'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2017-07-15 03:20:43.460363 2017-07-15 03:21:17.771406 34 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2017-07-15 03:20:43 2017-07-15 03:21:16

Errors

File Details

File name 9df10b69b045b87198d8186645984bcd6df22b15.zip
File size 1535 bytes
File type Zip archive data
CRC32 412FB488
MD5 d62bd909ee659bb2b94517cbc6786d13
SHA1 9df10b69b045b87198d8186645984bcd6df22b15
SHA256 f2a0a91e8fce5d92c3abe6e38ad892edaee75cd66a6625252e6df98982e74b84
SHA512 6079801773a46622bae4367f447bf2f07db871322d8c723073e4ef2b3ed12a1273e1c8d4d5bb73c86d7ec9ff36aac3b1292163976881cc11e59fcb066a16c267
Ssdeep None
PEiD None matched
Yara
  • PM_Zip_with_js ()
VirusTotal File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=0, Anomalies=0, PEiD=0, Yara=2, VT[1500103283]=0): Snort Events=0, AV Events=1
Total Score=2

CLAMAV DETECTED:
Sanesecurity.Malware.27096.JsHeur.UNOFFICIAL FOUND

File intentionally breaks sandbox processing and looks highly suspicious

Signatures

No signatures matched

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

DNS Requests

Behavior Summary

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 456, Parent PID: 352

Volatility

Nothing to display.