sandbox.pikker.ee
Open in
urlscan Pro
2a00:6a00:ad1:806::85
Public Scan
URL:
https://sandbox.pikker.ee/analysis/3168412/summary
Submission: On July 06 via manual from US — Scanned from DE
Submission: On July 06 via manual from US — Scanned from DE
Form analysis 1 forms found in the DOM
<form class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<h4><i class="fa fa-bug"></i> Feedback</h4>
</div>
<p class="modal-section arrow">Expecting different results? Share this analysis report with us and we’ll investigate it. Please include a brief message of what you had expected to see and what you got instead.</p>
<div class="modal-section modal-form arrow">
<div class="form-col">
<fieldset>
<input type="text" name="name" id="feedback-name" required="">
<label for="feedback-name">Your name</label>
</fieldset>
<fieldset>
<input type="text" name="email" id="feedback-email" required="">
<label for="feedback-email">Your email</label>
</fieldset>
</div>
<div class="form-col">
<fieldset>
<input type="text" name="company" id="feedback-company" required="">
<label for="feedback-company">Your company</label>
</fieldset>
</div>
</div>
<div class="modal-section modal-form arrow">
<textarea name="message" id="feedback-message" placeholder="Describe to us what does not seem to work properly."></textarea>
</div>
<div class="modal-section modal-form arrow arrow-center" id="feedback-includes">
<div class="modal-form__checkbox">
<input type="checkbox" name="include_analysis" id="feedback-analysis" disabled="">
<label for="feedback-analysis"><span></span> Include analysis</label>
</div>
<div class="modal-form__checkbox">
<input type="checkbox" name="include_memdump" id="feedback-memdump" disabled="">
<label for="feedback-memdump"><span></span> Include memory dump</label>
</div>
</div>
<div class="modal-section modal-form no-flex center">
<p id="feedback-size">Estimated report size: <strong class="file-estimation">estimating...</strong></p>
<button class="modal-submit" type="submit" formnovalidate="">Send feedback report</button>
<p>or <a href="modal:cancel">cancel</a></p>
</div>
<div class="modal-section modal-footer center"></div>
</div>
</form>Text Content
* Dashboard
* Recent
* Pending
* Search
* Submit
* Import
* SELECT THEME
* Default
* Cyborg
* Night
BROWSER RECOMMENDATION
Hello, we noticed that you are using . For the best performance of this
application, we recommend to use Chrome, Firefox or any browser that supports
WebKit.
Dismiss Don't show again
* Summary
* Static Analysis
* Extracted Artifacts
* Behavioral Analysis 2
* Network Analysis
* Dropped Files 2
* Dropped Buffers
* Process Memory
* Compare Analysis
* Export Analysis
* Reboot Analysis
* Options
* Feedback
*
SUMMARY
CapsuleFarmer.exe
FILE CAPSULEFARMER.EXE
SUMMARY
DOWNLOAD RESUBMIT SAMPLE
Size 7.3MB Type PE32+ executable (console) x86-64, for MS Windows MD5
656cefd8d3ccc079158ecfc7a06c35ed SHA1 f0adcd44e7d22bd107e6fd03cd61719ba3178cd0
SHA256 8e9d7cb05e025962ae2f55ff514dd9580d664849b99d444f6225a130c9be1f9c SHA512
Show SHA512
6e11b768e633d8ccef51a4c8b76d72d0d79a1b34f0b6e4aa62757ac163402c32acb413e1a745e5d684f69919cbd7b64bec2f86c6702d3088ddd6c30784da8488
CRC32 F2504124 ssdeep None Yara
* APT32_KerrDown - (no description)
* DebuggerException__SetConsoleCtrl - (no description)
* anti_dbg - Checks if being debugged
* win_token - Affect system token
* win_files_operation - Affect private profile
SCORE
This file shows numerous signs of malicious behavior.
The score of this file is 3.6 out of 10.
Please notice: The scoring system is currently still in development and should
be considered an alpha feature.
--------------------------------------------------------------------------------
FEEDBACK
Expecting different results? Send us this analysis and we will inspect it. Click
here
INFORMATION ON EXECUTION
Analysis
Category Started Completed Duration Routing Logs FILE July 6, 2022, 11:25 p.m.
July 6, 2022, 11:32 p.m. 426 seconds internet Show Analyzer Log
Show Cuckoo Log
ANALYZER LOG
2022-07-06 23:23:41,015 [analyzer] DEBUG: Starting analyzer from: C:\tmpk4d6bl
2022-07-06 23:23:41,015 [analyzer] DEBUG: Pipe server name: \??\PIPE\JkQlbPItQItnJgvEVUoAYPVsILaYNdQ
2022-07-06 23:23:41,015 [analyzer] DEBUG: Log pipe server name: \??\PIPE\IhgecStTEPeJcpVSoIjRgSownVGkE
2022-07-06 23:23:41,312 [analyzer] DEBUG: Started auxiliary module Curtain
2022-07-06 23:23:41,312 [analyzer] DEBUG: Started auxiliary module DbgView
2022-07-06 23:23:41,842 [analyzer] DEBUG: Started auxiliary module Disguise
2022-07-06 23:23:42,046 [analyzer] DEBUG: Loaded monitor into process with pid 512
2022-07-06 23:23:42,046 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2022-07-06 23:23:42,046 [analyzer] DEBUG: Started auxiliary module Human
2022-07-06 23:23:42,046 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2022-07-06 23:23:42,046 [analyzer] DEBUG: Started auxiliary module Reboot
2022-07-06 23:23:42,092 [analyzer] DEBUG: Started auxiliary module RecentFiles
2022-07-06 23:23:42,092 [analyzer] DEBUG: Started auxiliary module Screenshots
2022-07-06 23:23:42,092 [analyzer] DEBUG: Started auxiliary module Sysmon
2022-07-06 23:23:42,108 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2022-07-06 23:23:42,342 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\CapsuleFarmer.exe' with arguments '' and pid 2140
2022-07-06 23:23:42,592 [analyzer] DEBUG: Loaded monitor into process with pid 2140
2022-07-06 23:23:42,655 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\VCRUNTIME140.dll
2022-07-06 23:23:42,780 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\_bz2.pyd
2022-07-06 23:23:42,905 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\_decimal.pyd
2022-07-06 23:23:43,328 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\_elementtree.pyd
2022-07-06 23:23:43,483 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\_hashlib.pyd
2022-07-06 23:23:43,592 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\_lzma.pyd
2022-07-06 23:23:43,812 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\_queue.pyd
2022-07-06 23:23:43,858 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\_socket.pyd
2022-07-06 23:23:43,983 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\_ssl.pyd
2022-07-06 23:23:44,217 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\_uuid.pyd
2022-07-06 23:23:44,265 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-console-l1-1-0.dll
2022-07-06 23:23:44,296 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-datetime-l1-1-0.dll
2022-07-06 23:23:44,328 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-debug-l1-1-0.dll
2022-07-06 23:23:44,358 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-errorhandling-l1-1-0.dll
2022-07-06 23:23:44,375 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-file-l1-1-0.dll
2022-07-06 23:23:44,405 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-file-l1-2-0.dll
2022-07-06 23:23:44,437 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-file-l2-1-0.dll
2022-07-06 23:23:44,467 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-handle-l1-1-0.dll
2022-07-06 23:23:44,500 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-heap-l1-1-0.dll
2022-07-06 23:23:44,530 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-interlocked-l1-1-0.dll
2022-07-06 23:23:44,562 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-libraryloader-l1-1-0.dll
2022-07-06 23:23:44,592 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-localization-l1-2-0.dll
2022-07-06 23:23:44,625 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-memory-l1-1-0.dll
2022-07-06 23:23:44,640 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-namedpipe-l1-1-0.dll
2022-07-06 23:23:44,671 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-processenvironment-l1-1-0.dll
2022-07-06 23:23:44,703 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-processthreads-l1-1-0.dll
2022-07-06 23:23:44,733 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-processthreads-l1-1-1.dll
2022-07-06 23:23:44,750 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-profile-l1-1-0.dll
2022-07-06 23:23:44,780 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-rtlsupport-l1-1-0.dll
2022-07-06 23:23:44,812 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-string-l1-1-0.dll
2022-07-06 23:23:44,842 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-synch-l1-1-0.dll
2022-07-06 23:23:44,875 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-synch-l1-2-0.dll
2022-07-06 23:23:44,890 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-sysinfo-l1-1-0.dll
2022-07-06 23:23:44,921 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-timezone-l1-1-0.dll
2022-07-06 23:23:44,953 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-util-l1-1-0.dll
2022-07-06 23:23:44,983 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-crt-conio-l1-1-0.dll
2022-07-06 23:23:45,000 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-crt-convert-l1-1-0.dll
2022-07-06 23:23:45,030 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-crt-environment-l1-1-0.dll
2022-07-06 23:23:45,062 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-crt-filesystem-l1-1-0.dll
2022-07-06 23:23:45,092 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-crt-heap-l1-1-0.dll
2022-07-06 23:23:45,125 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-crt-locale-l1-1-0.dll
2022-07-06 23:23:45,155 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-crt-math-l1-1-0.dll
2022-07-06 23:23:45,187 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-crt-process-l1-1-0.dll
2022-07-06 23:23:45,217 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-crt-runtime-l1-1-0.dll
2022-07-06 23:23:45,250 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-crt-stdio-l1-1-0.dll
2022-07-06 23:23:45,280 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-crt-string-l1-1-0.dll
2022-07-06 23:23:45,312 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-crt-time-l1-1-0.dll
2022-07-06 23:23:45,342 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-crt-utility-l1-1-0.dll
2022-07-06 23:23:45,358 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\libcrypto-1_1.dll
2022-07-06 23:23:49,390 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\libssl-1_1.dll
2022-07-06 23:23:50,171 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\pyexpat.pyd
2022-07-06 23:23:50,453 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\python310.dll
2022-07-06 23:23:55,640 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\select.pyd
2022-07-06 23:23:55,687 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\ucrtbase.dll
2022-07-06 23:23:57,092 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\unicodedata.pyd
2022-07-06 22:29:05,701 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\yaml\_yaml.cp310-win_amd64.pyd
2022-07-06 22:29:06,062 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\base_library.zip
2022-07-06 22:29:07,046 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\certifi\cacert.pem
2022-07-06 22:29:07,796 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\selenium\webdriver\common\mutation-listener.js
2022-07-06 22:29:07,842 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\selenium\webdriver\firefox\webdriver_prefs.json
2022-07-06 22:29:07,890 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\selenium\webdriver\remote\findElements.js
2022-07-06 22:29:07,983 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\selenium\webdriver\remote\getAttribute.js
2022-07-06 22:29:08,076 [analyzer] INFO: Added new file to list with pid 2140 and path C:\Users\Administrator\AppData\Local\Temp\_MEI21402\selenium\webdriver\remote\isDisplayed.js
2022-07-06 22:29:08,249 [analyzer] INFO: Injected into process with pid 2120 and name u'CapsuleFarmer.exe'
2022-07-06 22:29:08,467 [analyzer] DEBUG: Loaded monitor into process with pid 2120
2022-07-06 22:29:09,046 [lib.api.process] ERROR: Failed to dump memory of 64-bit process with pid 2120.
2022-07-06 22:29:09,655 [analyzer] INFO: Process with pid 2120 has terminated
2022-07-06 22:29:10,326 [lib.api.process] ERROR: Failed to dump memory of 64-bit process with pid 2140.
2022-07-06 22:29:10,655 [analyzer] INFO: Process with pid 2140 has terminated
2022-07-06 22:29:10,655 [analyzer] INFO: Process list is empty, terminating analysis.
2022-07-06 22:29:11,921 [analyzer] INFO: Terminating remaining processes before shutdown.
2022-07-06 22:29:11,921 [analyzer] INFO: Analysis completed.
CUCKOO LOG
2022-07-06 23:25:46,819 [cuckoo.core.scheduler] INFO: Task #3168412: acquired machine win7x6422 (label=win7x6422)
2022-07-06 23:25:46,824 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.222 for task #3168412
2022-07-06 23:25:47,110 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 291687 (interface=vboxnet0, host=192.168.168.222)
2022-07-06 23:25:57,573 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6422
2022-07-06 23:25:59,093 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6422 to vmcloak
2022-07-06 23:28:40,631 [cuckoo.core.guest] INFO: Starting analysis #3168412 on guest (id=win7x6422, ip=192.168.168.222)
2022-07-06 23:28:41,639 [cuckoo.core.guest] DEBUG: win7x6422: not ready yet
2022-07-06 23:28:46,658 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6422, ip=192.168.168.222)
2022-07-06 23:28:46,726 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6422, ip=192.168.168.222, monitor=latest, size=6659294)
2022-07-06 23:28:48,309 [cuckoo.core.resultserver] DEBUG: Task #3168412: live log analysis.log initialized.
2022-07-06 23:28:49,296 [cuckoo.core.resultserver] DEBUG: Task #3168412 is sending a BSON stream
2022-07-06 23:28:49,767 [cuckoo.core.resultserver] DEBUG: Task #3168412 is sending a BSON stream
2022-07-06 23:28:50,512 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'shots/0001.jpg'
2022-07-06 23:28:50,526 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 115967
2022-07-06 23:29:02,933 [cuckoo.core.guest] DEBUG: win7x6422: analysis #3168412 still processing
2022-07-06 23:29:08,330 [cuckoo.core.resultserver] DEBUG: Task #3168412 is sending a BSON stream
2022-07-06 23:29:08,954 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'shots/0002.jpg'
2022-07-06 23:29:08,969 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 120790
2022-07-06 23:29:09,078 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/8f8b79150e850acc_api-ms-win-core-console-l1-1-0.dll'
2022-07-06 23:29:09,081 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 12240
2022-07-06 23:29:09,086 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/913eaaa7997a6aee_api-ms-win-core-datetime-l1-1-0.dll'
2022-07-06 23:29:09,088 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 11736
2022-07-06 23:29:09,096 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/58a8d69df60ecbee_api-ms-win-core-debug-l1-1-0.dll'
2022-07-06 23:29:09,098 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 11728
2022-07-06 23:29:09,105 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/46079c0a1b660fc1_api-ms-win-core-errorhandling-l1-1-0.dll'
2022-07-06 23:29:09,107 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 11728
2022-07-06 23:29:09,114 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/5c9bc70586ad538b_api-ms-win-core-file-l1-1-0.dll'
2022-07-06 23:29:09,116 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 15328
2022-07-06 23:29:09,123 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/629e52ba4e2dca91_api-ms-win-core-file-l1-2-0.dll'
2022-07-06 23:29:09,126 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 11728
2022-07-06 23:29:09,132 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/dac867476caa42ff_api-ms-win-core-file-l2-1-0.dll'
2022-07-06 23:29:09,134 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 11744
2022-07-06 23:29:09,142 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/0b3dfb8554ead94d_api-ms-win-core-handle-l1-1-0.dll'
2022-07-06 23:29:09,145 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 11736
2022-07-06 23:29:09,151 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/c43075b1d2386a8a_api-ms-win-core-heap-l1-1-0.dll'
2022-07-06 23:29:09,156 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 12256
2022-07-06 23:29:09,160 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/c23fe8d5c3ca8918_api-ms-win-core-interlocked-l1-1-0.dll'
2022-07-06 23:29:09,162 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 11728
2022-07-06 23:29:09,168 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/f320f9c0463de641_api-ms-win-core-libraryloader-l1-1-0.dll'
2022-07-06 23:29:09,171 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 12752
2022-07-06 23:29:09,178 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/8664222823e122fc_api-ms-win-core-localization-l1-2-0.dll'
2022-07-06 23:29:09,180 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 14800
2022-07-06 23:29:09,186 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/5d9767d8cca0fbfd_api-ms-win-core-memory-l1-1-0.dll'
2022-07-06 23:29:09,189 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 12240
2022-07-06 23:29:09,195 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/8e015cdf2561450e_api-ms-win-core-namedpipe-l1-1-0.dll'
2022-07-06 23:29:09,197 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 11728
2022-07-06 23:29:09,203 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/058eb7ce88c22d2f_api-ms-win-core-processenvironment-l1-1-0.dll'
2022-07-06 23:29:09,205 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 12752
2022-07-06 23:29:09,212 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/a5b733e3dce21ab6_api-ms-win-core-processthreads-l1-1-0.dll'
2022-07-06 23:29:09,214 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 14288
2022-07-06 23:29:09,220 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/1ef06c600c451e66_api-ms-win-core-processthreads-l1-1-1.dll'
2022-07-06 23:29:09,222 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 12240
2022-07-06 23:29:09,229 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/e63550608dd58040_api-ms-win-core-profile-l1-1-0.dll'
2022-07-06 23:29:09,231 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 11728
2022-07-06 23:29:09,238 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/91508ab353b90b30_api-ms-win-core-rtlsupport-l1-1-0.dll'
2022-07-06 23:29:09,241 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 12240
2022-07-06 23:29:09,247 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/f3a7a9c98ebe915b_api-ms-win-core-string-l1-1-0.dll'
2022-07-06 23:29:09,249 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 11728
2022-07-06 23:29:09,256 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/d6708d1254ed88a9_api-ms-win-core-synch-l1-1-0.dll'
2022-07-06 23:29:09,259 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 13776
2022-07-06 23:29:09,268 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/72c639d1afda32a6_api-ms-win-core-synch-l1-2-0.dll'
2022-07-06 23:29:09,270 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 12240
2022-07-06 23:29:09,276 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/76d8e4ed946deefe_api-ms-win-core-sysinfo-l1-1-0.dll'
2022-07-06 23:29:09,278 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 12768
2022-07-06 23:29:09,287 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/b0eda99eabd32fef_api-ms-win-core-timezone-l1-1-0.dll'
2022-07-06 23:29:09,289 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 12240
2022-07-06 23:29:09,296 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/f28a8fe2cd7e8e00_api-ms-win-core-util-l1-1-0.dll'
2022-07-06 23:29:09,299 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 11728
2022-07-06 23:29:09,304 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/e677497c1baefffb_api-ms-win-crt-conio-l1-1-0.dll'
2022-07-06 23:29:09,306 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 12752
2022-07-06 23:29:09,313 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/5cf5bbb861608131_api-ms-win-crt-convert-l1-1-0.dll'
2022-07-06 23:29:09,315 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 15824
2022-07-06 23:29:09,321 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/b7ee468f5b6c650d_api-ms-win-crt-environment-l1-1-0.dll'
2022-07-06 23:29:09,323 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 12240
2022-07-06 23:29:09,329 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/7102f8d9d0f3f689_api-ms-win-crt-filesystem-l1-1-0.dll'
2022-07-06 23:29:09,331 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 13776
2022-07-06 23:29:09,337 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/f5183b8d7462c010_api-ms-win-crt-heap-l1-1-0.dll'
2022-07-06 23:29:09,339 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 12752
2022-07-06 23:29:09,345 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/2eb96422375f1a7b_api-ms-win-crt-locale-l1-1-0.dll'
2022-07-06 23:29:09,347 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 12240
2022-07-06 23:29:09,352 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/a768339f0b036747_api-ms-win-crt-math-l1-1-0.dll'
2022-07-06 23:29:09,355 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 20944
2022-07-06 23:29:09,361 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/3af38920e767bd9e_api-ms-win-crt-process-l1-1-0.dll'
2022-07-06 23:29:09,364 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 12752
2022-07-06 23:29:09,370 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/d899c2f061952b3b_api-ms-win-crt-runtime-l1-1-0.dll'
2022-07-06 23:29:09,373 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 16336
2022-07-06 23:29:09,378 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/f9d3f380023a4c45_api-ms-win-crt-stdio-l1-1-0.dll'
2022-07-06 23:29:09,381 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 17872
2022-07-06 23:29:09,388 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/1a916c0db285deb0_api-ms-win-crt-string-l1-1-0.dll'
2022-07-06 23:29:09,390 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 18384
2022-07-06 23:29:09,397 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/b56bc94e8539603d_api-ms-win-crt-time-l1-1-0.dll'
2022-07-06 23:29:09,400 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 14288
2022-07-06 23:29:09,407 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/dd14133adf5c5345_api-ms-win-crt-utility-l1-1-0.dll'
2022-07-06 23:29:09,409 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 12240
2022-07-06 23:29:09,420 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/01a29d17fd7833d4_base_library.zip'
2022-07-06 23:29:09,427 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 831584
2022-07-06 23:29:09,455 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/a59fde883a0ef9d7_cacert.pem'
2022-07-06 23:29:09,459 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 285222
2022-07-06 23:29:09,466 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/e3b0c44298fc1c14_py.typed'
2022-07-06 23:29:09,467 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 0
2022-07-06 23:29:09,504 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/9c0a0a11629cced6_libcrypto-1_1.dll'
2022-07-06 23:29:09,525 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 3439512
2022-07-06 23:29:09,537 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/ed1c8769f5096afd_libssl-1_1.dll'
2022-07-06 23:29:09,545 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 698784
2022-07-06 23:29:09,550 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/4d0f50757a4d9abe_pyexpat.pyd'
2022-07-06 23:29:09,553 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 194000
2022-07-06 23:29:09,583 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/8d0bec69554317cc_python310.dll'
2022-07-06 23:29:09,605 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 4445648
2022-07-06 23:29:09,615 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/cb643556c2dcdb95_select.pyd'
2022-07-06 23:29:09,617 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 26064
2022-07-06 23:29:09,846 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/2c2083c9a49f65c5_mutation-listener.js'
2022-07-06 23:29:09,849 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 1944
2022-07-06 23:29:09,881 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/946add298a5e2346_webdriver_prefs.json'
2022-07-06 23:29:09,884 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 2826
2022-07-06 23:29:09,911 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/79c706a9230b156a_findElements.js'
2022-07-06 23:29:09,914 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 53824
2022-07-06 23:29:09,921 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/2186ea70072c63dd_getAttribute.js'
2022-07-06 23:29:09,924 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 43157
2022-07-06 23:29:09,931 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/ebda4033faa32130_isDisplayed.js'
2022-07-06 23:29:09,934 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 43996
2022-07-06 23:29:09,991 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/6238cbfe9f57c142_ucrtbase.dll'
2022-07-06 23:29:10,083 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 1035728
2022-07-06 23:29:10,088 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'shots/0003.jpg'
2022-07-06 23:29:10,098 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 123632
2022-07-06 23:29:10,109 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/09e1d1e919016095_unicodedata.pyd'
2022-07-06 23:29:10,122 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 1118672
2022-07-06 23:29:10,129 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/ded5adaa94341e6c_VCRUNTIME140.dll'
2022-07-06 23:29:10,136 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 97168
2022-07-06 23:29:10,153 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/f5886d7fe3253498__yaml.cp310-win_amd64.pyd'
2022-07-06 23:29:10,157 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 249856
2022-07-06 23:29:10,168 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/0897e209676f5835__bz2.pyd'
2022-07-06 23:29:10,171 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 79824
2022-07-06 23:29:10,182 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/2673b0ec0769c251__decimal.pyd'
2022-07-06 23:29:10,185 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 248272
2022-07-06 23:29:10,191 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/5c5037f6896f83e0__elementtree.pyd'
2022-07-06 23:29:10,194 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 124368
2022-07-06 23:29:10,201 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/2e30544d07f1c55d__hashlib.pyd'
2022-07-06 23:29:10,203 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 60880
2022-07-06 23:29:10,211 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/ce72d59a0e96077c__lzma.pyd'
2022-07-06 23:29:10,214 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 154064
2022-07-06 23:29:10,219 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/8e7e758150ea0662__queue.pyd'
2022-07-06 23:29:10,222 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 27600
2022-07-06 23:29:10,228 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/130de35064718780__socket.pyd'
2022-07-06 23:29:10,231 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 75216
2022-07-06 23:29:10,238 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/5a4c78adedf0bcb5__ssl.pyd'
2022-07-06 23:29:10,242 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 156624
2022-07-06 23:29:10,248 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'files/b7fd172339478ada__uuid.pyd'
2022-07-06 23:29:10,250 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 21456
2022-07-06 23:29:11,200 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'shots/0004.jpg'
2022-07-06 23:29:11,217 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 133476
2022-07-06 23:29:11,758 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'curtain/1657139351.75.curtain.log'
2022-07-06 23:29:11,760 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 36
2022-07-06 23:29:11,913 [cuckoo.core.resultserver] DEBUG: Task #3168412: File upload for 'sysmon/1657139351.91.sysmon.xml'
2022-07-06 23:29:11,929 [cuckoo.core.resultserver] DEBUG: Task #3168412 uploaded file length: 1317736
2022-07-06 23:29:11,975 [cuckoo.core.guest] INFO: win7x6422: analysis completed successfully
2022-07-06 23:29:11,986 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2022-07-06 23:29:12,064 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2022-07-06 23:29:12,252 [cuckoo.core.resultserver] DEBUG: Task #3168412 had connection reset for <Context for LOG>
2022-07-06 23:29:43,658 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6422 to path /srv/cuckoo/cwd/storage/analyses/3168412/memory.dmp
2022-07-06 23:29:43,660 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6422
2022-07-06 23:32:50,976 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.222 for task #3168412
2022-07-06 23:32:51,366 [cuckoo.core.scheduler] DEBUG: Released database task #3168412
2022-07-06 23:32:51,597 [cuckoo.core.scheduler] INFO: Task #3168412: analysis procedure completed
SIGNATURES
Yara rules detected for file (5 events)
description (no description) rule APT32_KerrDown description (no description)
rule DebuggerException__SetConsoleCtrl description Checks if being debugged rule
anti_dbg description Affect system token rule win_token description Affect
private profile rule win_files_operation
Checks amount of memory in system, this can be used to detect virtual machines
that have a low amount of memory available (1 event)
Time & API Arguments Status Return Repeated
GlobalMemoryStatusEx
July 7, 2022, 12:16 a.m. 1 1 0
The executable contains unknown PE section names indicative of a packer (could
be a false positive) (1 event)
section _RDATA
Creates executable files on the filesystem (47 events)
file C:\Users\Administrator\AppData\Local\Temp\_MEI21402\libcrypto-1_1.dll file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-file-l1-1-0.dll
file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-crt-heap-l1-1-0.dll
file C:\Users\Administrator\AppData\Local\Temp\_MEI21402\VCRUNTIME140.dll file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-crt-time-l1-1-0.dll
file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-errorhandling-l1-1-0.dll
file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-timezone-l1-1-0.dll
file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-crt-environment-l1-1-0.dll
file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-crt-conio-l1-1-0.dll
file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-rtlsupport-l1-1-0.dll
file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-localization-l1-2-0.dll
file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-util-l1-1-0.dll
file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-crt-convert-l1-1-0.dll
file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-console-l1-1-0.dll
file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-handle-l1-1-0.dll
file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-crt-stdio-l1-1-0.dll
file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-crt-string-l1-1-0.dll
file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\selenium\webdriver\remote\isDisplayed.js
file C:\Users\Administrator\AppData\Local\Temp\_MEI21402\libssl-1_1.dll file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-processthreads-l1-1-0.dll
file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-file-l1-2-0.dll
file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-interlocked-l1-1-0.dll
file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-profile-l1-1-0.dll
file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-crt-runtime-l1-1-0.dll
file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-file-l2-1-0.dll
file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\selenium\webdriver\remote\getAttribute.js
file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-processthreads-l1-1-1.dll
file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\selenium\webdriver\common\mutation-listener.js
file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-processenvironment-l1-1-0.dll
file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-libraryloader-l1-1-0.dll
file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-synch-l1-2-0.dll
file C:\Users\Administrator\AppData\Local\Temp\_MEI21402\ucrtbase.dll file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-debug-l1-1-0.dll
file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-string-l1-1-0.dll
file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-crt-filesystem-l1-1-0.dll
file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-memory-l1-1-0.dll
file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-datetime-l1-1-0.dll
file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-crt-utility-l1-1-0.dll
file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-crt-process-l1-1-0.dll
file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\selenium\webdriver\remote\findElements.js
file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-synch-l1-1-0.dll
file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-heap-l1-1-0.dll
file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-crt-math-l1-1-0.dll
file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-sysinfo-l1-1-0.dll
file C:\Users\Administrator\AppData\Local\Temp\_MEI21402\python310.dll file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-core-namedpipe-l1-1-0.dll
file
C:\Users\Administrator\AppData\Local\Temp\_MEI21402\api-ms-win-crt-locale-l1-1-0.dll
File has been identified by 3 AntiVirus engines on VirusTotal as malicious (3
events)
APEX Malicious McAfee-GW-Edition BehavesLike.Win64.Ransom.wc Antiy-AVL
Trojan/Generic.ASMalwS.7C9D
Screenshots
Name Response Post-Analysis Lookup No hosts contacted.
IP Address Status Action VT Location No hosts contacted.
©2010-2018 Cuckoo Sandbox
Back to Top
Back to the top
©2010-2018 Cuckoo Sandbox
FEEDBACK
Expecting different results? Share this analysis report with us and we’ll
investigate it. Please include a brief message of what you had expected to see
and what you got instead.
Your name Your email
Your company
Include analysis
Include memory dump
Estimated report size: estimating...
Send feedback report
or cancel
We're processing your submission... This could take a few seconds.
Close