'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2016-09-01 00:00:43.066070 2016-09-01 00:03:31.550020 168 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo2 win7 Clone 2 VirtualBox 2016-09-01 00:00:43 2016-09-01 00:03:31

File Details

File name 3c5725db4e6dc826d354d5996752f7fab9669918.zip
File size 11078 bytes
File type Zip archive data, at least v2.0 to extract
CRC32 E935082A
MD5 ad8c29bfb6f9f07d5b4d45cb703f1822
SHA1 3c5725db4e6dc826d354d5996752f7fab9669918
SHA256 5eac0789b353d1f1b371e6faf8973375a8301e848f8d62eae917fab6808d2b70
SHA512 0579ec5ec4db3252a3be0dcadafec49deef3f3d0e5766064d892465b0116ef8046ac67e37df6e6f80d9d3a342f6a51b557ddf40bf518920d856931a47201ef2b
Ssdeep 192:xIBEWyVNWjZtbqNkv63/4ZXYGajpVKXlgPxVJuXcc2CkV7aJPG7gJZfe0:7WyVNetbAkv63/8XYGalVKXlgpVhL7g5
PEiD None matched
Yara
  • PM_Zip_with_js ()
VirusTotal Permalink
VirusTotal Scan Date: 2016-08-31 20:56:09
Detection Rate: 7/56 (Expand)

MetaFlows Scores

Metaflows Analysis Results (Signatures=0, Anomalies=0, PEiD=0, Yara=2, VT[1472688245]=100): Snort Events=0, AV Events=0
Total Score=100

Signatures

No signatures matched

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

CB581A2A_flight_tickets.js

Network Analysis

Hosts Involved

DNS Requests

HTTP Requests

Behavior Summary

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 460, Parent PID: 364

Volatility

Nothing to display.