Cuckoo Sandbox

File 0718ee8a62987356_data.zip

Summary
Download Resubmit sample

Size	4.6MB
Type	Zip archive data, at least v2.0 to extract, compression method=deflate
MD5	`a49898f98e64ef5aa21132089b86a681`
SHA1	`5a1a962a4727e856d784b9f1949fd84fbf505d89`
SHA256	`0718ee8a62987356cf3b12edfc67e9d9bd7471fcad8d768958f9a018437e93e9`
SHA512	`1bb22dc004b652f2458541e474b87b740da44921e3a9ec9661fb03a9d791e31241714411a448fef13fcffc294fe29cda317f1310e95e1b2ea581f3d32ba6c3f4`
CRC32	`B059FB9F`
ssdeep	`None`
Yara	shellcode - Matched shellcode byte patterns

Score

This file shows numerous signs of malicious behavior.

The score of this file is 3.0 out of 10.

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Autosubmit

Parent_Task_ID:7469965

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis

Category	Started	Completed	Duration	Routing	Logs
FILE	March 1, 2026, 4:51 p.m.	March 1, 2026, 4:52 p.m.	34 seconds	internet	Show Analyzer Log Show Cuckoo Log

Analyzer Log

2026-03-01 15:51:47,015 [analyzer] DEBUG: Starting analyzer from: C:\tmpzepe2z
2026-03-01 15:51:47,015 [analyzer] DEBUG: Pipe server name: \??\PIPE\rEOTKZflpgEjWHTsWil
2026-03-01 15:51:47,030 [analyzer] DEBUG: Log pipe server name: \??\PIPE\lqZZQdQcNCjThsxgfemYHBgfjlZ
2026-03-01 15:51:47,030 [analyzer] DEBUG: No analysis package specified, trying to detect it automagically.
2026-03-01 15:51:47,030 [analyzer] INFO: Automatically selected analysis package "zip"
2026-03-01 15:51:47,280 [analyzer] DEBUG: Started auxiliary module Curtain
2026-03-01 15:51:47,280 [analyzer] DEBUG: Started auxiliary module DbgView
2026-03-01 15:51:47,703 [analyzer] DEBUG: Started auxiliary module Disguise
2026-03-01 15:51:47,937 [analyzer] DEBUG: Loaded monitor into process with pid 504
2026-03-01 15:51:47,937 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2026-03-01 15:51:47,937 [analyzer] DEBUG: Started auxiliary module Human
2026-03-01 15:51:47,937 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2026-03-01 15:51:47,953 [analyzer] DEBUG: Started auxiliary module Reboot
2026-03-01 15:51:48,046 [analyzer] DEBUG: Started auxiliary module RecentFiles
2026-03-01 15:51:48,046 [analyzer] DEBUG: Started auxiliary module Screenshots
2026-03-01 15:51:48,046 [analyzer] DEBUG: Started auxiliary module Sysmon
2026-03-01 15:51:48,046 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2026-03-01 15:51:48,217 [modules.packages.zip] DEBUG: Missing file option, auto executing: ADU.exe
2026-03-01 15:51:48,562 [lib.api.process] INFO: Successfully executed process from path 'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\ADU.exe' with arguments '' and pid 1324
2026-03-01 15:51:49,562 [analyzer] INFO: Process with pid 1324 has terminated
2026-03-01 15:51:49,562 [analyzer] INFO: Process list is empty, terminating analysis.
2026-03-01 15:51:50,812 [analyzer] INFO: Terminating remaining processes before shutdown.
2026-03-01 15:51:50,812 [analyzer] INFO: Analysis completed.

Cuckoo Log

2026-03-01 16:51:48,321 [cuckoo.core.scheduler] INFO: Task #7469966: acquired machine win7x6417 (label=win7x6417)
2026-03-01 16:51:48,322 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.217 for task #7469966
2026-03-01 16:51:48,831 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 120980 (interface=vboxnet0, host=192.168.168.217)
2026-03-01 16:51:48,846 [androguard.apk] WARNING: Missing AndroidManifest.xml. Is this an APK file?
2026-03-01 16:51:48,875 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6417
2026-03-01 16:51:49,857 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6417 to vmcloak
2026-03-01 16:51:59,116 [cuckoo.core.guest] INFO: Starting analysis #7469966 on guest (id=win7x6417, ip=192.168.168.217)
2026-03-01 16:52:00,122 [cuckoo.core.guest] DEBUG: win7x6417: not ready yet
2026-03-01 16:52:05,165 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6417, ip=192.168.168.217)
2026-03-01 16:52:05,248 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6417, ip=192.168.168.217, monitor=latest, size=6660546)
2026-03-01 16:52:06,640 [cuckoo.core.resultserver] DEBUG: Task #7469966: live log analysis.log initialized.
2026-03-01 16:52:07,514 [cuckoo.core.resultserver] DEBUG: Task #7469966 is sending a BSON stream
2026-03-01 16:52:08,817 [cuckoo.core.resultserver] DEBUG: Task #7469966: File upload for 'shots/0001.jpg'
2026-03-01 16:52:08,836 [cuckoo.core.resultserver] DEBUG: Task #7469966 uploaded file length: 133449
2026-03-01 16:52:10,316 [cuckoo.core.resultserver] DEBUG: Task #7469966: File upload for 'curtain/1772376710.67.curtain.log'
2026-03-01 16:52:10,320 [cuckoo.core.resultserver] DEBUG: Task #7469966 uploaded file length: 36
2026-03-01 16:52:10,448 [cuckoo.core.resultserver] DEBUG: Task #7469966: File upload for 'sysmon/1772376710.8.sysmon.xml'
2026-03-01 16:52:10,452 [cuckoo.core.resultserver] DEBUG: Task #7469966 uploaded file length: 41554
2026-03-01 16:52:10,931 [cuckoo.core.resultserver] DEBUG: Task #7469966 had connection reset for <Context for LOG>
2026-03-01 16:52:12,320 [cuckoo.core.guest] INFO: win7x6417: analysis completed successfully
2026-03-01 16:52:12,340 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2026-03-01 16:52:12,372 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2026-03-01 16:52:13,752 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6417 to path /srv/cuckoo/cwd/storage/analyses/7469966/memory.dmp
2026-03-01 16:52:13,754 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6417
2026-03-01 16:52:21,777 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.217 for task #7469966
2026-03-01 16:52:22,091 [cuckoo.core.scheduler] DEBUG: Released database task #7469966
2026-03-01 16:52:22,110 [cuckoo.core.scheduler] INFO: Task #7469966: analysis procedure completed