'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2016-09-16 01:39:07.173939 2016-09-16 01:40:24.765120 77 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2016-09-16 01:39:07 2016-09-16 01:40:22

File Details

File name 21f26a205505d1c513de13e184a71688db84597f.zip
File size 9428 bytes
File type Zip archive data, at least v2.0 to extract
CRC32 4631A27F
MD5 4af8104475b9f0b6d8775c791c6b2035
SHA1 21f26a205505d1c513de13e184a71688db84597f
SHA256 642ee07c7635e5a4f74f27d476e1babc41c76a7e15c55e46f1356e34409460cc
SHA512 02b807e918d5b079d1c95ba096142e825dff3de353dc2404b4e851ded45c025d882035d7c31ef59a465d8242c83abee93f2ef32bcb82567014f0561d174b857d
Ssdeep 192:uAVZYnpzFewJ31WLJpln17FIYnizpNYdziTu2UTA7LHgZluvf:uAVZSJ0lbnHPopoiPEZwvf
PEiD None matched
Yara
  • PM_Zip_with_js ()
VirusTotal Permalink
VirusTotal Scan Date: 2016-09-16 01:00:12
Detection Rate: 8/55 (Expand)

MetaFlows Scores

Metaflows Analysis Results (Signatures=0, Anomalies=0, PEiD=0, Yara=2, VT[1473990029]=100): Snort Events=0, AV Events=0
Total Score=100

Signatures

No signatures matched

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

Booking confirmation ~069E9CB3~.js

Network Analysis

Hosts Involved

DNS Requests

Behavior Summary

Registry Key-Opened
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings
  • HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings
Registry Key-Read
  • HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\DisplayLogo
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\Enabled
  • HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\Timeout
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\IgnoreUserSettings
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\TrustPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\Timeout
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\DisplayLogo
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\LogSecuritySuccesses
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\UseWINSAFER

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 456, Parent PID: 352

"C:\Windows\System32\wscript.exe" "C:\Users\HARRYD~1\AppData\Local\Temp\Booking confirmation ~069E9CB3~.js" PID: 2944, Parent PID: 2196

Volatility

Nothing to display.