'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2017-07-15 06:30:45.225089 2017-07-15 06:31:19.572756 34 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2017-07-15 06:30:45 2017-07-15 06:31:17

Errors

File Details

File name ae8e9d5617d4273efd65ad29c9ac948620e7e14d.zip
File size 1573 bytes
File type Zip archive data
CRC32 D214127D
MD5 62cc0e35dde8e971b86f2ef1436cf89f
SHA1 ae8e9d5617d4273efd65ad29c9ac948620e7e14d
SHA256 bd557cf552b7cf05075a0e4cf83c2dc9d13cc1bde2c2cd0ec2f3832cb397be4f
SHA512 27eaa00b5279942041e4add83a506cec4f835dd32aca29e420836a1633512b0b8414d87e63b4b59a470262a8698ced1b8b6ce0831e6a8f8b776d173718185a90
Ssdeep None
PEiD None matched
Yara
  • PM_Zip_with_js ()
VirusTotal File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=0, Anomalies=0, PEiD=0, Yara=2, VT[1500114684]=0): Snort Events=0, AV Events=1
Total Score=2

CLAMAV DETECTED:
Sanesecurity.Malware.27096.JsHeur.UNOFFICIAL FOUND

File intentionally breaks sandbox processing and looks highly suspicious

Signatures

No signatures matched

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

DNS Requests

Behavior Summary

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 456, Parent PID: 352

Volatility

Nothing to display.