'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2016-12-08 06:53:48.822530 2016-12-08 06:56:35.660798 166 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2016-12-08 06:53:50 2016-12-08 06:56:35

File Details

File name bf7b2d1003cc3b62a04e6b0f027c9fa11b5cd347.zip
File size 3807 bytes
File type Zip archive data, at least v2.0 to extract
CRC32 2C978787
MD5 e3bb016336edc9c319c91bc2d94b159c
SHA1 bf7b2d1003cc3b62a04e6b0f027c9fa11b5cd347
SHA256 9b9debc79b79712393475c0a1051e4017d09e0a319f9f18b28d00a0ab5e49887
SHA512 e31a52dc5ec534f854250bf97f4735ea9eeb1dac66491cd8b47d63e2d5b39b547fd24a1cf7c03dff943ce4f928b0666fcff3911a5b93329d5fa21224fa6f14f6
Ssdeep 96:cTs+UQ1rEqlbwaWwjg/v7ciFYrgYl3Ixi+:LIYW5Wwj3iFYtIZ
PEiD None matched
Yara
  • PM_Zip_with_js ()
VirusTotal Permalink
VirusTotal Scan Date: 2016-12-07 23:49:37
Detection Rate: 11/56 (Expand)

MetaFlows Scores

Metaflows Analysis Results (Signatures=0, Anomalies=0, PEiD=0, Yara=2, VT[1481180200]=100): Snort Events=0, AV Events=2
Total Score=100

CLAMAV DETECTED:
Sanesecurity.Malware.26532.JsHeur.UNOFFICIAL FOUND
DROPPED FILE - ~UW79387HV24L1QJ90AZUI4A.js: Sanesecurity.Malware.26532.JsHeur.UNOFFICIAL FOUND

Signatures

No signatures matched

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

~UW79387HV24L1QJ90AZUI4A.js

Network Analysis

Hosts Involved

DNS Requests

HTTP Requests

Behavior Summary

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 456, Parent PID: 352

Volatility

Nothing to display.