metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2016-12-08 00:41:27.503287 2016-12-08 00:44:16.245547 168 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2016-12-08 00:41:28 2016-12-08 00:44:15

File Details

File name e0eaa0a6b979cdedbc385cbfc8e14179c3456aa7.zip
File size 3813 bytes
File type Zip archive data, at least v2.0 to extract
CRC32 B67CE3C9
MD5 a96cf59c49ddb507a06bb610de3049c4
SHA1 e0eaa0a6b979cdedbc385cbfc8e14179c3456aa7
SHA256 40fc4acc2ee8f1f83d288b0e7536b0baf650852508ebee74f22c022f0b8dcc30
SHA512 acf61deb420441cfb94d812a597123ceef3f91e509b7ddd4bf122209415e7d90cef47121e3c4a19a38caf766dd9f0aaea60d91652cb392118626d59245c4e72c
Ssdeep 96:gD2h25sVl42DpsJZ4Spi/iDeFWx2Gu4t9YM9MB4GBp8:x2KVl4SqZ4S0/oPuiueGBW
PEiD None matched
  • PM_Zip_with_js ()
VirusTotal Permalink
VirusTotal Scan Date: 2016-12-07 21:09:59
Detection Rate: 5/56 (Expand)

MetaFlows Scores

Metaflows Analysis Results (Signatures=0, Anomalies=0, PEiD=0, Yara=2, VT[1481157914]=100): Snort Events=0, AV Events=2
Total Score=100

Sanesecurity.Malware.26532.JsHeur.UNOFFICIAL FOUND
DROPPED FILE - ~03PL45E2JLCFZ39D7V4C08.js: Sanesecurity.Malware.26532.JsHeur.UNOFFICIAL FOUND


No signatures matched


No screenshots available.

Static Analysis

Nothing to display.

Dropped Files


Network Analysis

Hosts Involved

DNS Requests

HTTP Requests

Behavior Summary


registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 456, Parent PID: 352


Nothing to display.