'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2016-12-08 00:41:27.503287 2016-12-08 00:44:16.245547 168 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2016-12-08 00:41:28 2016-12-08 00:44:15

File Details

File name e0eaa0a6b979cdedbc385cbfc8e14179c3456aa7.zip
File size 3813 bytes
File type Zip archive data, at least v2.0 to extract
CRC32 B67CE3C9
MD5 a96cf59c49ddb507a06bb610de3049c4
SHA1 e0eaa0a6b979cdedbc385cbfc8e14179c3456aa7
SHA256 40fc4acc2ee8f1f83d288b0e7536b0baf650852508ebee74f22c022f0b8dcc30
SHA512 acf61deb420441cfb94d812a597123ceef3f91e509b7ddd4bf122209415e7d90cef47121e3c4a19a38caf766dd9f0aaea60d91652cb392118626d59245c4e72c
Ssdeep 96:gD2h25sVl42DpsJZ4Spi/iDeFWx2Gu4t9YM9MB4GBp8:x2KVl4SqZ4S0/oPuiueGBW
PEiD None matched
Yara
  • PM_Zip_with_js ()
VirusTotal Permalink
VirusTotal Scan Date: 2016-12-07 21:09:59
Detection Rate: 5/56 (Expand)

MetaFlows Scores

Metaflows Analysis Results (Signatures=0, Anomalies=0, PEiD=0, Yara=2, VT[1481157914]=100): Snort Events=0, AV Events=2
Total Score=100

CLAMAV DETECTED:
Sanesecurity.Malware.26532.JsHeur.UNOFFICIAL FOUND
DROPPED FILE - ~03PL45E2JLCFZ39D7V4C08.js: Sanesecurity.Malware.26532.JsHeur.UNOFFICIAL FOUND

Signatures

No signatures matched

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

~03PL45E2JLCFZ39D7V4C08.js

Network Analysis

Hosts Involved

DNS Requests

HTTP Requests

Behavior Summary

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 456, Parent PID: 352

Volatility

Nothing to display.