'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2016-09-16 23:35:06.709472 2016-09-16 23:37:29.557575 142 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo2 win7 Clone 2 VirtualBox 2016-09-16 23:35:07 2016-09-16 23:37:28

File Details

File name ac9a5eef31441729b1e9433afa28008e38fdd1d3.exe
File size 107520 bytes
File type PE32 executable for MS Windows (console) Intel 80386 32-bit
CRC32 38FE9154
MD5 2bece986437ff3ac8cf39d120b52aaf4
SHA1 ac9a5eef31441729b1e9433afa28008e38fdd1d3
SHA256 72df5290db32ff28b6c7a756f13ffbfeda61306c507713d1210737d49a6cb6af
SHA512 528a310499946c5ed9e994c70e3f0388e84045bad9d1f2e316638b758bb13c65a8d67d97692314f51f839cbe072f8a139e6c6cd7a9bb429e00406980c4e0a9b7
Ssdeep 1536:8M3m437YHBionsoi0/UWGZwCFgPDZYb1AfjGZRVycMsmlsWjcdG/MRtvZ:8M3m437+BlsoApWC4ZYbD7VTBGUR5Z
PEiD None matched
Yara
  • Str_Win32_Winsock2_Library (Match Winsock 2 API library declaration)
VirusTotal Permalink
VirusTotal Scan Date: 2015-12-16 18:49:37
Detection Rate: 3/54 (Expand)

MetaFlows Scores

Metaflows Analysis Results (Signatures=0, Anomalies=0, PEiD=0, Yara=2, VT[1474069057]=0): Snort Events=0, AV Events=0
Total Score=2

Signatures

has_pdb details

Screenshots

No screenshots available.

Static Analysis

Sections

Resources

Imports

Strings

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

DNS Requests

HTTP Requests

Behavior Summary

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 460, Parent PID: 364

"C:\Users\Harry Dresden\AppData\Local\Temp\ac9a5eef31441729b1e9433afa28008e38fdd1d3.exe" PID: 6128, Parent PID: 5268

Volatility

Nothing to display.