'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2016-12-08 19:44:24.167964 2016-12-08 19:45:13.874443 49 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2016-12-08 19:44:24 2016-12-08 19:45:13

File Details

File name c6416e5c85af305f2fdbea455861cbe7bcdc4f5d.zip
File size 384026 bytes
File type Zip archive data, at least v2.0 to extract
CRC32 413D3B3F
MD5 1042a4b5be7dae8998866852dfe7578d
SHA1 c6416e5c85af305f2fdbea455861cbe7bcdc4f5d
SHA256 c3485b574c8ad6b0fed5c2df6f66ed6364256201089a9eb40f831df35a1fcd7a
SHA512 15ad9036a0dec7ae4a0b49c6394a188f03129daa702599ecc4f1683ad4298dc307de47633878be275f640b499d62efd304ace35f0344663ea3e9300ea45f6d75
Ssdeep 6144:jJrmvj9qAUeyZGN7nksncIyOyIah/l50H3HcRS65Q/oU3xryCkAde/9y1SgjPV4K:xWxqAMGN7nksnrPaJl5BNU3x1kAw/MS4
PEiD None matched
Yara None matched
VirusTotal File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=75, Anomalies=0, PEiD=0, Yara=0, VT[1481226353]=0): Snort Events=0, AV Events=0
Total Score=75

MetaFlows Virus DB DETECTED Dropped File:
Paypal_2901258251093.exe INFECTED - Antivirus report:Here

Signatures

antivm_vbox_files details
antivm_vbox_files details
antivm_vmware_files details

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

Paypal_2901258251093.exe

Network Analysis

Hosts Involved

DNS Requests

Behavior Summary

Registry Key-Opened
  • HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
  • HKEY_LOCAL_MACHINE\Software\Borland\Locales
  • HKEY_CURRENT_USER\Software\Borland\Locales
Registry Key-Read
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 456, Parent PID: 352

"C:\Users\Harry Dresden\AppData\Local\Temp\Paypal_2901258251093.exe" PID: 3892, Parent PID: 996

Volatility

Nothing to display.