分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
URL win7-sp1-x64-hpdapp01-1 2020-02-18 00:06:12 2020-02-18 00:08:29 137 秒

魔盾分数

4.3

可疑的

URL详细信息

URL
URL专业沙箱检测 -> http://cn126.com

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.gstatic.com A 203.208.43.120
A 203.208.43.127
A 203.208.43.111
A 203.208.43.119

摘要

登录查看详细行为信息

WHOIS 信息

Name: Domain Admin
Country: Malaysia
State: Wilayah Persekutuan
City: Kuala Lumpur
ZIP Code: 57000
Address: L4-E-2, Level 4, Enterprise 4, Technology Park Malaysia, Bukit Jalil

Orginization: Whoisprotection.cc
Domain Name(s):
    CN126.COM
    cn126.com
Creation Date:
    2005-09-22 02:27:26
    2005-09-21 18:27:26
Updated Date:
    2018-10-28 06:34:08
    2012-09-22 05:30:17
Expiration Date:
    2020-09-22 02:27:26
Email(s):
    compliance_abuse@webnic.cc
    reg_1214677@whoisprotection.cc
    adm_1214677@whoisprotection.cc
    tec_1214677@whoisprotection.cc

Registrar(s):
    WEBCC
Name Server(s):
    NS.CNKUAI.CN
    NS.CNKUAI.COM
    NS2.CNKUAI.CN
    NS2.CNKUAI.COM
    NS3.CNKUAI.CN
    NS3.CNKUAI.COM
Referral URL(s):
    None
没有防病毒引擎扫描信息!

进程树


chrome.exe, PID: 2636, 上一级进程 PID: 2332
chrome.exe, PID: 2904, 上一级进程 PID: 2636

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49168 203.208.43.111 www.gstatic.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 64912 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.gstatic.com A 203.208.43.120
A 203.208.43.127
A 203.208.43.111
A 203.208.43.119

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49168 203.208.43.111 www.gstatic.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 64912 192.168.122.1 53

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2020-02-18 00:06:48.277251+0800 192.168.122.201 49168 203.208.43.111 443 TLS 1.1 C=US, O=Google Trust Services, CN=GTS CA 1O1 C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com 3f:67:e2:30:08:19:3f:49:59:23:6b:c5:e1:51:dc:43:ad:dc:11:73

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 55.138 seconds )

  • 34.274 BehaviorAnalysis
  • 15.455 Suricata
  • 3.77 Static
  • 1.554 NetworkAnalysis
  • 0.082 AnalysisInfo
  • 0.003 Memory

Signatures ( 13.044 seconds )

  • 1.911 api_spamming
  • 1.806 stealth_timeout
  • 1.687 mimics_filetime
  • 0.741 antivm_generic_disk
  • 0.735 stealth_file
  • 0.696 virus
  • 0.602 bootkit
  • 0.602 antiav_detectreg
  • 0.443 antivm_generic_scsi
  • 0.357 hancitor_behavior
  • 0.292 antivm_generic_services
  • 0.277 anormaly_invoke_kills
  • 0.254 infostealer_ftp
  • 0.212 maldun_anomaly_massive_file_ops
  • 0.192 injection_createremotethread
  • 0.155 antiav_detectfile
  • 0.151 stack_pivot
  • 0.15 infostealer_im
  • 0.127 antianalysis_detectreg
  • 0.119 injection_runpe
  • 0.102 infostealer_bitcoin
  • 0.086 infostealer_mail
  • 0.076 antidbg_windows
  • 0.069 ransomware_extensions
  • 0.066 rat_luminosity
  • 0.062 injection_explorer
  • 0.057 antivm_vbox_files
  • 0.046 vawtrak_behavior
  • 0.044 ransomware_files
  • 0.037 kibex_behavior
  • 0.035 process_needed
  • 0.032 betabot_behavior
  • 0.031 antivm_parallels_keys
  • 0.03 antivm_xen_keys
  • 0.03 darkcomet_regkeys
  • 0.028 geodo_banking_trojan
  • 0.027 antidbg_devices
  • 0.025 recon_fingerprint
  • 0.024 rat_pcclient
  • 0.023 kovter_behavior
  • 0.02 infostealer_browser_password
  • 0.02 antivm_generic_diskreg
  • 0.019 hawkeye_behavior
  • 0.019 antivm_vbox_window
  • 0.018 network_tor
  • 0.018 ipc_namedpipe
  • 0.017 antisandbox_productid
  • 0.016 h1n1_behavior
  • 0.015 ransomware_message
  • 0.015 securityxploded_modules
  • 0.014 md_url_bl
  • 0.013 sets_autoconfig_url
  • 0.013 anomaly_persistence_autorun
  • 0.013 antisandbox_script_timer
  • 0.012 md_domain_bl
  • 0.011 antiemu_wine_func
  • 0.011 antivm_vbox_libs
  • 0.011 kazybot_behavior
  • 0.011 antivm_xen_keys
  • 0.011 antivm_hyperv_keys
  • 0.011 antivm_vbox_keys
  • 0.011 antivm_vmware_files
  • 0.011 antivm_vmware_keys
  • 0.011 codelux_behavior
  • 0.01 bypass_firewall
  • 0.01 antivm_vbox_acpi
  • 0.01 antivm_vpc_keys
  • 0.01 maldun_anormaly_invoke_vb_vba
  • 0.01 packer_armadillo_regkey
  • 0.009 deletes_self
  • 0.009 antivm_generic_system
  • 0.009 recon_programs
  • 0.008 rat_nanocore
  • 0.008 TrickBotTaskDelete
  • 0.008 disables_wfp
  • 0.008 sniffer_winpcap
  • 0.008 antivm_generic_bios
  • 0.008 antivm_generic_cpu
  • 0.007 disables_spdy
  • 0.006 removes_zoneid_ads
  • 0.006 antisandbox_sunbelt_libs
  • 0.006 exec_crash
  • 0.006 malicous_targeted_flame
  • 0.005 tinba_behavior
  • 0.005 antiav_avast_libs
  • 0.005 upatre_behavior
  • 0.005 ransomware_file_modifications
  • 0.005 antivm_vpc_files
  • 0.005 banker_cridex
  • 0.005 network_tor_service
  • 0.004 infostealer_browser
  • 0.004 antisandbox_sboxie_libs
  • 0.004 antiav_bitdefender_libs
  • 0.004 shifu_behavior
  • 0.004 antianalysis_detectfile
  • 0.003 antivm_vmware_libs
  • 0.003 cerber_behavior
  • 0.003 spreading_autoruninf
  • 0.003 antisandbox_sunbelt_files
  • 0.003 disables_browser_warn
  • 0.003 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.003 network_torgateway
  • 0.003 stealth_web_history
  • 0.002 antivm_vbox_devices
  • 0.002 bitcoin_opencl
  • 0.002 browser_security
  • 0.002 md_bad_drop
  • 0.001 network_anomaly
  • 0.001 dridex_behavior
  • 0.001 stealth_network
  • 0.001 ursnif_behavior
  • 0.001 anomaly_persistence_ads
  • 0.001 modifies_hostfile
  • 0.001 antisandbox_cuckoo_files
  • 0.001 antisandbox_fortinet_files
  • 0.001 antisandbox_joe_anubis_files
  • 0.001 antisandbox_threattrack_files
  • 0.001 antiemu_wine_reg
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 ie_martian_children
  • 0.001 ransomware_radamant
  • 0.001 stealth_modify_uac_prompt
  • 0.001 whois_create

Reporting ( 0.809 seconds )

  • 0.809 ReportHTMLSummary
Task ID 512408
Mongo ID 5e4abb522f8f2e0dfc6c7b08
Cuckoo release 1.4-Maldun