'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2017-09-22 01:30:22.251143 2017-09-22 01:31:10.763540 48 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo2 win7 Clone 2 VirtualBox 2017-09-22 01:30:22 2017-09-22 01:31:10

File Details

File name 91ad94f4a1eb6f971d962d336c3dcc037d86d691.dll
File size 811808 bytes
File type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
CRC32 445DCEE7
MD5 c73c216613b5f0274113d80c283c5d0a
SHA1 91ad94f4a1eb6f971d962d336c3dcc037d86d691
SHA256 1547f4f6875b33d2493e8a9a64ba888840a297050c8f61cd312e8a5ecb6d4a23
SHA512 b57ab99ca400823ca34d05a961937e1ee419d2947c19b8058b2dcaf1cedc61a22afc3047b9fce66318fa32d4a5556478afd92df90a8412b0b1778a3ba6817ee4
Ssdeep None
PEiD None matched
Yara None matched
VirusTotal Permalink
VirusTotal Scan Date: 2017-09-22 01:27:46
Detection Rate: 34/65 (Expand)

MetaFlows Scores

Metaflows Analysis Results (Signatures=50, Anomalies=0, PEiD=0, Yara=2, VT[1506058280]=100): Snort Events=0, AV Events=0
Total Score=100

Signatures

allocates_rwx details
origin_langid details
packer_entropy details
packer_upx details

Screenshots

No screenshots available.

Static Analysis

Version Infos

Sections

Resources

Imports

Exports

Strings

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

DNS Requests

Behavior Summary

File-Read
  • C:\Users\Harry Dresden\AppData\Local\Temp\91ad94f4a1eb6f971d962d336c3dcc037d86d691.dll
File-Opened
  • C:\Users\Harry Dresden\AppData\Local\Temp\91ad94f4a1eb6f971d962d336c3dcc037d86d691.dll
Registry Key-Read
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
Mutex-Accessed
  • Global\0B6C01ED-7B92-44EE-8E9C-0A7C00BDDB05

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 460, Parent PID: 364

"C:\Windows\System32\rundll32.exe" C:\Users\HARRYD~1\AppData\Local\Temp\91ad94f4a1eb6f971d962d336c3dcc037d86d691.dll,DllMain PID: 6068, Parent PID: 4744

"C:\Windows\System32\rundll32.exe" C:\Users\HARRYD~1\AppData\Local\Temp\91ad94f4a1eb6f971d962d336c3dcc037d86d691.dll,DllMain PID: 5600, Parent PID: 6068

Volatility

Nothing to display.