Cuckoo Sandbox

File 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe

Summary
Download Resubmit sample

Size	1001.4KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`5e7f12b8c486c7891abd019c2b2e35df`
SHA1	`f37451e5b3856b3d078c221e4bcd003ee960c981`
SHA256	`2fbbd38cdeff55891bfda64d231347748cc7fa3c1f086da0d77cf22ed023508f`
SHA512	`87ed9d115e99a6e9105858ca452c30346cc9b6b112b2da4a299f29c5b9bd3a7d655ccc37c300df51ad2b8c62ddc32571a2f1e7c9ec05bf0c0651028e7bd8d938`
CRC32	`1FA0EB1A`
ssdeep	`None`
Yara	DebuggerException__SetConsoleCtrl - (no description) win_mutex - Create or check mutex win_registry - Affect system registries win_files_operation - Affect private profile

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Autosubmit

Parent_Task_ID:6746729

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis

Category	Started	Completed	Duration	Routing	Logs
FILE	July 23, 2025, 10:54 a.m.	July 23, 2025, 10:59 a.m.	287 seconds	internet	Show Analyzer Log Show Cuckoo Log

Analyzer Log

2025-07-23 07:46:10,000 [analyzer] DEBUG: Starting analyzer from: C:\tmp4hzt0l
2025-07-23 07:46:10,015 [analyzer] DEBUG: Pipe server name: \??\PIPE\CSCvOxUwOMNSIEqtmFNyNDtuiMxK
2025-07-23 07:46:10,015 [analyzer] DEBUG: Log pipe server name: \??\PIPE\ZGpSNcNcOJNxWnVSVXyBozxSShgy
2025-07-23 07:46:10,015 [analyzer] DEBUG: No analysis package specified, trying to detect it automagically.
2025-07-23 07:46:10,015 [analyzer] INFO: Automatically selected analysis package "exe"
2025-07-23 07:46:10,265 [analyzer] DEBUG: Started auxiliary module Curtain
2025-07-23 07:46:10,265 [analyzer] DEBUG: Started auxiliary module DbgView
2025-07-23 07:46:10,780 [analyzer] DEBUG: Started auxiliary module Disguise
2025-07-23 07:46:10,967 [analyzer] DEBUG: Loaded monitor into process with pid 504
2025-07-23 07:46:10,967 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-07-23 07:46:10,967 [analyzer] DEBUG: Started auxiliary module Human
2025-07-23 07:46:10,967 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-07-23 07:46:10,967 [analyzer] DEBUG: Started auxiliary module Reboot
2025-07-23 07:46:11,030 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-07-23 07:46:11,030 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-07-23 07:46:11,030 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-07-23 07:46:11,030 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-07-23 07:46:11,171 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe' with arguments '' and pid 480
2025-07-23 07:46:11,342 [analyzer] DEBUG: Loaded monitor into process with pid 480
2025-07-23 07:46:11,405 [analyzer] INFO: Added new file to list with pid 480 and path C:\Windowsd50l2bvpd8
2025-07-23 07:46:11,500 [analyzer] INFO: Added new file to list with pid 480 and path C:\Program Files\Common Files\Microsoft Shared\h3ps6tmu mkx87b ibxj3s2 .mpg.exe
2025-07-23 07:46:11,796 [analyzer] INFO: Added new file to list with pid 480 and path C:\Program Files\DVD Maker\Shared\2eoamoy cum mtn66856s5 cock bv23lk  (Liz,zfod1dup).mpeg.exe
2025-07-23 07:46:12,140 [analyzer] INFO: Added new file to list with pid 480 and path C:\Program Files\Microsoft Office\Templates\wiya6rsl qtcr1re nk2tll glans o2zq2zm .mpg.exe
2025-07-23 07:46:12,171 [analyzer] INFO: Added new file to list with pid 480 and path C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\cfj670ah3 cfj670ah3 ibxj3s2 .mpg.exe
2025-07-23 07:46:12,296 [analyzer] INFO: Added new file to list with pid 480 and path C:\Program Files\Windows Journal\Templates\xxx dtovzr hairy .mpeg.exe
2025-07-23 07:46:12,405 [analyzer] INFO: Added new file to list with pid 480 and path C:\Program Files\Windows Sidebar\Shared Gadgets\98edvx t1apup6 nugdmg18bgxp lady .avi.exe
2025-07-23 07:46:12,453 [analyzer] INFO: Added new file to list with pid 480 and path C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\2wr8ay1 cfj670ah3 2e032zbb cock  (x8z5ka,x8z5ka).mpg.exe
2025-07-23 07:46:12,592 [analyzer] INFO: Added new file to list with pid 480 and path C:\Program Files (x86)\Common Files\microsoft shared\sperm cum big .avi.exe
2025-07-23 07:46:12,905 [analyzer] INFO: Added new file to list with pid 480 and path C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\26uao4g58 horse hot (!) shoes .avi.exe
2025-07-23 07:46:13,015 [analyzer] INFO: Added new file to list with pid 480 and path C:\ProgramData\Microsoft\RAC\Temp\wwa6b1o6 2eoamoy g28gx7w6vur32j .rar.exe
2025-07-23 07:46:13,046 [analyzer] INFO: Added new file to list with pid 480 and path C:\ProgramData\Microsoft\Search\Data\Temp\beast ibxj3s2 .avi.exe
2025-07-23 07:46:13,125 [analyzer] INFO: Added new file to list with pid 480 and path C:\ProgramData\Microsoft\Windows\Templates\mgdo94z3fb2 w6es4ton [bangbus] titts hairy  (Sonja,y07q3wv).mpeg.exe
2025-07-23 07:46:13,187 [analyzer] INFO: Added new file to list with pid 480 and path C:\ProgramData\Microsoft\Windows\Templates\mgdo94z3fb2 ni0p0dq8 sweet .zip.exe
2025-07-23 07:46:13,546 [analyzer] INFO: Injected into process with pid 2800 and name ''
2025-07-23 07:46:13,640 [analyzer] INFO: Added new file to list with pid 480 and path C:\tmp4hzt0l\r2bdcnb porn nude mtn66856s5 legs hotel .mpeg.exe
2025-07-23 07:46:13,717 [analyzer] DEBUG: Loaded monitor into process with pid 2800
2025-07-23 07:46:13,750 [analyzer] INFO: Added new file to list with pid 480 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse chkaba9s0 big young .zip.exe
2025-07-23 07:46:13,812 [analyzer] INFO: Added new file to list with pid 480 and path C:\Users\Administrator\AppData\Local\Temp\wiya6rsl beast porn girls .zip.exe
2025-07-23 07:46:13,842 [analyzer] INFO: Added new file to list with pid 480 and path C:\Users\Administrator\AppData\Local\Temp\mozilla-temp-files\qtcr1re ibxj3s2 x036l6b .mpg.exe
2025-07-23 07:46:13,858 [analyzer] INFO: Added new file to list with pid 480 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\3lhg1q w6es4ton girls sm .mpeg.exe
2025-07-23 07:46:14,030 [analyzer] INFO: Added new file to list with pid 480 and path C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\black c4ou4r0 g28gx7w6vur32j glans fishy .avi.exe
2025-07-23 07:46:14,125 [analyzer] INFO: Added new file to list with pid 480 and path C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\black sperm [free] wifey .avi.exe
2025-07-23 07:46:14,250 [analyzer] INFO: Added new file to list with pid 480 and path C:\ProgramData\Microsoft\RAC\Temp\qtcr1re 2eoamoy 2e032zbb .mpg.exe
2025-07-23 07:46:14,280 [analyzer] INFO: Added new file to list with pid 480 and path C:\ProgramData\Microsoft\Search\Data\Temp\mkx87b uncut avhkl4osfi1b1 .zip.exe
2025-07-23 07:46:14,375 [analyzer] INFO: Added new file to list with pid 480 and path C:\ProgramData\Microsoft\Windows\Templates\26uao4g58 xxx ibxj3s2 girls legs sweet .mpeg.exe
2025-07-23 07:46:14,421 [analyzer] INFO: Added new file to list with pid 480 and path C:\ProgramData\Microsoft\Windows\Templates\mue28dl mgdo94z3fb2 i4caruo qf1ty1o .rar.exe
2025-07-23 07:46:14,453 [analyzer] INFO: Added new file to list with pid 480 and path C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\porn [free] avhkl4osfi1b1  (Sonja,Liz).mpeg.exe
2025-07-23 07:46:14,483 [analyzer] INFO: Added new file to list with pid 480 and path C:\Users\Default\AppData\Local\Temp\ibxj3s2 l6ppef [bangbus] 63k9qbq9xg .avi.exe
2025-07-23 07:46:14,530 [analyzer] INFO: Added new file to list with pid 480 and path C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse q0vgw72 hot (!) ash .mpeg.exe
2025-07-23 07:46:14,578 [analyzer] INFO: Added new file to list with pid 480 and path C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\ar164nb jspx4i xxx jbp79p legs xfjhjetslgmo243nnj .zip.exe
2025-07-23 07:46:14,625 [analyzer] INFO: Added new file to list with pid 480 and path C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\8mxqbfp chkaba9s0 g28gx7w6vur32j cock 40+ .mpeg.exe
2025-07-23 07:46:14,733 [analyzer] INFO: Added new file to list with pid 480 and path C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\98edvx gay 76qp9o6j ni0p0dq8 40+ .mpeg.exe
2025-07-23 07:46:14,765 [analyzer] INFO: Added new file to list with pid 480 and path C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\l6ppef horse i4caruo ofok9a .mpeg.exe
2025-07-23 07:46:14,875 [analyzer] INFO: Added new file to list with pid 480 and path C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\asian porn qtcr1re nugdmg18bgxp hole  (Jade,xr0uanj).zip.exe
2025-07-23 07:46:14,905 [analyzer] INFO: Added new file to list with pid 480 and path C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\5b86ux l6ppef jspx4i nugdmg18bgxp .mpeg.exe
2025-07-23 09:58:35,161 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2025-07-23 09:58:36,145 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-07-23 09:58:36,161 [lib.api.process] INFO: Successfully terminated process with pid 480.
2025-07-23 09:58:36,161 [lib.api.process] INFO: Successfully terminated process with pid 2800.
2025-07-23 09:58:37,380 [analyzer] WARNING: Too many files: c:\windows\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\asian porn qtcr1re nugdmg18bgxp hole  (jade,xr0uanj).zip.exe
2025-07-23 09:58:37,380 [analyzer] WARNING: Too many files: c:\programdata\microsoft\search\data\temp\beast ibxj3s2 .avi.exe
2025-07-23 09:58:37,380 [analyzer] WARNING: Too many files: c:\users\default\appdata\roaming\microsoft\windows\templates\ar164nb jspx4i xxx jbp79p legs xfjhjetslgmo243nnj .zip.exe
2025-07-23 09:58:37,380 [analyzer] WARNING: Too many files: c:\programdata\microsoft\rac\temp\wwa6b1o6 2eoamoy g28gx7w6vur32j .rar.exe
2025-07-23 09:58:37,380 [analyzer] WARNING: Too many files: c:\programdata\microsoft\windows\templates\mgdo94z3fb2 ni0p0dq8 sweet .zip.exe
2025-07-23 09:58:37,380 [analyzer] WARNING: Too many files: c:\programdata\microsoft\windows\templates\mue28dl mgdo94z3fb2 i4caruo qf1ty1o .rar.exe
2025-07-23 09:58:37,380 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\mozilla-temp-files\qtcr1re ibxj3s2 x036l6b .mpg.exe
2025-07-23 09:58:37,380 [analyzer] WARNING: Too many files: c:\program files\dvd maker\shared\2eoamoy cum mtn66856s5 cock bv23lk  (liz,zfod1dup).mpeg.exe
2025-07-23 09:58:37,380 [analyzer] INFO: Analysis completed.

Cuckoo Log

2025-07-23 10:54:32,844 [cuckoo.core.scheduler] INFO: Task #6755802: acquired machine win7x6420 (label=win7x6420)
2025-07-23 10:54:32,845 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.220 for task #6755802
2025-07-23 10:54:33,333 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 2445504 (interface=vboxnet0, host=192.168.168.220)
2025-07-23 10:54:34,101 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6420
2025-07-23 10:54:35,394 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6420 to vmcloak
2025-07-23 10:55:07,490 [cuckoo.core.guest] INFO: Starting analysis #6755802 on guest (id=win7x6420, ip=192.168.168.220)
2025-07-23 10:55:08,496 [cuckoo.core.guest] DEBUG: win7x6420: not ready yet
2025-07-23 10:55:13,521 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6420, ip=192.168.168.220)
2025-07-23 10:55:13,617 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6420, ip=192.168.168.220, monitor=latest, size=6660546)
2025-07-23 10:55:14,987 [cuckoo.core.resultserver] DEBUG: Task #6755802: live log analysis.log initialized.
2025-07-23 10:55:16,124 [cuckoo.core.resultserver] DEBUG: Task #6755802 is sending a BSON stream
2025-07-23 10:55:16,346 [cuckoo.core.resultserver] DEBUG: Task #6755802 is sending a BSON stream
2025-07-23 10:55:17,133 [cuckoo.core.resultserver] DEBUG: Task #6755802: File upload for 'shots/0001.jpg'
2025-07-23 10:55:17,149 [cuckoo.core.resultserver] DEBUG: Task #6755802 uploaded file length: 133462
2025-07-23 10:55:19,536 [cuckoo.core.resultserver] DEBUG: Task #6755802 is sending a BSON stream
2025-07-23 10:55:29,937 [cuckoo.core.guest] DEBUG: win7x6420: analysis #6755802 still processing
2025-07-23 10:55:45,229 [cuckoo.core.guest] DEBUG: win7x6420: analysis #6755802 still processing
2025-07-23 10:56:00,523 [cuckoo.core.guest] DEBUG: win7x6420: analysis #6755802 still processing
2025-07-23 10:56:15,664 [cuckoo.core.guest] DEBUG: win7x6420: analysis #6755802 still processing
2025-07-23 10:56:30,888 [cuckoo.core.guest] DEBUG: win7x6420: analysis #6755802 still processing
2025-07-23 10:56:46,083 [cuckoo.core.guest] DEBUG: win7x6420: analysis #6755802 still processing
2025-07-23 10:57:01,221 [cuckoo.core.guest] DEBUG: win7x6420: analysis #6755802 still processing
2025-07-23 10:57:16,603 [cuckoo.core.guest] DEBUG: win7x6420: analysis #6755802 still processing
2025-07-23 10:57:31,761 [cuckoo.core.guest] DEBUG: win7x6420: analysis #6755802 still processing
2025-07-23 10:57:47,035 [cuckoo.core.guest] DEBUG: win7x6420: analysis #6755802 still processing
2025-07-23 10:58:02,248 [cuckoo.core.guest] DEBUG: win7x6420: analysis #6755802 still processing
2025-07-23 10:58:17,770 [cuckoo.core.guest] DEBUG: win7x6420: analysis #6755802 still processing
2025-07-23 10:58:33,108 [cuckoo.core.guest] DEBUG: win7x6420: analysis #6755802 still processing
2025-07-23 10:58:35,383 [cuckoo.core.resultserver] DEBUG: Task #6755802: File upload for 'curtain/1753257515.38.curtain.log'
2025-07-23 10:58:35,388 [cuckoo.core.resultserver] DEBUG: Task #6755802 uploaded file length: 36
2025-07-23 10:58:36,041 [cuckoo.core.resultserver] DEBUG: Task #6755802: File upload for 'sysmon/1753257516.04.sysmon.xml'
2025-07-23 10:58:36,162 [cuckoo.core.resultserver] DEBUG: Task #6755802 uploaded file length: 8120902
2025-07-23 10:58:36,180 [cuckoo.core.resultserver] DEBUG: Task #6755802: File upload for 'files/473a3e5d27784308_mkx87b uncut avhkl4osfi1b1 .zip.exe'
2025-07-23 10:58:36,187 [cuckoo.core.resultserver] DEBUG: Task #6755802 uploaded file length: 434369
2025-07-23 10:58:36,194 [cuckoo.core.resultserver] DEBUG: Task #6755802: File upload for 'files/aaccf55dd16eca49_wiya6rsl beast porn girls .zip.exe'
2025-07-23 10:58:36,220 [cuckoo.core.resultserver] DEBUG: Task #6755802 uploaded file length: 1621343
2025-07-23 10:58:36,232 [cuckoo.core.resultserver] DEBUG: Task #6755802: File upload for 'files/612e2114d743f6b2_mgdo94z3fb2 w6es4ton [bangbus] titts hairy  (sonja,y07q3wv).mpeg.exe'
2025-07-23 10:58:36,241 [cuckoo.core.resultserver] DEBUG: Task #6755802 uploaded file length: 370493
2025-07-23 10:58:36,249 [cuckoo.core.resultserver] DEBUG: Task #6755802: File upload for 'files/475fd9033fb41940_sperm cum big .avi.exe'
2025-07-23 10:58:36,269 [cuckoo.core.resultserver] DEBUG: Task #6755802 uploaded file length: 1561398
2025-07-23 10:58:36,285 [cuckoo.core.resultserver] DEBUG: Task #6755802: File upload for 'files/e56ade3693969f70_26uao4g58 horse hot (!) shoes .avi.exe'
2025-07-23 10:58:36,301 [cuckoo.core.resultserver] DEBUG: Task #6755802 uploaded file length: 1163745
2025-07-23 10:58:36,329 [cuckoo.core.resultserver] DEBUG: Task #6755802: File upload for 'files/08abe6464dc9771a_2wr8ay1 cfj670ah3 2e032zbb cock  (x8z5ka,x8z5ka).mpg.exe'
2025-07-23 10:58:36,355 [cuckoo.core.resultserver] DEBUG: Task #6755802 uploaded file length: 1806562
2025-07-23 10:58:36,364 [cuckoo.core.resultserver] DEBUG: Task #6755802: File upload for 'files/0a8788097a86291e_3lhg1q w6es4ton girls sm .mpeg.exe'
2025-07-23 10:58:36,376 [cuckoo.core.resultserver] DEBUG: Task #6755802 uploaded file length: 664680
2025-07-23 10:58:36,391 [cuckoo.core.resultserver] DEBUG: Task #6755802: File upload for 'files/8fc5fe47f8dd480a_cfj670ah3 cfj670ah3 ibxj3s2 .mpg.exe'
2025-07-23 10:58:36,421 [cuckoo.core.resultserver] DEBUG: Task #6755802 uploaded file length: 1952904
2025-07-23 10:58:36,444 [cuckoo.core.resultserver] DEBUG: Task #6755802: File upload for 'files/0958c24cb48845d2_ibxj3s2 l6ppef [bangbus] 63k9qbq9xg .avi.exe'
2025-07-23 10:58:36,471 [cuckoo.core.resultserver] DEBUG: Task #6755802 uploaded file length: 1982431
2025-07-23 10:58:36,488 [cuckoo.core.resultserver] DEBUG: Task #6755802: File upload for 'files/7a5d1add8d57dc06_h3ps6tmu mkx87b ibxj3s2 .mpg.exe'
2025-07-23 10:58:36,516 [cuckoo.core.resultserver] DEBUG: Task #6755802 uploaded file length: 1983937
2025-07-23 10:58:36,528 [cuckoo.core.resultserver] DEBUG: Task #6755802: File upload for 'files/22a8ab539d4094c6_black c4ou4r0 g28gx7w6vur32j glans fishy .avi.exe'
2025-07-23 10:58:36,539 [cuckoo.core.resultserver] DEBUG: Task #6755802 uploaded file length: 767276
2025-07-23 10:58:36,548 [cuckoo.core.resultserver] DEBUG: Task #6755802: File upload for 'files/fbdde9afe4857099_xxx dtovzr hairy .mpeg.exe'
2025-07-23 10:58:36,563 [cuckoo.core.resultserver] DEBUG: Task #6755802 uploaded file length: 1379225
2025-07-23 10:58:36,581 [cuckoo.core.resultserver] DEBUG: Task #6755802: File upload for 'files/ef36aab8ad08f39c_8mxqbfp chkaba9s0 g28gx7w6vur32j cock 40+ .mpeg.exe'
2025-07-23 10:58:36,612 [cuckoo.core.resultserver] DEBUG: Task #6755802 uploaded file length: 2145142
2025-07-23 10:58:36,642 [cuckoo.core.resultserver] DEBUG: Task #6755802: File upload for 'files/87e9aefe38bd275f_windowsd50l2bvpd8'
2025-07-23 10:58:36,970 [cuckoo.core.resultserver] DEBUG: Task #6755802 uploaded file length: 1378763
2025-07-23 10:58:37,007 [cuckoo.core.resultserver] DEBUG: Task #6755802: File upload for 'files/26b433dc6f01de5d_horse chkaba9s0 big young .zip.exe'
2025-07-23 10:58:37,010 [cuckoo.core.resultserver] DEBUG: Task #6755802: File upload for 'files/43cc6cd3b03a04a3_wiya6rsl qtcr1re nk2tll glans o2zq2zm .mpg.exe'
2025-07-23 10:58:37,020 [cuckoo.core.resultserver] DEBUG: Task #6755802 uploaded file length: 217820
2025-07-23 10:58:37,040 [cuckoo.core.resultserver] DEBUG: Task #6755802 uploaded file length: 1471993
2025-07-23 10:58:37,057 [cuckoo.core.resultserver] DEBUG: Task #6755802: File upload for 'files/cd207de9ca441f5a_r2bdcnb porn nude mtn66856s5 legs hotel .mpeg.exe'
2025-07-23 10:58:37,069 [cuckoo.core.resultserver] DEBUG: Task #6755802: File upload for 'files/18cf25b1e224a3c8_98edvx gay 76qp9o6j ni0p0dq8 40+ .mpeg.exe'
2025-07-23 10:58:37,073 [cuckoo.core.resultserver] DEBUG: Task #6755802 uploaded file length: 983881
2025-07-23 10:58:37,108 [cuckoo.core.resultserver] DEBUG: Task #6755802 uploaded file length: 1386429
2025-07-23 10:58:37,116 [cuckoo.core.resultserver] DEBUG: Task #6755802: File upload for 'files/c2812aa0700d82a4_l6ppef horse i4caruo ofok9a .mpeg.exe'
2025-07-23 10:58:37,131 [cuckoo.core.resultserver] DEBUG: Task #6755802: File upload for 'files/0be26b70a59560b2_porn [free] avhkl4osfi1b1  (sonja,liz).mpeg.exe'
2025-07-23 10:58:37,145 [cuckoo.core.resultserver] DEBUG: Task #6755802 uploaded file length: 663103
2025-07-23 10:58:37,169 [cuckoo.core.resultserver] DEBUG: Task #6755802 uploaded file length: 1709408
2025-07-23 10:58:37,187 [cuckoo.core.resultserver] DEBUG: Task #6755802: File upload for 'files/c62f00c81ce2e939_qtcr1re 2eoamoy 2e032zbb .mpg.exe'
2025-07-23 10:58:37,194 [cuckoo.core.resultserver] DEBUG: Task #6755802: File upload for 'files/550b5178049d5ddd_5b86ux l6ppef jspx4i nugdmg18bgxp .mpeg.exe'
2025-07-23 10:58:37,207 [cuckoo.core.resultserver] DEBUG: Task #6755802 uploaded file length: 428697
2025-07-23 10:58:37,211 [cuckoo.core.resultserver] DEBUG: Task #6755802 uploaded file length: 941753
2025-07-23 10:58:37,229 [cuckoo.core.resultserver] DEBUG: Task #6755802: File upload for 'files/de8d37faa7b115a1_horse q0vgw72 hot (!) ash .mpeg.exe'
2025-07-23 10:58:37,254 [cuckoo.core.resultserver] DEBUG: Task #6755802 uploaded file length: 1503528
2025-07-23 10:58:37,280 [cuckoo.core.resultserver] DEBUG: Task #6755802: File upload for 'files/f4f69d431a717b88_98edvx t1apup6 nugdmg18bgxp lady .avi.exe'
2025-07-23 10:58:37,340 [cuckoo.core.resultserver] DEBUG: Task #6755802 uploaded file length: 2147093
2025-07-23 10:58:37,354 [cuckoo.core.resultserver] DEBUG: Task #6755802: File upload for 'files/993258c5635833cf_black sperm [free] wifey .avi.exe'
2025-07-23 10:58:37,369 [cuckoo.core.resultserver] DEBUG: Task #6755802 uploaded file length: 1056358
2025-07-23 10:58:37,378 [cuckoo.core.resultserver] DEBUG: Task #6755802: File upload for 'files/11ec89f31be8e475_26uao4g58 xxx ibxj3s2 girls legs sweet .mpeg.exe'
2025-07-23 10:58:37,407 [cuckoo.core.resultserver] DEBUG: Task #6755802 had connection reset for <Context for LOG>
2025-07-23 10:58:37,412 [cuckoo.core.resultserver] DEBUG: Task #6755802 uploaded file length: 479870
2025-07-23 10:58:39,181 [cuckoo.core.guest] INFO: win7x6420: analysis completed successfully
2025-07-23 10:58:39,201 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-07-23 10:58:39,227 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-07-23 10:58:40,874 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6420 to path /srv/cuckoo/cwd/storage/analyses/6755802/memory.dmp
2025-07-23 10:58:40,875 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6420
2025-07-23 10:59:19,943 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.220 for task #6755802
2025-07-23 10:59:20,320 [cuckoo.core.scheduler] DEBUG: Released database task #6755802
2025-07-23 10:59:20,340 [cuckoo.core.scheduler] INFO: Task #6755802: analysis procedure completed

Signatures

Yara rules detected for file (4 events)

description	(no description)	rule	DebuggerException__SetConsoleCtrl
description	Create or check mutex	rule	win_mutex
description	Affect system registries	rule	win_registry
description	Affect private profile	rule	win_files_operation

The executable uses a known packer (1 event)

packer

Pelles C 3.00, 4.00, 4.50 EXE (X86 CRT-LIB)

Creates executable files on the filesystem (33 events)

file	C:\Program Files\Common Files\Microsoft Shared\h3ps6tmu mkx87b ibxj3s2 .mpg.exe
file	C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\black c4ou4r0 g28gx7w6vur32j glans fishy .avi.exe
file	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\l6ppef horse i4caruo ofok9a .mpeg.exe
file	C:\ProgramData\Microsoft\Search\Data\Temp\beast ibxj3s2 .avi.exe
file	C:\Users\All Users\Microsoft\Search\Data\Temp\mkx87b uncut avhkl4osfi1b1 .zip.exe
file	C:\Users\Default\Templates\8mxqbfp chkaba9s0 g28gx7w6vur32j cock 40+ .mpeg.exe
file	C:\Program Files\DVD Maker\Shared\2eoamoy cum mtn66856s5 cock bv23lk (Liz,zfod1dup).mpeg.exe
file	C:\Users\All Users\Templates\mue28dl mgdo94z3fb2 i4caruo qf1ty1o .rar.exe
file	C:\ProgramData\Templates\mgdo94z3fb2 ni0p0dq8 sweet .zip.exe
file	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\porn [free] avhkl4osfi1b1 (Sonja,Liz).mpeg.exe
file	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\asian porn qtcr1re nugdmg18bgxp hole (Jade,xr0uanj).zip.exe
file	C:\Users\Administrator\AppData\Local\Temp\wiya6rsl beast porn girls .zip.exe
file	C:\Users\Administrator\AppData\Local\Temporary Internet Files\3lhg1q w6es4ton girls sm .mpeg.exe
file	C:\Users\All Users\Microsoft\Windows\Templates\26uao4g58 xxx ibxj3s2 girls legs sweet .mpeg.exe
file	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\26uao4g58 horse hot (!) shoes .avi.exe
file	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\2wr8ay1 cfj670ah3 2e032zbb cock (x8z5ka,x8z5ka).mpg.exe
file	C:\Program Files\Microsoft Office\Templates\wiya6rsl qtcr1re nk2tll glans o2zq2zm .mpg.exe
file	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\black sperm [free] wifey .avi.exe
file	C:\Users\Default\AppData\Local\Temporary Internet Files\horse q0vgw72 hot (!) ash .mpeg.exe
file	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\ar164nb jspx4i xxx jbp79p legs xfjhjetslgmo243nnj .zip.exe
file	C:\Users\All Users\Microsoft\RAC\Temp\qtcr1re 2eoamoy 2e032zbb .mpg.exe
file	C:\Users\Administrator\AppData\Local\Temp\mozilla-temp-files\qtcr1re ibxj3s2 x036l6b .mpg.exe
file	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse chkaba9s0 big young .zip.exe
file	C:\tmp4hzt0l\r2bdcnb porn nude mtn66856s5 legs hotel .mpeg.exe
file	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\98edvx gay 76qp9o6j ni0p0dq8 40+ .mpeg.exe
file	C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\cfj670ah3 cfj670ah3 ibxj3s2 .mpg.exe
file	C:\Program Files\Windows Journal\Templates\xxx dtovzr hairy .mpeg.exe
file	C:\ProgramData\Microsoft\RAC\Temp\wwa6b1o6 2eoamoy g28gx7w6vur32j .rar.exe
file	C:\ProgramData\Microsoft\Windows\Templates\mgdo94z3fb2 w6es4ton [bangbus] titts hairy (Sonja,y07q3wv).mpeg.exe
file	C:\Program Files (x86)\Common Files\microsoft shared\sperm cum big .avi.exe
file	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\5b86ux l6ppef jspx4i nugdmg18bgxp .mpeg.exe
file	C:\Program Files\Windows Sidebar\Shared Gadgets\98edvx t1apup6 nugdmg18bgxp lady .avi.exe
file	C:\Users\Default\AppData\Local\Temp\ibxj3s2 l6ppef [bangbus] 63k9qbq9xg .avi.exe

Drops an executable to the user AppData folder (1 event)

file	C:\Users\Administrator\AppData\Local\Temp\wiya6rsl beast porn girls .zip.exe

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (3 events)

Time & API	Arguments	Status	Return
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x0000013c process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 480	1	1
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x000002bc process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 2800	1	1
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x00000254 process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272	1	1

Repeatedly searches for a not-found process, you may want to run a web browser during analysis (50 out of 197 events)

Time & API	Arguments	Status	Return	Repeated
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x0000013c process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 480		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x000002bc process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 2800		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x00000254 process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x00000254 process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x00000254 process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x00000254 process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x00000254 process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x00000254 process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x000002bc process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x000002bc process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x000002bc process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x000002bc process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x000002bc process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x000002bc process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x0000028c process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x0000028c process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x0000028c process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x0000028c process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x0000028c process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x0000028c process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x0000028c process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x0000028c process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x0000028c process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x0000028c process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x0000028c process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x0000028c process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x0000028c process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x0000028c process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x0000028c process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002c4 process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002c4 process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002c4 process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002c4 process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002c4 process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002c4 process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002c4 process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002c4 process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002c4 process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002c4 process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002c4 process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002c4 process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002c4 process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002c4 process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002c4 process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002c4 process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002c4 process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002c4 process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x00000254 process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002bc process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002bc process_name: 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe process_identifier: 1272		0	0

A process attempted to delay the analysis task. (1 event)

description

2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe tried to sleep 1345 seconds, actually delayed analysis time by 1345 seconds

Enumerates services, possibly for anti-virtualization (1 event)

Time & API	Arguments	Status	Return	Repeated
EnumServicesStatusA July 23, 2025, 8:46 a.m.	service_handle: 0x0088d9f8 service_type: 48 service_status: 1		0	0

File has been identified by 11 AntiVirus engine on IRMA as malicious (11 events)

G Data Antivirus (Windows)	Virus: Dropped:Generic.Malware.PVPk!!prn!.A4E7F61A (Engine A)
Avast Core Security (Linux)	Win32:MalwareX-gen [Misc]
Trellix (Linux)	GenericRXMK-QV
WithSecure (Linux)	Trojan.TR/Spy.Gen
eScan Antivirus (Linux)	Dropped:Generic.Malware.PVPk!!prn!.A4E7F61A(DB)
ESET Security (Windows)	a variant of Win32/Agent.CP worm
Sophos Anti-Virus (Linux)	Troj/Agent-AJFK
DrWeb Antivirus (Linux)	Win32.HLLW.Siggen.1607
Bitdefender Antivirus (Linux)	Dropped:Generic.Malware.PVPk!!prn!.A4E7F61A
Kaspersky Standard (Windows)	HEUR:Trojan.Win32.Sdum.gen
Emsisoft Commandline Scanner (Windows)	Dropped:Generic.Malware.PVPk!!prn!.A4E7F61A (B)

Screenshots

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action	VT	Location
No hosts contacted.

Browser recommendation

File 2fbbd38cdeff5589_y3hndyq jspx4i q0vgw72 uncut .rar.exe

Summary Download Resubmit sample

Score

Autosubmit

Feedback

Information on Execution

Analyzer Log

Cuckoo Log

Signatures

Feedback

Summary
Download Resubmit sample