'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2016-11-08 11:56:21.567377 2016-11-08 11:59:10.899422 169 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2016-11-08 11:56:22 2016-11-08 11:59:10

File Details

File name 59305a9e9346a4aaa9ef87c35c47e7f056c2c592.zip
File size 1102 bytes
File type Zip archive data, at least v2.0 to extract
CRC32 B3817642
MD5 71c94c3e825da29b7e556b4383793952
SHA1 59305a9e9346a4aaa9ef87c35c47e7f056c2c592
SHA256 f9ab304dd5894bd043fb0eaba33e4b9171aeb924521e91bbc9d340fb3e2449b5
SHA512 db26330577289ea26932a17dce0531071e3a671245ea2cb46406c1797f29edacfec3c2da445c84cb040a17cdba235e7b9be4620abc9604b1f734b20f23f6714a
Ssdeep 24:9HTgtEV02bW4b/Fw0kUnkt8TefsAX7STBz51sWmI4IpzSi59DX:9HTgtEjjpk8eLsL1IIeiXDX
PEiD None matched
Yara
  • PM_Zip_with_js ()
VirusTotal Permalink
VirusTotal Scan Date: 2016-11-08 11:48:01
Detection Rate: 7/56 (Expand)

MetaFlows Scores

Metaflows Analysis Results (Signatures=0, Anomalies=0, PEiD=0, Yara=2, VT[1478606419]=100): Snort Events=0, AV Events=2
Total Score=100

CLAMAV DETECTED:
Sanesecurity.Malware.26447.JsHeur.UNOFFICIAL FOUND
DROPPED FILE - NRV_25F985M_.js: Sanesecurity.Malware.26447.JsHeur.UNOFFICIAL FOUND

Signatures

No signatures matched

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

NRV_25F985M_.js

Network Analysis

Hosts Involved

DNS Requests

HTTP Requests

Behavior Summary

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 456, Parent PID: 352

Volatility

Nothing to display.