Cuckoo Sandbox

Errors

It appears that this Virtual Machine hasn't been configured properly as the Cuckoo Host wasn't able to the connect to the Guest or the other way around (i.e., Guest wasn't able to contact the Cuckoo Host). There could be a few reasons for this:

The IP address of the VM has been configured incorrectly. Please verify that the VM has a static IP address, that it matches the one in the Cuckoo configuration, and that the configured network interface exists and is up. Also, in case of VirtualBox, did you configure the network interface to be a "Host-Only interface"?
Please check that there are no firewalls in-place that hinder the communication between your Host and Guest.
If you've triple-checked the above and are still experiencing issues, then please contact us. Just below the errors you'll find a Send Feedback button to do so.

Failed to run the processing module "NetworkAnalysis" for task #6164133: Traceback (most recent call last): File "/usr/local/lib/python2.7/dist-packages/cuckoo/core/plugins.py", line 250, in process data = current.run() File "/usr/local/lib/python2.7/dist-packages/cuckoo/processing/network.py", line 1026, in run results.update(Pcap(pcap_path, self.options).run()) File "/usr/local/lib/python2.7/dist-packages/cuckoo/processing/network.py", line 827, in run with geoip2.database.Reader(self.options.get("geoip_db")) as reader: File "/usr/local/lib/python2.7/dist-packages/geoip2/database.py", line 85, in __init__ self._db_reader = maxminddb.open_database(fileish, mode) File "/usr/local/lib/python2.7/dist-packages/maxminddb/__init__.py", line 46, in open_database return maxminddb.reader.Reader(database, mode) File "/usr/local/lib/python2.7/dist-packages/maxminddb/reader.py", line 52, in __init__ self._buffer = mmap.mmap(db_file.fileno(), 0, access=mmap.ACCESS_READ) ValueError: cannot mmap an empty file
click to expand / collapse this error
Error processing task #6164133: it appears that the Virtual Machine hasn't been able to contact back to the Cuckoo Host. There could be a few reasons for this, please refer to our documentation on the matter: https://cuckoo.sh/docs/faq/index.html#troubleshooting-vm-network-configuration
click to expand / collapse this error

Send feedback

File b6e84867ed340fd39975d8808104b02d380e3755fa136715b77c9741c01e1f38

Summary
Download Resubmit sample

Size	40.2KB
Type	ASCII text, with CRLF line terminators
MD5	`caa571e4ba2b9ae231d01722a930dbcb`
SHA1	`26cd3fc7f599fd4d3d250b865668f4dd59b6c598`
SHA256	`b6e84867ed340fd39975d8808104b02d380e3755fa136715b77c9741c01e1f38`
SHA512	`387e000168975ad1aa75021c9ea9ab04f76e89d6a78b8eda97734f003e8fad83418d69c2efafede5d06c65f1755cb956aefb250031f8a6afa68372a87d020d5e`
CRC32	`5F6D77DD`
ssdeep	`None`
Yara	None matched

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis

Category	Started	Completed	Duration	Routing	Logs
FILE	March 27, 2025, 1:57 a.m.	March 27, 2025, 1:59 a.m.	163 seconds	None	Show Analyzer Log Show Cuckoo Log

Analyzer Log

Cuckoo Log

2025-03-27 01:57:01,861 [cuckoo.core.scheduler] INFO: Task #6164133: acquired machine win7x6418 (label=win7x6418)
2025-03-27 01:57:01,862 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.218 for task #6164133
2025-03-27 01:57:02,451 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 1226028 (interface=vboxnet0, host=192.168.168.218)
2025-03-27 01:57:02,545 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6418
2025-03-27 01:57:03,376 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6418 to vmcloak
2025-03-27 01:57:04,085 [cuckoo.core.scheduler] ERROR: Unable to restore to the snapshot for this Virtual Machine! Does your VM have a proper Snapshot and can you revert to it manually? VM: win7x6418, error: VBoxManage failed trying to restore the snapshot of machine 'win7x6418' (this most likely means there is no snapshot, please refer to our documentation for more information on how to setup a snapshot for your VM): error code 1: VBoxManage: error: Cannot delete the current state of the running machine (machine state: Stopping)
VBoxManage: error: Details: code VBOX_E_INVALID_VM_STATE (0x80bb0002), component SessionMachine, interface IMachine, callee nsISupports
VBoxManage: error: Context: "RestoreSnapshot(pSnapshot, pProgress.asOutParam())" at line 560 of file VBoxManageSnapshot.cpp

2025-03-27 01:57:04,086 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-03-27 01:57:04,115 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-03-27 01:57:05,642 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6418 to path /srv/cuckoo/cwd/storage/analyses/6164133/memory.dmp
2025-03-27 01:57:05,644 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6418
2025-03-27 01:59:44,834 [cuckoo.machinery.virtualbox] DEBUG: VBoxManage exited with error powering off the machine: VBoxManage: error: The virtual machine is being powered down
VBoxManage: error: Details: code VBOX_E_INVALID_VM_STATE (0x80bb0002), component ConsoleWrap, interface IConsole, callee nsISupports
VBoxManage: error: Context: "PowerDown(progress.asOutParam())" at line 602 of file VBoxManageControlVM.cpp

2025-03-27 01:59:44,835 [cuckoo.core.scheduler] WARNING: Unable to stop machine win7x6418: VBoxManage failed powering off the machine: VBoxManage: error: The virtual machine is being powered down
VBoxManage: error: Details: code VBOX_E_INVALID_VM_STATE (0x80bb0002), component ConsoleWrap, interface IConsole, callee nsISupports
VBoxManage: error: Context: "PowerDown(progress.asOutParam())" at line 602 of file VBoxManageControlVM.cpp

2025-03-27 01:59:44,845 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.218 for task #6164133
2025-03-27 01:59:44,857 [cuckoo.core.scheduler] DEBUG: Released database task #6164133
2025-03-27 01:59:44,892 [cuckoo.core.scheduler] INFO: Task #6164133: analysis procedure completed

Signatures

File has been identified by 10 AntiVirus engine on IRMA as malicious (10 events)

G Data Antivirus (Windows)	Virus: VB:Trojan.Agent.COZQ (Engine A)
Avast Core Security (Linux)	VBS:Agent-BTO [Trj]
Trellix (Linux)	VBA/Downloader.r trojan
WithSecure (Linux)	Malware.VBS/Dldr.Agent.VPMA
eScan Antivirus (Linux)	VB:Trojan.Agent.COZQ(DB)
Sophos Anti-Virus (Linux)	Mal/VbsRunner-A
DrWeb Antivirus (Linux)	VBS.Starter.258
Bitdefender Antivirus (Linux)	VB:Trojan.Agent.COZQ
Kaspersky Standard (Windows)	HEUR:Trojan.Script.Generic
Emsisoft Commandline Scanner (Windows)	VB:Trojan.Agent.COZQ (B)

File has been identified by 39 AntiVirus engines on VirusTotal as malicious (39 events)

Lionic	Trojan.Script.Runner.4!c
CTX	vba.trojan.runner
CAT-QuickHeal	Trojan.VBS.Downloader.3594
Skyhigh	BehavesLike.VBS.Dropper.pp
ALYac	VB:Trojan.Agent.COZQ
VIPRE	VB:Trojan.Agent.COZQ
Sangfor	Malware.Generic-VBS.Save.99e0cd97
K7GW	Trojan ( 0051fc301 )
K7AntiVirus	Trojan ( 0051fc301 )
Arcabit	VB:Trojan.Agent.COZQ
Baidu	VBS.Trojan.Runner.ah
Symantec	ISB.Suspexec!gen1
Avast	VBS:Agent-BTO [Trj]
Cynet	Malicious (score: 99)
Kaspersky	HEUR:Trojan.Script.Generic
BitDefender	VB:Trojan.Agent.COZQ
NANO-Antivirus	Trojan.Script.Agent.fmatqh
MicroWorld-eScan	VB:Trojan.Agent.COZQ
Rising	Trojan.Runner/VBS!1.FF57 (CLASSIC)
Emsisoft	VB:Trojan.Agent.COZQ (B)
F-Secure	Malware.VBS/Dldr.Agent.VPMA
DrWeb	VBS.Starter.258
Zillya	Trojan.Runner.VBS.5
Sophos	Mal/VbsRunner-A
Ikarus	Trojan.VBS.Kryptomix
FireEye	VB:Trojan.Agent.COZQ
Google	Detected
Avira	VBS/Dldr.Agent.VPMA
Xcitium	TrojWare.VBS.Runner.NFD@7ml7ia
Microsoft	Trojan:VBS/Kryptomix.A
ZoneAlarm	Mal/VbsRunner-A
GData	VB:Trojan.Agent.COZQ
Varist	VBS/Agent.BQT!Eldorado
McAfee	VBA/Downloader.r
Tencent	Html.Win32.Runner.504736
huorong	Trojan/VBS.Runner.d
MaxSecure	Trojan.W32.valyria.6578
AVG	VBS:Agent-BTO [Trj]
alibabacloud	Trojan[downloader]:Win/Kryptomix.A

Screenshots

No screenshots available.

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action	VT	Location
No hosts contacted.

Browser recommendation

Errors

File b6e84867ed340fd39975d8808104b02d380e3755fa136715b77c9741c01e1f38

Summary Download Resubmit sample

Score

Feedback

Information on Execution

Analyzer Log

Cuckoo Log

Signatures

Feedback

Summary
Download Resubmit sample