分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
URL win7-sp1-x64-hpdapp01-1 2020-02-16 23:15:28 2020-02-16 23:17:48 140 秒

魔盾分数

4.3

可疑的

URL详细信息

URL
URL专业沙箱检测 -> http://www.fcpainchina.com/sheask/
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.gstatic.com A 203.208.41.87
A 203.208.41.95
A 203.208.41.88
A 203.208.41.79

摘要

登录查看详细行为信息

WHOIS 信息

Name: None
Country: CN
State: Shanghai
City: None
ZIP Code: None
Address: None

Orginization: None
Domain Name(s):
    FCPAINCHINA.COM
    fcpainchina.com
Creation Date:
    2017-03-27 02:43:58
Updated Date:
    2019-03-11 09:19:46
Expiration Date:
    2020-03-27 02:43:58
Email(s):
    DomainAbuse@service.aliyun.com

Registrar(s):
    Alibaba Cloud Computing (Beijing) Co., Ltd.
Name Server(s):
    DNS21.HICHINA.COM
    DNS22.HICHINA.COM
Referral URL(s):
    None
没有防病毒引擎扫描信息!

进程树

chrome.exe, PID: 2644, 上一级进程 PID: 2356
chrome.exe, PID: 2924, 上一级进程 PID: 2644
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49167 203.208.41.88 www.gstatic.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 64912 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.gstatic.com A 203.208.41.87
A 203.208.41.95
A 203.208.41.88
A 203.208.41.79

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49167 203.208.41.88 www.gstatic.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 64912 192.168.122.1 53

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2020-02-16 23:16:08.208666+0800 192.168.122.201 49167 203.208.41.88 443 TLS 1.1 C=US, O=Google Trust Services, CN=GTS CA 1O1 C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com 3f:67:e2:30:08:19:3f:49:59:23:6b:c5:e1:51:dc:43:ad:dc:11:73

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 57.011 seconds )

  • 39.159 BehaviorAnalysis
  • 15.592 Suricata
  • 1.462 NetworkAnalysis
  • 0.659 Static
  • 0.136 AnalysisInfo
  • 0.003 Memory

Signatures ( 15.279 seconds )

  • 2.266 mimics_filetime
  • 2.196 api_spamming
  • 2.057 stealth_timeout
  • 0.894 antivm_generic_disk
  • 0.875 stealth_file
  • 0.833 virus
  • 0.725 bootkit
  • 0.602 antiav_detectreg
  • 0.48 antivm_generic_scsi
  • 0.432 hancitor_behavior
  • 0.313 antivm_generic_services
  • 0.292 anormaly_invoke_kills
  • 0.27 infostealer_ftp
  • 0.253 maldun_anomaly_massive_file_ops
  • 0.235 injection_createremotethread
  • 0.183 stack_pivot
  • 0.177 antiav_detectfile
  • 0.16 infostealer_im
  • 0.145 injection_runpe
  • 0.127 antianalysis_detectreg
  • 0.126 infostealer_bitcoin
  • 0.094 antidbg_windows
  • 0.092 infostealer_mail
  • 0.084 ransomware_extensions
  • 0.082 rat_luminosity
  • 0.075 injection_explorer
  • 0.071 antivm_vbox_files
  • 0.055 vawtrak_behavior
  • 0.052 ransomware_files
  • 0.044 process_needed
  • 0.039 kibex_behavior
  • 0.034 betabot_behavior
  • 0.032 antidbg_devices
  • 0.031 antivm_xen_keys
  • 0.031 darkcomet_regkeys
  • 0.03 antivm_parallels_keys
  • 0.03 geodo_banking_trojan
  • 0.029 rat_pcclient
  • 0.027 kovter_behavior
  • 0.025 recon_fingerprint
  • 0.024 infostealer_browser_password
  • 0.023 hawkeye_behavior
  • 0.023 antivm_vbox_window
  • 0.022 network_tor
  • 0.02 ipc_namedpipe
  • 0.02 antivm_generic_diskreg
  • 0.019 h1n1_behavior
  • 0.017 securityxploded_modules
  • 0.017 antisandbox_productid
  • 0.016 ransomware_message
  • 0.016 antisandbox_script_timer
  • 0.015 md_domain_bl
  • 0.014 sets_autoconfig_url
  • 0.014 anomaly_persistence_autorun
  • 0.014 antivm_vmware_files
  • 0.014 codelux_behavior
  • 0.014 md_url_bl
  • 0.013 antiemu_wine_func
  • 0.013 antivm_vbox_libs
  • 0.013 kazybot_behavior
  • 0.011 deletes_self
  • 0.011 antivm_vbox_keys
  • 0.011 antivm_vmware_keys
  • 0.01 TrickBotTaskDelete
  • 0.01 bypass_firewall
  • 0.01 sniffer_winpcap
  • 0.01 antivm_xen_keys
  • 0.01 antivm_hyperv_keys
  • 0.01 antivm_vbox_acpi
  • 0.01 antivm_vpc_keys
  • 0.01 maldun_anormaly_invoke_vb_vba
  • 0.01 packer_armadillo_regkey
  • 0.009 rat_nanocore
  • 0.009 disables_wfp
  • 0.009 recon_programs
  • 0.008 antivm_generic_bios
  • 0.008 antivm_generic_cpu
  • 0.008 antivm_generic_system
  • 0.007 removes_zoneid_ads
  • 0.007 disables_spdy
  • 0.007 antisandbox_sunbelt_libs
  • 0.007 exec_crash
  • 0.007 antivm_vpc_files
  • 0.007 malicous_targeted_flame
  • 0.007 network_tor_service
  • 0.006 tinba_behavior
  • 0.006 antiav_avast_libs
  • 0.006 upatre_behavior
  • 0.006 infostealer_browser
  • 0.006 ransomware_file_modifications
  • 0.006 banker_cridex
  • 0.005 antisandbox_sboxie_libs
  • 0.005 antiav_bitdefender_libs
  • 0.005 shifu_behavior
  • 0.004 antianalysis_detectfile
  • 0.004 antisandbox_sunbelt_files
  • 0.004 stealth_web_history
  • 0.003 antivm_vmware_libs
  • 0.003 cerber_behavior
  • 0.003 spreading_autoruninf
  • 0.003 bitcoin_opencl
  • 0.003 disables_browser_warn
  • 0.003 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.003 network_torgateway
  • 0.002 network_anomaly
  • 0.002 antisandbox_fortinet_files
  • 0.002 antisandbox_threattrack_files
  • 0.002 antivm_vbox_devices
  • 0.002 browser_security
  • 0.002 md_bad_drop
  • 0.002 ransomware_radamant
  • 0.001 dridex_behavior
  • 0.001 stealth_network
  • 0.001 ursnif_behavior
  • 0.001 anomaly_persistence_ads
  • 0.001 modifies_hostfile
  • 0.001 antisandbox_cuckoo_files
  • 0.001 antisandbox_joe_anubis_files
  • 0.001 antivm_vmware_devices
  • 0.001 antiemu_wine_reg
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 ie_martian_children
  • 0.001 maldun_network_blacklist
  • 0.001 stealth_modify_uac_prompt
  • 0.001 whois_create

Reporting ( 0.82 seconds )

  • 0.82 ReportHTMLSummary
Task ID 511746
Mongo ID 5e495e032f8f2e0df46c6e4a
Cuckoo release 1.4-Maldun