'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2017-07-15 11:30:48.254844 2017-07-15 11:32:13.263335 85 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo2 win7 Clone 2 VirtualBox 2017-07-15 11:30:49 2017-07-15 11:32:11

Errors

File Details

File name b0e9da50e35027e4a3d7564d4bbcf1cc93981e9a.zip
File size 4695398 bytes
File type Zip archive data, at least v2.0 to extract
CRC32 C785B743
MD5 69fd12d21c0a1032fccd04e2aa5305c6
SHA1 b0e9da50e35027e4a3d7564d4bbcf1cc93981e9a
SHA256 a76f5dcd8d4801d97a9c3b58966249572fe2db027e2f456426b1d81a7d034d23
SHA512 2699b144fcc342bb5dfb3091ec3bccdde5a5151ab4e6c27ba578fd1fadbd470cb7693890ab6e0b741ce3361fef91a51805503e222e57a7a218460b03480a9fa6
Ssdeep None
PEiD None matched
Yara None matched
VirusTotal File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=0, Anomalies=0, PEiD=0, Yara=0, VT[1500132737]=0): Snort Events=0, AV Events=30
Total Score=25

CLAMAV DETECTED:
PhishTank.Phishing.5094936.UNOFFICIAL FOUND
PhishTank.Phishing.5094936.UNOFFICIAL FOUND
PhishTank.Phishing.5094936.UNOFFICIAL FOUND
PhishTank.Phishing.5058601.UNOFFICIAL FOUND
PhishTank.Phishing.5058601.UNOFFICIAL FOUND
PhishTank.Phishing.5058601.UNOFFICIAL FOUND
PhishTank.Phishing.5058601.UNOFFICIAL FOUND
PhishTank.Phishing.5058601.UNOFFICIAL FOUND
PhishTank.Phishing.5058601.UNOFFICIAL FOUND
PhishTank.Phishing.5058601.UNOFFICIAL FOUND
PhishTank.Phishing.5058601.UNOFFICIAL FOUND
PhishTank.Phishing.5058601.UNOFFICIAL FOUND
PhishTank.Phishing.5058601.UNOFFICIAL FOUND
PhishTank.Phishing.5058601.UNOFFICIAL FOUND
PhishTank.Phishing.5058601.UNOFFICIAL FOUND
PhishTank.Phishing.5094936.UNOFFICIAL FOUND
PhishTank.Phishing.5094936.UNOFFICIAL FOUND
PhishTank.Phishing.5094936.UNOFFICIAL FOUND
PhishTank.Phishing.5058601.UNOFFICIAL FOUND
PhishTank.Phishing.5058601.UNOFFICIAL FOUND
PhishTank.Phishing.5058601.UNOFFICIAL FOUND
PhishTank.Phishing.5058601.UNOFFICIAL FOUND
PhishTank.Phishing.5058601.UNOFFICIAL FOUND
PhishTank.Phishing.5058601.UNOFFICIAL FOUND
PhishTank.Phishing.5058601.UNOFFICIAL FOUND
PhishTank.Phishing.5058601.UNOFFICIAL FOUND
PhishTank.Phishing.5058601.UNOFFICIAL FOUND
PhishTank.Phishing.5058601.UNOFFICIAL FOUND
PhishTank.Phishing.5058601.UNOFFICIAL FOUND
PhishTank.Phishing.5058601.UNOFFICIAL FOUND

Signatures

No signatures matched

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

cur.scr

Network Analysis

Hosts Involved

DNS Requests

Behavior Summary

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 460, Parent PID: 364

Volatility

Nothing to display.