'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2017-12-14 10:53:52.091729 2017-12-14 10:54:58.154305 66 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo2 win7 Clone 2 VirtualBox 2017-12-14 10:53:52 2017-12-14 10:54:57

File Details

File name SEOReport.html
File size 223 bytes
File type HTML document, ASCII text, with CRLF line terminators
CRC32 5040FE99
MD5 2971240cbf18ca6af8c6c71def400113
SHA1 5a2ed294793c0d3719a8837f165108bea4ba9104
SHA256 d5b815d58a078b72e928d8342171a8f7a308aab2244c0cfacf719393558878e7
SHA512 4e9cbf64b5ee7afbe1eb84ec86d09977b6ca3ecb6ceabd5d9d4aa6c8a32be73b82da500f27b6fecc4ffe9a18e399ffdb7c87b059b6667b5322d4de588630a33d
Ssdeep None
PEiD None matched
Yara None matched
VirusTotal Permalink
VirusTotal Scan Date: 2017-12-13 12:28:28
Detection Rate: 4/60 (Expand)

MetaFlows Scores

Metaflows Analysis Results (Signatures=50, Anomalies=0, PEiD=0, Yara=0, VT[1513266905]=100): Snort Events=0, AV Events=0
Total Score=100

Signatures

raises_exception details
openprocess_nonchild details
allocates_rwx details

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

DNS Requests

Behavior Summary

File-Opened
  • C:\Windows\WindowsShell.Manifest
  • C:\Windows\Globalization\Sorting\sortdefault.nls
Directory-Created
  • C:\Users\Harry Dresden\AppData\Local\Microsoft\Windows\Temporary Internet Files\Sqm
Registry Key-Opened
  • HKEY_CURRENT_USER\Software
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelemetryClient\SampleStore\sqm\Windows\winsqm8
  • HKEY_LOCAL_MACHINE\Software\Policies
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
  • HKEY_CURRENT_USER\Software\Microsoft\SQMClient
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE
  • HKEY_LOCAL_MACHINE\Software
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Safety\PrivacIE
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLESAFESEARCHPATH_KB963027
  • HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows
  • HKEY_CURRENT_USER\Software\Policies
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelemetryClient\SampleStore\sqm
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelemetryClient\SampleStore
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelemetryClient\SampleStore\sqm\Windows
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Safety\PrivacIE
  • HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ENABLESAFESEARCHPATH_KB963027
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Registry Key-Deleted
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SQM\FreezeUploads\HighTime
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SQM\FreezeUploads\LowTime
Registry Key-Read
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SessionMerging
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SQM\FreezeUploads\LowTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\MaxRpcSize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FrameMerging
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\PageAllocatorUseSystemHeap
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SQM\TestUploadURL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\SessionMerging
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Isolation64Bit
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\IE_Study_ID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\TSEnable
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\TSEnable
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\AcRedir
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
  • HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SQM\FreezeUploads\HighTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\LuaOffLoRIEOn
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameTabWindow
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Setup\HaveCreatedQuickLaunchItems
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\TabProcGrowth
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FrameTabWindow
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IE_Study_ID
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\HangRecovery
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\StudyId
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPSampledIn
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\PageAllocatorSystemHeapIsPrivate
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\ComputerName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\HangRecovery
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IE_Study_Machine_ID
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Isolation64Bit
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\MachineId
  • HKEY_LOCAL_MACHINE\SYSTEM\Setup\OOBEInProgress
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\AdminTabProcs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\TabProcGrowth
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ProtectedModeOffForAllZones
  • HKEY_CURRENT_USER\Software\Microsoft\SQMClient\UserId
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\AdminTabProcs
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameMerging
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SQM\ServerFreezeOnUpload
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\IE_Study_Machine_ID
Registry Key-Written
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SQM\ServerFreezeOnUpload
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SQM\PIDs\PID_4776
Mutex-Accessed
  • IESQM-4776_S-1-5-21-3416602863-1947377224-293699093-1003
  • Local\IExplore.Sqm.psenr

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 484, Parent PID: 388

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\HARRYD~1\AppData\Local\Temp\SEOReport.html PID: 4776, Parent PID: 4752

Volatility

Nothing to display.