'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2018-09-19 21:00:02.279233 2018-09-19 21:00:54.290068 52 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo2 win7 Clone 2 VirtualBox 2018-09-19 21:00:03 2018-09-19 21:00:54

File Details

File name 0af26103693a29ff07c125e7763c8ac0128c328d.zip
File size 2068312 bytes
File type Zip archive data, at least v1.0 to extract
CRC32 1E99486B
MD5 2eba0ff6eb8226ce59493bc20965c4f3
SHA1 0af26103693a29ff07c125e7763c8ac0128c328d
SHA256 542c2f33cc79e8b437eaca249f9fe03a49073f2c90b531305c9a2b641efc5fe1
SHA512 c6c992ec478f24e7e4217be57506f4e0f7dce8a70b287b00d27c034d7e0b0601557e32ed952f4e58cc8ee8cc93c8b925669a1d64a8189b13d0cfea1dc802c670
Ssdeep None
PEiD None matched
Yara None matched
VirusTotal File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=75, Anomalies=0, PEiD=0, Yara=0, VT[1537405260]=0): Snort Events=0, AV Events=0
Total Score=75

Dropped File/Buffer Yara Signatures:
XmpUtility.dll: vmdetect

Signatures

nolookup_communication details

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

XmpUtility.dll

Network Analysis

Hosts Involved

DNS Requests

Behavior Summary

File-Opened
  • C:\Windows\System32\en-US\KERNELBASE.dll.mui
Registry Key-Read
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 484, Parent PID: 388

"C:\Windows\System32\rundll32.exe" C : \ U s e r s \ H A R R Y D ~ 1 \ A p p D a t a \ L o c a l \ T e m p \ U p d a t e X L 9 P l a y I t e m / X m p U t i l i t y . d l l , D l l M a i n PID: 4936, Parent PID: 4912

Volatility

Nothing to display.