'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2017-07-15 18:20:47.814475 2017-07-15 18:21:22.309142 34 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2017-07-15 18:20:48 2017-07-15 18:21:21

Errors

File Details

File name b43cf4a241e823907cda65487f97e129aec50a9c.zip
File size 1488 bytes
File type Zip archive data
CRC32 136A15E1
MD5 bcc986bd2b84ba9d39502ac7d007f0a7
SHA1 b43cf4a241e823907cda65487f97e129aec50a9c
SHA256 816ae62da4c56194275943e09484304d511ee0266ec3ac0b5967bb704467ba53
SHA512 e65e901b7bf5569890fe43cb44c35c57dd7042eba29dfe5e743a349b711a3d2d53fb080a2ba132c167a2e7e0d0a80673b0a56995b3a6f5111db63f716f6e1fea
Ssdeep None
PEiD None matched
Yara
  • PM_Zip_with_js ()
VirusTotal File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=0, Anomalies=0, PEiD=0, Yara=2, VT[1500157287]=0): Snort Events=0, AV Events=1
Total Score=2

CLAMAV DETECTED:
Sanesecurity.Malware.27096.JsHeur.UNOFFICIAL FOUND

File intentionally breaks sandbox processing and looks highly suspicious

Signatures

No signatures matched

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

DNS Requests

Behavior Summary

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 456, Parent PID: 352

Volatility

Nothing to display.