Summary

1f0d8dfbd8b2b9c0_isbew64.exe

File 1f0d8dfbd8b2b9c0_isbew64.exe

Summary
Download Resubmit sample

Size 177.7KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 7eb57876ff781f17adce41ffc70d1f31
SHA1 3a358773608e315d8e1ec97476e670802e9f1ec6
SHA256 1f0d8dfbd8b2b9c0ceb8a827ffdd1559d1fb26e86836a9080dfd168759c03bbe
SHA512
d967395f5ddb5df40949a737ec9b4c5e675c0355733938d9a17801f98aad9af2fd2e6660786c13ebb2f2a66fcb76fc99ee064acd87796a7931e21a973772576e
CRC32 86E22265
ssdeep None
PDB Path C:\CodeBases\isdev\Src\Runtime\InstallScript\ISBEW64\x64\Release\ISBEW64.pdb
Yara
  • anti_dbg - Checks if being debugged
  • win_registry - Affect system registries
  • win_files_operation - Affect private profile

Score

This file appears fairly benign with a score of 0.4 out of 10.

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Autosubmit

Parent_Task_ID:5160245

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis
Category Started Completed Duration Routing Logs
FILE Aug. 31, 2024, 6:19 p.m. Aug. 31, 2024, 6:20 p.m. 39 seconds internet Show Analyzer Log
Show Cuckoo Log

Analyzer Log

2024-08-31 18:19:29,015 [analyzer] DEBUG: Starting analyzer from: C:\tmp4nivwu
2024-08-31 18:19:29,030 [analyzer] DEBUG: Pipe server name: \??\PIPE\fDvJZrmEcOhLzGASgECeztNn
2024-08-31 18:19:29,030 [analyzer] DEBUG: Log pipe server name: \??\PIPE\uBoDxLtUFPXYLZnBhnMfFMbSc
2024-08-31 18:19:29,030 [analyzer] DEBUG: No analysis package specified, trying to detect it automagically.
2024-08-31 18:19:29,030 [analyzer] INFO: Automatically selected analysis package "exe"
2024-08-31 18:19:29,280 [analyzer] DEBUG: Started auxiliary module Curtain
2024-08-31 18:19:29,280 [analyzer] DEBUG: Started auxiliary module DbgView
2024-08-31 18:19:29,687 [analyzer] DEBUG: Started auxiliary module Disguise
2024-08-31 18:19:29,875 [analyzer] DEBUG: Loaded monitor into process with pid 508
2024-08-31 18:19:29,875 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2024-08-31 18:19:29,875 [analyzer] DEBUG: Started auxiliary module Human
2024-08-31 18:19:29,875 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2024-08-31 18:19:29,875 [analyzer] DEBUG: Started auxiliary module Reboot
2024-08-31 18:19:29,953 [analyzer] DEBUG: Started auxiliary module RecentFiles
2024-08-31 18:19:29,953 [analyzer] DEBUG: Started auxiliary module Screenshots
2024-08-31 18:19:29,953 [analyzer] DEBUG: Started auxiliary module Sysmon
2024-08-31 18:19:29,953 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2024-08-31 18:19:30,046 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\1f0d8dfbd8b2b9c0_isbew64.exe' with arguments '' and pid 2496
2024-08-31 18:19:30,265 [analyzer] DEBUG: Loaded monitor into process with pid 2496
2024-08-31 18:19:31,108 [analyzer] INFO: Process with pid 2496 has terminated
2024-08-31 18:19:31,108 [analyzer] INFO: Process list is empty, terminating analysis.
2024-08-31 18:19:32,265 [analyzer] INFO: Terminating remaining processes before shutdown.
2024-08-31 18:19:32,265 [analyzer] INFO: Analysis completed.

Cuckoo Log

2024-08-31 18:19:36,948 [cuckoo.core.scheduler] INFO: Task #5160252: acquired machine win7x6424 (label=win7x6424)
2024-08-31 18:19:36,949 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.224 for task #5160252
2024-08-31 18:19:37,824 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 1364687 (interface=vboxnet0, host=192.168.168.224)
2024-08-31 18:19:38,360 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6424
2024-08-31 18:19:39,777 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6424 to vmcloak
2024-08-31 18:19:51,415 [cuckoo.core.guest] INFO: Starting analysis #5160252 on guest (id=win7x6424, ip=192.168.168.224)
2024-08-31 18:19:52,421 [cuckoo.core.guest] DEBUG: win7x6424: not ready yet
2024-08-31 18:19:57,469 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6424, ip=192.168.168.224)
2024-08-31 18:19:57,569 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6424, ip=192.168.168.224, monitor=latest, size=6660546)
2024-08-31 18:19:58,804 [cuckoo.core.resultserver] DEBUG: Task #5160252: live log analysis.log initialized.
2024-08-31 18:19:59,631 [cuckoo.core.resultserver] DEBUG: Task #5160252 is sending a BSON stream
2024-08-31 18:19:59,927 [cuckoo.core.resultserver] DEBUG: Task #5160252 is sending a BSON stream
2024-08-31 18:20:00,934 [cuckoo.core.resultserver] DEBUG: Task #5160252: File upload for 'shots/0001.jpg'
2024-08-31 18:20:00,950 [cuckoo.core.resultserver] DEBUG: Task #5160252 uploaded file length: 133480
2024-08-31 18:20:02,025 [cuckoo.core.resultserver] DEBUG: Task #5160252: File upload for 'curtain/1725121172.2.curtain.log'
2024-08-31 18:20:02,029 [cuckoo.core.resultserver] DEBUG: Task #5160252 uploaded file length: 36
2024-08-31 18:20:02,089 [cuckoo.core.resultserver] DEBUG: Task #5160252: File upload for 'sysmon/1725121172.27.sysmon.xml'
2024-08-31 18:20:02,111 [cuckoo.core.resultserver] DEBUG: Task #5160252 uploaded file length: 86244
2024-08-31 18:20:03,033 [cuckoo.core.resultserver] DEBUG: Task #5160252 had connection reset for <Context for LOG>
2024-08-31 18:20:04,386 [cuckoo.core.guest] INFO: win7x6424: analysis completed successfully
2024-08-31 18:20:04,397 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2024-08-31 18:20:04,430 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2024-08-31 18:20:06,332 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6424 to path /srv/cuckoo/cwd/storage/analyses/5160252/memory.dmp
2024-08-31 18:20:06,334 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6424
2024-08-31 18:20:15,793 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.224 for task #5160252
2024-08-31 18:20:16,016 [cuckoo.core.scheduler] DEBUG: Released database task #5160252
2024-08-31 18:20:16,032 [cuckoo.core.scheduler] INFO: Task #5160252: analysis procedure completed

Signatures

Yara rules detected for file (3 events)
description Checks if being debugged rule anti_dbg
description Affect system registries rule win_registry
description Affect private profile rule win_files_operation
This executable has a PDB path (1 event)
pdb_path C:\CodeBases\isdev\Src\Runtime\InstallScript\ISBEW64\x64\Release\ISBEW64.pdb
The file contains an unknown PE resource name possibly indicative of a packer (1 event)
resource name TYPELIB
Screenshots
Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action VT Location
No hosts contacted.
Cuckoo

We're processing your submission... This could take a few seconds.