'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2018-10-11 21:31:12.409305 2018-10-11 21:33:36.807822 144 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2018-10-11 21:31:23 2018-10-11 21:33:36

File Details

File name c5756170c44e01afc08949acf0d7cc705a74a12f.zip
File size 23007077 bytes
File type Zip archive data, at least v1.0 to extract
CRC32 DF0C7628
MD5 f34e09e636921b1721b1bb8051dd81cc
SHA1 c5756170c44e01afc08949acf0d7cc705a74a12f
SHA256 cd527d03d802a0fd6c430b11caf16e0590e193ae511f51bf8658b66f1ed36fc9
SHA512 3fc66b581d833881115b5ccda8b92967ff1bb645dd311853e93dbc8598db3bc23ab0f1cff0516665ce788b14fb504796f318378f0ec1c560e4b3a4586cde8a3e
Ssdeep None
PEiD None matched
Yara None matched
VirusTotal Permalink
VirusTotal Scan Date: 2018-08-04 00:21:26
Detection Rate: 3/62 (Expand)

MetaFlows Scores

Metaflows Analysis Results (Signatures=75, Anomalies=0, PEiD=0, Yara=0, VT[1539308066]=0): Snort Events=0, AV Events=0
Total Score=75

Signatures

console_output details
nolookup_communication details

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

tsproc.exe

Network Analysis

Hosts Involved

DNS Requests

HTTP Requests

Behavior Summary

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 480, Parent PID: 384

"C:\Users\Harry Dresden\AppData\Local\Temp\sw\tsproc.exe" PID: 3172, Parent PID: 4080

Volatility

Nothing to display.