'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2016-10-31 17:15:41.299746 2016-10-31 17:17:57.282195 135 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2016-10-31 17:15:41 2016-10-31 17:17:57

File Details

File name 0703f926-9eb3-11e6-b93a-80e65024849a.file
File size 193536 bytes
File type PE32 executable for MS Windows (GUI) Intel 80386 32-bit
CRC32 C92FBD0A
MD5 060012602de8ee4f3df9b93657009555
SHA1 4bb14cb1eb618252cf3b26b21686eaaa7321d338
SHA256 c140c8dc1453d7213da39a5020d6c90ef00d00491bb769cb762d6cc7c64372e7
SHA512 f287341bf4cc3132186387453c61724bdb1a421b08e57c91b9d6292ec9812f8ce922f940d74227a7eed4d35c1b6e492b286e61549d2533a63339787839da3b74
Ssdeep 3072:0dF5TcIC56HlIYwsoEaSxa7KwuMveEwpUArH80sems3gbogDHj3fbkbqtZ38igpn:eFI6aYwsp9qbMVH8N1tzbZtZ3gwUf
PEiD None matched
Yara None matched
VirusTotal Permalink
VirusTotal Scan Date: 2016-10-30 13:30:55
Detection Rate: 11/56 (Expand)

MetaFlows Scores

Metaflows Analysis Results (Signatures=50, Anomalies=0, PEiD=0, Yara=0, VT[1477934285]=100): Snort Events=0, AV Events=0
Total Score=100

Signatures

process_interest details

Screenshots

No screenshots available.

Static Analysis

Sections

Resources

Imports

Strings

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

DNS Requests

HTTP Requests

Behavior Summary

File-Opened
  • C:\
Directory-Enumerated
  • C:\Windows\System32\*
Registry Key-Opened
  • HKEY_LOCAL_MACHINE\software\policies
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
Registry Key-Read
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\is_not_vm
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 456, Parent PID: 352

"C:\Users\Harry Dresden\AppData\Local\Temp\0703f926-9eb3-11e6-b93a-80e65024849a.file" PID: 3212, Parent PID: 3872

Volatility

Nothing to display.