'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2016-12-08 17:43:07.449736 2016-12-08 17:44:36.497400 89 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2016-12-08 17:43:08 2016-12-08 17:44:36

File Details

File name be1c0d83f50e8fad1ff5b0214ecdd3b01ef609b3.dll
File size 226592 bytes
File type PE32+ executable for MS Windows (DLL) (GUI)
CRC32 0CF0D192
MD5 1ba1629681ec6861ce3d6c1977c2fd7d
SHA1 be1c0d83f50e8fad1ff5b0214ecdd3b01ef609b3
SHA256 3fed99891579095ac2da7ec5000369211bfbf7188baf0c9a652e4bd7386fd116
SHA512 53f4b110d2da508089f24a57778fafe0fe22e31c7b7a11ad092fe8db18fe3fdcda2dbf41bd8bcecad9eb9b6adce964924be358c3d4f3cd5f9ebeb173b2e0201c
Ssdeep 6144:UfZHNlidWo1DvW6yK441rNhgdb4j3vtJht6A2mWf:cHNlidWGDv0z4FPVk/mWf
PEiD None matched
Yara None matched
VirusTotal Permalink
VirusTotal Scan Date: 2016-12-08 14:50:40
Detection Rate: 4/57 (Expand)

MetaFlows Scores

Metaflows Analysis Results (Signatures=0, Anomalies=0, PEiD=0, Yara=0, VT[1481219082]=100): Snort Events=0, AV Events=0
Total Score=100

Signatures

packer_upx details

Screenshots

No screenshots available.

Static Analysis

Version Infos

Sections

Resources

Imports

Exports

Strings

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

DNS Requests

Behavior Summary

Registry Key-Read
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 456, Parent PID: 352

"C:\Windows\System32\rundll32.exe" C:\Users\HARRYD~1\AppData\Local\Temp\be1c0d83f50e8fad1ff5b0214ecdd3b01ef609b3.dll,DllMain PID: 560, Parent PID: 1668

Volatility

Nothing to display.