URL Details
| URL |
|---|
| http://ziqxnzqbxjmt.com/ |
Score
This url appears fairly benign with a score of 0.0 out of 10.
Please notice: The scoring system is currently still in development and should be considered an alpha feature.
Information on Execution
| Category | Started | Completed | Duration | Logs |
|---|---|---|---|---|
| URL | Jan. 20, 2019, 9:52 a.m. | Jan. 20, 2019, 9:53 a.m. | 42 seconds |
- Error: Error from the Cuckoo Guest: Analysis failed: The package "modules.packages.exe" start function encountered an unhandled exception: [Error 123] The filename, directory name, or volume label syntax is incorrect Traceback (most recent call last): File "C:\qhgxkloyw\analyzer.py", line 778, in <module> success = analyzer.run() File "C:\qhgxkloyw\analyzer.py", line 631, in run "exception: %s" % (package_name, e) CuckooError: The package "modules.packages.exe" start function encountered an unhandled exception: [Error 123] The filename, directory name, or volume label syntax is incorrect
Machine
| Name | Label | Started On | Shutdown On |
|---|---|---|---|
| win7x32 | win7x32 | 2019-01-20 09:52:17 | 2019-01-20 09:52:52 |
Analyzer Log
2019-01-20 01:52:16,078 [analyzer] DEBUG: Starting analyzer from: C:\qhgxkloyw 2019-01-20 01:52:16,078 [analyzer] DEBUG: Pipe server name: \\.\PIPE\NEGHlSpuRoaLNqfQpMZkUQeqaFEGfbN 2019-01-20 01:52:16,078 [analyzer] DEBUG: Log pipe server name: \\.\PIPE\cJvXfXaCeCINOZCwQjZRB 2019-01-20 01:52:36,575 [analyzer] DEBUG: Started auxiliary module Disguise 2019-01-20 01:52:36,716 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x56eb2fb8) 2019-01-20 01:52:36,716 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit kernel32.dll (with timestamp 0x56eb2fb8) 2019-01-20 01:52:36,779 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit ncrypt.dll (with timestamp 0x586e85bb) 2019-01-20 01:52:36,779 [analyzer] WARNING: Unable to find the correct offsets for functions of: 32-bit ncrypt.dll (with timestamp 0x586e85bb) 2019-01-20 01:52:36,779 [analyzer] DEBUG: Loaded monitor into process with pid 476 2019-01-20 01:52:36,779 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets 2019-01-20 01:52:36,779 [analyzer] DEBUG: Started auxiliary module Human 2019-01-20 01:52:36,779 [analyzer] DEBUG: Started auxiliary module InstallCertificate 2019-01-20 01:52:36,779 [analyzer] DEBUG: Started auxiliary module Reboot 2019-01-20 01:52:36,841 [analyzer] DEBUG: Started auxiliary module RecentFiles 2019-01-20 01:52:36,841 [analyzer] DEBUG: Started auxiliary module Screenshots
Cuckoo Log
2019-01-20 09:52:17,470 [lib.cuckoo.core.scheduler] INFO: Task #1174: acquired machine win7x32 (label=win7x32)
2019-01-20 09:52:17,521 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 4859 (interface=eth2, host=192.168.128.112, pcap=/opt/cuckoo/storage/analyses/1174/dump.pcap)
2019-01-20 09:52:26,908 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=win7x32, ip=192.168.128.112)
2019-01-20 09:52:51,000 [lib.cuckoo.core.scheduler] ERROR: Error from the Cuckoo Guest: Analysis failed: The package "modules.packages.exe" start function encountered an unhandled exception: [Error 123] The filename, directory name, or volume label syntax is incorrect
Traceback (most recent call last):
File "C:\qhgxkloyw\analyzer.py", line 778, in <module>
success = analyzer.run()
File "C:\qhgxkloyw\analyzer.py", line 631, in run
"exception: %s" % (package_name, e)
CuckooError: The package "modules.packages.exe" start function encountered an unhandled exception: [Error 123] The filename, directory name, or volume label syntax is incorrect
2019-01-20 09:53:25,996 [lib.cuckoo.core.plugins] WARNING: The processing module "Suricata" returned the following error: Unable to locate Suricata binary
2019-01-20 09:53:27,416 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.001s]
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
_stacktrace=sys.exc_info()[2])
File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
raise six.reraise(type(error), error, _stacktrace)
File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
chunked=chunked)
File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
conn.request(method, url, **httplib_request_kw)
File "/usr/lib/python2.7/httplib.py", line 1017, in request
self._send_request(method, url, body, headers)
File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
self.endheaders(body)
File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
self._send_output(message_body)
File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
self.send(msg)
File "/usr/lib/python2.7/httplib.py", line 826, in send
self.connect()
File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
conn = self._new_conn()
File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f9384974510>: Failed to establish a new connection: [Errno 111] Connection refused
2019-01-20 09:53:27,484 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
_stacktrace=sys.exc_info()[2])
File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
raise six.reraise(type(error), error, _stacktrace)
File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
chunked=chunked)
File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
conn.request(method, url, **httplib_request_kw)
File "/usr/lib/python2.7/httplib.py", line 1017, in request
self._send_request(method, url, body, headers)
File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
self.endheaders(body)
File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
self._send_output(message_body)
File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
self.send(msg)
File "/usr/lib/python2.7/httplib.py", line 826, in send
self.connect()
File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
conn = self._new_conn()
File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f9384974b10>: Failed to establish a new connection: [Errno 111] Connection refused
2019-01-20 09:53:27,485 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
_stacktrace=sys.exc_info()[2])
File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
raise six.reraise(type(error), error, _stacktrace)
File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
chunked=chunked)
File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
conn.request(method, url, **httplib_request_kw)
File "/usr/lib/python2.7/httplib.py", line 1017, in request
self._send_request(method, url, body, headers)
File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
self.endheaders(body)
File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
self._send_output(message_body)
File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
self.send(msg)
File "/usr/lib/python2.7/httplib.py", line 826, in send
self.connect()
File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
conn = self._new_conn()
File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f9384974e90>: Failed to establish a new connection: [Errno 111] Connection refused
2019-01-20 09:53:27,486 [elasticsearch] WARNING: HEAD http://127.0.0.1:9200/_template/cuckoo_template [status:N/A request:0.000s]
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 94, in perform_request
response = self.pool.urlopen(method, url, body, retries=False, headers=self.headers, **kw)
File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 643, in urlopen
_stacktrace=sys.exc_info()[2])
File "/usr/local/lib/python2.7/dist-packages/urllib3/util/retry.py", line 251, in increment
raise six.reraise(type(error), error, _stacktrace)
File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 594, in urlopen
chunked=chunked)
File "/usr/local/lib/python2.7/dist-packages/urllib3/connectionpool.py", line 361, in _make_request
conn.request(method, url, **httplib_request_kw)
File "/usr/lib/python2.7/httplib.py", line 1017, in request
self._send_request(method, url, body, headers)
File "/usr/lib/python2.7/httplib.py", line 1051, in _send_request
self.endheaders(body)
File "/usr/lib/python2.7/httplib.py", line 1013, in endheaders
self._send_output(message_body)
File "/usr/lib/python2.7/httplib.py", line 864, in _send_output
self.send(msg)
File "/usr/lib/python2.7/httplib.py", line 826, in send
self.connect()
File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 163, in connect
conn = self._new_conn()
File "/usr/local/lib/python2.7/dist-packages/urllib3/connection.py", line 147, in _new_conn
self, "Failed to establish a new connection: %s" % e)
NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f9384974690>: Failed to establish a new connection: [Errno 111] Connection refused
2019-01-20 09:53:27,486 [lib.cuckoo.core.plugins] ERROR: Failed to run the reporting module "ElasticSearch":
Traceback (most recent call last):
File "/opt/cuckoo/lib/cuckoo/core/plugins.py", line 533, in process
current.run(self.results)
File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 196, in run
self.connect()
File "/opt/cuckoo/modules/reporting/elasticsearch.py", line 79, in connect
if not self.es.indices.exists_template("cuckoo_template"):
File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/utils.py", line 69, in _wrapped
return func(*args, params=params, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/indices.py", line 491, in exists_template
name), params=params)
File "/usr/local/lib/python2.7/dist-packages/elasticsearch/transport.py", line 327, in perform_request
status, headers, data = connection.perform_request(method, url, params, body, ignore=ignore, timeout=timeout)
File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 105, in perform_request
raise ConnectionError('N/A', str(e), e)
ConnectionError: ConnectionError(<urllib3.connection.HTTPConnection object at 0x7f9384974690>: Failed to establish a new connection: [Errno 111] Connection refused) caused by: NewConnectionError(<urllib3.connection.HTTPConnection object at 0x7f9384974690>: Failed to establish a new connection: [Errno 111] Connection refused)
Signatures
No signatures
Screenshots
Network
DNS
No domains contacted.
Hosts
No hosts contacted.
Summary
No static analysis available.
Process Tree
Deprecation note:
While processing this analysis you did not have the httpreplay Python
library installed. Installing this library (i.e., pip install httpreplay)
will allow Cuckoo to do more proper PCAP analysis including but not
limited to showing full HTTP and HTTPS (!) requests and responses.
It is recommended that you install this library and possibly reprocess any
interesting analysis tasks.
Hosts
No hosts contacted.
DNS
No domains contacted.
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.128.112 | 138 | 192.168.128.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.
| Task ID | 1174 |
|---|---|
| Mongo ID | 5c448b6811d30812ab71e7f6 |
| Cuckoo release | 2.0-dev |