'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2016-11-30 22:47:58.530555 2016-11-30 22:50:43.192469 164 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2016-11-30 22:47:59 2016-11-30 22:50:42

File Details

File name 3fdeb139dd0b5e93cc2079b333cda29893cda53e.zip
File size 3172 bytes
File type Zip archive data, at least v2.0 to extract
CRC32 B5F474A3
MD5 f556a594cf704ce4f9973a700b24e5a7
SHA1 3fdeb139dd0b5e93cc2079b333cda29893cda53e
SHA256 6393099561a2e0f37f127c0af164e89ddcc5ea31c02198ee8e850d532a97dcae
SHA512 7a5f24be3f1872c8917f3e86cb5ac948ce485acde085813df5f6733e1596770ebeea76f356323ad6da6215005a28e02d1064c6eb9dbf33f6066115398f715bec
Ssdeep 96:PQ+0uErTSEz7SuqbLtt4ksAgl6pKoOD7WkR4a:ItumFz7SuqbLD4ksN6KHWkR4a
PEiD None matched
Yara
  • PM_Zip_with_js ()
VirusTotal Permalink
VirusTotal Scan Date: 2016-11-30 20:32:33
Detection Rate: 14/55 (Expand)

MetaFlows Scores

Metaflows Analysis Results (Signatures=0, Anomalies=0, PEiD=0, Yara=2, VT[1480546248]=100): Snort Events=0, AV Events=2
Total Score=100

CLAMAV DETECTED:
Sanesecurity.Malware.26507.JsHeur.UNOFFICIAL FOUND
DROPPED FILE - -8o18t64vd555.js: Sanesecurity.Malware.26507.JsHeur.UNOFFICIAL FOUND

Signatures

No signatures matched

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

-8o18t64vd555.js

Network Analysis

Hosts Involved

DNS Requests

HTTP Requests

Behavior Summary

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 456, Parent PID: 352

Volatility

Nothing to display.