Cuckoo Sandbox

File 8c9d3f1ead6cfd99_service.txt

Summary
Download Resubmit sample

Size	520.8KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`19cdb353c1f53c732359cca435cbb93e`
SHA1	`46d5766ae559bdd6e4276578575816c1605432e5`
SHA256	`8c9d3f1ead6cfd995e3bc389174c85e992fb48b8f9f48cdcd46100be0bd2f060`
SHA512	`24aa1e148108f0185b5031d7ca21632298605f14115bb397f264009d1045c4d01df3bb53b4e7d160e957befdbfab9410ea5633c23f360189b2569bdac79576d2`
CRC32	`01AB9A5B`
ssdeep	`None`
Yara	SEH__vba - (no description)

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Autosubmit

Parent_Task_ID:6587002

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis

Category	Started	Completed	Duration	Routing	Logs
FILE	July 2, 2025, 3:30 p.m.	July 2, 2025, 3:42 p.m.	739 seconds	internet	Show Analyzer Log Show Cuckoo Log

Analyzer Log

2025-06-25 01:57:00,030 [analyzer] DEBUG: Starting analyzer from: C:\tmpd0os1j
2025-06-25 01:57:00,030 [analyzer] DEBUG: Pipe server name: \??\PIPE\iyqSgGOIDThvMOpIIDHJE
2025-06-25 01:57:00,030 [analyzer] DEBUG: Log pipe server name: \??\PIPE\yZGYZFFAlwnxzBkFurOZOqRb
2025-06-25 01:57:00,030 [analyzer] DEBUG: No analysis package specified, trying to detect it automagically.
2025-06-25 01:57:00,030 [analyzer] INFO: Automatically selected analysis package "exe"
2025-06-25 01:57:00,655 [analyzer] DEBUG: Started auxiliary module Curtain
2025-06-25 01:57:00,671 [analyzer] DEBUG: Started auxiliary module DbgView
2025-06-25 01:57:01,265 [analyzer] DEBUG: Started auxiliary module Disguise
2025-06-25 01:57:01,483 [analyzer] DEBUG: Loaded monitor into process with pid 512
2025-06-25 01:57:01,483 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-06-25 01:57:01,483 [analyzer] DEBUG: Started auxiliary module Human
2025-06-25 01:57:01,483 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-06-25 01:57:01,483 [analyzer] DEBUG: Started auxiliary module Reboot
2025-06-25 01:57:01,530 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-06-25 01:57:01,530 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-06-25 01:57:01,530 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-06-25 01:57:01,546 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-06-25 01:57:01,765 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\8c9d3f1ead6cfd99_service.txt' with arguments '' and pid 2716
2025-06-25 01:57:02,000 [analyzer] DEBUG: Loaded monitor into process with pid 2716
2025-06-25 01:57:03,421 [analyzer] INFO: Added new file to list with pid 2716 and path C:\Users\Administrator\AppData\Local\TempBUUJS.txt
2025-06-25 01:57:03,562 [analyzer] INFO: Injected into process with pid 2072 and name u'cmd.exe'
2025-06-25 01:57:03,765 [analyzer] DEBUG: Loaded monitor into process with pid 2072
2025-06-25 01:57:03,875 [analyzer] INFO: Injected into process with pid 2108 and name u'reg.exe'
2025-06-25 01:57:04,046 [analyzer] DEBUG: Loaded monitor into process with pid 2108
2025-06-25 01:57:04,578 [analyzer] INFO: Added new file to list with pid 2716 and path C:\Users\Administrator\AppData\Local\Temp\HKWVWSQXSIVDMDX\service.txt
2025-06-25 01:57:04,671 [analyzer] INFO: Injected into process with pid 1832 and name u'service.exe'
2025-06-25 01:57:04,765 [analyzer] INFO: Process with pid 2716 has terminated
2025-06-25 01:57:04,765 [analyzer] INFO: Process with pid 2108 has terminated
2025-06-25 01:57:04,828 [analyzer] DEBUG: Loaded monitor into process with pid 1832
2025-06-25 01:57:05,765 [analyzer] INFO: Process with pid 2072 has terminated
2025-06-25 01:57:06,155 [analyzer] INFO: Added new file to list with pid 1832 and path C:\Users\Administrator\AppData\Local\TempOQGUC.txt
2025-06-25 01:57:07,217 [analyzer] INFO: Added new file to list with pid 1832 and path C:\Users\Administrator\AppData\Local\Temp\UNMUIIJECJFVIPK\service.txt
2025-06-25 02:00:20,780 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2025-06-25 02:00:21,437 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-06-25 02:00:21,437 [lib.api.process] INFO: Successfully terminated process with pid 1832.
2025-06-25 02:00:21,437 [analyzer] INFO: Analysis completed.

Cuckoo Log

2025-07-02 15:30:26,438 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:30:27,526 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:30:28,594 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:30:29,733 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:30:30,775 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:30:31,839 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:30:32,909 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:30:33,957 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:30:34,996 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:30:36,047 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:30:37,425 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:30:38,492 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:30:39,708 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:30:40,990 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:30:42,082 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:30:43,167 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:30:44,254 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:30:45,327 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:30:46,390 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:30:47,437 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:30:48,497 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:30:49,546 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:30:50,611 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:30:52,101 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:30:53,334 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:30:54,455 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:30:55,536 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:30:56,609 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:30:57,689 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:30:58,792 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:30:59,866 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:00,917 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:01,946 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:02,967 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:03,986 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:05,006 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:06,304 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:07,358 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:08,402 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:09,742 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:10,768 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:11,789 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:12,810 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:13,829 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:14,855 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:15,883 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:16,910 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:17,932 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:18,953 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:19,980 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:21,001 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:22,027 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:23,046 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:24,065 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:25,085 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:26,112 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:27,136 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:28,157 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:29,202 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:30,263 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:31,341 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:32,438 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:33,491 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:34,562 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:35,940 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:37,086 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:38,137 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:39,188 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:40,241 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:41,286 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:42,343 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:43,453 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:44,530 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:45,614 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:46,910 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:47,957 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:49,007 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:50,060 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:51,130 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:52,176 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:53,417 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:54,607 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:55,646 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:56,697 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:57,755 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:31:58,971 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:00,043 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:01,099 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:02,150 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:03,199 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:04,248 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:05,331 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:06,389 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:07,425 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:08,489 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:09,545 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:10,591 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:11,638 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:12,675 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:13,716 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:14,770 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:15,814 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:16,860 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:18,474 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:19,535 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:20,699 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:21,812 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:22,882 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:23,939 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:25,008 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:26,069 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:27,104 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:28,125 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:29,402 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:30,470 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:31,545 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:32,617 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:33,703 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:34,811 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:35,916 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:37,364 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:38,432 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:39,559 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:40,621 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:41,683 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:42,727 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:43,753 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:44,782 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:45,807 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:46,854 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:47,883 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:48,909 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:49,934 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:50,955 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:52,010 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:53,035 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:54,071 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:55,123 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:56,301 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:57,377 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:58,437 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:32:59,517 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:00,582 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:01,645 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:02,741 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:03,865 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:04,907 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:05,935 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:07,376 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:08,477 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:09,685 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:10,774 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:11,948 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:13,077 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:14,181 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:15,291 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:16,426 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:17,559 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:18,638 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:19,815 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:21,050 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:22,358 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:23,494 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:24,610 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:25,711 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:26,812 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:27,913 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:29,008 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:30,094 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:31,315 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:32,394 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:33,467 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:35,023 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:36,101 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:37,397 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:38,681 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:39,818 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:40,875 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:41,906 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:42,958 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:44,011 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:45,078 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:46,145 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:47,213 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:48,309 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:49,364 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:50,413 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:51,451 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:52,490 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:53,534 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:54,614 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:55,661 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:56,701 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:57,734 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:33:58,973 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:00,074 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:01,161 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:02,250 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:03,337 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:04,414 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:05,561 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:06,655 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:07,726 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:08,814 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:09,895 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:10,963 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:12,502 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:13,565 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:14,631 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:15,732 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:16,815 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:17,882 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:18,918 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:19,945 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:20,992 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:22,019 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:23,049 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:24,084 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:25,126 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:26,194 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:27,246 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:28,274 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:29,336 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:30,403 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:31,478 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:32,534 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:33,587 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:34,644 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:35,695 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:36,752 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:37,826 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:38,903 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:39,950 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:41,004 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:42,076 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:43,146 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:44,194 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:45,289 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:46,370 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:47,785 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:49,088 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:50,144 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:51,173 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:52,589 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:53,686 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:55,509 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:56,786 [cuckoo.core.scheduler] DEBUG: Task #6631975: no machine available yet
2025-07-02 15:34:57,866 [cuckoo.core.scheduler] INFO: Task #6631975: acquired machine win7x6429 (label=win7x6429)
2025-07-02 15:34:57,871 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.229 for task #6631975
2025-07-02 15:34:58,239 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 3041791 (interface=vboxnet0, host=192.168.168.229)
2025-07-02 15:35:00,114 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6429
2025-07-02 15:35:07,540 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6429 to vmcloak
2025-07-02 15:36:16,961 [cuckoo.core.guest] INFO: Starting analysis #6631975 on guest (id=win7x6429, ip=192.168.168.229)
2025-07-02 15:36:17,966 [cuckoo.core.guest] DEBUG: win7x6429: not ready yet
2025-07-02 15:36:23,007 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6429, ip=192.168.168.229)
2025-07-02 15:36:23,095 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6429, ip=192.168.168.229, monitor=latest, size=6660546)
2025-07-02 15:36:25,304 [cuckoo.core.resultserver] DEBUG: Task #6631975: live log analysis.log initialized.
2025-07-02 15:36:26,741 [cuckoo.core.resultserver] DEBUG: Task #6631975 is sending a BSON stream
2025-07-02 15:36:27,235 [cuckoo.core.resultserver] DEBUG: Task #6631975 is sending a BSON stream
2025-07-02 15:36:27,974 [cuckoo.core.resultserver] DEBUG: Task #6631975: File upload for 'shots/0001.jpg'
2025-07-02 15:36:27,984 [cuckoo.core.resultserver] DEBUG: Task #6631975 uploaded file length: 133384
2025-07-02 15:36:28,769 [cuckoo.core.resultserver] DEBUG: Task #6631975: File upload for 'files/8ea98ee1d152d6d6_TempBUUJS.txt'
2025-07-02 15:36:28,776 [cuckoo.core.resultserver] DEBUG: Task #6631975 uploaded file length: 166
2025-07-02 15:36:29,023 [cuckoo.core.resultserver] DEBUG: Task #6631975 is sending a BSON stream
2025-07-02 15:36:29,423 [cuckoo.core.resultserver] DEBUG: Task #6631975 is sending a BSON stream
2025-07-02 15:36:29,929 [cuckoo.core.resultserver] DEBUG: Task #6631975: File upload for 'files/20bdcb56041479e9_service.txt'
2025-07-02 15:36:29,937 [cuckoo.core.resultserver] DEBUG: Task #6631975 uploaded file length: 533330
2025-07-02 15:36:30,097 [cuckoo.core.resultserver] DEBUG: Task #6631975 is sending a BSON stream
2025-07-02 15:36:31,510 [cuckoo.core.resultserver] DEBUG: Task #6631975: File upload for 'files/003331e16f8ae277_TempOQGUC.txt'
2025-07-02 15:36:31,512 [cuckoo.core.resultserver] DEBUG: Task #6631975 uploaded file length: 166
2025-07-02 15:36:32,647 [cuckoo.core.resultserver] DEBUG: Task #6631975: File upload for 'files/f96befe00f24288e_service.txt'
2025-07-02 15:36:32,801 [cuckoo.core.resultserver] DEBUG: Task #6631975 uploaded file length: 533333
2025-07-02 15:36:39,839 [cuckoo.core.guest] DEBUG: win7x6429: analysis #6631975 still processing
2025-07-02 15:36:55,024 [cuckoo.core.guest] DEBUG: win7x6429: analysis #6631975 still processing
2025-07-02 15:37:10,107 [cuckoo.core.guest] DEBUG: win7x6429: analysis #6631975 still processing
2025-07-02 15:37:25,331 [cuckoo.core.guest] DEBUG: win7x6429: analysis #6631975 still processing
2025-07-02 15:37:40,461 [cuckoo.core.guest] DEBUG: win7x6429: analysis #6631975 still processing
2025-07-02 15:37:55,616 [cuckoo.core.guest] DEBUG: win7x6429: analysis #6631975 still processing
2025-07-02 15:38:10,707 [cuckoo.core.guest] DEBUG: win7x6429: analysis #6631975 still processing
2025-07-02 15:38:26,011 [cuckoo.core.guest] DEBUG: win7x6429: analysis #6631975 still processing
2025-07-02 15:38:41,300 [cuckoo.core.guest] DEBUG: win7x6429: analysis #6631975 still processing
2025-07-02 15:38:56,380 [cuckoo.core.guest] DEBUG: win7x6429: analysis #6631975 still processing
2025-07-02 15:39:11,692 [cuckoo.core.guest] DEBUG: win7x6429: analysis #6631975 still processing
2025-07-02 15:39:26,767 [cuckoo.core.guest] DEBUG: win7x6429: analysis #6631975 still processing
2025-07-02 15:39:41,930 [cuckoo.core.guest] DEBUG: win7x6429: analysis #6631975 still processing
2025-07-02 15:39:46,308 [cuckoo.core.resultserver] DEBUG: Task #6631975: File upload for 'curtain/1750809620.95.curtain.log'
2025-07-02 15:39:46,312 [cuckoo.core.resultserver] DEBUG: Task #6631975 uploaded file length: 36
2025-07-02 15:39:46,721 [cuckoo.core.resultserver] DEBUG: Task #6631975: File upload for 'sysmon/1750809621.38.sysmon.xml'
2025-07-02 15:39:46,779 [cuckoo.core.resultserver] DEBUG: Task #6631975 uploaded file length: 6550280
2025-07-02 15:39:46,803 [cuckoo.core.resultserver] DEBUG: Task #6631975 had connection reset for <Context for LOG>
2025-07-02 15:39:47,978 [cuckoo.core.guest] INFO: win7x6429: analysis completed successfully
2025-07-02 15:39:47,994 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-07-02 15:39:48,019 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-07-02 15:39:49,056 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6429 to path /srv/cuckoo/cwd/storage/analyses/6631975/memory.dmp
2025-07-02 15:39:49,058 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6429
2025-07-02 15:42:38,132 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.229 for task #6631975
2025-07-02 15:42:38,896 [cuckoo.core.scheduler] DEBUG: Released database task #6631975
2025-07-02 15:42:38,937 [cuckoo.core.scheduler] INFO: Task #6631975: analysis procedure completed

Signatures

Yara rule detected for file (1 event)

description

(no description)

rule

SEH__vba

Command line console output was observed (4 events)

Time & API	Arguments	Status	Return
WriteConsoleW June 25, 2025, 2:57 a.m.	buffer: C:\Users\Administrator\AppData\Local\Temp> console_handle: 0x00000007	1	1
WriteConsoleW June 25, 2025, 2:57 a.m.	buffer: REG console_handle: 0x00000007	1	1
WriteConsoleW June 25, 2025, 2:57 a.m.	buffer: ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "RNBOWCUYTPQDJQQ" /t REG_SZ /d "C:\Users\ADMINI~1\AppData\Local\Temp\HKWVWSQXSIVDMDX\service.exe" /f console_handle: 0x00000007	1	1
WriteConsoleW June 25, 2025, 2:57 a.m.	buffer: The operation completed successfully. console_handle: 0x00000007	1	1

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

None

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ June 25, 2025, 2:57 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xc41f exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 50207 exception.address: 0x761ac41f registers.esp: 1637092 registers.edi: 5968776 registers.eax: 1637092 registers.ebp: 1637172 registers.edx: 0 registers.ebx: 5968776 registers.esi: 5968776 registers.ecx: 2	1	0	0

Drops an executable to the user AppData folder (1 event)

file	C:\Users\Administrator\AppData\Local\Temp\HKWVWSQXSIVDMDX\service.txt

A process created a hidden window (3 events)

Time & API	Arguments	Status	Return
ShellExecuteExW June 25, 2025, 2:57 a.m.	show_type: 0 filepath_r: C:\Users\ADMINI~1\AppData\Local\TempBUUJS.bat parameters: filepath: C:\Users\Administrator\AppData\Local\TempBUUJS.bat	1	1
ShellExecuteExW June 25, 2025, 2:57 a.m.	show_type: 0 filepath_r: C:\Users\ADMINI~1\AppData\Local\Temp\HKWVWSQXSIVDMDX\service.exe parameters: filepath: C:\Users\Administrator\AppData\Local\Temp\HKWVWSQXSIVDMDX\service.exe	1	1
ShellExecuteExW June 25, 2025, 2:57 a.m.	show_type: 0 filepath_r: C:\Users\ADMINI~1\AppData\Local\TempOQGUC.bat parameters: filepath: C:\Users\Administrator\AppData\Local\TempOQGUC.bat	1	1

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory June 25, 2025, 2:57 a.m.	process_identifier: 2716 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 24576 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x003f0000 process_handle: 0xffffffff	1	0	0

Uses Windows utilities for basic Windows functionality (1 event)

cmdline

REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "RNBOWCUYTPQDJQQ" /t REG_SZ /d "C:\Users\ADMINI~1\AppData\Local\Temp\HKWVWSQXSIVDMDX\service.exe" /f

Installs itself for autorun at Windows startup (1 event)

reg_key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\RNBOWCUYTPQDJQQ

reg_value

C:\Users\ADMINI~1\AppData\Local\Temp\HKWVWSQXSIVDMDX\service.exe

File has been identified by 13 AntiVirus engine on IRMA as malicious (13 events)

G Data Antivirus (Windows)	Virus: Gen:Heur.Spesr.VB.1 (Engine A), Win32.Trojan.PSE1.16GOFSS (Engine B)
Avast Core Security (Linux)	Win32:AutoIt-BYV [Trj]
C4S ClamAV (Linux)	Win.Worm.Guap-4
Trellix (Linux)	GenericRXGM-QG
WithSecure (Linux)	Worm.WORM/Autorun.zmioi
eScan Antivirus (Linux)	Gen:Heur.Spesr.VB.1(DB)
ESET Security (Windows)	Win32/AutoRun.PSW.VB.H worm
Sophos Anti-Virus (Linux)	Mal/VB-AQR
DrWeb Antivirus (Linux)	Trojan.Siggen10.35546
ClamAV (Linux)	Win.Worm.Guap-4
Bitdefender Antivirus (Linux)	Gen:Heur.Spesr.VB.1
Kaspersky Standard (Windows)	Trojan.Win32.Fsysna.gevi
Emsisoft Commandline Scanner (Windows)	Gen:Heur.Spesr.VB.1 (B)

Screenshots

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action	VT	Location
No hosts contacted.

Browser recommendation

File 8c9d3f1ead6cfd99_service.txt

Summary Download Resubmit sample

Score

Autosubmit

Feedback

Information on Execution

Analyzer Log

Cuckoo Log

Signatures

Feedback

Summary
Download Resubmit sample