'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2017-07-15 12:30:46.822913 2017-07-15 12:31:32.604866 45 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2017-07-15 12:30:47 2017-07-15 12:31:32

Errors

File Details

File name 94cdfe0575ba41040ecd9cf23c6ecdfae81fc3b6.zip
File size 4699911 bytes
File type Zip archive data, at least v2.0 to extract
CRC32 E4268A8B
MD5 f4d2b7d6ea314b53480ed1c997e3a5d6
SHA1 94cdfe0575ba41040ecd9cf23c6ecdfae81fc3b6
SHA256 1bcd10dc3f60f7bc28f4a3d5eda2ccab6794ff62b0fe7dfa9f27eea4daf7189c
SHA512 b84d67cd284c5e71fa9d603b9649d62fa90fdd30d1b192ca8c3bfd8a7bccf3e3968a0e05e53ad53a001e0068b70a1bafdb2069ba7f6b5a4267f93c41a8bd85da
Ssdeep None
PEiD None matched
Yara
  • shellcode (Matched shellcode byte patterns)
VirusTotal File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=0, Anomalies=0, PEiD=0, Yara=2, VT[1500136298]=0): Snort Events=0, AV Events=18
Total Score=25

CLAMAV DETECTED:
PhishTank.Phishing.5094936.UNOFFICIAL FOUND
PhishTank.Phishing.5094936.UNOFFICIAL FOUND
PhishTank.Phishing.5094936.UNOFFICIAL FOUND
PhishTank.Phishing.5058601.UNOFFICIAL FOUND
PhishTank.Phishing.5058601.UNOFFICIAL FOUND
PhishTank.Phishing.5058601.UNOFFICIAL FOUND
PhishTank.Phishing.5058601.UNOFFICIAL FOUND
PhishTank.Phishing.5058601.UNOFFICIAL FOUND
PhishTank.Phishing.5058601.UNOFFICIAL FOUND
PhishTank.Phishing.5094936.UNOFFICIAL FOUND
PhishTank.Phishing.5094936.UNOFFICIAL FOUND
PhishTank.Phishing.5094936.UNOFFICIAL FOUND
PhishTank.Phishing.5058601.UNOFFICIAL FOUND
PhishTank.Phishing.5058601.UNOFFICIAL FOUND
PhishTank.Phishing.5058601.UNOFFICIAL FOUND
PhishTank.Phishing.5058601.UNOFFICIAL FOUND
PhishTank.Phishing.5058601.UNOFFICIAL FOUND
PhishTank.Phishing.5058601.UNOFFICIAL FOUND

Signatures

No signatures matched

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

cur.scr

Network Analysis

Hosts Involved

DNS Requests

Behavior Summary

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 456, Parent PID: 352

Volatility

Nothing to display.