Cuckoo Sandbox

File 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe

Summary
Download Resubmit sample

Size	1.5MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`ee1fdb0a5da640ba2361039a3261f5b5`
SHA1	`ea901a209dc31272f5a056ba7d54705d3503d0f5`
SHA256	`5e91da2aa4f2f0edc9788af7cf273b4b5d1d87207e15a725d5d3ac6a9861f4a7`
SHA512	`60f9a5cf825aa55a146b00e9663df5d227c833a5b6825f8b17c811626bf53f8a74ea2b662d0732671cbd4971510a9c076cd4c2e5d05e968637555f31ec4d40b3`
CRC32	`7B34F3C8`
ssdeep	`None`
Yara	DebuggerException__SetConsoleCtrl - (no description) win_mutex - Create or check mutex win_registry - Affect system registries win_files_operation - Affect private profile

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Autosubmit

Parent_Task_ID:6880459

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis

Category	Started	Completed	Duration	Routing	Logs
FILE	Aug. 26, 2025, 2:33 a.m.	Aug. 26, 2025, 2:40 a.m.	442 seconds	internet	Show Analyzer Log Show Cuckoo Log

Analyzer Log

2025-08-23 23:24:16,000 [analyzer] DEBUG: Starting analyzer from: C:\tmpj6atou
2025-08-23 23:24:16,000 [analyzer] DEBUG: Pipe server name: \??\PIPE\RvwEQMSOxRWSOSojAXKlMzkmuRTdda
2025-08-23 23:24:16,015 [analyzer] DEBUG: Log pipe server name: \??\PIPE\dfmPtCEqDEztuHKNxjuGO
2025-08-23 23:24:16,015 [analyzer] DEBUG: No analysis package specified, trying to detect it automagically.
2025-08-23 23:24:16,015 [analyzer] INFO: Automatically selected analysis package "exe"
2025-08-23 23:24:16,265 [analyzer] DEBUG: Started auxiliary module Curtain
2025-08-23 23:24:16,265 [analyzer] DEBUG: Started auxiliary module DbgView
2025-08-23 23:24:16,765 [analyzer] DEBUG: Started auxiliary module Disguise
2025-08-23 23:24:16,967 [analyzer] DEBUG: Loaded monitor into process with pid 504
2025-08-23 23:24:16,983 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-08-23 23:24:17,000 [analyzer] DEBUG: Started auxiliary module Human
2025-08-23 23:24:17,000 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-08-23 23:24:17,000 [analyzer] DEBUG: Started auxiliary module Reboot
2025-08-23 23:24:17,078 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-08-23 23:24:17,078 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-08-23 23:24:17,078 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-08-23 23:24:17,078 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-08-23 23:24:17,250 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe' with arguments '' and pid 496
2025-08-23 23:24:17,421 [analyzer] DEBUG: Loaded monitor into process with pid 496
2025-08-23 23:24:18,217 [analyzer] INFO: Added new file to list with pid 496 and path C:\Windows6g2yf6t03h
2025-08-23 23:24:18,280 [analyzer] INFO: Added new file to list with pid 496 and path C:\Program Files\Common Files\Microsoft Shared\uv0dxwt8x4m beast kmozxo m87r8y .avi.exe
2025-08-23 23:24:18,530 [analyzer] INFO: Added new file to list with pid 496 and path C:\Program Files\DVD Maker\Shared\4fq06c xxx [free] sjubxan5vwor  (5qcarib).rar.exe
2025-08-23 23:24:18,828 [analyzer] INFO: Added new file to list with pid 496 and path C:\Program Files\Microsoft Office\Templates\9k8bf2i fs8utd titts o4djaq0xne .rar.exe
2025-08-23 23:24:18,858 [analyzer] INFO: Added new file to list with pid 496 and path C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\gay kc2hrt2j o2de75il .avi.exe
2025-08-23 23:24:18,983 [analyzer] INFO: Added new file to list with pid 496 and path C:\Program Files\Windows Journal\Templates\cum nude f6br2s2 boobs 45ld689  (Liz,gia9m99).mpg.exe
2025-08-23 23:24:19,092 [analyzer] INFO: Added new file to list with pid 496 and path C:\Program Files\Windows Sidebar\Shared Gadgets\asian 6r3apw4 srpvkzygmcsw sweet .zip.exe
2025-08-23 23:24:19,125 [analyzer] INFO: Added new file to list with pid 496 and path C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\jmmawhs 4fq06c [free] .mpg.exe
2025-08-23 23:24:19,233 [analyzer] INFO: Added new file to list with pid 496 and path C:\Program Files (x86)\Common Files\microsoft shared\r2qc46i nude big sjubxan5vwor .rar.exe
2025-08-23 23:24:19,640 [analyzer] INFO: Injected into process with pid 2680 and name ''
2025-08-23 23:24:19,640 [analyzer] INFO: Added new file to list with pid 496 and path C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\xxx 6r3apw4  (Gina).mpg.exe
2025-08-23 23:24:19,750 [analyzer] INFO: Added new file to list with pid 496 and path C:\ProgramData\Microsoft\RAC\Temp\doz78r7 ko6o6a big r47smh9 nr8wosn .zip.exe
2025-08-23 23:24:19,796 [analyzer] INFO: Added new file to list with pid 496 and path C:\ProgramData\Microsoft\Search\Data\Temp\l8qccpyq horse kc2hrt2j sd7o90wnjx  (a89thik).avi.exe
2025-08-23 23:24:19,812 [analyzer] DEBUG: Loaded monitor into process with pid 2680
2025-08-23 23:24:19,890 [analyzer] INFO: Added new file to list with pid 496 and path C:\ProgramData\Microsoft\Windows\Templates\ko6o6a horse kmozxo .avi.exe
2025-08-23 23:24:20,296 [analyzer] INFO: Added new file to list with pid 496 and path C:\tmpj6atou\asian y6go35p horse uncut cock sweet  (Sarah).mpeg.exe
2025-08-23 23:24:20,375 [analyzer] INFO: Added new file to list with pid 496 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\fkgx0m2 mtu2oyuh5 kc2hrt2j  (Karin,Karin).avi.exe
2025-08-23 23:24:20,467 [analyzer] INFO: Added new file to list with pid 496 and path C:\Users\Administrator\AppData\Local\Temp\beast 6r3apw4 girly .mpg.exe
2025-08-23 23:24:20,500 [analyzer] INFO: Added new file to list with pid 496 and path C:\Users\Administrator\AppData\Local\Temp\mozilla-temp-files\9oypb8 nude f6br2s2 kpbv9mg7 .zip.exe
2025-08-23 23:24:20,530 [analyzer] INFO: Added new file to list with pid 496 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\1lwbqss7 9k8bf2i [free] 1dmcuxk90zc .avi.exe
2025-08-23 23:24:20,733 [analyzer] INFO: Added new file to list with pid 496 and path C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\vftv0ou a3xo5xtn [free] glans kpbv9mg7  (Liz,ysxdgxr).avi.exe
2025-08-23 23:24:20,828 [analyzer] INFO: Added new file to list with pid 496 and path C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\4mvc8yaot kmozxo latex .avi.exe
2025-08-23 23:24:20,921 [analyzer] INFO: Added new file to list with pid 496 and path C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\tvolgth cum fs8utd .avi.exe
2025-08-23 23:24:21,015 [analyzer] INFO: Added new file to list with pid 496 and path C:\ProgramData\Microsoft\RAC\Temp\mtu2oyuh5 [free] legs .mpeg.exe
2025-08-23 23:24:21,046 [analyzer] INFO: Added new file to list with pid 496 and path C:\ProgramData\Microsoft\Search\Data\Temp\xiwlzi0 gay big hairy .mpg.exe
2025-08-23 23:24:21,092 [analyzer] INFO: Added new file to list with pid 496 and path C:\ProgramData\Microsoft\Windows\Templates\vftv0ou horse y6go35p j8bb56pcl4 aqp9g9a .avi.exe
2025-08-23 23:24:21,155 [analyzer] INFO: Added new file to list with pid 496 and path C:\ProgramData\Microsoft\Windows\Templates\1lwbqss7 9k8bf2i [free]  (Liz).rar.exe
2025-08-23 23:24:21,187 [analyzer] INFO: Added new file to list with pid 496 and path C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse uncut cock latex .mpg.exe
2025-08-23 23:24:21,203 [analyzer] INFO: Added new file to list with pid 496 and path C:\Users\Default\AppData\Local\Temp\tvolgth sperm l8qccpyq 6mjj01 r47smh9 shoes  (ysxdgxr,Jade).zip.exe
2025-08-23 23:24:21,250 [analyzer] INFO: Added new file to list with pid 496 and path C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\7smpob5w rdoti90 jmmawhs 6mjj01 sweet .mpeg.exe
2025-08-23 23:24:21,296 [analyzer] INFO: Added new file to list with pid 496 and path C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\6mw7u7 4fq06c 4fq06c d2jspkm3 .rar.exe
2025-08-23 23:24:21,328 [analyzer] INFO: Added new file to list with pid 496 and path C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\fkgx0m2 a3xo5xtn big sd7o90wnjx .zip.exe
2025-08-23 23:24:21,421 [analyzer] INFO: Added new file to list with pid 496 and path C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\gay rdoti90 big ngo69ybvy  (Sandy).rar.exe
2025-08-23 23:24:21,437 [analyzer] INFO: Added new file to list with pid 496 and path C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\gay cum uncut cock boots .zip.exe
2025-08-23 23:24:21,562 [analyzer] INFO: Added new file to list with pid 496 and path C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\asian uv0dxwt8x4m porn fs8utd 5n10bh .zip.exe
2025-08-23 23:24:21,608 [analyzer] INFO: Added new file to list with pid 496 and path C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\asian cum l8qccpyq hot (!) ash  (ysxdgxr).mpg.exe
2025-08-23 23:27:36,250 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2025-08-23 23:27:37,453 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-08-23 23:27:37,467 [lib.api.process] INFO: Successfully terminated process with pid 496.
2025-08-23 23:27:37,467 [lib.api.process] INFO: Successfully terminated process with pid 2680.
2025-08-23 23:27:38,092 [analyzer] WARNING: Too many files: c:\windows\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\asian cum l8qccpyq hot (!) ash  (ysxdgxr).mpg.exe
2025-08-23 23:27:38,092 [analyzer] WARNING: Too many files: c:\programdata\microsoft\rac\temp\mtu2oyuh5 [free] legs .mpeg.exe
2025-08-23 23:27:38,092 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\roaming\microsoft\windows\templates\tvolgth cum fs8utd .avi.exe
2025-08-23 23:27:38,092 [analyzer] WARNING: Too many files: c:\program files\windows journal\templates\cum nude f6br2s2 boobs 45ld689  (liz,gia9m99).mpg.exe
2025-08-23 23:27:38,092 [analyzer] WARNING: Too many files: c:\windows\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\gay cum uncut cock boots .zip.exe
2025-08-23 23:27:38,092 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\microsoft\windows\temporary internet files\fkgx0m2 mtu2oyuh5 kc2hrt2j  (karin,karin).avi.exe
2025-08-23 23:27:38,092 [analyzer] WARNING: Too many files: c:\windows\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\gay rdoti90 big ngo69ybvy  (sandy).rar.exe
2025-08-23 23:27:38,092 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\roaming\microsoft\windows\templates\4mvc8yaot kmozxo latex .avi.exe
2025-08-23 23:27:38,092 [analyzer] INFO: Analysis completed.

Cuckoo Log

2025-08-26 02:33:02,672 [cuckoo.core.scheduler] INFO: Task #6904820: acquired machine win7x6416 (label=win7x6416)
2025-08-26 02:33:02,673 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.216 for task #6904820
2025-08-26 02:33:03,177 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 1259509 (interface=vboxnet0, host=192.168.168.216)
2025-08-26 02:33:04,570 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6416
2025-08-26 02:33:05,416 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6416 to vmcloak
2025-08-26 02:35:16,975 [cuckoo.core.guest] INFO: Starting analysis #6904820 on guest (id=win7x6416, ip=192.168.168.216)
2025-08-26 02:35:17,981 [cuckoo.core.guest] DEBUG: win7x6416: not ready yet
2025-08-26 02:35:23,000 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6416, ip=192.168.168.216)
2025-08-26 02:35:23,072 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6416, ip=192.168.168.216, monitor=latest, size=6660546)
2025-08-26 02:35:24,243 [cuckoo.core.resultserver] DEBUG: Task #6904820: live log analysis.log initialized.
2025-08-26 02:35:25,158 [cuckoo.core.resultserver] DEBUG: Task #6904820 is sending a BSON stream
2025-08-26 02:35:25,594 [cuckoo.core.resultserver] DEBUG: Task #6904820 is sending a BSON stream
2025-08-26 02:35:26,422 [cuckoo.core.resultserver] DEBUG: Task #6904820: File upload for 'shots/0001.jpg'
2025-08-26 02:35:26,438 [cuckoo.core.resultserver] DEBUG: Task #6904820 uploaded file length: 133599
2025-08-26 02:35:27,984 [cuckoo.core.resultserver] DEBUG: Task #6904820 is sending a BSON stream
2025-08-26 02:35:39,042 [cuckoo.core.guest] DEBUG: win7x6416: analysis #6904820 still processing
2025-08-26 02:35:54,397 [cuckoo.core.guest] DEBUG: win7x6416: analysis #6904820 still processing
2025-08-26 02:36:09,526 [cuckoo.core.guest] DEBUG: win7x6416: analysis #6904820 still processing
2025-08-26 02:36:24,648 [cuckoo.core.guest] DEBUG: win7x6416: analysis #6904820 still processing
2025-08-26 02:36:39,814 [cuckoo.core.guest] DEBUG: win7x6416: analysis #6904820 still processing
2025-08-26 02:36:54,946 [cuckoo.core.guest] DEBUG: win7x6416: analysis #6904820 still processing
2025-08-26 02:37:10,085 [cuckoo.core.guest] DEBUG: win7x6416: analysis #6904820 still processing
2025-08-26 02:37:25,196 [cuckoo.core.guest] DEBUG: win7x6416: analysis #6904820 still processing
2025-08-26 02:37:40,534 [cuckoo.core.guest] DEBUG: win7x6416: analysis #6904820 still processing
2025-08-26 02:37:55,642 [cuckoo.core.guest] DEBUG: win7x6416: analysis #6904820 still processing
2025-08-26 02:38:10,994 [cuckoo.core.guest] DEBUG: win7x6416: analysis #6904820 still processing
2025-08-26 02:38:26,099 [cuckoo.core.guest] DEBUG: win7x6416: analysis #6904820 still processing
2025-08-26 02:38:41,490 [cuckoo.core.guest] DEBUG: win7x6416: analysis #6904820 still processing
2025-08-26 02:38:44,694 [cuckoo.core.resultserver] DEBUG: Task #6904820: File upload for 'curtain/1755984456.42.curtain.log'
2025-08-26 02:38:44,696 [cuckoo.core.resultserver] DEBUG: Task #6904820 uploaded file length: 36
2025-08-26 02:38:45,596 [cuckoo.core.resultserver] DEBUG: Task #6904820: File upload for 'sysmon/1755984457.34.sysmon.xml'
2025-08-26 02:38:45,715 [cuckoo.core.resultserver] DEBUG: Task #6904820 uploaded file length: 15014822
2025-08-26 02:38:45,741 [cuckoo.core.resultserver] DEBUG: Task #6904820: File upload for 'files/47b9566f05823b36_windows6g2yf6t03h'
2025-08-26 02:38:45,752 [cuckoo.core.resultserver] DEBUG: Task #6904820 uploaded file length: 1580657
2025-08-26 02:38:45,758 [cuckoo.core.resultserver] DEBUG: Task #6904820: File upload for 'files/604aef4394c9707c_uv0dxwt8x4m beast kmozxo m87r8y .avi.exe'
2025-08-26 02:38:45,762 [cuckoo.core.resultserver] DEBUG: Task #6904820 uploaded file length: 249669
2025-08-26 02:38:45,775 [cuckoo.core.resultserver] DEBUG: Task #6904820: File upload for 'files/a77a5e64a6a102ff_1lwbqss7 9k8bf2i [free] 1dmcuxk90zc .avi.exe'
2025-08-26 02:38:45,791 [cuckoo.core.resultserver] DEBUG: Task #6904820 uploaded file length: 1903910
2025-08-26 02:38:45,802 [cuckoo.core.resultserver] DEBUG: Task #6904820: File upload for 'files/013bbba108fe49d5_4fq06c xxx [free] sjubxan5vwor  (5qcarib).rar.exe'
2025-08-26 02:38:45,809 [cuckoo.core.resultserver] DEBUG: Task #6904820: File upload for 'files/81816cb5c954dba9_l8qccpyq horse kc2hrt2j sd7o90wnjx  (a89thik).avi.exe'
2025-08-26 02:38:45,814 [cuckoo.core.resultserver] DEBUG: Task #6904820 uploaded file length: 912835
2025-08-26 02:38:45,819 [cuckoo.core.resultserver] DEBUG: Task #6904820 uploaded file length: 326630
2025-08-26 02:38:45,821 [cuckoo.core.resultserver] DEBUG: Task #6904820: File upload for 'files/e79b32ea11cbb92f_1lwbqss7 9k8bf2i [free]  (liz).rar.exe'
2025-08-26 02:38:45,831 [cuckoo.core.resultserver] DEBUG: Task #6904820 uploaded file length: 1108161
2025-08-26 02:38:45,843 [cuckoo.core.resultserver] DEBUG: Task #6904820: File upload for 'files/bfcd17fd724c9420_vftv0ou horse y6go35p j8bb56pcl4 aqp9g9a .avi.exe'
2025-08-26 02:38:45,855 [cuckoo.core.resultserver] DEBUG: Task #6904820 uploaded file length: 1310342
2025-08-26 02:38:45,872 [cuckoo.core.resultserver] DEBUG: Task #6904820: File upload for 'files/c77062616d147a8c_xiwlzi0 gay big hairy .mpg.exe'
2025-08-26 02:38:45,876 [cuckoo.core.resultserver] DEBUG: Task #6904820: File upload for 'files/5b7481815e4cbca5_7smpob5w rdoti90 jmmawhs 6mjj01 sweet .mpeg.exe'
2025-08-26 02:38:45,879 [cuckoo.core.resultserver] DEBUG: Task #6904820 uploaded file length: 559619
2025-08-26 02:38:45,896 [cuckoo.core.resultserver] DEBUG: Task #6904820 uploaded file length: 1663565
2025-08-26 02:38:45,903 [cuckoo.core.resultserver] DEBUG: Task #6904820: File upload for 'files/711ccafda46865de_horse uncut cock latex .mpg.exe'
2025-08-26 02:38:45,907 [cuckoo.core.resultserver] DEBUG: Task #6904820 uploaded file length: 483851
2025-08-26 02:38:45,916 [cuckoo.core.resultserver] DEBUG: Task #6904820: File upload for 'files/14ed6a86bc108260_gay kc2hrt2j o2de75il .avi.exe'
2025-08-26 02:38:45,930 [cuckoo.core.resultserver] DEBUG: Task #6904820 uploaded file length: 1570095
2025-08-26 02:38:45,940 [cuckoo.core.resultserver] DEBUG: Task #6904820: File upload for 'files/9dbe2410ec412169_jmmawhs 4fq06c [free] .mpg.exe'
2025-08-26 02:38:45,944 [cuckoo.core.resultserver] DEBUG: Task #6904820: File upload for 'files/8d8d3d92252f106a_ko6o6a horse kmozxo .avi.exe'
2025-08-26 02:38:45,950 [cuckoo.core.resultserver] DEBUG: Task #6904820 uploaded file length: 661482
2025-08-26 02:38:45,955 [cuckoo.core.resultserver] DEBUG: Task #6904820 uploaded file length: 472609
2025-08-26 02:38:45,961 [cuckoo.core.resultserver] DEBUG: Task #6904820: File upload for 'files/949ee19ec643ba40_asian 6r3apw4 srpvkzygmcsw sweet .zip.exe'
2025-08-26 02:38:45,975 [cuckoo.core.resultserver] DEBUG: Task #6904820 uploaded file length: 1445734
2025-08-26 02:38:46,023 [cuckoo.core.resultserver] DEBUG: Task #6904820: File upload for 'files/882846b19b84cf9b_fkgx0m2 a3xo5xtn big sd7o90wnjx .zip.exe'
2025-08-26 02:38:46,064 [cuckoo.core.resultserver] DEBUG: Task #6904820 uploaded file length: 1422973
2025-08-26 02:38:46,071 [cuckoo.core.resultserver] DEBUG: Task #6904820: File upload for 'files/b0f391c4d5152d00_r2qc46i nude big sjubxan5vwor .rar.exe'
2025-08-26 02:38:46,079 [cuckoo.core.resultserver] DEBUG: Task #6904820 uploaded file length: 691471
2025-08-26 02:38:46,086 [cuckoo.core.resultserver] DEBUG: Task #6904820: File upload for 'files/e4fd3da5177e2ab6_xxx 6r3apw4  (gina).mpg.exe'
2025-08-26 02:38:46,104 [cuckoo.core.resultserver] DEBUG: Task #6904820 uploaded file length: 1501824
2025-08-26 02:38:46,118 [cuckoo.core.resultserver] DEBUG: Task #6904820: File upload for 'files/cc0bab7ff94be805_9k8bf2i fs8utd titts o4djaq0xne .rar.exe'
2025-08-26 02:38:46,131 [cuckoo.core.resultserver] DEBUG: Task #6904820 uploaded file length: 1435757
2025-08-26 02:38:46,145 [cuckoo.core.resultserver] DEBUG: Task #6904820: File upload for 'files/7f98ab5fe621ad92_9oypb8 nude f6br2s2 kpbv9mg7 .zip.exe'
2025-08-26 02:38:46,158 [cuckoo.core.resultserver] DEBUG: Task #6904820 uploaded file length: 1668151
2025-08-26 02:38:46,164 [cuckoo.core.resultserver] DEBUG: Task #6904820: File upload for 'files/3be066e5b4d2766c_asian y6go35p horse uncut cock sweet  (sarah).mpeg.exe'
2025-08-26 02:38:46,171 [cuckoo.core.resultserver] DEBUG: Task #6904820 uploaded file length: 506137
2025-08-26 02:38:46,185 [cuckoo.core.resultserver] DEBUG: Task #6904820: File upload for 'files/342450f5eb1daa17_asian uv0dxwt8x4m porn fs8utd 5n10bh .zip.exe'
2025-08-26 02:38:46,200 [cuckoo.core.resultserver] DEBUG: Task #6904820 uploaded file length: 1990115
2025-08-26 02:38:46,208 [cuckoo.core.resultserver] DEBUG: Task #6904820: File upload for 'files/95717009bc5c0ec7_6mw7u7 4fq06c 4fq06c d2jspkm3 .rar.exe'
2025-08-26 02:38:46,229 [cuckoo.core.resultserver] DEBUG: Task #6904820: File upload for 'files/f1500f20c4f5792f_tvolgth sperm l8qccpyq 6mjj01 r47smh9 shoes  (ysxdgxr,jade).zip.exe'
2025-08-26 02:38:46,234 [cuckoo.core.resultserver] DEBUG: Task #6904820 uploaded file length: 350308
2025-08-26 02:38:46,247 [cuckoo.core.resultserver] DEBUG: Task #6904820 uploaded file length: 2061509
2025-08-26 02:38:46,279 [cuckoo.core.resultserver] DEBUG: Task #6904820: File upload for 'files/743c0719194f8e14_doz78r7 ko6o6a big r47smh9 nr8wosn .zip.exe'
2025-08-26 02:38:46,298 [cuckoo.core.resultserver] DEBUG: Task #6904820 uploaded file length: 2065764
2025-08-26 02:38:46,312 [cuckoo.core.resultserver] DEBUG: Task #6904820: File upload for 'files/47f62931a93f951c_beast 6r3apw4 girly .mpg.exe'
2025-08-26 02:38:46,326 [cuckoo.core.resultserver] DEBUG: Task #6904820 uploaded file length: 1876466
2025-08-26 02:38:46,339 [cuckoo.core.resultserver] DEBUG: Task #6904820: File upload for 'files/71f6ee250661963e_vftv0ou a3xo5xtn [free] glans kpbv9mg7  (liz,ysxdgxr).avi.exe'
2025-08-26 02:38:46,350 [cuckoo.core.resultserver] DEBUG: Task #6904820 uploaded file length: 1196192
2025-08-26 02:38:46,372 [cuckoo.core.resultserver] DEBUG: Task #6904820 had connection reset for <Context for LOG>
2025-08-26 02:38:47,571 [cuckoo.core.guest] INFO: win7x6416: analysis completed successfully
2025-08-26 02:38:47,582 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-08-26 02:38:47,605 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-08-26 02:38:48,730 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6416 to path /srv/cuckoo/cwd/storage/analyses/6904820/memory.dmp
2025-08-26 02:38:48,731 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6416
2025-08-26 02:40:23,883 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.216 for task #6904820
2025-08-26 02:40:24,536 [cuckoo.core.scheduler] DEBUG: Released database task #6904820
2025-08-26 02:40:24,578 [cuckoo.core.scheduler] INFO: Task #6904820: analysis procedure completed

Signatures

Yara rules detected for file (4 events)

description	(no description)	rule	DebuggerException__SetConsoleCtrl
description	Create or check mutex	rule	win_mutex
description	Affect system registries	rule	win_registry
description	Affect private profile	rule	win_files_operation

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 events)

section	.text\x00\xe5\xfb
section	.data\x00E\x86

The executable uses a known packer (1 event)

packer

Pelles C 3.00, 4.00, 4.50 EXE (X86 CRT-LIB)

Creates executable files on the filesystem (33 events)

file	C:\Program Files (x86)\Common Files\microsoft shared\r2qc46i nude big sjubxan5vwor .rar.exe
file	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\4mvc8yaot kmozxo latex .avi.exe
file	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\fkgx0m2 mtu2oyuh5 kc2hrt2j (Karin,Karin).avi.exe
file	C:\Users\All Users\Templates\1lwbqss7 9k8bf2i [free] (Liz).rar.exe
file	C:\Users\Default\Templates\fkgx0m2 a3xo5xtn big sd7o90wnjx .zip.exe
file	C:\Users\All Users\Microsoft\Search\Data\Temp\xiwlzi0 gay big hairy .mpg.exe
file	C:\Program Files\Windows Journal\Templates\cum nude f6br2s2 boobs 45ld689 (Liz,gia9m99).mpg.exe
file	C:\Users\All Users\Microsoft\RAC\Temp\mtu2oyuh5 [free] legs .mpeg.exe
file	C:\Users\All Users\Microsoft\Windows\Templates\vftv0ou horse y6go35p j8bb56pcl4 aqp9g9a .avi.exe
file	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\6mw7u7 4fq06c 4fq06c d2jspkm3 .rar.exe
file	C:\Program Files\Microsoft Office\Templates\9k8bf2i fs8utd titts o4djaq0xne .rar.exe
file	C:\ProgramData\Microsoft\Search\Data\Temp\l8qccpyq horse kc2hrt2j sd7o90wnjx (a89thik).avi.exe
file	C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\vftv0ou a3xo5xtn [free] glans kpbv9mg7 (Liz,ysxdgxr).avi.exe
file	C:\tmpj6atou\asian y6go35p horse uncut cock sweet (Sarah).mpeg.exe
file	C:\Users\Administrator\Templates\tvolgth cum fs8utd .avi.exe
file	C:\Program Files\Windows Sidebar\Shared Gadgets\asian 6r3apw4 srpvkzygmcsw sweet .zip.exe
file	C:\Program Files\DVD Maker\Shared\4fq06c xxx [free] sjubxan5vwor (5qcarib).rar.exe
file	C:\Users\Administrator\AppData\Local\Temp\mozilla-temp-files\9oypb8 nude f6br2s2 kpbv9mg7 .zip.exe
file	C:\Users\Default\AppData\Local\Temp\tvolgth sperm l8qccpyq 6mjj01 r47smh9 shoes (ysxdgxr,Jade).zip.exe
file	C:\ProgramData\Microsoft\RAC\Temp\doz78r7 ko6o6a big r47smh9 nr8wosn .zip.exe
file	C:\Users\Administrator\AppData\Local\Temporary Internet Files\1lwbqss7 9k8bf2i [free] 1dmcuxk90zc .avi.exe
file	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\asian uv0dxwt8x4m porn fs8utd 5n10bh .zip.exe
file	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse uncut cock latex .mpg.exe
file	C:\Users\Default\AppData\Local\Temporary Internet Files\7smpob5w rdoti90 jmmawhs 6mjj01 sweet .mpeg.exe
file	C:\Program Files\Common Files\Microsoft Shared\uv0dxwt8x4m beast kmozxo m87r8y .avi.exe
file	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\xxx 6r3apw4 (Gina).mpg.exe
file	C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\gay kc2hrt2j o2de75il .avi.exe
file	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\asian cum l8qccpyq hot (!) ash (ysxdgxr).mpg.exe
file	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\gay cum uncut cock boots .zip.exe
file	C:\Users\Administrator\AppData\Local\Temp\beast 6r3apw4 girly .mpg.exe
file	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\gay rdoti90 big ngo69ybvy (Sandy).rar.exe
file	C:\ProgramData\Templates\ko6o6a horse kmozxo .avi.exe
file	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\jmmawhs 4fq06c [free] .mpg.exe

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (32 events)

Time & API	Arguments	Status	Return
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000124 process_name: csrss.exe process_identifier: 356	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000124 process_name: wininit.exe process_identifier: 384	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000124 process_name: csrss.exe process_identifier: 408	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000124 process_name: winlogon.exe process_identifier: 444	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000124 process_name: services.exe process_identifier: 488	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000124 process_name: lsass.exe process_identifier: 504	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000124 process_name: lsm.exe process_identifier: 512	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000124 process_name: svchost.exe process_identifier: 620	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000124 process_name: svchost.exe process_identifier: 764	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000124 process_name: svchost.exe process_identifier: 876	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000124 process_name: svchost.exe process_identifier: 316	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000124 process_name: spoolsv.exe process_identifier: 1044	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000124 process_name: sysmon.exe process_identifier: 1232	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000124 process_name: dwm.exe process_identifier: 1588	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000124 process_name: taskhost.exe process_identifier: 1640	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000124 process_name: explorer.exe process_identifier: 1704	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000124 process_name: svchost.exe process_identifier: 1984	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000124 process_name: pythonw.exe process_identifier: 648	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000124 process_name: SearchIndexer.exe process_identifier: 2260	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000124 process_name: OSPPSVC.EXE process_identifier: 3032	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000124 process_name: svchost.exe process_identifier: 1552	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000124 process_name: sppsvc.exe process_identifier: 2688	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000124 process_name: taskeng.exe process_identifier: 1964	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000124 process_name: WmiPrvSE.exe process_identifier: 2948	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000124 process_name: SearchProtocolHost.exe process_identifier: 196	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000124 process_name: SearchFilterHost.exe process_identifier: 2984	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000124 process_name: mobsync.exe process_identifier: 216	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000124 process_name: pythonw.exe process_identifier: 1824	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000124 process_name: taskhost.exe process_identifier: 1348	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000124 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 496	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000228 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 2680	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000198 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212	1	1

Repeatedly searches for a not-found process, you may want to run a web browser during analysis (50 out of 197 events)

Time & API	Arguments	Status	Return	Repeated
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000124 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 496		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000228 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 2680		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000198 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000198 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000198 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000198 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000198 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000198 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000198 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000198 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000198 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000198 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000198 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000198 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000194 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x000002bc process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x000002bc process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x000002bc process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x000002bc process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x000002bc process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x000002bc process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x000002bc process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x000002bc process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x000002bc process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x000002bc process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x000002bc process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x000002bc process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x000002bc process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x00000194 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x000002b8 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x000002b8 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x000002b8 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x000002b8 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x000002b8 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x000002b8 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x000002b8 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x000002b8 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x000002b8 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x000002b8 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x000002b8 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x000002b8 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x000002b8 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x000002b8 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x000002b8 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x000002b8 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x000002b8 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x000002b8 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x000002b8 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x00000198 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x00000198 process_name: 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe process_identifier: 1212		0	0

A process attempted to delay the analysis task. (1 event)

description

5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe tried to sleep 1347 seconds, actually delayed analysis time by 1347 seconds

Enumerates services, possibly for anti-virtualization (1 event)

Time & API	Arguments	Status	Return	Repeated
EnumServicesStatusA Aug. 24, 2025, 12:24 a.m.	service_handle: 0x004ec9d8 service_type: 48 service_status: 1		0	0

File has been identified by 12 AntiVirus engine on IRMA as malicious (12 events)

G Data Antivirus (Windows)	Virus: Dropped:Generic.Malware.PVPk!!prn!.FE0B916D (Engine A)
Avast Core Security (Linux)	Win32:MalwareX-gen [Misc]
C4S ClamAV (Linux)	Win.Malware.Pvpk-10056926-0
Trellix (Linux)	GenericRXMK-QV
WithSecure (Linux)	Trojan.TR/Spy.Gen
eScan Antivirus (Linux)	Dropped:Generic.Malware.PVPk!!prn!.FE0B916D(DB)
ESET Security (Windows)	a variant of Win32/Agent.CP worm
DrWeb Antivirus (Linux)	Win32.HLLW.Siggen.1607
ClamAV (Linux)	Win.Malware.Pvpk-10056926-0
Bitdefender Antivirus (Linux)	Dropped:Generic.Malware.PVPk!!prn!.FE0B916D
Kaspersky Standard (Windows)	UDS:Trojan.Win32.Generic
Emsisoft Commandline Scanner (Windows)	Dropped:Generic.Malware.PVPk!!prn!.FE0B916D (B)

Screenshots

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action	VT	Location
No hosts contacted.

Browser recommendation

File 5e91da2aa4f2f0ed_black ko6o6a beast wk79oa4s2r04wd r47smh9 .avi.exe

Summary Download Resubmit sample

Score

Autosubmit

Feedback

Information on Execution

Analyzer Log

Cuckoo Log

Signatures

Feedback

Summary
Download Resubmit sample