'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2016-11-30 23:44:55.351519 2016-11-30 23:47:37.897178 162 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2016-11-30 23:44:55 2016-11-30 23:47:37

File Details

File name 2f2b09eebdb46bc95e2a80638e169567177db8d0.zip
File size 3166 bytes
File type Zip archive data, at least v2.0 to extract
CRC32 77B81610
MD5 49c979d3e85594984b3e7a9babd88153
SHA1 2f2b09eebdb46bc95e2a80638e169567177db8d0
SHA256 b896d8f0865a7ceb6da8da84d2d283eb95b013095f477aab96f8009b3459ed3d
SHA512 a8f5143983b15334ff5773cff5e7f7b0ebd40a38b9b05d0092cbd3127a7cfe77de54da128ca820ac80a1880ff60a68e7f9830cafd888539c5c2c925451ea4902
Ssdeep 48:91+SbZvViFL/82G55VZwsZVumPSVlKv5vdXbkHZuu0lDZq3ks8YGT01SF:LbHiFT82GdZV97zXgZMlNw5QY1SF
PEiD None matched
Yara
  • PM_Zip_with_js ()
VirusTotal Permalink
VirusTotal Scan Date: 2016-11-30 20:45:04
Detection Rate: 15/56 (Expand)

MetaFlows Scores

Metaflows Analysis Results (Signatures=0, Anomalies=0, PEiD=0, Yara=2, VT[1480549661]=100): Snort Events=0, AV Events=2
Total Score=100

CLAMAV DETECTED:
Sanesecurity.Malware.26507.JsHeur.UNOFFICIAL FOUND
DROPPED FILE - -26zcf4753h00f.js: Sanesecurity.Malware.26507.JsHeur.UNOFFICIAL FOUND

Signatures

No signatures matched

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

-26zcf4753h00f.js

Network Analysis

Hosts Involved

DNS Requests

HTTP Requests

Behavior Summary

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 456, Parent PID: 352

Volatility

Nothing to display.