'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2017-07-15 05:00:44.093954 2017-07-15 05:01:20.131865 36 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2017-07-15 05:00:44 2017-07-15 05:01:18

Errors

File Details

File name 7599b6ac9285d3c654daa7f11f354b66c7528e6f.zip
File size 1492 bytes
File type Zip archive data
CRC32 075ABC4A
MD5 ec8f727388ef0f8a23e1f42ee1b30b25
SHA1 7599b6ac9285d3c654daa7f11f354b66c7528e6f
SHA256 87800b26b8ec22ccd5df62bed99b7199dbcad0556d6c01391da273c78a42dafa
SHA512 be38ab74aaec2c50d737e5614b0f4ccbd5aeb812b1f4c69c914caf5f3238b239418ae901d68c194c0c80183ed6f2e2a19a7f711caf299b17858e2247538fa5be
Ssdeep None
PEiD None matched
Yara
  • PM_Zip_with_js ()
VirusTotal File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=0, Anomalies=0, PEiD=0, Yara=2, VT[1500109282]=0): Snort Events=0, AV Events=1
Total Score=2

CLAMAV DETECTED:
Sanesecurity.Malware.27096.JsHeur.UNOFFICIAL FOUND

File intentionally breaks sandbox processing and looks highly suspicious

Signatures

No signatures matched

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

DNS Requests

Behavior Summary

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 456, Parent PID: 352

Volatility

Nothing to display.