'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2017-07-15 09:05:43.642605 2017-07-15 09:06:19.762547 36 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2017-07-15 09:05:43 2017-07-15 09:06:18

Errors

File Details

File name 571f271bc973ceb713810ac5487053ae2e0014fb.zip
File size 1554 bytes
File type Zip archive data
CRC32 FACD47C6
MD5 b7823a9626ada0f48587f8d5257c06b1
SHA1 571f271bc973ceb713810ac5487053ae2e0014fb
SHA256 3ecbb9fc4ef9bac584809b65d86c785df74afd444ed12d21509ce738d1a97a1a
SHA512 7ca7907a33368b2d483dd273b398b1356a511348a65b92181f6d7511e8877e42423731d0ff28107902cf1df05fea4bc15ff334226e51aebea03d872af0057153
Ssdeep None
PEiD None matched
Yara
  • PM_Zip_with_js ()
VirusTotal File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=0, Anomalies=0, PEiD=0, Yara=2, VT[1500123983]=0): Snort Events=0, AV Events=1
Total Score=2

CLAMAV DETECTED:
Sanesecurity.Malware.27096.JsHeur.UNOFFICIAL FOUND

File intentionally breaks sandbox processing and looks highly suspicious

Signatures

No signatures matched

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

DNS Requests

Behavior Summary

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 456, Parent PID: 352

Volatility

Nothing to display.