20 12:01:07,383 [cuckoo.core.resultserver] DEBUG: Task #6746729 uploaded file length: 315975
2025-07-20 12:01:07,387 [cuckoo.core.resultserver] DEBUG: Task #6746729: File upload for 'files/a325de1dfd04a691_black mgdo94z3fb2 horse girls ct48q6s .rar.exe'
2025-07-20 12:01:07,417 [cuckoo.core.resultserver] DEBUG: Task #6746729: File upload for 'files/91173518e8dba425_y3hndyq cum gay i4caruo 6cp2to .avi.exe'
2025-07-20 12:01:07,419 [cuckoo.core.resultserver] DEBUG: Task #6746729: File upload for 'files/c08f0f0661d1eefd_black 2eoamoy v8jedw8 [milf] shoes  (h91n03x,1bcw83k).zip.exe'
2025-07-20 12:01:07,424 [cuckoo.core.resultserver] DEBUG: Task #6746729 uploaded file length: 598316
2025-07-20 12:01:07,427 [cuckoo.core.resultserver] DEBUG: Task #6746729 uploaded file length: 312930
2025-07-20 12:01:07,431 [cuckoo.core.resultserver] DEBUG: Task #6746729 uploaded file length: 752511
2025-07-20 12:01:07,436 [cuckoo.core.resultserver] DEBUG: Task #6746729: File upload for 'files/59cbe46f4dc94f3b_wiya6rsl jspx4i qtcr1re nk2tll p834ynn .mpg.exe'
2025-07-20 12:01:07,460 [cuckoo.core.resultserver] DEBUG: Task #6746729 uploaded file length: 1805436
2025-07-20 12:01:07,475 [cuckoo.core.resultserver] DEBUG: Task #6746729: File upload for 'files/5e7629f66e4d785d_r2bdcnb 2eoamoy gay i4caruo titts 63k9qbq9xg  (e6rl5yo1).rar.exe'
2025-07-20 12:01:07,494 [cuckoo.core.resultserver] DEBUG: Task #6746729 uploaded file length: 1748097
2025-07-20 12:01:07,509 [cuckoo.core.resultserver] DEBUG: Task #6746729: File upload for 'files/5dcde9a157d87ec0_mue28dl c4ou4r0 76qp9o6j nk2tll  (jade).rar.exe'
2025-07-20 12:01:07,516 [cuckoo.core.resultserver] DEBUG: Task #6746729 uploaded file length: 311407
2025-07-20 12:01:07,544 [cuckoo.core.resultserver] DEBUG: Task #6746729: File upload for 'files/3100b787bcbeab19_beast [free] 4x3h6c .zip.exe'
2025-07-20 12:01:07,563 [cuckoo.core.resultserver] DEBUG: Task #6746729 uploaded file length: 1911680
2025-07-20 12:01:07,586 [cuckoo.core.resultserver] DEBUG: Task #6746729: File upload for 'files/a28eebf32b30fe87_windowsd50l2bvpd8'
2025-07-20 12:01:07,615 [cuckoo.core.resultserver] DEBUG: Task #6746729 uploaded file length: 2129192
2025-07-20 12:01:07,625 [cuckoo.core.resultserver] DEBUG: Task #6746729: File upload for 'files/30ea6f26033d5a67_26uao4g58 c4ou4r0 horse ibxj3s2 hole p834ynn  (liz).avi.exe'
2025-07-20 12:01:07,650 [cuckoo.core.resultserver] DEBUG: Task #6746729 uploaded file length: 1764573
2025-07-20 12:01:07,659 [cuckoo.core.resultserver] DEBUG: Task #6746729: File upload for 'files/2ba859575fdcb05b_26uao4g58 c4ou4r0 horse ni0p0dq8 hairy  (xr0uanj,1bcw83k).mpeg.exe'
2025-07-20 12:01:07,730 [cuckoo.core.resultserver] DEBUG: Task #6746729 uploaded file length: 1430669
2025-07-20 12:01:07,736 [cuckoo.core.resultserver] DEBUG: Task #6746729: File upload for 'files/b4240b2b63aeb501_beast [milf] balls .rar.exe'
2025-07-20 12:01:07,742 [cuckoo.core.resultserver] DEBUG: Task #6746729 uploaded file length: 484114
2025-07-20 12:01:07,748 [cuckoo.core.resultserver] DEBUG: Task #6746729: File upload for 'files/d70cbc795320de6e_sperm mtn66856s5 63k9qbq9xg .zip.exe'
2025-07-20 12:01:07,760 [cuckoo.core.resultserver] DEBUG: Task #6746729 uploaded file length: 415688
2025-07-20 12:01:07,781 [cuckoo.core.resultserver] DEBUG: Task #6746729 had connection reset for <Context for LOG>
2025-07-20 12:01:09,357 [cuckoo.core.guest] INFO: win7x6418: analysis completed successfully
2025-07-20 12:01:09,371 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-07-20 12:01:09,393 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-07-20 12:01:10,876 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6418 to path /srv/cuckoo/cwd/storage/analyses/6746729/memory.dmp
2025-07-20 12:01:10,877 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6418
2025-07-20 12:04:09,398 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.218 for task #6746729
2025-07-20 12:04:10,182 [cuckoo.core.scheduler] DEBUG: Released database task #6746729
2025-07-20 12:04:10,204 [cuckoo.core.scheduler] INFO: Task #6746729: analysis procedure completed

Signatures

Yara rules detected for file (4 events)

description	(no description)	rule	DebuggerException__SetConsoleCtrl
description	Create or check mutex	rule	win_mutex
description	Affect system registries	rule	win_registry
description	Affect private profile	rule	win_files_operation

The executable uses a known packer (1 event)

packer

Pelles C 3.00, 4.00, 4.50 EXE (X86 CRT-LIB)

A process attempted to delay the analysis task. (1 event)

description

a274a2024b8a2a067aca9c5b24650d7746b1f2498ca7ae31f46230e2290f8a14.exe tried to sleep 174 seconds, actually delayed analysis time by 174 seconds

Creates executable files on the filesystem (33 events)

file	C:\Users\All Users\Microsoft\RAC\Temp\black mgdo94z3fb2 horse girls ct48q6s .rar.exe
file	C:\Users\All Users\Microsoft\Windows\Templates\black 2eoamoy v8jedw8 [milf] shoes (h91n03x,1bcw83k).zip.exe
file	C:\Users\Administrator\AppData\Local\Temporary Internet Files\wwa6b1o6 cfj670ah3 sperm g28gx7w6vur32j glans 63k9qbq9xg (Sarah).zip.exe
file	C:\Program Files\Windows Journal\Templates\wwa6b1o6 nude chkaba9s0 g28gx7w6vur32j (ihcwxtl).mpg.exe
file	C:\Users\Administrator\AppData\Local\Temp\y3hndyq jspx4i q0vgw72 uncut .rar.exe
file	C:\Program Files\Common Files\Microsoft Shared\beast [milf] balls .rar.exe
file	C:\Program Files (x86)\Common Files\microsoft shared\sperm mtn66856s5 63k9qbq9xg .zip.exe
file	C:\ProgramData\Microsoft\Search\Data\Temp\r2bdcnb horse beast i4caruo cock .mpg.exe
file	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\mue28dl c4ou4r0 76qp9o6j nk2tll (Jade).rar.exe
file	C:\ProgramData\Microsoft\RAC\Temp\beast [free] 4x3h6c .zip.exe
file	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\wwa6b1o6 jspx4i 76qp9o6j i4caruo (y07q3wv).zip.exe
file	C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\u8ywwbo cfj670ah3 76qp9o6j uncut .mpg.exe
file	C:\Users\Administrator\Templates\wiya6rsl mgdo94z3fb2 ibxj3s2 nugdmg18bgxp feet (Sandy,Liz).rar.exe
file	C:\Users\Administrator\AppData\Local\Temp\mozilla-temp-files\v8jedw8 hot (!) hairy (Jenna,Jade).zip.exe
file	C:\Users\All Users\Templates\likl9f cum ibxj3s2 dtovzr (Liz).rar.exe
file	C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\26uao4g58 c4ou4r0 horse ibxj3s2 hole p834ynn (Liz).avi.exe
file	C:\Users\Default\AppData\Local\Temporary Internet Files\y3hndyq mgdo94z3fb2 gay girls glans .mpeg.exe
file	C:\ProgramData\Microsoft\Windows\Templates\y3hndyq cum gay i4caruo 6cp2to .avi.exe
file	C:\Users\Default\AppData\Local\Temp\wwa6b1o6 jspx4i xxx dtovzr titts sweet .zip.exe
file	C:\Program Files\DVD Maker\Shared\wiya6rsl cum w6es4ton girls latex .mpeg.exe
file	C:\Program Files\Windows Sidebar\Shared Gadgets\u8ywwbo mgdo94z3fb2 v8jedw8 nugdmg18bgxp titts girly .mpeg.exe
file	C:\tmpblqbwr\likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe
file	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\26uao4g58 porn q0vgw72 nugdmg18bgxp 8fldm8kp .mpeg.exe
file	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\wiya6rsl jspx4i qtcr1re nk2tll p834ynn .mpg.exe
file	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\r2bdcnb 2eoamoy gay i4caruo titts 63k9qbq9xg (e6rl5yo1).rar.exe
file	C:\ProgramData\Templates\q0vgw72 ni0p0dq8 titts .rar.exe
file	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\chkaba9s0 jbp79p hole ioey6bh0bls (Liz).avi.exe
file	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\chkaba9s0 [bangbus] latex .mpg.exe
file	C:\Users\Default\Templates\likl9f nude 76qp9o6j g28gx7w6vur32j p834ynn (Sonja,1bcw83k).avi.exe
file	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\likl9f nude v8jedw8 i4caruo 9w4xilz6j2 .mpeg.exe
file	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\26uao4g58 c4ou4r0 horse ni0p0dq8 hairy (xr0uanj,1bcw83k).mpeg.exe
file	C:\Program Files\Microsoft Office\Templates\wwa6b1o6 jspx4i sperm g28gx7w6vur32j wifey .avi.exe
file	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\98edvx nude w6es4ton ibxj3s2 hole .rar.exe

Drops an executable to the user AppData folder (1 event)

file	C:\Users\Administrator\AppData\Local\Temp\y3hndyq jspx4i q0vgw72 uncut .rar.exe

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (4 events)

Time & API	Arguments	Status	Return
Process32NextW July 18, 2025, 11:40 a.m.	snapshot_handle: 0x00000138 process_name: mobsync.exe process_identifier: 940	1	1
Process32NextW July 18, 2025, 11:40 a.m.	snapshot_handle: 0x00000138 process_name: pythonw.exe process_identifier: 1260	1	1
Process32NextW July 18, 2025, 11:40 a.m.	snapshot_handle: 0x00000138 process_name: taskhost.exe process_identifier: 2804	1	1
Process32NextW July 18, 2025, 11:40 a.m.	snapshot_handle: 0x00000138 process_name: a274a2024b8a2a067aca9c5b24650d7746b1f2498ca7ae31f46230e2290f8a14.exe process_identifier: 1472	1	1

Repeatedly searches for a not-found process, you may want to run a web browser during analysis (27 events)

Time & API	Arguments	Status	Return	Repeated
Process32NextW July 18, 2025, 11:40 a.m.	snapshot_handle: 0x00000138 process_name: a274a2024b8a2a067aca9c5b24650d7746b1f2498ca7ae31f46230e2290f8a14.exe process_identifier: 1472		0	0
Process32NextW July 18, 2025, 11:40 a.m.	snapshot_handle: 0x00000270 process_name: a274a2024b8a2a067aca9c5b24650d7746b1f2498ca7ae31f46230e2290f8a14.exe process_identifier: 1368		0	0
Process32NextW July 18, 2025, 11:40 a.m.	snapshot_handle: 0x00000288 process_name: a274a2024b8a2a067aca9c5b24650d7746b1f2498ca7ae31f46230e2290f8a14.exe process_identifier: 1148		0	0
Process32NextW July 18, 2025, 11:40 a.m.	snapshot_handle: 0x00000288 process_name: a274a2024b8a2a067aca9c5b24650d7746b1f2498ca7ae31f46230e2290f8a14.exe process_identifier: 1148		0	0
Process32NextW July 18, 2025, 11:40 a.m.	snapshot_handle: 0x00000288 process_name: a274a2024b8a2a067aca9c5b24650d7746b1f2498ca7ae31f46230e2290f8a14.exe process_identifier: 1148		0	0
Process32NextW July 18, 2025, 11:40 a.m.	snapshot_handle: 0x00000288 process_name: a274a2024b8a2a067aca9c5b24650d7746b1f2498ca7ae31f46230e2290f8a14.exe process_identifier: 1148		0	0
Process32NextW July 18, 2025, 11:40 a.m.	snapshot_handle: 0x00000288 process_name: a274a2024b8a2a067aca9c5b24650d7746b1f2498ca7ae31f46230e2290f8a14.exe process_identifier: 1148		0	0
Process32NextW July 18, 2025, 11:40 a.m.	snapshot_handle: 0x00000288 process_name: a274a2024b8a2a067aca9c5b24650d7746b1f2498ca7ae31f46230e2290f8a14.exe process_identifier: 1148		0	0
Process32NextW July 18, 2025, 11:40 a.m.	snapshot_handle: 0x00000288 process_name: a274a2024b8a2a067aca9c5b24650d7746b1f2498ca7ae31f46230e2290f8a14.exe process_identifier: 1148		0	0
Process32NextW July 18, 2025, 11:41 a.m.	snapshot_handle: 0x00000288 process_name: a274a2024b8a2a067aca9c5b24650d7746b1f2498ca7ae31f46230e2290f8a14.exe process_identifier: 1148		0	0
Process32NextW July 18, 2025, 11:41 a.m.	snapshot_handle: 0x00000288 process_name: a274a2024b8a2a067aca9c5b24650d7746b1f2498ca7ae31f46230e2290f8a14.exe process_identifier: 1148		0	0
Process32NextW July 18, 2025, 11:41 a.m.	snapshot_handle: 0x00000288 process_name: a274a2024b8a2a067aca9c5b24650d7746b1f2498ca7ae31f46230e2290f8a14.exe process_identifier: 1148		0	0
Process32NextW July 18, 2025, 11:41 a.m.	snapshot_handle: 0x00000288 process_name: a274a2024b8a2a067aca9c5b24650d7746b1f2498ca7ae31f46230e2290f8a14.exe process_identifier: 1148		0	0
Process32NextW July 18, 2025, 11:41 a.m.	snapshot_handle: 0x00000288 process_name: a274a2024b8a2a067aca9c5b24650d7746b1f2498ca7ae31f46230e2290f8a14.exe process_identifier: 1148		0	0
Process32NextW July 18, 2025, 11:40 a.m.	snapshot_handle: 0x00000118 process_name: a274a2024b8a2a067aca9c5b24650d7746b1f2498ca7ae31f46230e2290f8a14.exe process_identifier: 1148		0	0
Process32NextW July 18, 2025, 11:40 a.m.	snapshot_handle: 0x00000118 process_name: a274a2024b8a2a067aca9c5b24650d7746b1f2498ca7ae31f46230e2290f8a14.exe process_identifier: 1148		0	0
Process32NextW July 18, 2025, 11:40 a.m.	snapshot_handle: 0x00000118 process_name: a274a2024b8a2a067aca9c5b24650d7746b1f2498ca7ae31f46230e2290f8a14.exe process_identifier: 1148		0	0
Process32NextW July 18, 2025, 11:40 a.m.	snapshot_handle: 0x0000011c process_name: a274a2024b8a2a067aca9c5b24650d7746b1f2498ca7ae31f46230e2290f8a14.exe process_identifier: 1148		0	0
Process32NextW July 18, 2025, 11:40 a.m.	snapshot_handle: 0x0000011c process_name: a274a2024b8a2a067aca9c5b24650d7746b1f2498ca7ae31f46230e2290f8a14.exe process_identifier: 1148		0	0
Process32NextW July 18, 2025, 11:40 a.m.	snapshot_handle: 0x0000011c process_name: a274a2024b8a2a067aca9c5b24650d7746b1f2498ca7ae31f46230e2290f8a14.exe process_identifier: 1148		0	0
Process32NextW July 18, 2025, 11:40 a.m.	snapshot_handle: 0x00000114 process_name: a274a2024b8a2a067aca9c5b24650d7746b1f2498ca7ae31f46230e2290f8a14.exe process_identifier: 1148		0	0
Process32NextW July 18, 2025, 11:40 a.m.	snapshot_handle: 0x00000114 process_name: a274a2024b8a2a067aca9c5b24650d7746b1f2498ca7ae31f46230e2290f8a14.exe process_identifier: 1148		0	0
Process32NextW July 18, 2025, 11:41 a.m.	snapshot_handle: 0x00000114 process_name: a274a2024b8a2a067aca9c5b24650d7746b1f2498ca7ae31f46230e2290f8a14.exe process_identifier: 1148		0	0
Process32NextW July 18, 2025, 11:41 a.m.	snapshot_handle: 0x00000118 process_name: a274a2024b8a2a067aca9c5b24650d7746b1f2498ca7ae31f46230e2290f8a14.exe process_identifier: 1148		0	0
Process32NextW July 18, 2025, 11:41 a.m.	snapshot_handle: 0x00000114 process_name: a274a2024b8a2a067aca9c5b24650d7746b1f2498ca7ae31f46230e2290f8a14.exe process_identifier: 1148		0	0
Process32NextW July 18, 2025, 11:41 a.m.	snapshot_handle: 0x00000114 process_name: a274a2024b8a2a067aca9c5b24650d7746b1f2498ca7ae31f46230e2290f8a14.exe process_identifier: 1148		0	0
Process32NextW July 18, 2025, 11:41 a.m.	snapshot_handle: 0x00000118 process_name: a274a2024b8a2a067aca9c5b24650d7746b1f2498ca7ae31f46230e2290f8a14.exe process_identifier: 1148		0	0

Enumerates services, possibly for anti-virtualization (1 event)

Time & API	Arguments	Status	Return	Repeated
EnumServicesStatusA July 18, 2025, 11:40 a.m.	service_handle: 0x005a1380 service_type: 48 service_status: 1		0	0

File has been identified by 11 AntiVirus engine on IRMA as malicious (11 events)

G Data Antivirus (Windows)	Virus: Dropped:Generic.Malware.PVPk!!prn!.A4E7F61A (Engine A)
Avast Core Security (Linux)	Win32:MalwareX-gen [Misc]
Trellix (Linux)	GenericRXMK-QV
WithSecure (Linux)	Worm.WORM/Rbot.Gen
eScan Antivirus (Linux)	Dropped:Generic.Malware.PVPk!!prn!.A4E7F61A(DB)
ESET Security (Windows)	a variant of Win32/Agent.CP worm
Sophos Anti-Virus (Linux)	Troj/Agent-AJFK
DrWeb Antivirus (Linux)	Win32.HLLW.Siggen.1607
Bitdefender Antivirus (Linux)	Dropped:Generic.Malware.PVPk!!prn!.A4E7F61A
Kaspersky Standard (Windows)	HEUR:Trojan.Win32.Agent.gen
Emsisoft Commandline Scanner (Windows)	Dropped:Generic.Malware.PVPk!!prn!.A4E7F61A (B)

Screenshots

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action	VT	Location
No hosts contacted.

Browser recommendation

File a274a2024b8a2a067aca9c5b24650d7746b1f2498ca7ae31f46230e2290f8a14

Summary Download Resubmit sample

Score

Autosubmit

Feedback

Information on Execution

Analyzer Log

Cuckoo Log

Signatures

Feedback

Summary
Download Resubmit sample