Summary

2bc46098e583572f_xdovhp.lnk

File 2bc46098e583572f_xdovhp.lnk

Summary
Download Resubmit sample

Size 1.1KB
Type MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Dec 11 02:16:10 2024, mtime=Wed Dec 11 02:16:10 2024, atime=Tue Jun 16 00:31:03 2020, length=830122, window=hide
MD5 688c4a73c963cc1d195c84a8016eeb76
SHA1 7258e09e84dee6f9f8e777e8dd464ea0a03c2b39
SHA256 2bc46098e583572ffe9a0b200c8c3a1ba65f782876ffe710531bf282645ee218
SHA512
fafe40bd51000cbf8754ea29a269315a87b79611d5cfd941be8c1eb4afc4965441b092780b092d926985a68106df31501f7757c19b659c6f84d12697a28aa532
CRC32 064AACF2
ssdeep None
Yara
  • LnkHeader - (no description)

Score

This file shows numerous signs of malicious behavior.

The score of this file is 3.6 out of 10.

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Autosubmit

Parent_Task_ID:5653311

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis
Category Started Completed Duration Routing Logs
FILE Dec. 14, 2024, 5:01 p.m. Dec. 14, 2024, 5:07 p.m. 348 seconds internet Show Analyzer Log
Show Cuckoo Log

Analyzer Log

2024-12-11 11:11:19,000 [analyzer] DEBUG: Starting analyzer from: C:\tmp1xmcit
2024-12-11 11:11:19,000 [analyzer] DEBUG: Pipe server name: \??\PIPE\lZZUelMNTnNVhSdWu
2024-12-11 11:11:19,000 [analyzer] DEBUG: Log pipe server name: \??\PIPE\EIBjAUPfrDvXVGRi
2024-12-11 11:11:19,000 [analyzer] DEBUG: No analysis package specified, trying to detect it automagically.
2024-12-11 11:11:19,015 [analyzer] INFO: Automatically selected analysis package "lnk"
2024-12-11 11:11:19,296 [analyzer] DEBUG: Started auxiliary module Curtain
2024-12-11 11:11:19,296 [analyzer] DEBUG: Started auxiliary module DbgView
2024-12-11 11:11:19,875 [analyzer] DEBUG: Started auxiliary module Disguise
2024-12-11 11:11:20,078 [analyzer] DEBUG: Loaded monitor into process with pid 508
2024-12-11 11:11:20,078 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2024-12-11 11:11:20,078 [analyzer] DEBUG: Started auxiliary module Human
2024-12-11 11:11:20,078 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2024-12-11 11:11:20,078 [analyzer] DEBUG: Started auxiliary module Reboot
2024-12-11 11:11:20,125 [analyzer] DEBUG: Started auxiliary module RecentFiles
2024-12-11 11:11:20,125 [analyzer] DEBUG: Started auxiliary module Screenshots
2024-12-11 11:11:20,125 [analyzer] DEBUG: Started auxiliary module Sysmon
2024-12-11 11:11:20,125 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2024-12-11 11:11:20,203 [lib.api.process] INFO: Successfully executed process from path 'C:\\Windows\\System32\\cmd.exe' with arguments ['/c', 'start', '/wait', '"smDaUhiWYB"', u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\2bc46098e583572f_xdovhp.lnk'] and pid 2936
2024-12-11 11:11:20,483 [analyzer] DEBUG: Loaded monitor into process with pid 2936
2024-12-11 11:11:20,780 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:20,812 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:20,828 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:20,828 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:20,828 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:20,828 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:20,828 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:20,842 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:20,842 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:20,875 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:20,875 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:20,921 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:20,921 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:20,921 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:20,921 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:20,937 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:20,937 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:20,937 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:20,937 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:20,937 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:20,937 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:20,937 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:21,358 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:21,358 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:21,358 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:21,358 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:21,375 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:21,375 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:21,375 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:21,375 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:21,375 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:21,390 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:21,390 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:21,483 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:21,483 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:21,500 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:21,500 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:21,500 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:21,500 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:21,515 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:21,515 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:21,515 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:21,515 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:11:21,515 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2024-12-11 11:12:01,233 [analyzer] INFO: Process with pid 2936 has terminated
2024-12-11 11:12:01,233 [analyzer] INFO: Process list is empty, terminating analysis.
2024-12-11 11:12:02,733 [analyzer] INFO: Terminating remaining processes before shutdown.
2024-12-11 11:12:02,733 [analyzer] INFO: Analysis completed.

Cuckoo Log

2024-12-14 17:01:15,912 [cuckoo.core.scheduler] DEBUG: Task #5654413: no machine available yet
2024-12-14 17:01:16,932 [cuckoo.core.scheduler] DEBUG: Task #5654413: no machine available yet
2024-12-14 17:01:17,949 [cuckoo.core.scheduler] DEBUG: Task #5654413: no machine available yet
2024-12-14 17:01:18,968 [cuckoo.core.scheduler] DEBUG: Task #5654413: no machine available yet
2024-12-14 17:01:19,998 [cuckoo.core.scheduler] DEBUG: Task #5654413: no machine available yet
2024-12-14 17:01:21,023 [cuckoo.core.scheduler] DEBUG: Task #5654413: no machine available yet
2024-12-14 17:01:22,106 [cuckoo.core.scheduler] DEBUG: Task #5654413: no machine available yet
2024-12-14 17:01:23,138 [cuckoo.core.scheduler] DEBUG: Task #5654413: no machine available yet
2024-12-14 17:01:24,156 [cuckoo.core.scheduler] DEBUG: Task #5654413: no machine available yet
2024-12-14 17:01:25,173 [cuckoo.core.scheduler] DEBUG: Task #5654413: no machine available yet
2024-12-14 17:01:26,228 [cuckoo.core.scheduler] DEBUG: Task #5654413: no machine available yet
2024-12-14 17:01:27,261 [cuckoo.core.scheduler] DEBUG: Task #5654413: no machine available yet
2024-12-14 17:01:28,279 [cuckoo.core.scheduler] DEBUG: Task #5654413: no machine available yet
2024-12-14 17:01:29,396 [cuckoo.core.scheduler] DEBUG: Task #5654413: no machine available yet
2024-12-14 17:01:30,426 [cuckoo.core.scheduler] DEBUG: Task #5654413: no machine available yet
2024-12-14 17:01:31,597 [cuckoo.core.scheduler] DEBUG: Task #5654413: no machine available yet
2024-12-14 17:01:32,627 [cuckoo.core.scheduler] DEBUG: Task #5654413: no machine available yet
2024-12-14 17:01:33,650 [cuckoo.core.scheduler] DEBUG: Task #5654413: no machine available yet
2024-12-14 17:01:34,720 [cuckoo.core.scheduler] DEBUG: Task #5654413: no machine available yet
2024-12-14 17:01:35,749 [cuckoo.core.scheduler] DEBUG: Task #5654413: no machine available yet
2024-12-14 17:01:36,862 [cuckoo.core.scheduler] DEBUG: Task #5654413: no machine available yet
2024-12-14 17:01:37,903 [cuckoo.core.scheduler] INFO: Task #5654413: acquired machine win7x6414 (label=win7x6414)
2024-12-14 17:01:37,904 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.214 for task #5654413
2024-12-14 17:01:38,290 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 234952 (interface=vboxnet0, host=192.168.168.214)
2024-12-14 17:01:38,465 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6414
2024-12-14 17:01:39,119 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6414 to vmcloak
2024-12-14 17:04:00,504 [cuckoo.core.guest] INFO: Starting analysis #5654413 on guest (id=win7x6414, ip=192.168.168.214)
2024-12-14 17:04:01,508 [cuckoo.core.guest] DEBUG: win7x6414: not ready yet
2024-12-14 17:04:06,529 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6414, ip=192.168.168.214)
2024-12-14 17:04:06,616 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6414, ip=192.168.168.214, monitor=latest, size=6660546)
2024-12-14 17:04:08,212 [cuckoo.core.resultserver] DEBUG: Task #5654413: live log analysis.log initialized.
2024-12-14 17:04:09,241 [cuckoo.core.resultserver] DEBUG: Task #5654413 is sending a BSON stream
2024-12-14 17:04:09,584 [cuckoo.core.resultserver] DEBUG: Task #5654413 is sending a BSON stream
2024-12-14 17:04:10,443 [cuckoo.core.resultserver] DEBUG: Task #5654413: File upload for 'shots/0001.jpg'
2024-12-14 17:04:10,456 [cuckoo.core.resultserver] DEBUG: Task #5654413 uploaded file length: 110801
2024-12-14 17:04:22,812 [cuckoo.core.guest] DEBUG: win7x6414: analysis #5654413 still processing
2024-12-14 17:04:37,955 [cuckoo.core.guest] DEBUG: win7x6414: analysis #5654413 still processing
2024-12-14 17:04:50,726 [cuckoo.core.resultserver] DEBUG: Task #5654413: File upload for 'shots/0002.jpg'
2024-12-14 17:04:50,746 [cuckoo.core.resultserver] DEBUG: Task #5654413 uploaded file length: 133542
2024-12-14 17:04:51,674 [cuckoo.core.resultserver] DEBUG: Task #5654413: File upload for 'curtain/1733911922.44.curtain.log'
2024-12-14 17:04:51,676 [cuckoo.core.resultserver] DEBUG: Task #5654413 uploaded file length: 36
2024-12-14 17:04:51,920 [cuckoo.core.resultserver] DEBUG: Task #5654413: File upload for 'sysmon/1733911922.69.sysmon.xml'
2024-12-14 17:04:51,965 [cuckoo.core.resultserver] DEBUG: Task #5654413 uploaded file length: 2340680
2024-12-14 17:04:51,988 [cuckoo.core.resultserver] DEBUG: Task #5654413 had connection reset for <Context for LOG>
2024-12-14 17:04:53,031 [cuckoo.core.guest] INFO: win7x6414: analysis completed successfully
2024-12-14 17:04:53,040 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2024-12-14 17:04:53,067 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2024-12-14 17:04:54,100 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6414 to path /srv/cuckoo/cwd/storage/analyses/5654413/memory.dmp
2024-12-14 17:04:54,101 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6414
2024-12-14 17:06:57,231 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.214 for task #5654413
2024-12-14 17:06:57,702 [cuckoo.core.scheduler] DEBUG: Released database task #5654413
2024-12-14 17:07:04,324 [cuckoo.core.scheduler] INFO: Task #5654413: analysis procedure completed

Signatures

Yara rule detected for file (1 event)
description (no description) rule LnkHeader
Command line console output was observed (1 event)
Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: Access is denied.
console_handle: 0x000000000000000b
1 1 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Creates a shortcut to an executable file (1 event)
file C:\Users\Administrator\AppData\Local\Temp\2bc46098e583572f_xdovhp.lnk
File has been identified by 3 AntiVirus engine on IRMA as malicious (3 events)
G Data Antivirus (Windows) Virus: Win32.Trojan.Agent.YA (Engine B)
Sophos Anti-Virus (Linux) Troj/LnkRun-EX
ESET Security (Windows) LNK/Agent.GZ trojan
Screenshots
Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action VT Location
No hosts contacted.
Cuckoo

We're processing your submission... This could take a few seconds.