'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2017-11-01 22:07:28.776324 2017-11-01 22:09:19.524720 110 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2017-11-01 22:07:29 2017-11-01 22:09:18

File Details

File name cba5453797007536c8284bf79274a27c62979e2d.zip
File size 236489 bytes
File type Zip archive data
CRC32 3081233B
MD5 6874eb7f2707e654c834ad9ef4480626
SHA1 cba5453797007536c8284bf79274a27c62979e2d
SHA256 816c1dddf172abedb2e41ddeb6706736666b2214fec896b628a12dd63c4013b5
SHA512 f03a08c67a96dd64b8e900d688d5ce16d249969ff4596db14d49edfebb4b9a60793537263e68547b378301aaf96ee2731356e6c9ecb943f47441fb8f71156948
Ssdeep None
PEiD None matched
Yara None matched
VirusTotal File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=50, Anomalies=0, PEiD=0, Yara=2, VT[1509588566]=0): Snort Events=0, AV Events=0
Total Score=50

Signatures

allocates_rwx details

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

shp2epa.exe

Network Analysis

Hosts Involved

DNS Requests

HTTP Requests

Behavior Summary

File-Opened
  • C:\Windows\Globalization\Sorting\sortdefault.nls
Registry Key-Opened
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\System
  • HKEY_LOCAL_MACHINE\Software\Borland\Locales
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\MS Sans Serif
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\shp2epa.exe
  • HKEY_CURRENT_USER\Software\Borland\Locales
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
  • HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
  • HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
Registry Key-Read
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 480, Parent PID: 384

"C:\Users\Harry Dresden\AppData\Local\Temp\shp2epa.exe" PID: 2464, Parent PID: 2084

Volatility

Nothing to display.