Summary

Archive zxc/fakenet3.5/defaultFiles/FakeNet.gif @ zxc.7z

Summary
Download Resubmit sample

Size 23.5KB
Type GIF image data, version 87a, 1035 x 450
MD5 a6b78c4791dc8110dec6c55f8a756395
SHA1 a8d8d6b4eaf234bb0572c63cdc2a3807c845cb71
SHA256 2549bcf17a00ad1d5d80cdef08cb1179c736c92d718430fae73d75e5f45b0619
SHA512
4136dacc4eaac22f231ab58448c7f17f61346c796c57f2df3922f0a1cbaeb2a5dc8c7759672abbaac4df59dc5da1a1465afff125d4059d55ec34a6dca71aea92
CRC32 7F0E6819
ssdeep None
Yara None matched

Score

This archive appears fairly benign with a score of 0.3 out of 10.

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis
Category Started Completed Duration Routing Logs
ARCHIVE Nov. 5, 2025, 11:07 p.m. Nov. 5, 2025, 11:13 p.m. 371 seconds internet Show Analyzer Log
Show Cuckoo Log

Analyzer Log

2025-11-05 21:57:55,390 [analyzer] DEBUG: Starting analyzer from: C:\tmpdyrg_l
2025-11-05 21:57:55,390 [analyzer] DEBUG: Pipe server name: \??\PIPE\OjTbFPWraTsNKPxbpAecvqsRxHET
2025-11-05 21:57:55,405 [analyzer] DEBUG: Log pipe server name: \??\PIPE\ORImWsMbTWDrFmrjiNLhvmdAfoRaG
2025-11-05 21:57:55,655 [analyzer] DEBUG: Started auxiliary module Curtain
2025-11-05 21:57:55,655 [analyzer] DEBUG: Started auxiliary module DbgView
2025-11-05 21:57:56,155 [analyzer] DEBUG: Started auxiliary module Disguise
2025-11-05 21:57:56,358 [analyzer] DEBUG: Loaded monitor into process with pid 500
2025-11-05 21:57:56,358 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-11-05 21:57:56,358 [analyzer] DEBUG: Started auxiliary module Human
2025-11-05 21:57:56,358 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-11-05 21:57:56,358 [analyzer] DEBUG: Started auxiliary module Reboot
2025-11-05 21:57:56,453 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-11-05 21:57:56,453 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-11-05 21:57:56,467 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-11-05 21:57:56,467 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-11-05 21:57:56,592 [lib.api.process] INFO: Successfully executed process from path 'C:\\Windows\\System32\\rundll32.exe' with arguments ['C:\\Program Files\\Windows Photo Viewer\\PhotoViewer.dll', 'ImageView_Fullscreen', 'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\zxc/fakenet3.5/defaultFiles/FakeNet.gif'] and pid 2792
2025-11-05 21:57:56,812 [analyzer] DEBUG: Loaded monitor into process with pid 2792
2025-11-05 21:57:56,875 [analyzer] CRITICAL: Error creating function stub for advapi32!ControlService.
2025-11-05 21:57:56,875 [analyzer] CRITICAL: Unable to change memory protection of advapi32!DeleteService at 0x09f498 6 to RWX (error code 0xc0000045)!
2025-11-05 21:57:56,875 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenSCManagerA at 0x09f336 5 to RWX (error code 0xc0000045)!
2025-11-05 21:57:56,875 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenSCManagerW at 0x09f4a8 6 to RWX (error code 0xc0000045)!
2025-11-05 21:57:56,875 [analyzer] CRITICAL: Error creating function stub for advapi32!OpenServiceA.
2025-11-05 21:57:56,875 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenServiceW at 0x09f488 5 to RWX (error code 0xc0000045)!
2025-11-05 21:57:56,875 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegCloseKey at 0x09f6b4 5 to RWX (error code 0xc0000045)!
2025-11-05 21:57:56,890 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegDeleteValueA at 0x09f5ee 6 to RWX (error code 0xc0000045)!
2025-11-05 21:57:56,890 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegDeleteValueW at 0x09f5dc 10 to RWX (error code 0xc0000045)!
2025-11-05 21:57:56,890 [analyzer] CRITICAL: Unable to change memory protection of advapi32!StartServiceCtrlDispatcherW at 0x09f276 6 to RWX (error code 0xc0000045)!
2025-11-05 21:57:56,890 [analyzer] CRITICAL: Error creating function stub for advapi32!StartServiceW.
2025-11-05 21:57:57,875 [analyzer] CRITICAL: Error creating function stub for advapi32!ControlService.
2025-11-05 21:57:57,875 [analyzer] CRITICAL: Unable to change memory protection of advapi32!DeleteService at 0x09f498 6 to RWX (error code 0xc0000045)!
2025-11-05 21:57:57,875 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenSCManagerA at 0x09f336 5 to RWX (error code 0xc0000045)!
2025-11-05 21:57:57,890 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenSCManagerW at 0x09f4a8 6 to RWX (error code 0xc0000045)!
2025-11-05 21:57:57,890 [analyzer] CRITICAL: Error creating function stub for advapi32!OpenServiceA.
2025-11-05 21:57:57,890 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenServiceW at 0x09f488 5 to RWX (error code 0xc0000045)!
2025-11-05 21:57:57,905 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegCloseKey at 0x09f6b4 5 to RWX (error code 0xc0000045)!
2025-11-05 21:57:57,905 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegDeleteValueA at 0x09f5ee 6 to RWX (error code 0xc0000045)!
2025-11-05 21:57:57,905 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegDeleteValueW at 0x09f5dc 10 to RWX (error code 0xc0000045)!
2025-11-05 21:57:57,921 [analyzer] CRITICAL: Unable to change memory protection of advapi32!StartServiceCtrlDispatcherW at 0x09f276 6 to RWX (error code 0xc0000045)!
2025-11-05 21:57:57,921 [analyzer] CRITICAL: Error creating function stub for advapi32!StartServiceW.
2025-11-05 21:57:58,717 [analyzer] CRITICAL: Error creating function stub for advapi32!ControlService.
2025-11-05 21:57:58,717 [analyzer] CRITICAL: Unable to change memory protection of advapi32!DeleteService at 0x09f498 6 to RWX (error code 0xc0000045)!
2025-11-05 21:57:58,733 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenSCManagerA at 0x09f336 5 to RWX (error code 0xc0000045)!
2025-11-05 21:57:58,733 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenSCManagerW at 0x09f4a8 6 to RWX (error code 0xc0000045)!
2025-11-05 21:57:58,733 [analyzer] CRITICAL: Error creating function stub for advapi32!OpenServiceA.
2025-11-05 21:57:58,733 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenServiceW at 0x09f488 5 to RWX (error code 0xc0000045)!
2025-11-05 21:57:58,750 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegCloseKey at 0x09f6b4 5 to RWX (error code 0xc0000045)!
2025-11-05 21:57:58,750 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegDeleteValueA at 0x09f5ee 6 to RWX (error code 0xc0000045)!
2025-11-05 21:57:58,750 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegDeleteValueW at 0x09f5dc 10 to RWX (error code 0xc0000045)!
2025-11-05 21:57:58,765 [analyzer] CRITICAL: Unable to change memory protection of advapi32!StartServiceCtrlDispatcherW at 0x09f276 6 to RWX (error code 0xc0000045)!
2025-11-05 21:57:58,765 [analyzer] CRITICAL: Error creating function stub for advapi32!StartServiceW.
2025-11-05 21:57:59,328 [analyzer] CRITICAL: Error creating function stub for advapi32!ControlService.
2025-11-05 21:57:59,342 [analyzer] CRITICAL: Unable to change memory protection of advapi32!DeleteService at 0x09f498 6 to RWX (error code 0xc0000045)!
2025-11-05 21:57:59,342 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenSCManagerA at 0x09f336 5 to RWX (error code 0xc0000045)!
2025-11-05 21:57:59,342 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenSCManagerW at 0x09f4a8 6 to RWX (error code 0xc0000045)!
2025-11-05 21:57:59,342 [analyzer] CRITICAL: Error creating function stub for advapi32!OpenServiceA.
2025-11-05 21:57:59,358 [analyzer] CRITICAL: Unable to change memory protection of advapi32!OpenServiceW at 0x09f488 5 to RWX (error code 0xc0000045)!
2025-11-05 21:57:59,358 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegCloseKey at 0x09f6b4 5 to RWX (error code 0xc0000045)!
2025-11-05 21:57:59,358 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegDeleteValueA at 0x09f5ee 6 to RWX (error code 0xc0000045)!
2025-11-05 21:57:59,358 [analyzer] CRITICAL: Unable to change memory protection of advapi32!RegDeleteValueW at 0x09f5dc 10 to RWX (error code 0xc0000045)!
2025-11-05 21:57:59,375 [analyzer] CRITICAL: Unable to change memory protection of advapi32!StartServiceCtrlDispatcherW at 0x09f276 6 to RWX (error code 0xc0000045)!
2025-11-05 21:57:59,375 [analyzer] CRITICAL: Error creating function stub for advapi32!StartServiceW.
2025-11-05 21:58:07,858 [lib.api.process] ERROR: Failed to dump memory of 64-bit process with pid 2792.
2025-11-05 21:58:08,592 [analyzer] INFO: Process with pid 2792 has terminated
2025-11-05 21:58:08,592 [analyzer] INFO: Process list is empty, terminating analysis.
2025-11-05 21:58:09,842 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-11-05 21:58:09,842 [analyzer] INFO: Analysis completed.

Cuckoo Log

2025-11-05 23:07:32,268 [cuckoo.core.scheduler] INFO: Task #7064028: acquired machine win7x6430 (label=win7x6430)
2025-11-05 23:07:32,269 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.230 for task #7064028
2025-11-05 23:07:32,538 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 419133 (interface=vboxnet0, host=192.168.168.230)
2025-11-05 23:07:32,560 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6430
2025-11-05 23:07:33,081 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6430 to vmcloak
2025-11-05 23:11:07,858 [cuckoo.core.guest] INFO: Starting analysis #7064028 on guest (id=win7x6430, ip=192.168.168.230)
2025-11-05 23:11:08,863 [cuckoo.core.guest] DEBUG: win7x6430: not ready yet
2025-11-05 23:11:13,888 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6430, ip=192.168.168.230)
2025-11-05 23:11:14,015 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6430, ip=192.168.168.230, monitor=latest, size=6660546)
2025-11-05 23:11:19,044 [cuckoo.core.resultserver] DEBUG: Task #7064028: live log analysis.log initialized.
2025-11-05 23:11:20,348 [cuckoo.core.resultserver] DEBUG: Task #7064028 is sending a BSON stream
2025-11-05 23:11:20,725 [cuckoo.core.resultserver] DEBUG: Task #7064028 is sending a BSON stream
2025-11-05 23:11:21,635 [cuckoo.core.resultserver] DEBUG: Task #7064028: File upload for 'shots/0001.jpg'
2025-11-05 23:11:21,655 [cuckoo.core.resultserver] DEBUG: Task #7064028 uploaded file length: 133469
2025-11-05 23:11:33,773 [cuckoo.core.guest] DEBUG: win7x6430: analysis #7064028 still processing
2025-11-05 23:11:33,779 [cuckoo.core.resultserver] DEBUG: Task #7064028: File upload for 'curtain/1762376289.7.curtain.log'
2025-11-05 23:11:33,812 [cuckoo.core.resultserver] DEBUG: Task #7064028 uploaded file length: 36
2025-11-05 23:11:33,898 [cuckoo.core.resultserver] DEBUG: Task #7064028: File upload for 'sysmon/1762376289.84.sysmon.xml'
2025-11-05 23:11:33,906 [cuckoo.core.resultserver] DEBUG: Task #7064028 uploaded file length: 588960
2025-11-05 23:11:34,061 [cuckoo.core.resultserver] DEBUG: Task #7064028 had connection reset for <Context for LOG>
2025-11-05 23:11:36,809 [cuckoo.core.guest] INFO: win7x6430: analysis completed successfully
2025-11-05 23:11:36,825 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-11-05 23:11:36,853 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-11-05 23:11:37,767 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6430 to path /srv/cuckoo/cwd/storage/analyses/7064028/memory.dmp
2025-11-05 23:11:37,770 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6430
2025-11-05 23:13:39,613 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.230 for task #7064028
2025-11-05 23:13:41,009 [cuckoo.core.scheduler] DEBUG: Released database task #7064028
2025-11-05 23:13:41,120 [cuckoo.core.scheduler] INFO: Task #7064028: analysis procedure completed

Signatures

Checks if process is being debugged by a debugger (1 event)
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Screenshots
Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action VT Location
No hosts contacted.
Cuckoo

We're processing your submission... This could take a few seconds.