'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2017-07-15 17:15:48.026774 2017-07-15 17:16:23.290165 35 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2017-07-15 17:15:48 2017-07-15 17:16:22

Errors

File Details

File name d69760b196335695cc271f42267cd0a2c674f02c.zip
File size 1504 bytes
File type Zip archive data
CRC32 9546DC77
MD5 078ce24b4afbcdbab83460d7e5a5b032
SHA1 d69760b196335695cc271f42267cd0a2c674f02c
SHA256 956f9b73285ca28463079091e2164ab174dcb631a0eecc19a889a02b7a8dee04
SHA512 b06ae286a1e18b72784e68bebc1f4d768ca377ef84ee2ac2b26824f35e75dcff8cbbeaa197d6eb176d005bcb8725f94541d3622d0d9dae908b626eac5d4e6e2b
Ssdeep None
PEiD None matched
Yara
  • PM_Zip_with_js ()
VirusTotal File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=0, Anomalies=0, PEiD=0, Yara=2, VT[1500153389]=0): Snort Events=0, AV Events=1
Total Score=2

CLAMAV DETECTED:
Sanesecurity.Malware.27096.JsHeur.UNOFFICIAL FOUND

File intentionally breaks sandbox processing and looks highly suspicious

Signatures

No signatures matched

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

DNS Requests

Behavior Summary

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 456, Parent PID: 352

Volatility

Nothing to display.