'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2017-07-11 21:35:35.134248 2017-07-11 21:36:17.565195 42 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2017-07-11 21:35:35 2017-07-11 21:36:15

Errors

File Details

File name 6fa4ba68d7cadc2090fe5d2f0ebbf3882ea4b57a.zip
File size 1461 bytes
File type Zip archive data
CRC32 72A0EDB3
MD5 5e001c840d8256a89a3ee99d42b612e8
SHA1 6fa4ba68d7cadc2090fe5d2f0ebbf3882ea4b57a
SHA256 6d68a78bfeec83b78465d519c33c61fb74eb21292c64bc0e831424d692447cc9
SHA512 5ab590ce37abb0cb4f4efc42dff14221c3a56c0b0083aa8f82aa3a3db4e681b3e402963f394b3529315c6a9328e2a25ec2ee11ea026b01a58960911ef7d3d413
Ssdeep None
PEiD None matched
Yara
  • PM_Zip_with_js ()
VirusTotal File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=0, Anomalies=0, PEiD=0, Yara=2, VT[1499823384]=0): Snort Events=0, AV Events=0
Total Score=2

File intentionally breaks sandbox processing and looks highly suspicious

Signatures

No signatures matched

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

DNS Requests

Behavior Summary

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 456, Parent PID: 352

Volatility

Nothing to display.