恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-hpdapp01-1	2020-07-05 22:37:21	2020-07-05 22:39:59	158 秒

魔盾分数

10.0

危险的

文件详细信息

文件名	Lantern.rar ==> lantern.exe
文件大小	15730495 字节
文件类型	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	16972c0f11f1fd1c5fabacf337c3dd1b
SHA1	4f1de06b2755996b20cc9e5903cb2a21e6ab2e9e
SHA256	4f2b6737a0d09517d9fd253ed827655fc785c1081808ce46acd0742b658e0bc9
SHA512	7fefd4d052d0075f7e34fc027e76938df2ec771c4c9dedd31a490264d11e069a921239438cecae272fd5c44279cfbc5cab894c8d9de4a33c3acba1ef3ff7e928
CRC32	FF6B3854
Ssdeep	393216:54YDp64DRwZMEy/ovR9wpWj3VRfwlHoRfuTP66NT7OK:5qvRc
Yara	登录查看Yara规则
	样本下载提交误报

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
raw.githubusercontent.com	CNAME github.map.fastly.net A 151.101.228.133
s3.amazonaws.com	A 52.217.40.46 CNAME s3-1.amazonaws.com
ssl.google-analytics.com	A 203.208.39.233 CNAME ssl-google-analytics.l.google.com
globalconfig.flashlightproxy.com	A 172.67.201.157 A 104.18.45.99 A 104.18.44.99
www.google-analytics.com	CNAME www-google-analytics.l.google.com A 203.208.50.65

摘要

登录查看详细行为信息

没有信息显示.

^4N:Q
qF`gT3B6w
b~HUt

没有防病毒引擎扫描信息!

进程树

lantern.exe id: 1716
- cmd.exe id: 2428
- lantern.exe id: 1232
  - cmd.exe id: 3008
  - cmd.exe id: 2920
  - cmd.exe id: 2752

cmd.exe, PID: 3020, 上一级进程 PID: 2348

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

lantern.exe, PID: 1716, 上一级进程 PID: 3020

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

cmd.exe, PID: 2428, 上一级进程 PID: 1716

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

lantern.exe, PID: 1232, 上一级进程 PID: 1716

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

cmd.exe, PID: 3008, 上一级进程 PID: 1232

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

cmd.exe, PID: 2920, 上一级进程 PID: 1232

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

cmd.exe, PID: 2752, 上一级进程 PID: 1232

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

sysproxy-cmd.exe, PID: 612, 上一级进程 PID: 1232

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

sysproxy-cmd.exe, PID: 2224, 上一级进程 PID: 1232

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

rundll32.exe, PID: 2840, 上一级进程 PID: 1232

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49168	104.84.152.216	443
192.168.122.201	49167	104.89.124.231	443
192.168.122.201	49175	104.89.124.49	443
192.168.122.201	49209	13.224.0.157	443
192.168.122.201	49238	13.224.2.124	443
192.168.122.201	49179	13.249.2.130	443
192.168.122.201	49231	13.249.6.78	443
192.168.122.201	49243	13.35.1.23	443
192.168.122.201	49188	13.35.1.44	443
192.168.122.201	49208	13.35.6.177	443
192.168.122.201	49232	143.204.2.35	443
192.168.122.201	49173	184.150.157.129	443
192.168.122.201	49170	184.28.220.48	443
192.168.122.201	49192	184.28.220.48	443
192.168.122.201	49225	184.28.220.48	443
192.168.122.201	49172	2.21.34.11	443
192.168.122.201	49202	2.21.34.11	443
192.168.122.201	49235	2.21.34.11	443
192.168.122.201	49174	2.21.76.185	443
192.168.122.201	49211	2.21.76.92	443
192.168.122.201	49222	20.194.3.251	443
192.168.122.201	49247	20.194.3.251	443
192.168.122.201	49217	204.246.164.207	443
192.168.122.201	49182	204.246.164.4	443
192.168.122.201	49183	204.246.169.89	443
192.168.122.201	49184	205.251.206.32	443
192.168.122.201	49204	205.251.206.93	443
192.168.122.201	49191	205.251.213.5	443
192.168.122.201	49193	23.43.56.95	443
192.168.122.201	49176	23.55.110.158	443
192.168.122.201	49169	23.55.161.187	443
192.168.122.201	49218	52.217.40.46 s3.amazonaws.com	443
192.168.122.201	49244	52.222.129.31	443
192.168.122.201	49177	52.222.129.82	443
192.168.122.201	49178	52.222.131.149	443
192.168.122.201	49189	52.222.131.223	443
192.168.122.201	49190	52.222.132.120	443
192.168.122.201	49213	52.222.132.226	443
192.168.122.201	49239	52.222.132.227	443
192.168.122.201	49212	52.222.132.43	443
192.168.122.201	49233	52.222.133.133	443
192.168.122.201	49242	54.182.1.111	443
192.168.122.201	49230	54.182.2.105	443
192.168.122.201	49214	54.182.5.75	443
192.168.122.201	49185	54.182.6.35	443
192.168.122.201	49224	54.239.130.67	443
192.168.122.201	49207	95.100.252.11	443
192.168.122.201	49171	95.100.252.43	443
192.168.122.201	49181	99.84.2.73	443
192.168.122.201	49236	99.84.5.156	443
192.168.122.201	49241	99.84.5.88	443
192.168.122.201	49215	99.84.5.98	443
192.168.122.201	49240	99.86.0.77	443
192.168.122.201	49180	99.86.2.143	443
192.168.122.201	49227	99.86.4.151	443
192.168.122.201	49234	99.86.4.151	443
192.168.122.201	49237	99.86.6.44	443

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	49310	192.168.122.1	53
192.168.122.201	49608	192.168.122.1	53
192.168.122.201	51856	192.168.122.1	53
192.168.122.201	58897	192.168.122.1	53
192.168.122.201	64912	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
raw.githubusercontent.com	CNAME github.map.fastly.net A 151.101.228.133
s3.amazonaws.com	A 52.217.40.46 CNAME s3-1.amazonaws.com
ssl.google-analytics.com	A 203.208.39.233 CNAME ssl-google-analytics.l.google.com
globalconfig.flashlightproxy.com	A 172.67.201.157 A 104.18.45.99 A 104.18.44.99
www.google-analytics.com	CNAME www-google-analytics.l.google.com A 203.208.50.65

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49168	104.84.152.216	443
192.168.122.201	49167	104.89.124.231	443
192.168.122.201	49175	104.89.124.49	443
192.168.122.201	49209	13.224.0.157	443
192.168.122.201	49238	13.224.2.124	443
192.168.122.201	49179	13.249.2.130	443
192.168.122.201	49231	13.249.6.78	443
192.168.122.201	49243	13.35.1.23	443
192.168.122.201	49188	13.35.1.44	443
192.168.122.201	49208	13.35.6.177	443
192.168.122.201	49232	143.204.2.35	443
192.168.122.201	49173	184.150.157.129	443
192.168.122.201	49170	184.28.220.48	443
192.168.122.201	49192	184.28.220.48	443
192.168.122.201	49225	184.28.220.48	443
192.168.122.201	49172	2.21.34.11	443
192.168.122.201	49202	2.21.34.11	443
192.168.122.201	49235	2.21.34.11	443
192.168.122.201	49174	2.21.76.185	443
192.168.122.201	49211	2.21.76.92	443
192.168.122.201	49222	20.194.3.251	443
192.168.122.201	49247	20.194.3.251	443
192.168.122.201	49217	204.246.164.207	443
192.168.122.201	49182	204.246.164.4	443
192.168.122.201	49183	204.246.169.89	443
192.168.122.201	49184	205.251.206.32	443
192.168.122.201	49204	205.251.206.93	443
192.168.122.201	49191	205.251.213.5	443
192.168.122.201	49193	23.43.56.95	443
192.168.122.201	49176	23.55.110.158	443
192.168.122.201	49169	23.55.161.187	443
192.168.122.201	49218	52.217.40.46 s3.amazonaws.com	443
192.168.122.201	49244	52.222.129.31	443
192.168.122.201	49177	52.222.129.82	443
192.168.122.201	49178	52.222.131.149	443
192.168.122.201	49189	52.222.131.223	443
192.168.122.201	49190	52.222.132.120	443
192.168.122.201	49213	52.222.132.226	443
192.168.122.201	49239	52.222.132.227	443
192.168.122.201	49212	52.222.132.43	443
192.168.122.201	49233	52.222.133.133	443
192.168.122.201	49242	54.182.1.111	443
192.168.122.201	49230	54.182.2.105	443
192.168.122.201	49214	54.182.5.75	443
192.168.122.201	49185	54.182.6.35	443
192.168.122.201	49224	54.239.130.67	443
192.168.122.201	49207	95.100.252.11	443
192.168.122.201	49171	95.100.252.43	443
192.168.122.201	49181	99.84.2.73	443
192.168.122.201	49236	99.84.5.156	443
192.168.122.201	49241	99.84.5.88	443
192.168.122.201	49215	99.84.5.98	443
192.168.122.201	49240	99.86.0.77	443
192.168.122.201	49180	99.86.2.143	443
192.168.122.201	49227	99.86.4.151	443
192.168.122.201	49234	99.86.4.151	443
192.168.122.201	49237	99.86.6.44	443

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	49310	192.168.122.1	53
192.168.122.201	49608	192.168.122.1	53
192.168.122.201	51856	192.168.122.1	53
192.168.122.201	58897	192.168.122.1	53
192.168.122.201	64912	192.168.122.1	53

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

Timestamp	Source IP	Source Port	Destination IP	Destination Port	Protocol	SID	Signature	Category
2020-07-05 22:38:33.169859+0800	192.168.122.201	49181	99.84.2.73	443	TCP	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
2020-07-05 22:38:33.169859+0800	192.168.122.201	49181	99.84.2.73	443	TCP	2230015	SURICATA TLS invalid record version	Generic Protocol Command Decode
2020-07-05 22:38:33.169859+0800	192.168.122.201	49181	99.84.2.73	443	TCP	2260000	SURICATA Applayer Mismatch protocol both directions	Generic Protocol Command Decode
2020-07-05 22:38:33.860839+0800	99.84.2.73	443	192.168.122.201	49181	TCP	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
2020-07-05 22:38:33.860839+0800	99.84.2.73	443	192.168.122.201	49181	TCP	2230015	SURICATA TLS invalid record version	Generic Protocol Command Decode
2020-07-05 22:38:32.923808+0800	192.168.122.201	49184	205.251.206.32	443	TCP	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
2020-07-05 22:38:32.923808+0800	192.168.122.201	49184	205.251.206.32	443	TCP	2230015	SURICATA TLS invalid record version	Generic Protocol Command Decode
2020-07-05 22:38:32.923808+0800	192.168.122.201	49184	205.251.206.32	443	TCP	2260000	SURICATA Applayer Mismatch protocol both directions	Generic Protocol Command Decode
2020-07-05 22:38:33.365043+0800	205.251.206.32	443	192.168.122.201	49184	TCP	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
2020-07-05 22:38:33.365043+0800	205.251.206.32	443	192.168.122.201	49184	TCP	2230015	SURICATA TLS invalid record version	Generic Protocol Command Decode
2020-07-05 22:38:42.798085+0800	192.168.122.201	49208	13.35.6.177	443	TCP	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
2020-07-05 22:38:42.798085+0800	192.168.122.201	49208	13.35.6.177	443	TCP	2230015	SURICATA TLS invalid record version	Generic Protocol Command Decode
2020-07-05 22:38:42.798085+0800	192.168.122.201	49208	13.35.6.177	443	TCP	2260000	SURICATA Applayer Mismatch protocol both directions	Generic Protocol Command Decode
2020-07-05 22:38:42.902342+0800	13.35.6.177	443	192.168.122.201	49208	TCP	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
2020-07-05 22:38:42.902342+0800	13.35.6.177	443	192.168.122.201	49208	TCP	2230015	SURICATA TLS invalid record version	Generic Protocol Command Decode
2020-07-05 22:38:45.627819+0800	192.168.122.201	49222	20.194.3.251	443	TCP	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
2020-07-05 22:38:45.714590+0800	20.194.3.251	443	192.168.122.201	49222	TCP	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
2020-07-05 22:39:39.093068+0800	192.168.122.201	49247	20.194.3.251	443	TCP	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode
2020-07-05 22:39:39.251058+0800	20.194.3.251	443	192.168.122.201	49247	TCP	2230010	SURICATA TLS invalid record/traffic	Generic Protocol Command Decode

TLS

Timestamp	Source IP	Source Port	Destination IP	Destination Port	Version	Issuer	Subject	Fingerprint
2020-07-05 22:38:32.888309+0800	192.168.122.201	49170	184.28.220.48	443	TLS 1.2	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Secure Site ECC CA-1	C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net	aa:77:58:c9:df:78:1b:f5:44:4b:6f:6a:4a:86:90:82:97:1a:0f:39
2020-07-05 22:38:33.164233+0800	192.168.122.201	49179	13.249.2.130	443	TLS 1.2	C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA	C=US, ST=California, L=San Jose, O=Adobe Systems Incorporated, OU=IT, CN=*.ccpsx.com	d3:5a:98:4f:9f:12:d7:84:40:ea:4f:c8:71:dc:9f:ae:d7:ac:22:3c
2020-07-05 22:38:32.791666+0800	192.168.122.201	49182	204.246.164.4	443	TLS 1.2	C=US, O=Amazon, OU=Server CA 1B, CN=Amazon	CN=performance-cdn.venividivicci.de	bd:8f:eb:e8:78:83:73:3b:61:8b:cc:2d:e5:d2:ce:a8:4b:de:81:a8
2020-07-05 22:38:34.006681+0800	192.168.122.201	49168	104.84.152.216	443	TLS 1.2	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Secure Site ECC CA-1	C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net	aa:77:58:c9:df:78:1b:f5:44:4b:6f:6a:4a:86:90:82:97:1a:0f:39
2020-07-05 22:38:34.900609+0800	192.168.122.201	49172	2.21.34.11	443	TLS 1.2	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Secure Site ECC CA-1	C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net	aa:77:58:c9:df:78:1b:f5:44:4b:6f:6a:4a:86:90:82:97:1a:0f:39
2020-07-05 22:38:34.964234+0800	192.168.122.201	49173	184.150.157.129	443	TLS 1.2	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Secure Site ECC CA-1	C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net	aa:77:58:c9:df:78:1b:f5:44:4b:6f:6a:4a:86:90:82:97:1a:0f:39
2020-07-05 22:38:35.047979+0800	192.168.122.201	49188	13.35.1.44	443	TLS 1.2	C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Organization Validation Secure Server CA	C=KR, unknown=16677, ST=Gyeonggi-do, L=Yeongtong-gu, Suwon-si, unknown=129, Samsung-ro, Yeongtong-gu, O=SAMSUNG ELECTRONICS CO. LTD, OU=Service Development Group, OU=Hosted by Korea Information Certificate Authority, Inc., OU=PremiumSSL Wildcard, CN=*.sam	4b:71:e8:1a:8e:d1:8a:6f:9b:b9:b7:43:ab:94:0d:7d:60:a7:9d:ce
2020-07-05 22:38:32.996676+0800	192.168.122.201	49183	204.246.169.89	443	TLS 1.2	C=US, O=Amazon, OU=Server CA 1B, CN=Amazon	CN=*.lucidhq.com	34:e1:eb:89:4d:4c:6a:bc:b0:f7:a5:25:e9:46:05:66:78:e3:06:5b
2020-07-05 22:38:35.264330+0800	192.168.122.201	49189	52.222.131.223	443	TLS 1.2	C=US, O=Amazon, OU=Server CA 1B, CN=Amazon	CN=oihxray-beta.aka.amazon.com	a0:89:97:e8:28:b0:ff:0a:2e:51:33:51:b5:c9:cf:82:42:e8:68:ef
2020-07-05 22:38:32.911202+0800	192.168.122.201	49178	52.222.131.149	443	TLS 1.2	C=US, O=Amazon, OU=Server CA 1B, CN=Amazon	CN=*.project-a.videoprojects.net	3c:eb:fa:51:2a:43:1e:d5:d7:f0:35:b3:d3:ae:68:04:a7:4c:38:2c
2020-07-05 22:38:32.872319+0800	192.168.122.201	49177	52.222.129.82	443	TLS 1.2	C=US, O=Amazon, OU=Server CA 1B, CN=Amazon	CN=homathon.com	93:f9:2b:83:c6:4a:c4:d7:c3:95:b4:b8:40:bf:e3:9e:5c:78:af:ef
2020-07-05 22:38:36.411640+0800	192.168.122.201	49176	23.55.110.158	443	TLS 1.2	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Secure Site ECC CA-1	C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net	aa:77:58:c9:df:78:1b:f5:44:4b:6f:6a:4a:86:90:82:97:1a:0f:39
2020-07-05 22:38:36.664226+0800	192.168.122.201	49180	99.86.2.143	443	TLS 1.2	C=US, O=Amazon, OU=Server CA 1B, CN=Amazon	CN=*.execute-api.us-east-1.amazonaws.com	a0:af:ef:86:27:f8:ff:3b:0d:8d:89:05:50:b6:af:90:3f:78:ba:f4
2020-07-05 22:38:37.112616+0800	192.168.122.201	49192	184.28.220.48	443	TLS 1.2	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Secure Site ECC CA-1	C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net	aa:77:58:c9:df:78:1b:f5:44:4b:6f:6a:4a:86:90:82:97:1a:0f:39
2020-07-05 22:38:37.853829+0800	192.168.122.201	49191	205.251.213.5	443	TLS 1.2	C=US, O=DigiCert Inc, CN=DigiCert Global CA G2	C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=*.cloudfront.net	4b:2c:fc:f5:68:be:5b:07:f1:f7:8f:26:1d:06:7a:81:2c:b6:58:6a
2020-07-05 22:38:37.753848+0800	192.168.122.201	49193	23.43.56.95	443	TLS 1.2	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Secure Site ECC CA-1	C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net	aa:77:58:c9:df:78:1b:f5:44:4b:6f:6a:4a:86:90:82:97:1a:0f:39
2020-07-05 22:38:38.714749+0800	192.168.122.201	49202	2.21.34.11	443	TLS 1.2	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Secure Site ECC CA-1	C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net	aa:77:58:c9:df:78:1b:f5:44:4b:6f:6a:4a:86:90:82:97:1a:0f:39
2020-07-05 22:38:33.582096+0800	192.168.122.201	49167	104.89.124.231	443	TLS 1.2	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Secure Site ECC CA-1	C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net	aa:77:58:c9:df:78:1b:f5:44:4b:6f:6a:4a:86:90:82:97:1a:0f:39
2020-07-05 22:38:38.869997+0800	192.168.122.201	49175	104.89.124.49	443	TLS 1.2	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Secure Site ECC CA-1	C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net	aa:77:58:c9:df:78:1b:f5:44:4b:6f:6a:4a:86:90:82:97:1a:0f:39
2020-07-05 22:38:39.673983+0800	192.168.122.201	49174	2.21.76.185	443	TLS 1.2	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Secure Site ECC CA-1	C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net	aa:77:58:c9:df:78:1b:f5:44:4b:6f:6a:4a:86:90:82:97:1a:0f:39
2020-07-05 22:38:42.874952+0800	192.168.122.201	49207	95.100.252.11	443	TLS 1.2	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Secure Site ECC CA-1	C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net	aa:77:58:c9:df:78:1b:f5:44:4b:6f:6a:4a:86:90:82:97:1a:0f:39
2020-07-05 22:38:40.376321+0800	192.168.122.201	49204	205.251.206.93	443	TLS 1.2	C=US, O=Amazon, OU=Server CA 1B, CN=Amazon	CN=amp.nnds19.news.nifty.com	09:59:79:1b:02:18:8f:ec:c3:d2:dc:cd:ad:ae:b4:d1:11:3d:00:b9
2020-07-05 22:38:44.164674+0800	192.168.122.201	49222	20.194.3.251	443	TLS 1.2	CN=Gloss Galled/L=Placards/ST=California/C=US	CN=Gloss Galled/L=Placards/ST=California/C=US	70:c3:77:4d:db:1a:eb:cf:6f:3c:20:79:78:65:43:39:35:56:1a:3a
2020-07-05 22:38:43.397455+0800	192.168.122.201	49218	52.217.40.46	443	TLS 1.2	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2	C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=s3.amazonaws.com	50:cf:be:64:52:a5:85:2a:58:6a:06:e1:39:4a:c6:3f:7f:56:b8:b3
2020-07-05 22:38:44.249467+0800	192.168.122.201	49209	13.224.0.157	443	TLS 1.2	C=US, O=Amazon, OU=Server CA 1B, CN=Amazon	CN=*.ref.csc.turner.com	74:c3:a3:4d:93:c1:17:6b:1c:b2:3f:af:c0:ca:91:24:f8:77:de:81
2020-07-05 22:38:45.688300+0800	192.168.122.201	49224	54.239.130.67	443	TLS 1.2	C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2	OU=Domain Control Validated, CN=*.company-target.com	bb:7e:c6:66:e6:70:b3:3d:cd:14:b7:1d:fe:3d:86:6b:68:3a:26:c1
2020-07-05 22:38:46.624296+0800	192.168.122.201	49214	54.182.5.75	443	TLS 1.2	C=US, O=Amazon, OU=Server CA 1B, CN=Amazon	CN=performance-cdn.venividivicci.de	bd:8f:eb:e8:78:83:73:3b:61:8b:cc:2d:e5:d2:ce:a8:4b:de:81:a8
2020-07-05 22:38:45.973982+0800	192.168.122.201	49211	2.21.76.92	443	TLS 1.2	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Secure Site ECC CA-1	C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net	aa:77:58:c9:df:78:1b:f5:44:4b:6f:6a:4a:86:90:82:97:1a:0f:39
2020-07-05 22:38:47.304128+0800	192.168.122.201	49217	204.246.164.207	443	TLS 1.2	C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2	OU=Domain Control Validated, CN=*.playwith.com.tw	e2:33:59:b9:0d:d5:dd:22:99:f2:ce:8a:78:9a:84:58:36:2f:ab:cb
2020-07-05 22:38:56.652684+0800	192.168.122.201	49235	2.21.34.11	443	TLS 1.2	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Secure Site ECC CA-1	C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net	aa:77:58:c9:df:78:1b:f5:44:4b:6f:6a:4a:86:90:82:97:1a:0f:39
2020-07-05 22:38:53.611569+0800	192.168.122.201	49231	13.249.6.78	443	TLS 1.2	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust RSA CA 2018	C=US, ST=California, L=Marina del Rey, O=Sony New Media Solutions Inc., CN=*.dadcdigital.com	4c:d1:bb:f5:67:d7:37:5a:cc:38:09:2f:bd:31:71:64:c0:ed:44:06
2020-07-05 22:38:56.177278+0800	192.168.122.201	49234	99.86.4.151	443	TLS 1.2	C=US, O=Amazon, OU=Server CA 1B, CN=Amazon	CN=dev.sotappm.auone.jp	70:cf:e6:4a:82:6b:08:f5:18:79:d6:81:fa:30:71:73:eb:ff:98:d1
2020-07-05 22:38:56.120977+0800	192.168.122.201	49232	143.204.2.35	443	TLS 1.2	C=US, O=Amazon, OU=Server CA 1B, CN=Amazon	CN=*.sealights.co	ba:e4:a5:be:50:8b:5c:08:75:f5:e9:6c:e3:5e:c7:01:be:36:2a:b7
2020-07-05 22:38:53.434782+0800	192.168.122.201	49233	52.222.133.133	443	TLS 1.2	C=US, O=DigiCert Inc, CN=DigiCert Global CA G2	C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=*.cloudfront.net	4b:2c:fc:f5:68:be:5b:07:f1:f7:8f:26:1d:06:7a:81:2c:b6:58:6a
2020-07-05 22:38:56.934608+0800	192.168.122.201	49236	99.84.5.156	443	TLS 1.2	C=US, O=DigiCert Inc, CN=DigiCert Global CA G2	C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=*.cloudfront.net	4b:2c:fc:f5:68:be:5b:07:f1:f7:8f:26:1d:06:7a:81:2c:b6:58:6a
2020-07-05 22:39:00.207158+0800	192.168.122.201	49239	52.222.132.227	443	TLS 1.2	C=US, O=DigiCert Inc, CN=DigiCert Global CA G2	C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com.mx	12:27:3c:c0:a4:60:64:aa:cc:be:b7:fd:9e:a9:cf:33:10:64:de:28
2020-07-05 22:38:59.431393+0800	192.168.122.201	49238	13.224.2.124	443	TLS 1.2	C=US, O=DigiCert Inc, CN=DigiCert Global CA G2	C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=*.cloudfront.net	4b:2c:fc:f5:68:be:5b:07:f1:f7:8f:26:1d:06:7a:81:2c:b6:58:6a
2020-07-05 22:39:08.442012+0800	192.168.122.201	49241	99.84.5.88	443	TLS 1.2	C=US, O=DigiCert Inc, CN=DigiCert Global CA G2	C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=*.cloudfront.net	4b:2c:fc:f5:68:be:5b:07:f1:f7:8f:26:1d:06:7a:81:2c:b6:58:6a
2020-07-05 22:39:08.727283+0800	192.168.122.201	49240	99.86.0.77	443	TLS 1.2	C=US, O=Amazon, OU=Server CA 1B, CN=Amazon	CN=gallery.mailchimp.com	ad:95:2f:3e:82:d3:52:77:6a:85:f2:24:9c:c0:18:b8:5d:fa:2b:29
2020-07-05 22:39:10.085823+0800	192.168.122.201	49243	13.35.1.23	443	TLS 1.2	C=FR, ST=Paris, L=Paris, O=Gandi, CN=Gandi Standard SSL CA 2	OU=Domain Control Validated, OU=Gandi Standard Wildcard SSL, CN=*.qobuz.com	26:f2:ac:a2:ec:b6:b7:9e:08:8c:35:91:c4:d6:87:18:ad:82:f8:e1
2020-07-05 22:39:19.657722+0800	192.168.122.201	49244	52.222.129.31	443	TLS 1.2	C=US, O=Amazon, OU=Server CA 1B, CN=Amazon	CN=*.comparaonline.com	67:83:ef:a4:f7:2d:e5:a8:b7:f0:31:bc:8c:18:17:49:75:04:af:2a

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

文件名	lantern.exe
相关文件	C:\Users\test\AppData\Local\Temp\rar-tmp\lantern.exe
文件大小	15730495 字节
文件类型	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	16972c0f11f1fd1c5fabacf337c3dd1b
SHA1	4f1de06b2755996b20cc9e5903cb2a21e6ab2e9e
SHA256	4f2b6737a0d09517d9fd253ed827655fc785c1081808ce46acd0742b658e0bc9
CRC32	FF6B3854
Ssdeep	393216:54YDp64DRwZMEy/ovR9wpWj3VRfwlHoRfuTP66NT7OK:5qvRc
	下载提交魔盾安全分析

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 44.605 seconds )

15.493 Suricata
13.556 TargetInfo
7.075 BehaviorAnalysis
5.691 NetworkAnalysis
1.771 VirusTotal
0.865 Dropped
0.132 AnalysisInfo
0.018 Strings
0.003 Memory
0.001 Static

Signatures ( 2.505 seconds )

0.361 api_spamming
0.281 stealth_timeout
0.274 stealth_decoy_document
0.221 antiav_detectreg
0.127 antivm_generic_services
0.092 infostealer_ftp
0.056 antivm_generic_scsi
0.053 infostealer_im
0.045 stealth_file
0.044 reads_self
0.044 virus
0.043 antianalysis_detectreg
0.042 bootkit
0.035 mimics_filetime
0.034 anormaly_invoke_kills
0.033 antiav_detectfile
0.032 antivm_generic_disk
0.028 md_domain_bl
0.027 infostealer_mail
0.023 infostealer_bitcoin
0.022 antivm_vbox_libs
0.021 infostealer_browser_password
0.02 infostealer_browser
0.018 ipc_namedpipe
0.017 anomaly_persistence_autorun
0.017 hancitor_behavior
0.015 maldun_malicious_write_executeable_under_temp_to_regrun
0.015 kovter_behavior
0.014 maldun_anomaly_write_exe_and_obsfucate_extension
0.014 maldun_anomaly_massive_file_ops
0.014 ransomware_message
0.014 md_url_bl
0.013 antiemu_wine_func
0.013 kibex_behavior
0.013 securityxploded_modules
0.013 antivm_vbox_files
0.012 antivm_xen_keys
0.012 darkcomet_regkeys
0.011 exec_crash
0.011 geodo_banking_trojan
0.01 sets_autoconfig_url
0.01 betabot_behavior
0.009 injection_createremotethread
0.009 stealth_network
0.009 network_execute_http
0.009 shifu_behavior
0.009 disables_wfp
0.009 antivm_parallels_keys
0.008 disables_spdy
0.008 antisandbox_sunbelt_libs
0.008 antivm_generic_diskreg
0.007 antiav_avast_libs
0.007 injection_runpe
0.007 ransomware_extensions
0.007 ransomware_files
0.007 recon_fingerprint
0.006 office_dl_write_exe
0.006 antivm_vmware_libs
0.005 office_write_exe
0.005 network_document_http
0.005 stack_pivot
0.005 antisandbox_sboxie_libs
0.005 antiav_bitdefender_libs
0.005 antidbg_devices
0.005 antisandbox_productid
0.005 disables_browser_warn
0.004 network_tor
0.004 anomaly_persistence_bootexecute
0.004 antivm_vbox_keys
0.004 antivm_vmware_keys
0.004 antivm_vpc_keys
0.004 maldun_anomaly_invoke_vb_vba
0.004 network_torgateway
0.004 rat_pcclient
0.003 tinba_behavior
0.003 rat_luminosity
0.003 anomaly_reset_winsock
0.003 kelihos_behavior
0.003 creates_largekey
0.003 maldun_anomaly_write_exe_and_dll_under_winroot_run
0.003 creates_nullvalue
0.003 bypass_firewall
0.003 antivm_xen_keys
0.003 antivm_hyperv_keys
0.003 antivm_vbox_acpi
0.003 browser_security
0.003 packer_armadillo_regkey
0.002 hawkeye_behavior
0.002 rat_nanocore
0.002 dridex_behavior
0.002 kazybot_behavior
0.002 nymaim_behavior
0.002 cerber_behavior
0.002 antivm_generic_bios
0.002 antivm_generic_system
0.002 antivm_vmware_files
0.002 modify_proxy
0.002 codelux_behavior
0.002 md_bad_drop
0.002 recon_programs
0.001 injection_explorer
0.001 antisandbox_suspend
0.001 ursnif_behavior
0.001 dyre_behavior
0.001 network_bind
0.001 dead_connect
0.001 antidbg_windows
0.001 h1n1_behavior
0.001 sniffer_winpcap
0.001 antianalysis_detectfile
0.001 antivm_generic_cpu
0.001 antivm_vpc_files
0.001 banker_cridex
0.001 banker_zeus_mutex
0.001 bot_drive
0.001 bot_drive2
0.001 browser_addon
0.001 disables_system_restore
0.001 disables_windows_defender
0.001 maldun_malicious_drop_executable_file_to_temp_folder
0.001 malicous_targeted_flame
0.001 network_tor_service
0.001 office_security
0.001 ransomware_radamant
0.001 rat_spynet
0.001 stealth_hiddenreg
0.001 stealth_hide_notifications
0.001 stealth_modify_uac_prompt
0.001 stealth_modify_security_center_warnings

Reporting ( 1.168 seconds )

0.836 ReportHTMLSummary
0.332 Malheur


Task ID	557766
Mongo ID	5f01e6ae2f8f2e3863663375
Cuckoo release	1.4-Maldun