'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2017-07-15 09:30:45.828919 2017-07-15 09:31:22.244708 36 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2017-07-15 09:30:46 2017-07-15 09:31:20

Errors

File Details

File name cb09c8bcf57592a403d481f55cd3768e260d5a8a.zip
File size 1503 bytes
File type Zip archive data
CRC32 D6002293
MD5 4ac493e424802e2112caf6fc6721e8d9
SHA1 cb09c8bcf57592a403d481f55cd3768e260d5a8a
SHA256 1db244206d82205680a10d4e8a46423823142b8d9be50f870ec9bc2073421996
SHA512 c11b6083c903013879acb7dcaeafcd3a193a79aec64737ec53f5e4959d82e78265eadfed87b3301d193e66f4b414cdab89b72608683e5880e89c2831f2fc32da
Ssdeep None
PEiD None matched
Yara
  • PM_Zip_with_js ()
VirusTotal File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=0, Anomalies=0, PEiD=0, Yara=2, VT[1500125486]=0): Snort Events=0, AV Events=1
Total Score=2

CLAMAV DETECTED:
Sanesecurity.Malware.27096.JsHeur.UNOFFICIAL FOUND

File intentionally breaks sandbox processing and looks highly suspicious

Signatures

No signatures matched

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

DNS Requests

Behavior Summary

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 456, Parent PID: 352

Volatility

Nothing to display.