'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2017-07-15 14:35:46.372107 2017-07-15 14:36:48.320677 61 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo2 win7 Clone 2 VirtualBox 2017-07-15 14:35:46 2017-07-15 14:36:47

Errors

File Details

File name c3f57e6b42f24bbf3fe9a2e36d73813e3dc15414.zip
File size 1543 bytes
File type Zip archive data
CRC32 E30E2670
MD5 50a461ab19f4bfe9c1e0686fa2f34e70
SHA1 c3f57e6b42f24bbf3fe9a2e36d73813e3dc15414
SHA256 b49fa6fbce3cb7a20d706d59300041ab8eda2f9e3687ff9934b48f0c1a537396
SHA512 5e4f9e10d50d28fd81111b510c5365e2c7cf8689efd80194bb3cfd2de9aca12055d00e2f8237c8b4713705e78b5547584da18abaca5705e7436d67e0d1de8aa9
Ssdeep None
PEiD None matched
Yara
  • PM_Zip_with_js ()
VirusTotal File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=0, Anomalies=0, PEiD=0, Yara=2, VT[1500143811]=0): Snort Events=0, AV Events=1
Total Score=2

CLAMAV DETECTED:
Sanesecurity.Malware.27096.JsHeur.UNOFFICIAL FOUND

File intentionally breaks sandbox processing and looks highly suspicious

Signatures

No signatures matched

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

DNS Requests

Behavior Summary

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 460, Parent PID: 364

Volatility

Nothing to display.