metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2016-12-08 06:53:48.822530 2016-12-08 06:56:35.660798 166 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2016-12-08 06:53:50 2016-12-08 06:56:35

File Details

File name bf7b2d1003cc3b62a04e6b0f027c9fa11b5cd347.zip
File size 3807 bytes
File type Zip archive data, at least v2.0 to extract
CRC32 2C978787
MD5 e3bb016336edc9c319c91bc2d94b159c
SHA1 bf7b2d1003cc3b62a04e6b0f027c9fa11b5cd347
SHA256 9b9debc79b79712393475c0a1051e4017d09e0a319f9f18b28d00a0ab5e49887
SHA512 e31a52dc5ec534f854250bf97f4735ea9eeb1dac66491cd8b47d63e2d5b39b547fd24a1cf7c03dff943ce4f928b0666fcff3911a5b93329d5fa21224fa6f14f6
Ssdeep 96:cTs+UQ1rEqlbwaWwjg/v7ciFYrgYl3Ixi+:LIYW5Wwj3iFYtIZ
PEiD None matched
  • PM_Zip_with_js ()
VirusTotal Permalink
VirusTotal Scan Date: 2016-12-07 23:49:37
Detection Rate: 11/56 (Expand)

MetaFlows Scores

Metaflows Analysis Results (Signatures=0, Anomalies=0, PEiD=0, Yara=2, VT[1481180200]=100): Snort Events=0, AV Events=2
Total Score=100

Sanesecurity.Malware.26532.JsHeur.UNOFFICIAL FOUND
DROPPED FILE - ~UW79387HV24L1QJ90AZUI4A.js: Sanesecurity.Malware.26532.JsHeur.UNOFFICIAL FOUND


No signatures matched


No screenshots available.

Static Analysis

Nothing to display.

Dropped Files


Network Analysis

Hosts Involved

DNS Requests

HTTP Requests

Behavior Summary


registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 456, Parent PID: 352


Nothing to display.