'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2017-07-15 18:15:48.434043 2017-07-15 18:16:23.763363 35 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2017-07-15 18:15:48 2017-07-15 18:16:22

Errors

File Details

File name b8e7f0c3d6fff67cd5613cefa8e5ec7ca42751c0.zip
File size 1496 bytes
File type Zip archive data
CRC32 67A02779
MD5 b864edad72f1de4d51a54bfdc7e36f55
SHA1 b8e7f0c3d6fff67cd5613cefa8e5ec7ca42751c0
SHA256 e1a08b555ee7de86487c1a1d4f1573aa03437c2e9c258308dffaa1795067bff5
SHA512 a6d86c8d800f054777c6961fdcc7c2055a5b3bd3255cde5c3e9bc91a6e72a71267a5b180dd17e5002787bed9c77da8eca9a8cbd1e4e105255981ce84fa0fb34b
Ssdeep None
PEiD None matched
Yara
  • PM_Zip_with_js ()
VirusTotal File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=0, Anomalies=0, PEiD=0, Yara=2, VT[1500156990]=0): Snort Events=0, AV Events=1
Total Score=2

CLAMAV DETECTED:
Sanesecurity.Malware.27096.JsHeur.UNOFFICIAL FOUND

File intentionally breaks sandbox processing and looks highly suspicious

Signatures

No signatures matched

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

DNS Requests

Behavior Summary

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 456, Parent PID: 352

Volatility

Nothing to display.