'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2018-05-23 09:22:57.624093 2018-05-23 09:23:23.260323 25 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2018-05-23 09:22:58 2018-05-23 09:23:23

File Details

File name b8dd02bc4cf897f5c132ae8d97e5e59da3c121ce.exe
File size 1130840 bytes
File type PE32 executable (GUI) Intel 80386, for MS Windows
CRC32 54A8436E
MD5 75fd2a2fd70950cb12563c52fb5724e7
SHA1 b8dd02bc4cf897f5c132ae8d97e5e59da3c121ce
SHA256 7e98744b846702aef83dd73e9255a1222c4081d5c8e8dd6e7081980bc150114e
SHA512 397f9c31a0c564a7b1634003e1837b1b0b47919b3ad41df2098e8d97644cc0dd246ff2298bc65e25c1c5af238ba7067dd9bea3c8fd8e5e8520d03413c254191e
Ssdeep None
PEiD None matched
Yara None matched
VirusTotal File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=75, Anomalies=0, PEiD=0, Yara=0, VT[1527081809]=0): Snort Events=0, AV Events=0
Total Score=75

Signatures

has_pdb details
pe_features details
raises_exception details
origin_langid details
packer_entropy details
nolookup_communication details

Screenshots

No screenshots available.

Static Analysis

Version Infos

Sections

Resources

Imports

Strings

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

DNS Requests

HTTP Requests

Behavior Summary

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 480, Parent PID: 384

"C:\Users\Harry Dresden\AppData\Local\Temp\b8dd02bc4cf897f5c132ae8d97e5e59da3c121ce.exe" PID: 572, Parent PID: 2264

Volatility

Nothing to display.