'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2017-07-15 19:10:48.684196 2017-07-15 19:11:24.305927 35 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2017-07-15 19:10:49 2017-07-15 19:11:23

Errors

File Details

File name 7a2f37a7cde93597f02f41ac63956dd2f95e89c3.zip
File size 1492 bytes
File type Zip archive data
CRC32 9799E1FB
MD5 bd43a4f802b77449eefd0bc661f0c2a5
SHA1 7a2f37a7cde93597f02f41ac63956dd2f95e89c3
SHA256 1545ae19fb3032652cb6601b6cc5050a6f91a59c53fbd74c3299664e1d2432e1
SHA512 07030a5b4fec96e4eb9187e11d1eb19c894bc5faf37f6ec8fd928fa45edeaeb8899b136f382e3fe7e2c9fb3753d3381e63ea5b4d3785b5ede08843235d280617
Ssdeep None
PEiD None matched
Yara
  • PM_Zip_with_js ()
VirusTotal File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=0, Anomalies=0, PEiD=0, Yara=2, VT[1500160286]=0): Snort Events=0, AV Events=1
Total Score=2

CLAMAV DETECTED:
Sanesecurity.Malware.27096.JsHeur.UNOFFICIAL FOUND

File intentionally breaks sandbox processing and looks highly suspicious

Signatures

No signatures matched

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

DNS Requests

Behavior Summary

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 456, Parent PID: 352

Volatility

Nothing to display.