'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2017-07-15 06:20:43.641181 2017-07-15 06:21:20.831819 37 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2017-07-15 06:20:43 2017-07-15 06:21:19

Errors

File Details

File name 181dcb7f604b09765f5f63477dbb09ab223978d5.zip
File size 1468 bytes
File type Zip archive data
CRC32 24EBE33B
MD5 dadc28fcdb93fe7288ba63b28daaa40f
SHA1 181dcb7f604b09765f5f63477dbb09ab223978d5
SHA256 712e5ad99afd2db687243355320f515735278020c01ea949db6b0a3ab10ff228
SHA512 3ccc80e2eac60d136dce3cafd6d62119e123b485f15d6b5bdb2cb329cc98f3d5432b376758df3439f845e8864b17b3c752b5a7ef7fa7e40d694e269a4f6a5dae
Ssdeep None
PEiD None matched
Yara
  • PM_Zip_with_js ()
VirusTotal File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=0, Anomalies=0, PEiD=0, Yara=2, VT[1500114083]=0): Snort Events=0, AV Events=1
Total Score=2

CLAMAV DETECTED:
Sanesecurity.Malware.27096.JsHeur.UNOFFICIAL FOUND

File intentionally breaks sandbox processing and looks highly suspicious

Signatures

No signatures matched

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

DNS Requests

Behavior Summary

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 456, Parent PID: 352

Volatility

Nothing to display.