Cuckoo Sandbox

File 7d5094dc44102f65_hardcore hidden pregnant .zip.exe

Summary
Download Resubmit sample

Size	1.2MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`4af2898cccf3a534464dfaa7ad51ef3b`
SHA1	`fab51374e936c9b44e3c2202aae47338d6c5e407`
SHA256	`7d5094dc44102f65024d4a28fd9a0181aae28c4fb316e58daad94c22b52a03f1`
SHA512	`7f8da5797543f1d8f6757df882054d75d28ac175ac8a204a5204e42ce72ede64f152f1d086f3e4b0e14f6c6d22f0f1fec61a8c5d1fad38b4fa11a777891a89ea`
CRC32	`F10EA539`
ssdeep	`None`
Yara	UPX - (no description) suspicious_packer_section - The packer/protector section names/keywords win_registry - Affect system registries

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Autosubmit

Parent_Task_ID:6824473

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis

Category	Started	Completed	Duration	Routing	Logs
FILE	Aug. 8, 2025, 6:58 a.m.	Aug. 8, 2025, 7:01 a.m.	232 seconds	internet	Show Analyzer Log Show Cuckoo Log

Analyzer Log

2025-08-08 06:58:02,015 [analyzer] DEBUG: Starting analyzer from: C:\tmpl4240h
2025-08-08 06:58:02,030 [analyzer] DEBUG: Pipe server name: \??\PIPE\ZupjQrXUprLnAzGeUxPa
2025-08-08 06:58:02,030 [analyzer] DEBUG: Log pipe server name: \??\PIPE\ibBAaufcYSyOnfjefhQhyUxkLT
2025-08-08 06:58:02,030 [analyzer] DEBUG: No analysis package specified, trying to detect it automagically.
2025-08-08 06:58:02,062 [analyzer] INFO: Automatically selected analysis package "exe"
2025-08-08 06:58:02,453 [analyzer] DEBUG: Started auxiliary module Curtain
2025-08-08 06:58:02,453 [analyzer] DEBUG: Started auxiliary module DbgView
2025-08-08 06:58:02,890 [analyzer] DEBUG: Started auxiliary module Disguise
2025-08-08 06:58:03,092 [analyzer] DEBUG: Loaded monitor into process with pid 508
2025-08-08 06:58:03,092 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-08-08 06:58:03,092 [analyzer] DEBUG: Started auxiliary module Human
2025-08-08 06:58:03,092 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-08-08 06:58:03,092 [analyzer] DEBUG: Started auxiliary module Reboot
2025-08-08 06:58:03,171 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-08-08 06:58:03,171 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-08-08 06:58:03,171 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-08-08 06:58:03,171 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-08-08 06:58:03,296 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\7d5094dc44102f65_hardcore hidden pregnant .zip.exe' with arguments '' and pid 1352
2025-08-08 06:58:03,483 [analyzer] DEBUG: Loaded monitor into process with pid 1352
2025-08-08 06:58:03,687 [analyzer] INFO: Added new file to list with pid 1352 and path C:\Windows\mssrv.exe
2025-08-08 06:58:03,733 [analyzer] INFO: Added new file to list with pid 1352 and path C:\Program Files\Common Files\Microsoft Shared\blowjob porn masturbation stockings .mpg.exe
2025-08-08 06:58:03,967 [analyzer] INFO: Added new file to list with pid 1352 and path C:\Program Files\DVD Maker\Shared\asian trambling horse sleeping .zip.exe
2025-08-08 06:58:04,390 [analyzer] INFO: Added new file to list with pid 1352 and path C:\Program Files\Microsoft Office\Templates\lingerie cumshot masturbation .zip.exe
2025-08-08 06:58:04,437 [analyzer] INFO: Added new file to list with pid 1352 and path C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\norwegian xxx [bangbus] .mpg.exe
2025-08-08 06:58:04,608 [analyzer] INFO: Added new file to list with pid 1352 and path C:\Program Files\Windows Journal\Templates\american animal hot (!) .zip.exe
2025-08-08 06:58:04,717 [analyzer] INFO: Added new file to list with pid 1352 and path C:\Program Files\Windows Sidebar\Shared Gadgets\british gay gang bang [free] .zip.exe
2025-08-08 06:58:04,750 [analyzer] INFO: Added new file to list with pid 1352 and path C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\malaysia gang bang lesbian uncut upskirt  (Liz).avi.exe
2025-08-08 06:58:04,828 [analyzer] INFO: Added new file to list with pid 1352 and path C:\Program Files (x86)\Common Files\microsoft shared\gang bang public  (Liz,Janette).mpg.exe
2025-08-08 06:58:05,140 [analyzer] INFO: Added new file to list with pid 1352 and path C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\canadian beast gang bang masturbation .avi.exe
2025-08-08 06:58:05,233 [analyzer] INFO: Added new file to list with pid 1352 and path C:\ProgramData\Microsoft\Network\Downloader\japanese fetish hot (!)  (Kathrin).mpeg.exe
2025-08-08 06:58:05,265 [analyzer] INFO: Added new file to list with pid 1352 and path C:\ProgramData\Microsoft\RAC\Temp\fetish fetish girls cock traffic .zip.exe
2025-08-08 06:58:05,328 [analyzer] INFO: Added new file to list with pid 1352 and path C:\ProgramData\Microsoft\Search\Data\Temp\french hardcore masturbation shower .mpeg.exe
2025-08-08 06:58:05,421 [analyzer] INFO: Added new file to list with pid 1352 and path C:\ProgramData\Microsoft\Windows\Templates\malaysia action lesbian voyeur circumcision .avi.exe
2025-08-08 06:58:05,500 [analyzer] INFO: Added new file to list with pid 1352 and path C:\ProgramData\Microsoft\Windows\Templates\porn horse girls sweet  (Sylvia,Sylvia).rar.exe
2025-08-08 06:58:05,717 [analyzer] INFO: Injected into process with pid 1780 and name ''
2025-08-08 06:58:05,875 [analyzer] DEBUG: Loaded monitor into process with pid 1780
2025-08-08 06:58:06,030 [analyzer] INFO: Added new file to list with pid 1352 and path C:\tmpl4240h\asian beastiality action hot (!) gorgeoushorny .mpg.exe
2025-08-08 06:58:06,140 [analyzer] INFO: Added new file to list with pid 1352 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\nude hot (!) swallow .mpg.exe
2025-08-08 06:58:06,233 [analyzer] INFO: Added new file to list with pid 1352 and path C:\Users\Administrator\AppData\Local\Temp\swedish lesbian licking .zip.exe
2025-08-08 06:58:06,265 [analyzer] INFO: Added new file to list with pid 1352 and path C:\Users\Administrator\AppData\Local\Temp\mozilla-temp-files\fucking beast hot (!) glans hairy .avi.exe
2025-08-08 06:58:06,280 [analyzer] INFO: Added new file to list with pid 1352 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\handjob hardcore public swallow  (Jade).mpeg.exe
2025-08-08 06:58:06,483 [analyzer] INFO: Added new file to list with pid 1352 and path C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\japanese sperm [milf] femdom .avi.exe
2025-08-08 06:58:06,578 [analyzer] INFO: Added new file to list with pid 1352 and path C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\action fucking big .avi.exe
2025-08-08 06:58:06,640 [analyzer] INFO: Added new file to list with pid 1352 and path C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\spanish fetish cumshot hot (!) glans  (Karin,Janette).mpeg.exe
2025-08-08 06:58:06,717 [analyzer] INFO: Added new file to list with pid 1352 and path C:\Users\Administrator\Downloads\malaysia trambling horse hidden hole beautyfull .mpeg.exe
2025-08-08 06:58:06,780 [analyzer] INFO: Added new file to list with pid 1352 and path C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\brasilian horse gang bang masturbation .rar.exe
2025-08-08 06:58:06,875 [analyzer] INFO: Added new file to list with pid 1352 and path C:\ProgramData\Microsoft\Network\Downloader\african porn horse [free]  (Sarah).zip.exe
2025-08-08 06:58:06,905 [analyzer] INFO: Added new file to list with pid 1352 and path C:\ProgramData\Microsoft\RAC\Temp\horse masturbation vagina mistress  (Jade).rar.exe
2025-08-08 06:58:06,953 [analyzer] INFO: Added new file to list with pid 1352 and path C:\ProgramData\Microsoft\Search\Data\Temp\norwegian trambling cumshot full movie titts .mpeg.exe
2025-08-08 06:58:07,030 [analyzer] INFO: Added new file to list with pid 1352 and path C:\ProgramData\Microsoft\Windows\Templates\chinese bukkake several models glans .zip.exe
2025-08-08 06:58:07,108 [analyzer] INFO: Added new file to list with pid 1352 and path C:\ProgramData\Microsoft\Windows\Templates\spanish lingerie horse voyeur nipples  (Melissa,Sandy).mpg.exe
2025-08-08 06:58:07,140 [analyzer] INFO: Added new file to list with pid 1352 and path C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\lingerie girls vagina  (Jade,Curtney).zip.exe
2025-08-08 06:58:07,187 [analyzer] INFO: Added new file to list with pid 1352 and path C:\Users\Default\AppData\Local\Temp\action masturbation .mpeg.exe
2025-08-08 06:58:07,233 [analyzer] INFO: Added new file to list with pid 1352 and path C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\chinese blowjob beast licking .mpg.exe
2025-08-08 06:58:07,328 [analyzer] INFO: Added new file to list with pid 1352 and path C:\Users\Default\Downloads\canadian bukkake horse catfight shoes .zip.exe
2025-08-08 06:58:07,390 [analyzer] INFO: Added new file to list with pid 1352 and path C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\action big feet boots .zip.exe
2025-08-08 06:58:07,421 [analyzer] INFO: Added new file to list with pid 1352 and path C:\Users\Public\Downloads\beastiality catfight ejaculation .mpeg.exe
2025-08-08 06:58:07,500 [analyzer] INFO: Added new file to list with pid 1352 and path C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\malaysia cumshot sleeping cock .mpg.exe
2025-08-08 06:58:07,530 [analyzer] INFO: Added new file to list with pid 1352 and path C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\bukkake animal big 50+  (Kathrin).mpg.exe
2025-08-08 06:58:07,625 [analyzer] INFO: Added new file to list with pid 1352 and path C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\fucking gay [free] hairy  (Sarah,Jade).mpg.exe
2025-08-08 06:58:07,640 [analyzer] INFO: Added new file to list with pid 1352 and path C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\malaysia lingerie lesbian ash swallow .rar.exe
2025-08-08 06:01:42,948 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2025-08-08 06:01:43,401 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-08-08 06:01:43,401 [lib.api.process] INFO: Successfully terminated process with pid 1352.
2025-08-08 06:01:43,401 [lib.api.process] INFO: Successfully terminated process with pid 1780.
2025-08-08 06:01:44,276 [analyzer] WARNING: Too many files: c:\windows\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\fucking gay [free] hairy  (sarah,jade).mpg.exe
2025-08-08 06:01:44,292 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\microsoft\windows\temporary internet files\nude hot (!) swallow .mpg.exe
2025-08-08 06:01:44,292 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\swedish lesbian licking .zip.exe
2025-08-08 06:01:44,292 [analyzer] WARNING: Too many files: c:\programdata\microsoft\windows\templates\chinese bukkake several models glans .zip.exe
2025-08-08 06:01:44,292 [analyzer] WARNING: Too many files: c:\programdata\microsoft\network\downloader\african porn horse [free]  (sarah).zip.exe
2025-08-08 06:01:44,292 [analyzer] WARNING: Too many files: c:\users\public\downloads\beastiality catfight ejaculation .mpeg.exe
2025-08-08 06:01:44,292 [analyzer] WARNING: Too many files: c:\programdata\microsoft\network\downloader\japanese fetish hot (!)  (kathrin).mpeg.exe
2025-08-08 06:01:44,292 [analyzer] WARNING: Too many files: c:\users\default\downloads\canadian bukkake horse catfight shoes .zip.exe
2025-08-08 06:01:44,292 [analyzer] WARNING: Too many files: c:\program files (x86)\adobe\reader 9.0\reader\idtemplates\malaysia gang bang lesbian uncut upskirt  (liz).avi.exe
2025-08-08 06:01:44,292 [analyzer] WARNING: Too many files: c:\windows\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\bukkake animal big 50+  (kathrin).mpg.exe
2025-08-08 06:01:44,292 [analyzer] WARNING: Too many files: c:\program files\microsoft office\templates\1033\onenote\14\notebook templates\norwegian xxx [bangbus] .mpg.exe
2025-08-08 06:01:44,292 [analyzer] WARNING: Too many files: c:\windows\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\malaysia lingerie lesbian ash swallow .rar.exe
2025-08-08 06:01:44,292 [analyzer] WARNING: Too many files: c:\users\default\appdata\local\microsoft\windows\temporary internet files\lingerie girls vagina  (jade,curtney).zip.exe
2025-08-08 06:01:44,292 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\roaming\microsoft\windows\iedownloadhistory\action fucking big .avi.exe
2025-08-08 06:01:44,292 [analyzer] WARNING: Too many files: c:\program files (x86)\windows sidebar\shared gadgets\canadian beast gang bang masturbation .avi.exe
2025-08-08 06:01:44,292 [analyzer] INFO: Analysis completed.

Cuckoo Log

2025-08-08 06:58:03,528 [cuckoo.core.scheduler] INFO: Task #6824474: acquired machine win7x649 (label=win7x649)
2025-08-08 06:58:03,529 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.209 for task #6824474
2025-08-08 06:58:04,167 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 2579212 (interface=vboxnet0, host=192.168.168.209)
2025-08-08 06:58:04,736 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x649
2025-08-08 06:58:05,559 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x649 to vmcloak
2025-08-08 06:58:14,989 [cuckoo.core.guest] INFO: Starting analysis #6824474 on guest (id=win7x649, ip=192.168.168.209)
2025-08-08 06:58:15,995 [cuckoo.core.guest] DEBUG: win7x649: not ready yet
2025-08-08 06:58:21,019 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x649, ip=192.168.168.209)
2025-08-08 06:58:21,116 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x649, ip=192.168.168.209, monitor=latest, size=6660546)
2025-08-08 06:58:22,630 [cuckoo.core.resultserver] DEBUG: Task #6824474: live log analysis.log initialized.
2025-08-08 06:58:23,667 [cuckoo.core.resultserver] DEBUG: Task #6824474 is sending a BSON stream
2025-08-08 06:58:24,041 [cuckoo.core.resultserver] DEBUG: Task #6824474 is sending a BSON stream
2025-08-08 06:58:24,926 [cuckoo.core.resultserver] DEBUG: Task #6824474: File upload for 'shots/0001.jpg'
2025-08-08 06:58:24,941 [cuckoo.core.resultserver] DEBUG: Task #6824474 uploaded file length: 133470
2025-08-08 06:58:26,430 [cuckoo.core.resultserver] DEBUG: Task #6824474 is sending a BSON stream
2025-08-08 06:58:37,387 [cuckoo.core.guest] DEBUG: win7x649: analysis #6824474 still processing
2025-08-08 06:58:52,579 [cuckoo.core.guest] DEBUG: win7x649: analysis #6824474 still processing
2025-08-08 06:59:07,678 [cuckoo.core.guest] DEBUG: win7x649: analysis #6824474 still processing
2025-08-08 06:59:22,807 [cuckoo.core.guest] DEBUG: win7x649: analysis #6824474 still processing
2025-08-08 06:59:37,918 [cuckoo.core.guest] DEBUG: win7x649: analysis #6824474 still processing
2025-08-08 06:59:53,049 [cuckoo.core.guest] DEBUG: win7x649: analysis #6824474 still processing
2025-08-08 07:00:08,201 [cuckoo.core.guest] DEBUG: win7x649: analysis #6824474 still processing
2025-08-08 07:00:23,325 [cuckoo.core.guest] DEBUG: win7x649: analysis #6824474 still processing
2025-08-08 07:00:38,443 [cuckoo.core.guest] DEBUG: win7x649: analysis #6824474 still processing
2025-08-08 07:00:53,566 [cuckoo.core.guest] DEBUG: win7x649: analysis #6824474 still processing
2025-08-08 07:01:08,697 [cuckoo.core.guest] DEBUG: win7x649: analysis #6824474 still processing
2025-08-08 07:01:23,816 [cuckoo.core.guest] DEBUG: win7x649: analysis #6824474 still processing
2025-08-08 07:01:38,930 [cuckoo.core.guest] DEBUG: win7x649: analysis #6824474 still processing
2025-08-08 07:01:43,231 [cuckoo.core.resultserver] DEBUG: Task #6824474: File upload for 'curtain/1754625703.23.curtain.log'
2025-08-08 07:01:43,236 [cuckoo.core.resultserver] DEBUG: Task #6824474 uploaded file length: 36
2025-08-08 07:01:43,404 [cuckoo.core.resultserver] DEBUG: Task #6824474: File upload for 'sysmon/1754625703.4.sysmon.xml'
2025-08-08 07:01:43,413 [cuckoo.core.resultserver] DEBUG: Task #6824474 uploaded file length: 712272
2025-08-08 07:01:43,434 [cuckoo.core.resultserver] DEBUG: Task #6824474: File upload for 'files/eeb6f5dcfbb1a224_malaysia cumshot sleeping cock .mpg.exe'
2025-08-08 07:01:43,481 [cuckoo.core.resultserver] DEBUG: Task #6824474 uploaded file length: 2042136
2025-08-08 07:01:43,499 [cuckoo.core.resultserver] DEBUG: Task #6824474: File upload for 'files/8471c6e847beca12_action big feet boots .zip.exe'
2025-08-08 07:01:43,515 [cuckoo.core.resultserver] DEBUG: Task #6824474 uploaded file length: 1361914
2025-08-08 07:01:43,526 [cuckoo.core.resultserver] DEBUG: Task #6824474: File upload for 'files/c5b8774c68f03a85_fetish fetish girls cock traffic .zip.exe'
2025-08-08 07:01:43,534 [cuckoo.core.resultserver] DEBUG: Task #6824474 uploaded file length: 744794
2025-08-08 07:01:43,551 [cuckoo.core.resultserver] DEBUG: Task #6824474: File upload for 'files/1b45d0bd33655564_handjob hardcore public swallow  (jade).mpeg.exe'
2025-08-08 07:01:43,560 [cuckoo.core.resultserver] DEBUG: Task #6824474 uploaded file length: 1167778
2025-08-08 07:01:43,569 [cuckoo.core.resultserver] DEBUG: Task #6824474: File upload for 'files/547b9c5cbccf5d5d_fucking beast hot (!) glans hairy .avi.exe'
2025-08-08 07:01:43,575 [cuckoo.core.resultserver] DEBUG: Task #6824474 uploaded file length: 552407
2025-08-08 07:01:43,590 [cuckoo.core.resultserver] DEBUG: Task #6824474: File upload for 'files/17bf6ae65c5d78cc_asian beastiality action hot (!) gorgeoushorny .mpg.exe'
2025-08-08 07:01:43,616 [cuckoo.core.resultserver] DEBUG: Task #6824474 uploaded file length: 1556868
2025-08-08 07:01:43,642 [cuckoo.core.resultserver] DEBUG: Task #6824474: File upload for 'files/ce46a67eddc33a4c_porn horse girls sweet  (sylvia,sylvia).rar.exe'
2025-08-08 07:01:43,669 [cuckoo.core.resultserver] DEBUG: Task #6824474 uploaded file length: 2177936
2025-08-08 07:01:43,683 [cuckoo.core.resultserver] DEBUG: Task #6824474: File upload for 'files/880f6d163428f120_japanese sperm [milf] femdom .avi.exe'
2025-08-08 07:01:43,697 [cuckoo.core.resultserver] DEBUG: Task #6824474 uploaded file length: 1311288
2025-08-08 07:01:43,719 [cuckoo.core.resultserver] DEBUG: Task #6824474: File upload for 'files/3cea14e5fc83f81a_action masturbation .mpeg.exe'
2025-08-08 07:01:43,737 [cuckoo.core.resultserver] DEBUG: Task #6824474 uploaded file length: 1758284
2025-08-08 07:01:43,754 [cuckoo.core.resultserver] DEBUG: Task #6824474: File upload for 'files/7508a16131227981_lingerie cumshot masturbation .zip.exe'
2025-08-08 07:01:43,860 [cuckoo.core.resultserver] DEBUG: Task #6824474 uploaded file length: 1162597
2025-08-08 07:01:43,880 [cuckoo.core.resultserver] DEBUG: Task #6824474: File upload for 'files/c145052fb7ca45f8_american animal hot (!) .zip.exe'
2025-08-08 07:01:43,896 [cuckoo.core.resultserver] DEBUG: Task #6824474 uploaded file length: 1518196
2025-08-08 07:01:43,910 [cuckoo.core.resultserver] DEBUG: Task #6824474: File upload for 'files/63723f44ec4ec749_brasilian horse gang bang masturbation .rar.exe'
2025-08-08 07:01:43,934 [cuckoo.core.resultserver] DEBUG: Task #6824474 uploaded file length: 2093175
2025-08-08 07:01:43,957 [cuckoo.core.resultserver] DEBUG: Task #6824474: File upload for 'files/72013ed32612c1dc_french hardcore masturbation shower .mpeg.exe'
2025-08-08 07:01:43,985 [cuckoo.core.resultserver] DEBUG: Task #6824474 uploaded file length: 1731405
2025-08-08 07:01:44,005 [cuckoo.core.resultserver] DEBUG: Task #6824474: File upload for 'files/c2a6777a7f9d7eb1_spanish lingerie horse voyeur nipples  (melissa,sandy).mpg.exe'
2025-08-08 07:01:44,016 [cuckoo.core.resultserver] DEBUG: Task #6824474: File upload for 'files/9214cbb152bc55e8_norwegian trambling cumshot full movie titts .mpeg.exe'
2025-08-08 07:01:44,022 [cuckoo.core.resultserver] DEBUG: Task #6824474 uploaded file length: 824447
2025-08-08 07:01:44,028 [cuckoo.core.resultserver] DEBUG: Task #6824474 uploaded file length: 623917
2025-08-08 07:01:44,034 [cuckoo.core.resultserver] DEBUG: Task #6824474: File upload for 'files/7ae8ac55cecbefb3_blowjob porn masturbation stockings .mpg.exe'
2025-08-08 07:01:44,048 [cuckoo.core.resultserver] DEBUG: Task #6824474 uploaded file length: 1684838
2025-08-08 07:01:44,057 [cuckoo.core.resultserver] DEBUG: Task #6824474: File upload for 'files/04fc5e0470ee3adb_malaysia action lesbian voyeur circumcision .avi.exe'
2025-08-08 07:01:44,063 [cuckoo.core.resultserver] DEBUG: Task #6824474 uploaded file length: 906439
2025-08-08 07:01:44,075 [cuckoo.core.resultserver] DEBUG: Task #6824474: File upload for 'files/9aaa48da20f288fb_asian trambling horse sleeping .zip.exe'
2025-08-08 07:01:44,109 [cuckoo.core.resultserver] DEBUG: Task #6824474 uploaded file length: 2178906
2025-08-08 07:01:44,124 [cuckoo.core.resultserver] DEBUG: Task #6824474: File upload for 'files/03836967138e254d_mssrv.exe'
2025-08-08 07:01:44,151 [cuckoo.core.resultserver] DEBUG: Task #6824474 uploaded file length: 1517015
2025-08-08 07:01:44,163 [cuckoo.core.resultserver] DEBUG: Task #6824474: File upload for 'files/0ae531c0af7f9e52_spanish fetish cumshot hot (!) glans  (karin,janette).mpeg.exe'
2025-08-08 07:01:44,175 [cuckoo.core.resultserver] DEBUG: Task #6824474 uploaded file length: 1185176
2025-08-08 07:01:44,180 [cuckoo.core.resultserver] DEBUG: Task #6824474: File upload for 'files/390781544dec9727_british gay gang bang [free] .zip.exe'
2025-08-08 07:01:44,186 [cuckoo.core.resultserver] DEBUG: Task #6824474 uploaded file length: 480827
2025-08-08 07:01:44,188 [cuckoo.core.resultserver] DEBUG: Task #6824474: File upload for 'files/4be6644103f8eb4d_horse masturbation vagina mistress  (jade).rar.exe'
2025-08-08 07:01:44,196 [cuckoo.core.resultserver] DEBUG: Task #6824474 uploaded file length: 287051
2025-08-08 07:01:44,201 [cuckoo.core.resultserver] DEBUG: Task #6824474: File upload for 'files/700ce89fcb0fee2f_chinese blowjob beast licking .mpg.exe'
2025-08-08 07:01:44,223 [cuckoo.core.resultserver] DEBUG: Task #6824474 uploaded file length: 2006049
2025-08-08 07:01:44,238 [cuckoo.core.resultserver] DEBUG: Task #6824474: File upload for 'files/cb98dc0871c8517c_gang bang public  (liz,janette).mpg.exe'
2025-08-08 07:01:44,257 [cuckoo.core.resultserver] DEBUG: Task #6824474 uploaded file length: 1798239
2025-08-08 07:01:44,270 [cuckoo.core.resultserver] DEBUG: Task #6824474: File upload for 'files/9af6d3d75b9f1c46_malaysia trambling horse hidden hole beautyfull .mpeg.exe'
2025-08-08 07:01:44,288 [cuckoo.core.resultserver] DEBUG: Task #6824474 uploaded file length: 1738172
2025-08-08 07:01:44,310 [cuckoo.core.resultserver] DEBUG: Task #6824474 had connection reset for <Context for LOG>
2025-08-08 07:01:44,978 [cuckoo.core.guest] INFO: win7x649: analysis completed successfully
2025-08-08 07:01:44,994 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-08-08 07:01:45,016 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-08-08 07:01:46,579 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x649 to path /srv/cuckoo/cwd/storage/analyses/6824474/memory.dmp
2025-08-08 07:01:46,580 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x649
2025-08-08 07:01:55,081 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.209 for task #6824474
2025-08-08 07:01:55,434 [cuckoo.core.scheduler] DEBUG: Released database task #6824474
2025-08-08 07:01:55,458 [cuckoo.core.scheduler] INFO: Task #6824474: analysis procedure completed

Signatures

Yara rules detected for file (3 events)

description	(no description)	rule	UPX
description	The packer/protector section names/keywords	rule	suspicious_packer_section
description	Affect system registries	rule	win_registry

Creates executable files on the filesystem (40 events)

file	C:\ProgramData\Microsoft\RAC\Temp\fetish fetish girls cock traffic .zip.exe
file	C:\Program Files\Common Files\Microsoft Shared\blowjob porn masturbation stockings .mpg.exe
file	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\bukkake animal big 50+ (Kathrin).mpg.exe
file	C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\norwegian xxx [bangbus] .mpg.exe
file	C:\Users\All Users\Microsoft\Windows\Templates\chinese bukkake several models glans .zip.exe
file	C:\tmpl4240h\asian beastiality action hot (!) gorgeoushorny .mpg.exe
file	C:\Program Files\Microsoft Office\Templates\lingerie cumshot masturbation .zip.exe
file	C:\Users\Public\Downloads\beastiality catfight ejaculation .mpeg.exe
file	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\malaysia cumshot sleeping cock .mpg.exe
file	C:\ProgramData\Microsoft\Windows\Templates\malaysia action lesbian voyeur circumcision .avi.exe
file	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\malaysia gang bang lesbian uncut upskirt (Liz).avi.exe
file	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\fucking gay [free] hairy (Sarah,Jade).mpg.exe
file	C:\Users\Administrator\AppData\Local\Temp\mozilla-temp-files\fucking beast hot (!) glans hairy .avi.exe
file	C:\Users\All Users\Microsoft\Search\Data\Temp\norwegian trambling cumshot full movie titts .mpeg.exe
file	C:\Windows\mssrv.exe
file	C:\Users\Default\Templates\action big feet boots .zip.exe
file	C:\Users\All Users\Templates\spanish lingerie horse voyeur nipples (Melissa,Sandy).mpg.exe
file	C:\Users\All Users\Microsoft\RAC\Temp\horse masturbation vagina mistress (Jade).rar.exe
file	C:\Users\Default\Downloads\canadian bukkake horse catfight shoes .zip.exe
file	C:\Users\Administrator\Templates\brasilian horse gang bang masturbation .rar.exe
file	C:\Users\Administrator\AppData\Local\Temporary Internet Files\handjob hardcore public swallow (Jade).mpeg.exe
file	C:\ProgramData\Microsoft\Network\Downloader\japanese fetish hot (!) (Kathrin).mpeg.exe
file	C:\ProgramData\Microsoft\Search\Data\Temp\french hardcore masturbation shower .mpeg.exe
file	C:\Users\Administrator\Downloads\malaysia trambling horse hidden hole beautyfull .mpeg.exe
file	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\canadian beast gang bang masturbation .avi.exe
file	C:\Users\All Users\Microsoft\Network\Downloader\african porn horse [free] (Sarah).zip.exe
file	C:\Users\Default\AppData\Local\Temporary Internet Files\chinese blowjob beast licking .mpg.exe
file	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\lingerie girls vagina (Jade,Curtney).zip.exe
file	C:\Users\Default\AppData\Local\Temp\action masturbation .mpeg.exe
file	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\spanish fetish cumshot hot (!) glans (Karin,Janette).mpeg.exe
file	C:\Program Files\Windows Sidebar\Shared Gadgets\british gay gang bang [free] .zip.exe
file	C:\Program Files\Windows Journal\Templates\american animal hot (!) .zip.exe
file	C:\Program Files (x86)\Common Files\microsoft shared\gang bang public (Liz,Janette).mpg.exe
file	C:\ProgramData\Templates\porn horse girls sweet (Sylvia,Sylvia).rar.exe
file	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\nude hot (!) swallow .mpg.exe
file	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\malaysia lingerie lesbian ash swallow .rar.exe
file	C:\Program Files\DVD Maker\Shared\asian trambling horse sleeping .zip.exe
file	C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\japanese sperm [milf] femdom .avi.exe
file	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\action fucking big .avi.exe
file	C:\Users\Administrator\AppData\Local\Temp\swedish lesbian licking .zip.exe

Drops an executable to the user AppData folder (1 event)

file	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\action big feet boots .zip.exe

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (41 events)

Time & API	Arguments	Status	Return
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: smss.exe process_identifier: 284	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: csrss.exe process_identifier: 360	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: wininit.exe process_identifier: 388	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: csrss.exe process_identifier: 412	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: winlogon.exe process_identifier: 448	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: services.exe process_identifier: 492	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: lsass.exe process_identifier: 508	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: lsm.exe process_identifier: 516	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: svchost.exe process_identifier: 620	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: svchost.exe process_identifier: 692	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: svchost.exe process_identifier: 764	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: svchost.exe process_identifier: 832	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: svchost.exe process_identifier: 880	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: svchost.exe process_identifier: 908	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: svchost.exe process_identifier: 416	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: spoolsv.exe process_identifier: 1044	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: svchost.exe process_identifier: 1084	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: sysmon.exe process_identifier: 1232	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: dwm.exe process_identifier: 1616	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: taskhost.exe process_identifier: 1668	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: unsecapp.exe process_identifier: 1700	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: explorer.exe process_identifier: 1744	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: svchost.exe process_identifier: 2000	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: pythonw.exe process_identifier: 648	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: WmiPrvSE.exe process_identifier: 2084	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: SearchIndexer.exe process_identifier: 2244	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: OSPPSVC.EXE process_identifier: 3048	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: svchost.exe process_identifier: 2576	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: mscorsvw.exe process_identifier: 2608	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: mscorsvw.exe process_identifier: 2592	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: sppsvc.exe process_identifier: 2772	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: WmiPrvSE.exe process_identifier: 2508	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: WmiPrvSE.exe process_identifier: 2324	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: mobsync.exe process_identifier: 2232	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: pythonw.exe process_identifier: 1488	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: taskhost.exe process_identifier: 2388	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: SearchProtocolHost.exe process_identifier: 2212	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: SearchFilterHost.exe process_identifier: 820	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 1352	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000268 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 1780	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000270 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176	1	1

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00008800', u'virtual_address': u'0x00012000', u'entropy': 7.943864614025491, u'name': u'UPX1', u'virtual_size': u'0x00009000'}

entropy

7.94386461403

description

A section with a high entropy has been found

entropy

0.985507246377

description

Overall entropy of this PE file is high

Repeatedly searches for a not-found process, you may want to run a web browser during analysis (50 out of 197 events)

Time & API	Arguments	Status	Return	Repeated
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000110 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 1352		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000268 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 1780		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000270 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000270 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000270 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000270 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000270 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000270 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000270 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000270 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000270 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000270 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000270 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000270 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000244 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000244 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000244 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000244 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000244 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000244 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000244 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000244 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000244 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000244 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000244 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000244 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000244 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000244 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x00000244 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002a8 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002a8 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002a8 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002a8 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002a8 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002a8 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002a8 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002a8 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002a8 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002a8 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002a8 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002a8 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002a8 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002a8 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002a8 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002a8 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002a8 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002a8 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002a8 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x00000270 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x00000270 process_name: 7d5094dc44102f65_hardcore hidden pregnant .zip.exe process_identifier: 176		0	0

The executable is compressed using UPX (3 events)

section	UPX0	description	Section name indicates UPX
section	UPX1	description	Section name indicates UPX
section	UPX2	description	Section name indicates UPX

A process attempted to delay the analysis task. (1 event)

description

7d5094dc44102f65_hardcore hidden pregnant .zip.exe tried to sleep 1344 seconds, actually delayed analysis time by 1344 seconds

Enumerates services, possibly for anti-virtualization (1 event)

Time & API	Arguments	Status	Return	Repeated
EnumServicesStatusA Aug. 8, 2025, 7:58 a.m.	service_handle: 0x0058c990 service_type: 48 service_status: 1		0	0

Installs itself for autorun at Windows startup (1 event)

reg_key

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32

reg_value

C:\Windows\mssrv.exeÿdu:ÈDYÿ¸::Ð9VÀ×XÊlºwÀ×XÈDY\Ð9VÀBYÄVèú¥õqø;ª8ûxÿõq¾w¿àuþÿÿÿª8ºw¢4ºwÀBY\]¸BY0ü7.ávVÀBYÃ@\ý¸ºÀBYØþâ@

Creates known WinSxsBot/Sfone Worm files, registry keys and/or mutexes (1 event)

mutex

mutex666

File has been identified by 14 AntiVirus engine on IRMA as malicious (14 events)

G Data Antivirus (Windows)	Virus: Gen:Heur.Mint.Murphy.3 (Engine A), Win32.Worm.Sfone.B (Engine B)
Avast Core Security (Linux)	Win32:MalwareX-gen [Wrm]
C4S ClamAV (Linux)	Win.Malware.Bbabdcdc-7358314-0
Trend Micro SProtect (Linux)	Worm.Win32.SFONE.SM
Trellix (Linux)	GenericRXKN-BX
WithSecure (Linux)	Trojan.TR/Crypt.ULPM.Gen
eScan Antivirus (Linux)	Gen:Heur.Mint.Murphy.3(DB)
ESET Security (Windows)	Win32/Agent.CP worm
Sophos Anti-Virus (Linux)	W32/Sfone-A
DrWeb Antivirus (Linux)	Win32.HLLW.Siggen.1607
ClamAV (Linux)	Win.Malware.Bbabdcdc-7358314-0
Bitdefender Antivirus (Linux)	Gen:Heur.Mint.Murphy.3
Kaspersky Standard (Windows)	Worm.Win32.Agent.cp
Emsisoft Commandline Scanner (Windows)	Gen:Heur.Mint.Murphy.3 (B)

Screenshots

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action	VT	Location
No hosts contacted.

Browser recommendation

File 7d5094dc44102f65_hardcore hidden pregnant .zip.exe

Summary Download Resubmit sample

Score

Autosubmit

Feedback

Information on Execution

Analyzer Log

Cuckoo Log

Signatures

Feedback

Summary
Download Resubmit sample