'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2018-09-18 07:26:18.989002 2018-09-18 07:27:43.893995 84 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo2 win7 Clone 2 VirtualBox 2018-09-18 07:26:19 2018-09-18 07:27:40

File Details

File name Payment Form1.exe
File size 717312 bytes
File type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
CRC32 14BBC23A
MD5 6f86f78b047b17e628de30368782c6d8
SHA1 3fc6f6973bfa648b941599d0c769b7ffc3f39b7c
SHA256 8478b1f1a556d47bedb769a22b5a604eb36419639a43ee1580e6722c1794f985
SHA512 380cd7a42976a75c696008825255c1f8f5b236e7a2bd01182fa6d5b75be8a6a37410776cd2b650676f10025a18386a657cdba132d200e05bcd49f9fee04f2e40
Ssdeep None
PEiD None matched
Yara None matched
VirusTotal File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=125, Anomalies=0, PEiD=0, Yara=0, VT[1537270171]=0): Snort Events=2, AV Events=0
Total Score=125

SNORT EVENTS:
ETPRO TROJAN MSIL/Golroted.B or HawkEye External IP Check with minimal headers
ETPRO POLICY Internal Host Retrieving External IP via whatismyipaddress.com - Possible Infection

Dropped File/Buffer Yara Signatures:
0e8e5e983466a334294d7b2cc6a419e00bf08603 [BUFFER]: embedded_pe
0e8e5e983466a334294d7b2cc6a419e00bf08603 [BUFFER]: embedded_win_api
0e8e5e983466a334294d7b2cc6a419e00bf08603 [BUFFER]: shellcode
0e8e5e983466a334294d7b2cc6a419e00bf08603 [BUFFER]: with_sqlite
2f13dd81862c0865733b9e3fd17972149e1f9152 [BUFFER]: shellcode
b19ed8854b5e281555025565e8dc6a9b7c931b7c [BUFFER]: embedded_win_api

Signatures

antivm_queries_computername details
antivm_memory_available details
raises_exception details
dumped_buffer details
create_process_suspended details
openprocess_nonchild details
recon_checkip details
Roaming_Profile_Modified details
Security_Cache_Tampering details
Hidden_Files_Registry_Key_Accessed details
network_bind details
allocates_rwx details
recon_checkip details
antivm_network_adapters details
packer_entropy details
privilege_luid_check details
memdump_urls details
injection_resumethread details
known_malware_mutex details
nolookup_communication details
antisandbox_sleep details
has_wmi details
infostealer_im details
injection_thread details
injection_write_memory details
injection_write_memory_exe details
infostealer_mail details
stealth_hiddenfile details
antisandbox_unhook details
injection_runpe details

Screenshots

No screenshots available.

Static Analysis

Version Infos

Sections

Resources

Imports

Strings