Cuckoo Sandbox

File 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe

Summary
Download Resubmit sample

Size	496.7KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`ad7ff9e3e90b5d22043c4e7212eb03a0`
SHA1	`a5d4d8b9fa42d8011007a6d14352cedf613ac225`
SHA256	`8b6f3311ec3f60af259b19c030dbdfc27f7b258892f03aa28cd3b2b46f3e2797`
SHA512	`e34fe9ff3b79e9edcf8addc0ec0e8b03ca94d7119e686abe3b638fe988c856cb270d9a4e94246b77cfc075764b07d4ae3b76b10b27fde3fa0aab68887a8f0f42`
CRC32	`7E8A4337`
ssdeep	`None`
Yara	DebuggerException__SetConsoleCtrl - (no description) win_mutex - Create or check mutex win_registry - Affect system registries win_files_operation - Affect private profile

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Autosubmit

Parent_Task_ID:6746729

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis

Category	Started	Completed	Duration	Routing	Logs
FILE	July 23, 2025, 10:54 a.m.	July 23, 2025, 10:59 a.m.	292 seconds	internet	Show Analyzer Log Show Cuckoo Log

Analyzer Log

2025-07-23 07:46:10,015 [analyzer] DEBUG: Starting analyzer from: C:\tmpd0os1j
2025-07-23 07:46:10,015 [analyzer] DEBUG: Pipe server name: \??\PIPE\iJFBYNrsOHeeCfuzxBcwSsngTMGFrao
2025-07-23 07:46:10,015 [analyzer] DEBUG: Log pipe server name: \??\PIPE\wbzeCxAMAzaYEIVhiQNcNWm
2025-07-23 07:46:10,015 [analyzer] DEBUG: No analysis package specified, trying to detect it automagically.
2025-07-23 07:46:10,015 [analyzer] INFO: Automatically selected analysis package "exe"
2025-07-23 07:46:10,280 [analyzer] DEBUG: Started auxiliary module Curtain
2025-07-23 07:46:10,280 [analyzer] DEBUG: Started auxiliary module DbgView
2025-07-23 07:46:10,703 [analyzer] DEBUG: Started auxiliary module Disguise
2025-07-23 07:46:10,921 [analyzer] DEBUG: Loaded monitor into process with pid 512
2025-07-23 07:46:10,921 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-07-23 07:46:10,921 [analyzer] DEBUG: Started auxiliary module Human
2025-07-23 07:46:10,921 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-07-23 07:46:10,921 [analyzer] DEBUG: Started auxiliary module Reboot
2025-07-23 07:46:10,983 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-07-23 07:46:10,983 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-07-23 07:46:10,983 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-07-23 07:46:11,000 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-07-23 07:46:11,140 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe' with arguments '' and pid 2632
2025-07-23 07:46:11,312 [analyzer] DEBUG: Loaded monitor into process with pid 2632
2025-07-23 07:46:11,750 [analyzer] INFO: Added new file to list with pid 2632 and path C:\Windowsd50l2bvpd8
2025-07-23 07:46:11,828 [analyzer] INFO: Added new file to list with pid 2632 and path C:\Program Files\Common Files\Microsoft Shared\26uao4g58 xxx jspx4i nugdmg18bgxp hole latex .rar.exe
2025-07-23 07:46:12,125 [analyzer] INFO: Added new file to list with pid 2632 and path C:\Program Files\DVD Maker\Shared\3o9e0ag1 q0vgw72 porn [milf] .rar.exe
2025-07-23 07:46:12,453 [analyzer] INFO: Added new file to list with pid 2632 and path C:\Program Files\Microsoft Office\Templates\wwa6b1o6 cfj670ah3 2e032zbb .mpg.exe
2025-07-23 07:46:12,483 [analyzer] INFO: Added new file to list with pid 2632 and path C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\98edvx horse q0vgw72 mtn66856s5 cock young  (zfod1dup,Liz).mpg.exe
2025-07-23 07:46:12,592 [analyzer] INFO: Added new file to list with pid 2632 and path C:\Program Files\Windows Journal\Templates\8mxqbfp horse hot (!) ash .rar.exe
2025-07-23 07:46:12,687 [analyzer] INFO: Added new file to list with pid 2632 and path C:\Program Files\Windows Sidebar\Shared Gadgets\0ymg8tq 2eoamoy [milf] .mpeg.exe
2025-07-23 07:46:12,733 [analyzer] INFO: Added new file to list with pid 2632 and path C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\26uao4g58 cfj670ah3 jspx4i uncut x1ewq09x1owq  (Jade,l0p693).avi.exe
2025-07-23 07:46:12,858 [analyzer] INFO: Added new file to list with pid 2632 and path C:\Program Files (x86)\Common Files\microsoft shared\wwa6b1o6 gay jbp79p iu7knbkw6t .zip.exe
2025-07-23 07:46:13,233 [analyzer] INFO: Added new file to list with pid 2632 and path C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\2eoamoy jbp79p ash .mpg.exe
2025-07-23 07:46:13,312 [analyzer] INFO: Added new file to list with pid 2632 and path C:\ProgramData\Microsoft\RAC\Temp\mkx87b mkx87b big hole .rar.exe
2025-07-23 07:46:13,358 [analyzer] INFO: Added new file to list with pid 2632 and path C:\ProgramData\Microsoft\Search\Data\Temp\wiya6rsl horse q0vgw72 mtn66856s5  (Liz).avi.exe
2025-07-23 07:46:13,483 [analyzer] INFO: Added new file to list with pid 2632 and path C:\ProgramData\Microsoft\Windows\Templates\asian porn nude ibxj3s2 qf1ty1o ioey6bh0bls  (1bcw83k,xr0uanj).mpeg.exe
2025-07-23 07:46:13,530 [analyzer] INFO: Injected into process with pid 1748 and name ''
2025-07-23 07:46:13,592 [analyzer] INFO: Added new file to list with pid 2632 and path C:\ProgramData\Microsoft\Windows\Templates\ar164nb sperm dtovzr 4x3h6c .zip.exe
2025-07-23 07:46:13,703 [analyzer] DEBUG: Loaded monitor into process with pid 1748
2025-07-23 07:46:14,046 [analyzer] INFO: Added new file to list with pid 2632 and path C:\tmpd0os1j\black w6es4ton ni0p0dq8 .mpg.exe
2025-07-23 07:46:14,187 [analyzer] INFO: Added new file to list with pid 2632 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\black cfj670ah3 ni0p0dq8 glans 6cp2to .mpg.exe
2025-07-23 07:46:14,265 [analyzer] INFO: Added new file to list with pid 2632 and path C:\Users\Administrator\AppData\Local\Temp\5b86ux 2eoamoy jspx4i ibxj3s2 v14bqy5ueys .rar.exe
2025-07-23 07:46:14,296 [analyzer] INFO: Added new file to list with pid 2632 and path C:\Users\Administrator\AppData\Local\Temp\mozilla-temp-files\8mxqbfp w6es4ton sperm [milf] qf1ty1o .avi.exe
2025-07-23 07:46:14,312 [analyzer] INFO: Added new file to list with pid 2632 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\porn jbp79p balls  (ihcwxtl).rar.exe
2025-07-23 07:46:14,530 [analyzer] INFO: Added new file to list with pid 2632 and path C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ibxj3s2 nude g28gx7w6vur32j 9w4xilz6j2 .avi.exe
2025-07-23 07:46:14,640 [analyzer] INFO: Added new file to list with pid 2632 and path C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\asian 76qp9o6j chkaba9s0 uncut p834ynn .mpg.exe
2025-07-23 07:46:14,750 [analyzer] INFO: Added new file to list with pid 2632 and path C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\xxx girls .avi.exe
2025-07-23 07:46:14,890 [analyzer] INFO: Added new file to list with pid 2632 and path C:\ProgramData\Microsoft\RAC\Temp\likl9f ibxj3s2 q0vgw72 g28gx7w6vur32j avhkl4osfi1b1 .mpg.exe
2025-07-23 07:46:14,921 [analyzer] INFO: Added new file to list with pid 2632 and path C:\ProgramData\Microsoft\Search\Data\Temp\ar164nb beast big  (Sarah,Karin).mpg.exe
2025-07-23 07:46:14,983 [analyzer] INFO: Added new file to list with pid 2632 and path C:\ProgramData\Microsoft\Windows\Templates\ibxj3s2 girls ofok9a v14bqy5ueys .rar.exe
2025-07-23 07:46:15,030 [analyzer] INFO: Added new file to list with pid 2632 and path C:\ProgramData\Microsoft\Windows\Templates\horse nugdmg18bgxp 8fldm8kp  (e6rl5yo1,1bcw83k).avi.exe
2025-07-23 07:46:15,078 [analyzer] INFO: Added new file to list with pid 2632 and path C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\black porn [milf] .rar.exe
2025-07-23 07:46:15,108 [analyzer] INFO: Added new file to list with pid 2632 and path C:\Users\Default\AppData\Local\Temp\beast hot (!) xfjhjetslgmo243nnj  (h91n03x).rar.exe
2025-07-23 07:46:15,155 [analyzer] INFO: Added new file to list with pid 2632 and path C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\0ymg8tq w6es4ton jbp79p legs x036l6b  (ihcwxtl,Gina).avi.exe
2025-07-23 07:46:15,187 [analyzer] INFO: Added new file to list with pid 2632 and path C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\porn mgdo94z3fb2 mtn66856s5 boobs bv23lk .mpg.exe
2025-07-23 07:46:15,265 [analyzer] INFO: Added new file to list with pid 2632 and path C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\8mxqbfp jspx4i cfj670ah3 i4caruo 55svezg .mpeg.exe
2025-07-23 07:46:15,296 [analyzer] INFO: Added new file to list with pid 2632 and path C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\5b86ux gay porn nugdmg18bgxp  (Karin,Sonja).zip.exe
2025-07-23 07:46:15,405 [analyzer] INFO: Added new file to list with pid 2632 and path C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\xxx l6ppef i4caruo .mpg.exe
2025-07-23 07:46:15,437 [analyzer] INFO: Added new file to list with pid 2632 and path C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\26uao4g58 ibxj3s2 [bangbus] iu7knbkw6t .mpg.exe
2025-07-23 09:58:53,717 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2025-07-23 09:58:55,171 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-07-23 09:58:55,171 [lib.api.process] INFO: Successfully terminated process with pid 2632.
2025-07-23 09:58:55,187 [lib.api.process] INFO: Successfully terminated process with pid 1748.
2025-07-23 09:58:57,421 [analyzer] WARNING: Too many files: c:\programdata\microsoft\search\data\temp\ar164nb beast big  (sarah,karin).mpg.exe
2025-07-23 09:58:57,421 [analyzer] WARNING: Too many files: c:\program files\dvd maker\shared\3o9e0ag1 q0vgw72 porn [milf] .rar.exe
2025-07-23 09:58:57,421 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\5b86ux 2eoamoy jspx4i ibxj3s2 v14bqy5ueys .rar.exe
2025-07-23 09:58:57,421 [analyzer] WARNING: Too many files: c:\program files\windows journal\templates\8mxqbfp horse hot (!) ash .rar.exe
2025-07-23 09:58:57,421 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\microsoft\windows\temporary internet files\black cfj670ah3 ni0p0dq8 glans 6cp2to .mpg.exe
2025-07-23 09:58:57,421 [analyzer] WARNING: Too many files: c:\users\default\appdata\roaming\microsoft\windows\templates\0ymg8tq w6es4ton jbp79p legs x036l6b  (ihcwxtl,gina).avi.exe
2025-07-23 09:58:57,421 [analyzer] WARNING: Too many files: c:\program files\microsoft office\templates\wwa6b1o6 cfj670ah3 2e032zbb .mpg.exe
2025-07-23 09:58:57,421 [analyzer] WARNING: Too many files: c:\program files (x86)\common files\microsoft shared\wwa6b1o6 gay jbp79p iu7knbkw6t .zip.exe
2025-07-23 09:58:57,421 [analyzer] INFO: Analysis completed.

Cuckoo Log

2025-07-23 10:54:42,073 [cuckoo.core.scheduler] INFO: Task #6755803: acquired machine win7x6429 (label=win7x6429)
2025-07-23 10:54:42,074 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.229 for task #6755803
2025-07-23 10:54:42,634 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 2445894 (interface=vboxnet0, host=192.168.168.229)
2025-07-23 10:54:43,054 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6429
2025-07-23 10:54:44,280 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6429 to vmcloak
2025-07-23 10:55:26,141 [cuckoo.core.guest] INFO: Starting analysis #6755803 on guest (id=win7x6429, ip=192.168.168.229)
2025-07-23 10:55:27,178 [cuckoo.core.guest] DEBUG: win7x6429: not ready yet
2025-07-23 10:55:32,202 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6429, ip=192.168.168.229)
2025-07-23 10:55:32,317 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6429, ip=192.168.168.229, monitor=latest, size=6660546)
2025-07-23 10:55:33,568 [cuckoo.core.resultserver] DEBUG: Task #6755803: live log analysis.log initialized.
2025-07-23 10:55:34,546 [cuckoo.core.resultserver] DEBUG: Task #6755803 is sending a BSON stream
2025-07-23 10:55:34,797 [cuckoo.core.resultserver] DEBUG: Task #6755803 is sending a BSON stream
2025-07-23 10:55:35,655 [cuckoo.core.resultserver] DEBUG: Task #6755803: File upload for 'shots/0001.jpg'
2025-07-23 10:55:35,676 [cuckoo.core.resultserver] DEBUG: Task #6755803 uploaded file length: 133377
2025-07-23 10:55:37,188 [cuckoo.core.resultserver] DEBUG: Task #6755803 is sending a BSON stream
2025-07-23 10:55:48,528 [cuckoo.core.guest] DEBUG: win7x6429: analysis #6755803 still processing
2025-07-23 10:56:03,633 [cuckoo.core.guest] DEBUG: win7x6429: analysis #6755803 still processing
2025-07-23 10:56:18,719 [cuckoo.core.guest] DEBUG: win7x6429: analysis #6755803 still processing
2025-07-23 10:56:34,742 [cuckoo.core.guest] DEBUG: win7x6429: analysis #6755803 still processing
2025-07-23 10:56:50,364 [cuckoo.core.guest] DEBUG: win7x6429: analysis #6755803 still processing
2025-07-23 10:57:05,526 [cuckoo.core.guest] DEBUG: win7x6429: analysis #6755803 still processing
2025-07-23 10:57:20,800 [cuckoo.core.guest] DEBUG: win7x6429: analysis #6755803 still processing
2025-07-23 10:57:35,995 [cuckoo.core.guest] DEBUG: win7x6429: analysis #6755803 still processing
2025-07-23 10:57:51,178 [cuckoo.core.guest] DEBUG: win7x6429: analysis #6755803 still processing
2025-07-23 10:58:06,322 [cuckoo.core.guest] DEBUG: win7x6429: analysis #6755803 still processing
2025-07-23 10:58:21,866 [cuckoo.core.guest] DEBUG: win7x6429: analysis #6755803 still processing
2025-07-23 10:58:36,968 [cuckoo.core.guest] DEBUG: win7x6429: analysis #6755803 still processing
2025-07-23 10:58:52,365 [cuckoo.core.guest] DEBUG: win7x6429: analysis #6755803 still processing
2025-07-23 10:58:53,998 [cuckoo.core.resultserver] DEBUG: Task #6755803: File upload for 'curtain/1753257533.94.curtain.log'
2025-07-23 10:58:54,001 [cuckoo.core.resultserver] DEBUG: Task #6755803 uploaded file length: 36
2025-07-23 10:58:54,922 [cuckoo.core.resultserver] DEBUG: Task #6755803: File upload for 'sysmon/1753257534.52.sysmon.xml'
2025-07-23 10:58:55,184 [cuckoo.core.resultserver] DEBUG: Task #6755803 uploaded file length: 7396464
2025-07-23 10:58:55,242 [cuckoo.core.resultserver] DEBUG: Task #6755803: File upload for 'files/7767f0fe7468cc45_likl9f ibxj3s2 q0vgw72 g28gx7w6vur32j avhkl4osfi1b1 .mpg.exe'
2025-07-23 10:58:55,290 [cuckoo.core.resultserver] DEBUG: Task #6755803: File upload for 'files/7bb3ccee84882722_2eoamoy jbp79p ash .mpg.exe'
2025-07-23 10:58:55,297 [cuckoo.core.resultserver] DEBUG: Task #6755803: File upload for 'files/ad294a1c96bf5b23_ibxj3s2 nude g28gx7w6vur32j 9w4xilz6j2 .avi.exe'
2025-07-23 10:58:55,353 [cuckoo.core.resultserver] DEBUG: Task #6755803 uploaded file length: 157297
2025-07-23 10:58:55,428 [cuckoo.core.resultserver] DEBUG: Task #6755803 uploaded file length: 1649577
2025-07-23 10:58:55,434 [cuckoo.core.resultserver] DEBUG: Task #6755803 uploaded file length: 270642
2025-07-23 10:58:55,443 [cuckoo.core.resultserver] DEBUG: Task #6755803: File upload for 'files/45b8142f1e2df311_ar164nb sperm dtovzr 4x3h6c .zip.exe'
2025-07-23 10:58:55,448 [cuckoo.core.resultserver] DEBUG: Task #6755803: File upload for 'files/7417e857ee3de90d_ibxj3s2 girls ofok9a v14bqy5ueys .rar.exe'
2025-07-23 10:58:55,452 [cuckoo.core.resultserver] DEBUG: Task #6755803: File upload for 'files/0486b2e641820e43_26uao4g58 cfj670ah3 jspx4i uncut x1ewq09x1owq  (jade,l0p693).avi.exe'
2025-07-23 10:58:55,503 [cuckoo.core.resultserver] DEBUG: Task #6755803 uploaded file length: 854170
2025-07-23 10:58:55,507 [cuckoo.core.resultserver] DEBUG: Task #6755803 uploaded file length: 335449
2025-07-23 10:58:55,521 [cuckoo.core.resultserver] DEBUG: Task #6755803 uploaded file length: 1758127
2025-07-23 10:58:55,527 [cuckoo.core.resultserver] DEBUG: Task #6755803: File upload for 'files/2466f0e3922850ed_wiya6rsl horse q0vgw72 mtn66856s5  (liz).avi.exe'
2025-07-23 10:58:55,557 [cuckoo.core.resultserver] DEBUG: Task #6755803: File upload for 'files/f14deb43eb24fb00_0ymg8tq 2eoamoy [milf] .mpeg.exe'
2025-07-23 10:58:55,594 [cuckoo.core.resultserver] DEBUG: Task #6755803 uploaded file length: 772195
2025-07-23 10:58:55,613 [cuckoo.core.resultserver] DEBUG: Task #6755803 uploaded file length: 1665196
2025-07-23 10:58:55,640 [cuckoo.core.resultserver] DEBUG: Task #6755803: File upload for 'files/6f0a9e2add31c02c_black w6es4ton ni0p0dq8 .mpg.exe'
2025-07-23 10:58:55,794 [cuckoo.core.resultserver] DEBUG: Task #6755803 uploaded file length: 2162590
2025-07-23 10:58:55,807 [cuckoo.core.resultserver] DEBUG: Task #6755803: File upload for 'files/55732c0451542e0b_porn mgdo94z3fb2 mtn66856s5 boobs bv23lk .mpg.exe'
2025-07-23 10:58:55,813 [cuckoo.core.resultserver] DEBUG: Task #6755803: File upload for 'files/1fc87f3fceb3c399_beast hot (!) xfjhjetslgmo243nnj  (h91n03x).rar.exe'
2025-07-23 10:58:55,838 [cuckoo.core.resultserver] DEBUG: Task #6755803 uploaded file length: 194154
2025-07-23 10:58:55,882 [cuckoo.core.resultserver] DEBUG: Task #6755803 uploaded file length: 1305171
2025-07-23 10:58:55,906 [cuckoo.core.resultserver] DEBUG: Task #6755803: File upload for 'files/070ed817cf24e31f_horse nugdmg18bgxp 8fldm8kp  (e6rl5yo1,1bcw83k).avi.exe'
2025-07-23 10:58:56,131 [cuckoo.core.resultserver] DEBUG: Task #6755803 uploaded file length: 1929815
2025-07-23 10:58:56,264 [cuckoo.core.resultserver] DEBUG: Task #6755803: File upload for 'files/1c2713ca23e16509_xxx girls .avi.exe'
2025-07-23 10:58:56,344 [cuckoo.core.resultserver] DEBUG: Task #6755803 uploaded file length: 1635447
2025-07-23 10:58:56,378 [cuckoo.core.resultserver] DEBUG: Task #6755803: File upload for 'files/87e9aefe38bd275f_windowsd50l2bvpd8'
2025-07-23 10:58:56,446 [cuckoo.core.resultserver] DEBUG: Task #6755803 uploaded file length: 1378763
2025-07-23 10:58:56,536 [cuckoo.core.resultserver] DEBUG: Task #6755803: File upload for 'files/ac9b627d4a79df80_asian porn nude ibxj3s2 qf1ty1o ioey6bh0bls  (1bcw83k,xr0uanj).mpeg.exe'
2025-07-23 10:58:56,547 [cuckoo.core.resultserver] DEBUG: Task #6755803: File upload for 'files/bd015c944323eff4_xxx l6ppef i4caruo .mpg.exe'
2025-07-23 10:58:56,703 [cuckoo.core.resultserver] DEBUG: Task #6755803 uploaded file length: 872901
2025-07-23 10:58:56,717 [cuckoo.core.resultserver] DEBUG: Task #6755803 uploaded file length: 1853553
2025-07-23 10:58:56,748 [cuckoo.core.resultserver] DEBUG: Task #6755803: File upload for 'files/94e7dfea6cd674f0_asian 76qp9o6j chkaba9s0 uncut p834ynn .mpg.exe'
2025-07-23 10:58:56,837 [cuckoo.core.resultserver] DEBUG: Task #6755803 uploaded file length: 1612623
2025-07-23 10:58:56,864 [cuckoo.core.resultserver] DEBUG: Task #6755803: File upload for 'files/4ee97b31e9ad89a3_mkx87b mkx87b big hole .rar.exe'
2025-07-23 10:58:56,868 [cuckoo.core.resultserver] DEBUG: Task #6755803: File upload for 'files/92a6eeb178136341_8mxqbfp jspx4i cfj670ah3 i4caruo 55svezg .mpeg.exe'
2025-07-23 10:58:56,876 [cuckoo.core.resultserver] DEBUG: Task #6755803: File upload for 'files/c1e813eac3af6ea1_5b86ux gay porn nugdmg18bgxp  (karin,sonja).zip.exe'
2025-07-23 10:58:56,927 [cuckoo.core.resultserver] DEBUG: Task #6755803 uploaded file length: 791738
2025-07-23 10:58:56,930 [cuckoo.core.resultserver] DEBUG: Task #6755803 uploaded file length: 941501
2025-07-23 10:58:56,950 [cuckoo.core.resultserver] DEBUG: Task #6755803 uploaded file length: 1990720
2025-07-23 10:58:56,966 [cuckoo.core.resultserver] DEBUG: Task #6755803: File upload for 'files/b9af3a71496cf8ae_porn jbp79p balls  (ihcwxtl).rar.exe'
2025-07-23 10:58:57,036 [cuckoo.core.resultserver] DEBUG: Task #6755803 uploaded file length: 1661456
2025-07-23 10:58:57,059 [cuckoo.core.resultserver] DEBUG: Task #6755803: File upload for 'files/8ad525590a054db5_black porn [milf] .rar.exe'
2025-07-23 10:58:57,132 [cuckoo.core.resultserver] DEBUG: Task #6755803 uploaded file length: 1623201
2025-07-23 10:58:57,159 [cuckoo.core.resultserver] DEBUG: Task #6755803: File upload for 'files/dfbed20a7a416846_8mxqbfp w6es4ton sperm [milf] qf1ty1o .avi.exe'
2025-07-23 10:58:57,164 [cuckoo.core.resultserver] DEBUG: Task #6755803: File upload for 'files/8001ba83f0f308ab_26uao4g58 xxx jspx4i nugdmg18bgxp hole latex .rar.exe'
2025-07-23 10:58:57,190 [cuckoo.core.resultserver] DEBUG: Task #6755803 uploaded file length: 470178
2025-07-23 10:58:57,233 [cuckoo.core.resultserver] DEBUG: Task #6755803 uploaded file length: 2035664
2025-07-23 10:58:57,276 [cuckoo.core.resultserver] DEBUG: Task #6755803: File upload for 'files/4687e86c09f0d2d3_98edvx horse q0vgw72 mtn66856s5 cock young  (zfod1dup,liz).mpg.exe'
2025-07-23 10:58:57,287 [cuckoo.core.resultserver] DEBUG: Task #6755803: File upload for 'files/f823c25044f0dc83_26uao4g58 ibxj3s2 [bangbus] iu7knbkw6t .mpg.exe'
2025-07-23 10:58:57,326 [cuckoo.core.resultserver] DEBUG: Task #6755803 uploaded file length: 806788
2025-07-23 10:58:57,452 [cuckoo.core.resultserver] DEBUG: Task #6755803 uploaded file length: 1374615
2025-07-23 10:58:57,466 [cuckoo.core.resultserver] DEBUG: Task #6755803 had connection reset for <Context for LOG>
2025-07-23 10:58:58,438 [cuckoo.core.guest] INFO: win7x6429: analysis completed successfully
2025-07-23 10:58:58,454 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-07-23 10:58:58,487 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-07-23 10:58:59,930 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6429 to path /srv/cuckoo/cwd/storage/analyses/6755803/memory.dmp
2025-07-23 10:58:59,932 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6429
2025-07-23 10:59:34,020 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.229 for task #6755803
2025-07-23 10:59:34,434 [cuckoo.core.scheduler] DEBUG: Released database task #6755803
2025-07-23 10:59:34,462 [cuckoo.core.scheduler] INFO: Task #6755803: analysis procedure completed

Signatures

Yara rules detected for file (4 events)

description	(no description)	rule	DebuggerException__SetConsoleCtrl
description	Create or check mutex	rule	win_mutex
description	Affect system registries	rule	win_registry
description	Affect private profile	rule	win_files_operation

The executable uses a known packer (1 event)

packer

Pelles C 3.00, 4.00, 4.50 EXE (X86 CRT-LIB)

Creates executable files on the filesystem (33 events)

file	C:\Users\All Users\Microsoft\RAC\Temp\likl9f ibxj3s2 q0vgw72 g28gx7w6vur32j avhkl4osfi1b1 .mpg.exe
file	C:\ProgramData\Templates\ar164nb sperm dtovzr 4x3h6c .zip.exe
file	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\black cfj670ah3 ni0p0dq8 glans 6cp2to .mpg.exe
file	C:\Users\Administrator\AppData\Local\Temp\mozilla-temp-files\8mxqbfp w6es4ton sperm [milf] qf1ty1o .avi.exe
file	C:\Users\Default\AppData\Local\Temp\beast hot (!) xfjhjetslgmo243nnj (h91n03x).rar.exe
file	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\5b86ux gay porn nugdmg18bgxp (Karin,Sonja).zip.exe
file	C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\98edvx horse q0vgw72 mtn66856s5 cock young (zfod1dup,Liz).mpg.exe
file	C:\Users\Default\Templates\porn mgdo94z3fb2 mtn66856s5 boobs bv23lk .mpg.exe
file	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\26uao4g58 cfj670ah3 jspx4i uncut x1ewq09x1owq (Jade,l0p693).avi.exe
file	C:\Program Files\DVD Maker\Shared\3o9e0ag1 q0vgw72 porn [milf] .rar.exe
file	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\2eoamoy jbp79p ash .mpg.exe
file	C:\Program Files\Windows Journal\Templates\8mxqbfp horse hot (!) ash .rar.exe
file	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\asian 76qp9o6j chkaba9s0 uncut p834ynn .mpg.exe
file	C:\Users\Administrator\Templates\xxx girls .avi.exe
file	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\xxx l6ppef i4caruo .mpg.exe
file	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\black porn [milf] .rar.exe
file	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\0ymg8tq w6es4ton jbp79p legs x036l6b (ihcwxtl,Gina).avi.exe
file	C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ibxj3s2 nude g28gx7w6vur32j 9w4xilz6j2 .avi.exe
file	C:\Program Files\Windows Sidebar\Shared Gadgets\0ymg8tq 2eoamoy [milf] .mpeg.exe
file	C:\tmpd0os1j\black w6es4ton ni0p0dq8 .mpg.exe
file	C:\Users\All Users\Templates\horse nugdmg18bgxp 8fldm8kp (e6rl5yo1,1bcw83k).avi.exe
file	C:\ProgramData\Microsoft\RAC\Temp\mkx87b mkx87b big hole .rar.exe
file	C:\Users\All Users\Microsoft\Search\Data\Temp\ar164nb beast big (Sarah,Karin).mpg.exe
file	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\8mxqbfp jspx4i cfj670ah3 i4caruo 55svezg .mpeg.exe
file	C:\Program Files (x86)\Common Files\microsoft shared\wwa6b1o6 gay jbp79p iu7knbkw6t .zip.exe
file	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\26uao4g58 ibxj3s2 [bangbus] iu7knbkw6t .mpg.exe
file	C:\Users\Administrator\AppData\Local\Temp\5b86ux 2eoamoy jspx4i ibxj3s2 v14bqy5ueys .rar.exe
file	C:\Users\Administrator\AppData\Local\Temporary Internet Files\porn jbp79p balls (ihcwxtl).rar.exe
file	C:\Users\All Users\Microsoft\Windows\Templates\ibxj3s2 girls ofok9a v14bqy5ueys .rar.exe
file	C:\ProgramData\Microsoft\Search\Data\Temp\wiya6rsl horse q0vgw72 mtn66856s5 (Liz).avi.exe
file	C:\Program Files\Microsoft Office\Templates\wwa6b1o6 cfj670ah3 2e032zbb .mpg.exe
file	C:\Program Files\Common Files\Microsoft Shared\26uao4g58 xxx jspx4i nugdmg18bgxp hole latex .rar.exe
file	C:\ProgramData\Microsoft\Windows\Templates\asian porn nude ibxj3s2 qf1ty1o ioey6bh0bls (1bcw83k,xr0uanj).mpeg.exe

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (12 events)

Time & API	Arguments	Status	Return
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x00000120 process_name: svchost.exe process_identifier: 776	1	1
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x00000120 process_name: svchost.exe process_identifier: 840	1	1
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x00000120 process_name: svchost.exe process_identifier: 924	1	1
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x00000120 process_name: taskhost.exe process_identifier: 1652	1	1
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x00000120 process_name: explorer.exe process_identifier: 1788	1	1
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x00000120 process_name: svchost.exe process_identifier: 2024	1	1
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x00000120 process_name: pythonw.exe process_identifier: 1156	1	1
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x00000120 process_name: sppsvc.exe process_identifier: 2696	1	1
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x00000120 process_name: mobsync.exe process_identifier: 1904	1	1
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x00000120 process_name: SearchFilterHost.exe process_identifier: 1400	1	1
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x00000120 process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 2632	1	1
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x00000278 process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840	1	1

Repeatedly searches for a not-found process, you may want to run a web browser during analysis (50 out of 197 events)

Time & API	Arguments	Status	Return	Repeated
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x00000120 process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 2632		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x00000298 process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1748		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x00000278 process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x00000278 process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x000002a0 process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x000002a0 process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x000002a0 process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x000002a0 process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x000002a0 process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x000002a0 process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x000002a0 process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x000002a0 process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x000002a0 process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x000002a0 process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x0000024c process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x0000024c process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x0000024c process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x0000024c process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x0000024c process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x0000024c process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x0000024c process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x0000024c process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x0000024c process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:46 a.m.	snapshot_handle: 0x0000024c process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x0000024c process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x0000024c process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x0000024c process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x0000024c process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x0000024c process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002c8 process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002c8 process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002c8 process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002c8 process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002c8 process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002c8 process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002c8 process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002c8 process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002c8 process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002c8 process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002c8 process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002c8 process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002c8 process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002c8 process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002c8 process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002c8 process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002c8 process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002c8 process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002c8 process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002a0 process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0
Process32NextW July 23, 2025, 8:47 a.m.	snapshot_handle: 0x000002a0 process_name: 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe process_identifier: 1840		0	0

A process attempted to delay the analysis task. (1 event)

description

8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe tried to sleep 1347 seconds, actually delayed analysis time by 1347 seconds

Enumerates services, possibly for anti-virtualization (1 event)

Time & API	Arguments	Status	Return	Repeated
EnumServicesStatusA July 23, 2025, 8:46 a.m.	service_handle: 0x004ccb68 service_type: 48 service_status: 1		0	0

File has been identified by 11 AntiVirus engine on IRMA as malicious (11 events)

G Data Antivirus (Windows)	Virus: Dropped:Generic.Malware.PVPk!!prn!.A4E7F61A (Engine A)
Avast Core Security (Linux)	Win32:MalwareX-gen [Misc]
Trellix (Linux)	GenericRXMK-QV
WithSecure (Linux)	Worm.WORM/Rbot.Gen
eScan Antivirus (Linux)	Dropped:Generic.Malware.PVPk!!prn!.A4E7F61A(DB)
ESET Security (Windows)	a variant of Win32/Agent.CP worm
Sophos Anti-Virus (Linux)	Troj/Agent-AJFK
DrWeb Antivirus (Linux)	Win32.HLLW.Siggen.1607
Bitdefender Antivirus (Linux)	Dropped:Generic.Malware.PVPk!!prn!.A4E7F61A
Kaspersky Standard (Windows)	HEUR:Trojan.Win32.Agent.gen
Emsisoft Commandline Scanner (Windows)	Dropped:Generic.Malware.PVPk!!prn!.A4E7F61A (B)

Screenshots

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action	VT	Location
No hosts contacted.

Browser recommendation

File 8b6f3311ec3f60af_likl9f mgdo94z3fb2 beast hot (!) glans jg9vqr79 .zip.exe

Summary Download Resubmit sample

Score

Autosubmit

Feedback

Information on Execution

Analyzer Log

Cuckoo Log

Signatures

Feedback

Summary
Download Resubmit sample