metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2018-10-11 21:31:12.409305 2018-10-11 21:33:36.807822 144 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2018-10-11 21:31:23 2018-10-11 21:33:36

File Details

File name c5756170c44e01afc08949acf0d7cc705a74a12f.zip
File size 23007077 bytes
File type Zip archive data, at least v1.0 to extract
CRC32 DF0C7628
MD5 f34e09e636921b1721b1bb8051dd81cc
SHA1 c5756170c44e01afc08949acf0d7cc705a74a12f
SHA256 cd527d03d802a0fd6c430b11caf16e0590e193ae511f51bf8658b66f1ed36fc9
SHA512 3fc66b581d833881115b5ccda8b92967ff1bb645dd311853e93dbc8598db3bc23ab0f1cff0516665ce788b14fb504796f318378f0ec1c560e4b3a4586cde8a3e
Ssdeep None
PEiD None matched
Yara None matched
VirusTotal Permalink
VirusTotal Scan Date: 2018-08-04 00:21:26
Detection Rate: 3/62 (Expand)

MetaFlows Scores

Metaflows Analysis Results (Signatures=75, Anomalies=0, PEiD=0, Yara=0, VT[1539308066]=0): Snort Events=0, AV Events=0
Total Score=75


console_output details
nolookup_communication details


No screenshots available.

Static Analysis

Nothing to display.

Dropped Files


Network Analysis

Hosts Involved

DNS Requests

HTTP Requests

Behavior Summary


registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 480, Parent PID: 384

"C:\Users\Harry Dresden\AppData\Local\Temp\sw\tsproc.exe" PID: 3172, Parent PID: 4080


Nothing to display.