'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2017-07-04 06:15:15.972472 2017-07-04 06:15:52.047362 36 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2017-07-04 06:15:16 2017-07-04 06:15:51

Errors

File Details

File name b288c2b09a5e3350ee9977a15e08154ac679d5b5.zip
File size 1450 bytes
File type Zip archive data
CRC32 44476ADA
MD5 3fda4ef2dcdeba02c3a6b82aeb64d6a8
SHA1 b288c2b09a5e3350ee9977a15e08154ac679d5b5
SHA256 cddbf59af5649ecaf5c6d1770b0960be00f0b1872bce7ab9780b24524be94346
SHA512 ac5301ec36b4775631fff7b516d9361d705fc59a26521e21f6a430f578e3818b6b9e46ab38d676f72a03cf6c64fb203ad65b4f3ed0ba4ade968c49e713fa331a
Ssdeep None
PEiD None matched
Yara
  • PM_Zip_with_js ()
VirusTotal File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=0, Anomalies=0, PEiD=0, Yara=2, VT[1499163355]=0): Snort Events=0, AV Events=0
Total Score=2

File intentionally breaks sandbox processing and looks highly suspicious

Signatures

No signatures matched

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

DNS Requests

Behavior Summary

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 456, Parent PID: 352

Volatility

Nothing to display.