'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2016-08-14 10:20:03.163046 2016-08-14 10:20:44.326366 41 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2016-08-14 10:20:04 2016-08-14 10:20:42

File Details

File name 24e1d355117af02de530e730c20649c9b2ce5cbd.exe
File size 181064 bytes
File type PE32 executable for MS Windows (GUI) Intel 80386 32-bit
CRC32 6AAA5E23
MD5 d9e0d49de71a7e665d6414a1f645fc6b
SHA1 24e1d355117af02de530e730c20649c9b2ce5cbd
SHA256 64fab6df76941107dc2a0d752ff68fc229ffcf3209c6825a61ec478a0c9b1c6a
SHA512 b7f2cc5c9004114e03e082aee199bf16a7cdc92d3826b5d8d6ae5a853ca742070b7e15d76c9a11bcc593c857b3401cf586d0a1057de7711bdcc350912a3cbdaf
Ssdeep 3072:2Z5G6IkTN+zbuyaFXG77F/gb2atrcdXCTixhZ+nKmMNGhRvhW:w5B+zbuFFXG7R/gb2BCTjKmMkTQ
PEiD None matched
Yara
  • Str_Win32_Winsock2_Library (Match Winsock 2 API library declaration)
  • Str_Win32_Internet_API (Match Windows Inet API call)
  • Str_Win32_Http_API (Match Windows Http API call)
VirusTotal File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=75, Anomalies=0, PEiD=0, Yara=6, VT[1471170072]=0): Snort Events=0, AV Events=0
Total Score=75

Signatures

has_pdb details
antiav_detectreg details

Screenshots

No screenshots available.

Static Analysis

Version Infos

Sections

Resources

Imports

Strings

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

DNS Requests

Behavior Summary

Registry Key-Opened
  • HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Avast
Registry Key-Read
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 456, Parent PID: 352

"C:\Users\Harry Dresden\AppData\Local\Temp\24e1d355117af02de530e730c20649c9b2ce5cbd.exe" PID: 3308, Parent PID: 128

Volatility

Nothing to display.