'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2016-12-08 17:55:19.931822 2016-12-08 17:58:12.039228 172 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2016-12-08 17:55:20 2016-12-08 17:58:11

File Details

File name c99a4e966aef630408c5fa0bf881828bf8eecbdf.zip
File size 3829 bytes
File type Zip archive data, at least v2.0 to extract
CRC32 6E139BDD
MD5 316bdee36fec77a68ff13005be7a5737
SHA1 c99a4e966aef630408c5fa0bf881828bf8eecbdf
SHA256 9e544bc8c30e3436d5b40412b54ad91a6b01d36a9721d3b01290b9ea98704462
SHA512 755e308b7e717703d8722d423d67425e66e51419782cb5f5ed232ee9b3ebef8a669351ac6b1a43854758b8c29a5b8a1248c374a651b790d446b64274801f3f29
Ssdeep 96:EOrqPAPQWJbZiFB4VmGOHbVfT+e3W9lI6JQ0qBs:qiNpZiFWV+b5TsldJQ0f
PEiD None matched
Yara
  • PM_Zip_with_js ()
VirusTotal Permalink
VirusTotal Scan Date: 2016-12-08 11:52:13
Detection Rate: 6/56 (Expand)

MetaFlows Scores

Metaflows Analysis Results (Signatures=0, Anomalies=0, PEiD=0, Yara=2, VT[1481219895]=100): Snort Events=0, AV Events=2
Total Score=100

CLAMAV DETECTED:
Sanesecurity.Malware.26532.JsHeur.UNOFFICIAL FOUND
DROPPED FILE - ~132LGS72V073Q1RAYIZ39S.js: Sanesecurity.Malware.26532.JsHeur.UNOFFICIAL FOUND

Signatures

No signatures matched

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

~132LGS72V073Q1RAYIZ39S.js

Network Analysis

Hosts Involved

DNS Requests

HTTP Requests

Behavior Summary

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 456, Parent PID: 352

Volatility

Nothing to display.