恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
URL	win7-sp1-x64-hpdapp01-2	2020-02-16 09:17:50	2020-02-16 09:20:51	181 秒

魔盾分数

10.0

危险的

URL详细信息

URL
URL专业沙箱检测 -> http://61.147.103.121:6003/index.html

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

URL分析
防病毒引擎

WHOIS 信息

Name: None
Country: None
State: None
City: None
ZIP Code: None
Address: None

Orginization: None
Domain Name(s):
    None
Creation Date:
    None
Updated Date:
    None
Expiration Date:
    None
Email(s):
    None

Registrar(s):
    None
Name Server(s):
    None
Referral URL(s):
    None

没有防病毒引擎扫描信息!

进程树

搜索
iexplore.exe (2636)

iexplore.exe, PID: 2636, 上一级进程 PID: 2344

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址	源端口	目标地址	目标端口
192.168.122.202	49160	61.147.103.121	6003

UDP

无UDP连接纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址	源端口	目标地址	目标端口
192.168.122.202	49160	61.147.103.121	6003

UDP

无UDP连接纪录.

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://61.147.103.121:6003/index.html	GET /index.html HTTP/1.1 Accept: / Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: 61.147.103.121:6003 Connection: Keep-Alive
URL专业沙箱检测 -> http://61.147.103.121:6003/movie.swf	GET /movie.swf HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://61.147.103.121:6003/index.html x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: 61.147.103.121:6003 Connection: Keep-Alive Cookie: HFS_SID=0.346712718019262
URL专业沙箱检测 -> http://61.147.103.121:6003/favicon.ico	GET /favicon.ico HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: 61.147.103.121:6003 Connection: Keep-Alive Cookie: HFS_SID=0.346712718019262

URI

HTTP数据

URL专业沙箱检测 -> http://61.147.103.121:6003/index.html

GET /index.html HTTP/1.1
Accept: */*
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: 61.147.103.121:6003
Connection: Keep-Alive

URL专业沙箱检测 -> http://61.147.103.121:6003/movie.swf

GET /movie.swf HTTP/1.1
Accept: */*
Accept-Language: zh-CN
Referer: http://61.147.103.121:6003/index.html
x-flash-version: 24,0,0,194
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 61.147.103.121:6003
Connection: Keep-Alive
Cookie: HFS_SID=0.346712718019262

URL专业沙箱检测 -> http://61.147.103.121:6003/favicon.ico

GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 61.147.103.121:6003
Connection: Keep-Alive
Cookie: HFS_SID=0.346712718019262

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

Timestamp	Source IP	Source Port	Destination IP	Destination Port	Protocol	SID	Signature	Category
2020-02-16 09:19:11.328515+0800	61.147.103.121	6003	192.168.122.202	49160	TCP	2021710	ET CURRENT_EVENTS HT SWF Exploit RIP M2	A Network Trojan was detected
2020-02-16 09:19:11.330356+0800	192.168.122.202	49160	61.147.103.121	6003	TCP	2014726	ET POLICY Outdated Flash Version M1	Potential Corporate Privacy Violation
2020-02-16 09:19:11.330356+0800	192.168.122.202	49160	61.147.103.121	6003	TCP	2021414	ET CURRENT_EVENTS Suspicious SWF filename movie(dot)swf in doc root	A Network Trojan was detected

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 26.412 seconds )

15.651 Suricata
10.086 Static
0.533 NetworkAnalysis
0.13 AnalysisInfo
0.007 BehaviorAnalysis
0.005 Memory

Signatures ( 2.266 seconds )

2.137 md_url_bl
0.018 md_domain_bl
0.017 antiav_detectreg
0.01 anomaly_persistence_autorun
0.008 antiav_detectfile
0.007 infostealer_ftp
0.006 ransomware_files
0.005 geodo_banking_trojan
0.005 infostealer_im
0.005 ransomware_extensions
0.004 tinba_behavior
0.004 infostealer_bitcoin
0.003 rat_nanocore
0.003 antianalysis_detectreg
0.003 antivm_vbox_files
0.003 disables_browser_warn
0.003 infostealer_mail
0.003 ie_martian_children
0.002 cerber_behavior
0.002 browser_security
0.002 md_bad_drop
0.001 network_tor
0.001 betabot_behavior
0.001 ursnif_behavior
0.001 kibex_behavior
0.001 shifu_behavior
0.001 antianalysis_detectfile
0.001 antivm_parallels_keys
0.001 antivm_xen_keys
0.001 banker_zeus_mutex
0.001 bot_drive
0.001 bot_drive2
0.001 browser_addon
0.001 disables_system_restore
0.001 disables_windows_defender
0.001 maldun_malicious_drop_executable_file_to_temp_folder
0.001 stealth_modify_uac_prompt

Reporting ( 0.793 seconds )

0.793 ReportHTMLSummary


Task ID	511602
Mongo ID	5e4899172f8f2e78390d87cd
Cuckoo release	1.4-Maldun