分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
URL win7-sp1-x64-hpdapp01-1 2020-07-02 11:11:56 2020-07-02 11:14:10 134 秒

魔盾分数

4.3

可疑的

URL详细信息

URL
URL专业沙箱检测 -> http://johnhop77.ddns.net
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.gstatic.com A 203.208.39.226

摘要

登录查看详细行为信息

WHOIS 信息

Name: Dan Durrer
Country: US
State: NV
City: Reno
ZIP Code: 89511
Address: 425 Maestro  Dr. Second Floor

Orginization: No-IP.com
Domain Name(s):
    DDNS.NET
    ddns.net
Creation Date:
    2001-06-28 16:04:59
Updated Date:
    2020-02-07 16:50:29
Expiration Date:
    2022-06-28 16:04:59
Email(s):
    abuse@web.com
    domains@no-ip.com

Registrar(s):
    TLDS LLC. d/b/a SRSPlus
Name Server(s):
    NF1.NO-IP.COM
    NF2.NO-IP.COM
    NF3.NO-IP.COM
    NF4.NO-IP.COM
    nf2.no-ip.com
    nf1.no-ip.com
    nf4.no-ip.com
    nf3.no-ip.com
Referral URL(s):
    None
没有防病毒引擎扫描信息!

进程树

chrome.exe, PID: 2664, 上一级进程 PID: 2332
chrome.exe, PID: 2944, 上一级进程 PID: 2664
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49169 203.208.39.226 www.gstatic.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 64912 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.gstatic.com A 203.208.39.226

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49169 203.208.39.226 www.gstatic.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 64912 192.168.122.1 53

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2020-07-02 11:12:27.737593+0800 192.168.122.201 49169 203.208.39.226 443 TLS 1.1 C=US, O=Google Trust Services, CN=GTS CA 1O1 C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.gstatic.com d7:11:9e:14:e9:53:04:2a:e6:cc:c1:48:e4:91:21:e9:64:4e:03:fc

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 45.737 seconds )

  • 25.512 BehaviorAnalysis
  • 15.514 Suricata
  • 2.868 NetworkAnalysis
  • 1.696 Static
  • 0.144 AnalysisInfo
  • 0.003 Memory

Signatures ( 9.615 seconds )

  • 1.358 api_spamming
  • 1.293 stealth_timeout
  • 1.072 mimics_filetime
  • 0.546 stealth_file
  • 0.546 antivm_generic_disk
  • 0.546 antiav_detectreg
  • 0.502 virus
  • 0.446 bootkit
  • 0.323 antivm_generic_scsi
  • 0.262 hancitor_behavior
  • 0.221 infostealer_ftp
  • 0.209 antivm_generic_services
  • 0.199 anormaly_invoke_kills
  • 0.156 maldun_anomaly_massive_file_ops
  • 0.138 injection_createremotethread
  • 0.129 infostealer_im
  • 0.115 antianalysis_detectreg
  • 0.113 stack_pivot
  • 0.106 antiav_detectfile
  • 0.087 injection_runpe
  • 0.074 infostealer_bitcoin
  • 0.074 infostealer_mail
  • 0.057 ransomware_extensions
  • 0.054 antidbg_windows
  • 0.048 rat_luminosity
  • 0.045 injection_explorer
  • 0.043 antivm_vbox_files
  • 0.033 kibex_behavior
  • 0.033 vawtrak_behavior
  • 0.033 ransomware_files
  • 0.028 betabot_behavior
  • 0.027 antivm_parallels_keys
  • 0.027 antivm_xen_keys
  • 0.027 darkcomet_regkeys
  • 0.025 process_needed
  • 0.025 geodo_banking_trojan
  • 0.023 md_url_bl
  • 0.023 recon_fingerprint
  • 0.021 md_domain_bl
  • 0.019 antidbg_devices
  • 0.018 kovter_behavior
  • 0.018 antivm_generic_diskreg
  • 0.017 rat_pcclient
  • 0.016 infostealer_browser_password
  • 0.015 antisandbox_productid
  • 0.014 hawkeye_behavior
  • 0.014 network_tor
  • 0.014 ipc_namedpipe
  • 0.013 antivm_vbox_window
  • 0.012 ransomware_message
  • 0.012 h1n1_behavior
  • 0.012 securityxploded_modules
  • 0.012 packer_armadillo_regkey
  • 0.011 sets_autoconfig_url
  • 0.011 anomaly_persistence_autorun
  • 0.01 antisandbox_script_timer
  • 0.01 antivm_vbox_keys
  • 0.01 antivm_vmware_keys
  • 0.009 antiemu_wine_func
  • 0.009 antivm_vbox_libs
  • 0.009 bypass_firewall
  • 0.009 antivm_xen_keys
  • 0.009 antivm_hyperv_keys
  • 0.009 antivm_vbox_acpi
  • 0.009 antivm_vpc_keys
  • 0.009 maldun_anomaly_invoke_vb_vba
  • 0.008 kazybot_behavior
  • 0.008 antivm_vmware_files
  • 0.008 codelux_behavior
  • 0.008 recon_programs
  • 0.007 rat_nanocore
  • 0.007 antivm_generic_bios
  • 0.007 antivm_generic_cpu
  • 0.007 antivm_generic_system
  • 0.006 TrickBotTaskDelete
  • 0.006 deletes_self
  • 0.006 disables_wfp
  • 0.006 sniffer_winpcap
  • 0.006 network_tor_service
  • 0.005 disables_spdy
  • 0.005 network_torgateway
  • 0.004 removes_zoneid_ads
  • 0.004 tinba_behavior
  • 0.004 antiav_avast_libs
  • 0.004 antisandbox_sunbelt_libs
  • 0.004 shifu_behavior
  • 0.004 exec_crash
  • 0.004 antivm_vpc_files
  • 0.004 banker_cridex
  • 0.004 malicous_targeted_flame
  • 0.003 upatre_behavior
  • 0.003 infostealer_browser
  • 0.003 antisandbox_sboxie_libs
  • 0.003 antiav_bitdefender_libs
  • 0.003 ransomware_file_modifications
  • 0.003 cerber_behavior
  • 0.003 antianalysis_detectfile
  • 0.003 disables_browser_warn
  • 0.003 md_bad_drop
  • 0.002 network_anomaly
  • 0.002 antivm_vmware_libs
  • 0.002 spreading_autoruninf
  • 0.002 antisandbox_sunbelt_files
  • 0.002 bitcoin_opencl
  • 0.002 browser_security
  • 0.002 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.002 stealth_web_history
  • 0.001 dridex_behavior
  • 0.001 stealth_network
  • 0.001 ursnif_behavior
  • 0.001 modifies_hostfile
  • 0.001 antisandbox_fortinet_files
  • 0.001 antisandbox_threattrack_files
  • 0.001 antivm_vbox_devices
  • 0.001 antiemu_wine_reg
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 ie_martian_children
  • 0.001 office_security
  • 0.001 ransomware_radamant
  • 0.001 stealth_modify_uac_prompt
  • 0.001 whois_create

Reporting ( 0.901 seconds )

  • 0.901 ReportHTMLSummary
Task ID 556953
Mongo ID 5efd51a72f8f2e0b60a3eda7
Cuckoo release 1.4-Maldun