'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2016-12-01 00:41:38.270986 2016-12-01 00:44:13.392364 155 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo2 win7 Clone 2 VirtualBox 2016-12-01 00:41:39 2016-12-01 00:44:13

File Details

File name 000884d8b97e942694d73e48d0ac726dd6eafb18.zip
File size 3179 bytes
File type Zip archive data, at least v2.0 to extract
CRC32 ECC3A3EA
MD5 e3ed71e9581a7b530f0329dde8942b27
SHA1 000884d8b97e942694d73e48d0ac726dd6eafb18
SHA256 6514295700f2fadbd2defb46010a0e2cf7c0f5463595e7b8a4d4d1452d0ce69a
SHA512 92ae038fa8755f7da541392d9d1e9930e47355f045adc2760b50e0714016f7fa7c39d3777d90e1024aa4936bc401dd526420bee996a65923749b8077db302384
Ssdeep 96:2Xp9SIlnSRw21kRtLpznJBT/hA2NCYqm5ACAgj:2XDhlnkZiXpzJF5A2NCYN5AAj
PEiD None matched
Yara
  • PM_Zip_with_js ()
VirusTotal Permalink
VirusTotal Scan Date: 2016-11-30 21:01:42
Detection Rate: 15/56 (Expand)

MetaFlows Scores

Metaflows Analysis Results (Signatures=0, Anomalies=0, PEiD=0, Yara=2, VT[1480553061]=100): Snort Events=0, AV Events=2
Total Score=100

CLAMAV DETECTED:
Sanesecurity.Malware.26507.JsHeur.UNOFFICIAL FOUND
DROPPED FILE - -5r9412nozh50.js: Sanesecurity.Malware.26507.JsHeur.UNOFFICIAL FOUND

Signatures

No signatures matched

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

-5r9412nozh50.js

Network Analysis

Hosts Involved

DNS Requests

HTTP Requests

Behavior Summary

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 460, Parent PID: 364

Volatility

Nothing to display.