Category | Started | Completed | Duration | Log |
---|---|---|---|---|
FILE | 2023-05-13 15:36:32 | 2023-05-13 15:38:45 | 133 seconds | Show Log |
2023-01-13 14:36:32,000 [root] INFO: Date set to: 01-13-23, time set to: 20:36:32 2023-01-13 14:36:32,030 [root] DEBUG: Starting analyzer from: C:\xkhfq 2023-01-13 14:36:32,030 [root] DEBUG: Storing results at: C:\tiRSgQ 2023-01-13 14:36:32,030 [root] DEBUG: Pipe server name: \\.\PIPE\TyDnzH 2023-01-13 14:36:32,030 [root] DEBUG: No analysis package specified, trying to detect it automagically. 2023-01-13 14:36:32,030 [root] INFO: Automatically selected analysis package "exe" 2023-01-13 14:36:32,217 [root] DEBUG: Started auxiliary module Browser 2023-01-13 14:36:32,217 [modules.auxiliary.digisig] INFO: Skipping authenticode validation, signtool.exe was not found in bin/ 2023-01-13 14:36:32,217 [root] DEBUG: Started auxiliary module DigiSig 2023-01-13 14:36:32,217 [root] DEBUG: Started auxiliary module Disguise 2023-01-13 14:36:32,265 [root] DEBUG: Started auxiliary module Human 2023-01-13 14:36:32,280 [root] DEBUG: Started auxiliary module Screenshots 2023-01-13 14:36:32,280 [root] DEBUG: Started auxiliary module Usage 2023-01-13 14:36:32,280 [lib.api.process] INFO: Successfully executed process from path "C:\Users\ADMINI~1\AppData\Local\Temp\iphone-unlock_2.exe" with arguments "" with pid 1964 2023-01-13 14:36:32,280 [lib.api.process] DEBUG: Using QueueUserAPC injection. 2023-01-13 14:36:32,296 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1964 2023-01-13 14:36:34,296 [lib.api.process] INFO: Successfully resumed process with pid 1964 2023-01-13 14:36:34,296 [root] INFO: Added new process to list with pid: 1964 2023-01-13 14:36:34,312 [root] INFO: Cuckoomon successfully loaded in process with pid 1964. 2023-01-13 14:36:34,358 [root] INFO: Disabling sleep skipping. 2023-01-13 14:36:34,467 [root] INFO: Added new file to list with path: C:\Users\Administrator\AppData\Local\Temp\TS_GetDownloaderInfo.log 2023-01-13 14:36:34,703 [root] INFO: Added new file to list with path: C:\Users\Administrator\AppData\Local\Temp\4ukey_pf\4ukey_pf1.0.0.0.exe.log 2023-01-13 14:38:33,296 [root] INFO: Analysis timeout hit, terminating analysis. 2023-01-13 14:38:33,296 [root] INFO: Created shutdown mutex. 2023-01-13 14:38:34,296 [root] INFO: Shutting down package. 2023-01-13 14:38:34,296 [root] INFO: Stopping auxiliary modules. 2023-01-13 14:38:34,796 [root] INFO: Finishing auxiliary modules. 2023-01-13 14:38:34,796 [root] INFO: Shutting down pipe server and dumping dropped files. 2023-01-13 14:38:34,812 [root] INFO: Analysis completed.
Name | Label | Manager | Started On | Shutdown On |
---|---|---|---|---|
cuckoo6 | cuckoo6 | VirtualBox | 2023-05-13 15:36:32 | 2023-05-13 15:38:45 |
File Name | iphone-unlock_2.exe |
---|---|
File Size | 1991432 bytes |
File Type | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
MD5 | 9e22e86358f1ab147242988352b34374 |
SHA1 | 0aa7583d9e6d6f54273efd786a889e5be3d63288 |
SHA256 | 1159f0c120b943933aebe2434abc58b841810d0acf43aa394cf317ccd05c8fb4 |
SHA512 | 151fa1eb0b9078f77804afe2479929dd74149679db7b5c907ef196b80d127065215997a6039726c19a4a7352d38d6773354b002d7f4191944ad7eaf0b76ae7bf |
CRC32 | DD67021B |
Ssdeep | 49152:4n/Nb7fNyRlCWQ0HUSSm8VTdcoVSdHzSql6UM7iwrUe7RdPPfXg+AW3FXIdvDsAq:sGnCh0GTPVSdTHQUM7ee7RdP3XgC3B6g |
ClamAV | None matched |
Yara | None matched |
Direct | IP | Country Name |
---|---|---|
Y | 8.8.8.8 [VT] | unknown |
N | 23.47.50.91 [VT] | unknown |
N | 129.6.15.29 [VT] | unknown |
Name | Response | Post-Analysis Lookup |
---|---|---|
time-b.nist.gov [VT] |
CNAME time-b-g.nist.gov
[VT]
A 129.6.15.29 [VT] |
129.6.15.29 [VT] |
teredo.ipv6.microsoft.com [VT] | NXDOMAIN [VT] | |
www.msftncsi.com [VT] |
CNAME a1961.g2.akamai.net
[VT]
CNAME www.msftncsi.com.edgesuite.net [VT] A 23.47.50.82 [VT] A 23.47.50.79 [VT] A 23.47.50.97 [VT] A 23.47.50.83 [VT] A 23.47.50.88 [VT] A 23.47.50.91 [VT] |
23.47.50.103 [VT] |
Image Base | 0x00400000 |
---|---|
Entry Point | 0x007b2320 |
Reported Checksum | 0x001ed56e |
Actual Checksum | 0x001ed56e |
Minimum OS Version | 5.1 |
Compile Time | 2023-03-13 23:00:13 |
Icon | |
Icon Exact Hash | 034095ea60d666a25f4f11f9cb993ebe |
Icon Similarity Hash | a5806f6490adc74053f5814b6580cdf1 |
LegalCopyright | Copyright \xa9 2010-2023 PassFab Co.,Ltd. |
---|---|
FileVersion | 2.7.6.0 |
CompanyName | PassFab Co., Ltd. |
ProductName | 20230314115948 |
ProductVersion | 2.7.6.0 |
FileDescription | PassFab iPhone Unlock |
Translation | 0x0409 0x04e4 |
Name | Virtual Address | Virtual Size | Size of Raw Data | Characteristics | Entropy |
---|---|---|---|---|---|
UPX0 | 0x00001000 | 0x001fd000 | 0x00000000 | IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
UPX1 | 0x001fe000 | 0x001b5000 | 0x001b4600 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.90 |
.rsrc | 0x003b3000 | 0x0002d000 | 0x0002c800 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 6.29 |
Offset | 0x001e1200 |
Size | 0x00005108 |
Name | Offset | Size | Language | Sub-language | Entropy | File type |
---|---|---|---|---|---|---|
ZIPRES | 0x002bb2e0 | 0x000a1d2b | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.85 | data |
RT_ICON | 0x003de8f8 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.90 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x003de8f8 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.90 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x003de8f8 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.90 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x003de8f8 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.90 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x003de8f8 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.90 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x003de8f8 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.90 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x003de8f8 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.90 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x003de8f8 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.90 | GLS_BINARY_LSB_FIRST |
RT_GROUP_ICON | 0x003ded64 | 0x00000076 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.97 | MS Windows icon resource - 8 icons, 256-colors |
RT_VERSION | 0x003dede0 | 0x0000028c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.47 | DOS executable (COM) |
RT_MANIFEST | 0x003df070 | 0x0000028b | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.06 | XML 1.0 document text |
Direct | IP | Country Name |
---|---|---|
Y | 8.8.8.8 [VT] | unknown |
N | 23.47.50.91 [VT] | unknown |
N | 129.6.15.29 [VT] | unknown |
Source | Source Port | Destination | Destination Port |
---|---|---|---|
192.168.56.106 | 49162 | 23.47.50.91 www.msftncsi.com | 80 |
Source | Source Port | Destination | Destination Port |
---|---|---|---|
192.168.56.106 | 123 | 129.6.15.29 time-b.nist.gov | 123 |
192.168.56.106 | 137 | 192.168.56.255 | 137 |
192.168.56.106 | 138 | 192.168.56.255 | 138 |
192.168.56.106 | 59351 | 224.0.0.252 | 5355 |
192.168.56.106 | 63172 | 224.0.0.252 | 5355 |
192.168.56.106 | 64662 | 224.0.0.252 | 5355 |
192.168.56.106 | 64970 | 224.0.0.252 | 5355 |
192.168.56.106 | 59142 | 8.8.8.8 | 53 |
192.168.56.106 | 63926 | 8.8.8.8 | 53 |
192.168.56.106 | 63931 | 8.8.8.8 | 53 |
Name | Response | Post-Analysis Lookup |
---|---|---|
time-b.nist.gov [VT] |
CNAME time-b-g.nist.gov
[VT]
A 129.6.15.29 [VT] |
129.6.15.29 [VT] |
teredo.ipv6.microsoft.com [VT] | NXDOMAIN [VT] | |
www.msftncsi.com [VT] |
CNAME a1961.g2.akamai.net
[VT]
CNAME www.msftncsi.com.edgesuite.net [VT] A 23.47.50.82 [VT] A 23.47.50.79 [VT] A 23.47.50.97 [VT] A 23.47.50.83 [VT] A 23.47.50.88 [VT] A 23.47.50.91 [VT] |
23.47.50.103 [VT] |
URI | Data |
---|---|
http://www.msftncsi.com/ncsi.txt | GET /ncsi.txt HTTP/1.1 Connection: Close User-Agent: Microsoft NCSI Host: www.msftncsi.com |
No SMTP traffic performed.
No IRC requests performed.
No ICMP traffic performed.
No CIF Results
No Suricata Alerts
No Suricata TLS
No Suricata HTTP
File name | TS_GetDownloaderInfo.log |
---|---|
Associated Filenames |
C:\Users\Administrator\AppData\Local\Temp\TS_GetDownloaderInfo.log
|
File Size | 273 bytes |
File Type | ASCII text, with CRLF line terminators |
MD5 | ed906d26afde9130df9bc04596f655c0 |
SHA1 | e85a27f47e8183cf98c64ca790a7fc6119e39e7b |
SHA256 | 27ed7048403a10f6c56c4f0cc265c6b7c76ada9be80d388a58001566e90a197f |
CRC32 | 9DCFB713 |
Ssdeep | 6:kTc9f1M/I79f1CAUI79f1M/I79f1CAUI79f1M/I79f1CAUy:kaQIHC+HQIHC+HQIHCg |
ClamAV | None |
Yara | None matched |
VirusTotal | Search for Analysis |
Download Display Text | |
2023-01-13 19:56:34 GetDownloaderInfo... 2023-01-13 20:27:14 GetDownloaderInfo return -1 2023-01-13 20:27:14 GetDownloaderInfo... 2023-01-13 20:27:14 GetDownloaderInfo return -1 2023-01-13 20:27:14 GetDownloaderInfo... 2023-01-13 20:27:14 GetDownloaderInfo return -1 |
File name | 4ukey_pf1.0.0.0.exe.log |
---|---|
Associated Filenames |
C:\Users\Administrator\AppData\Local\Temp\4ukey_pf\4ukey_pf1.0.0.0.exe.log
|
File Size | 1413 bytes |
File Type | ASCII text, with CRLF line terminators |
MD5 | 3c0338b5e51f26648f2dd4bb6338ddc2 |
SHA1 | fc384cae1754a38823990696a5397ce573b643e3 |
SHA256 | 35b033312e7f131319db6c69926e2290bd2b5e991e56cfad5dd8a6223f05da9e |
CRC32 | 7EECE1AC |
Ssdeep | 24:RHK8KqHu9fH0fLRH8XHKsIHlHVHxHDRHgjPThPm6IPpaPWrUPCIPNfIP74IPJNeY:Rq8VOBm2q5F1RdAjdu6I8erUtVQ7b/GY |
ClamAV | None |
Yara | None matched |
VirusTotal | Search for Analysis |
Download Display Text | |
2023-01-13 20:27:14,703--[Thread](932) Downloader version: 2.7.6.0 2023-01-13 20:27:14,703--[Thread](932) Screen: 1024*768, 1 2023-01-13 20:27:14,703--[Thread](932) Request For Product Config -- [Downloader Id]: 150 [Site Id]: 114 [Language Id]: 1033 2023-01-13 20:27:14,703--[Thread](932) Configure Load From File! 2023-01-13 20:27:14,703--[Thread](932) [File ContentLength]: 0 2023-01-13 20:27:14,703--[Thread](932) [Downloader Id]: 150 2023-01-13 20:27:14,703--[Thread](932) [SoftWare Id]: 0 2023-01-13 20:27:14,703--[Thread](932) [Site Id]: 114 2023-01-13 20:27:14,703--[Thread](932) [Language Id]: 1033 2023-01-13 20:27:14,703--[Thread](932) [Software Name]: PassFab iPhone Unlock 2023-01-13 20:27:14,718--[Thread](932) [Software Version]: 1.0.0.0 2023-01-13 20:27:14,718--[Thread](932) [Remote Path]: http://dl.tenorshare.net/4ukey_pf.exe 2023-01-13 20:27:14,718--[Thread](932) [MD5 String]: 2023-01-13 20:27:14,718--[Thread](932) [Process Name]: Start.exe 2023-01-13 20:27:14,718--[Thread](932) [Install Url]: 2023-01-13 20:27:14,718--[Thread](932) [Banner Url]: 2023-01-13 20:27:14,718--[Thread](932) [Licensefile Url]: 2023-01-13 20:27:14,718--[Thread](932) [Extra Download Url]: https://download.passfab.com/downloads/extra/4ukey_pf.exe 2023-01-13 20:27:14,718--[Thread](932) [Cnet Download Url]: 2023-01-13 20:27:14,718--[Thread](932) [MD5 Extra String]: |
JSON Report | Download |
---|
Task ID | 1714 |
---|---|
Mongo ID | 645ff55d2694ed0cf7a14c9c |
Cuckoo release | 1.3-NG |