'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2017-07-14 21:35:43.218704 2017-07-14 21:36:24.401115 41 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2017-07-14 21:35:43 2017-07-14 21:36:22

Errors

File Details

File name db521a145eb6c395aa250f1183d9e57524fb219c.zip
File size 1495 bytes
File type Zip archive data
CRC32 A6E215F3
MD5 87b03f3d0bb747402bd6003f27ad0a62
SHA1 db521a145eb6c395aa250f1183d9e57524fb219c
SHA256 a1e52c5cb96528aea1490a51637913194f7ad27447a6b0fd8d5d9f5c93ef1c79
SHA512 3c710ef480cb3c9c20938d836968806709651e908fbf4990bec8e74c21b2418e33aa13cc2227e07bd5c1e386a871ca270b8a1dd8ab9533445e8b04c56065a761
Ssdeep None
PEiD None matched
Yara
  • PM_Zip_with_js ()
VirusTotal File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=0, Anomalies=0, PEiD=0, Yara=2, VT[1500082590]=0): Snort Events=0, AV Events=1
Total Score=2

CLAMAV DETECTED:
Sanesecurity.Malware.27096.JsHeur.UNOFFICIAL FOUND

File intentionally breaks sandbox processing and looks highly suspicious

Signatures

No signatures matched

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

DNS Requests

Behavior Summary

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 456, Parent PID: 352

Volatility

Nothing to display.