'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2016-11-08 23:44:14.829043 2016-11-08 23:45:40.548640 85 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo2 win7 Clone 2 VirtualBox 2016-11-08 23:44:17 2016-11-08 23:45:40

File Details

File name ea5b94f68c87120e7f75895366b3b1f18f05f1e5.zip
File size 5717972 bytes
File type Zip archive data, at least v1.0 to extract
CRC32 F94C30F7
MD5 87f02e2e27ee45f69c144138d2f73ff7
SHA1 ea5b94f68c87120e7f75895366b3b1f18f05f1e5
SHA256 33941b7132f2efda6d4788949cf85591e4eab6aee1433b7e4d409e4bde429a70
SHA512 9a86790bb0a37fbfc763e011db6bd3c934d4cc9ad8b0b6760ce63c28c4ff7df95544009204e343ceda7728e81ed1982949c6a2fec62aac9c1835d5a96daefca4
Ssdeep 98304:jmxJStBmsuesVFn6zebhtBesq+2W1jHuFj8UdaoaPrm0qeQntdQAQxBduFXk:jmxJMuRp6zaQsq+3C3coS7qeQIMU
PEiD None matched
Yara
  • shellcode (Matched shellcode byte patterns)
VirusTotal Permalink
VirusTotal Scan Date: 2016-11-08 15:54:35
Detection Rate: 1/55 (Expand)

MetaFlows Scores

Metaflows Analysis Results (Signatures=0, Anomalies=0, PEiD=0, Yara=2, VT[1478648745]=0): Snort Events=0, AV Events=2
Total Score=25

CLAMAV DETECTED:
Win.Worm.Chir-744 FOUND
DROPPED FILE - xlueops.exe: Win.Worm.Runouce-301 FOUND

Signatures

No signatures matched

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

xlueops.exe

Network Analysis

Hosts Involved

DNS Requests

Behavior Summary

Registry Key-Read
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 460, Parent PID: 364

"C:\Users\Harry Dresden\AppData\Local\Temp\Program\xlueops.exe" PID: 5348, Parent PID: 2428

Volatility

Nothing to display.