'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2016-12-08 14:56:05.637895 2016-12-08 14:58:53.493575 167 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2016-12-08 14:56:05 2016-12-08 14:58:53

File Details

File name 00763969b8397958785d80efbf3a8d8ba2b2f2b1.zip
File size 3809 bytes
File type Zip archive data, at least v2.0 to extract
CRC32 C1361536
MD5 4d1104b4b99371d9dae460e6b1bdb3a4
SHA1 00763969b8397958785d80efbf3a8d8ba2b2f2b1
SHA256 e7cf954d493c8d6c4ab9e91e5098901ea7b21d19ea9659fb5620e82f822fbf42
SHA512 aeb5f9517e5786d086859dc6cb19e9d2ca9b8dbcca9a7711ca6e9d5a56e3a730a11f0c48fc9afdc97b4fc333bb5f7c5ad6ea94c188e9c6516e7847d2e6fee8be
Ssdeep 96:1BSRGZ7+I1bRsA/+le9W+NEyujECkDKxoh4Of35Etk:qRkL/Ie9DS8miOOhEe
PEiD None matched
Yara
  • PM_Zip_with_js ()
VirusTotal Permalink
VirusTotal Scan Date: 2016-12-08 05:09:11
Detection Rate: 12/56 (Expand)

MetaFlows Scores

Metaflows Analysis Results (Signatures=0, Anomalies=0, PEiD=0, Yara=2, VT[1481209138]=100): Snort Events=0, AV Events=2
Total Score=100

CLAMAV DETECTED:
Sanesecurity.Malware.26532.JsHeur.UNOFFICIAL FOUND
DROPPED FILE - ~M5K296S2ZI18CTVBD32199NT.js: Sanesecurity.Malware.26532.JsHeur.UNOFFICIAL FOUND

Signatures

No signatures matched

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

~M5K296S2ZI18CTVBD32199NT.js

Network Analysis

Hosts Involved

DNS Requests

HTTP Requests

Behavior Summary

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 456, Parent PID: 352

Volatility

Nothing to display.