分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
URL win7-sp1-x64-shaapp03-2 2021-04-20 15:40:18 2021-04-20 15:42:22 124 秒

魔盾分数

0.0

正常的

URL详细信息


登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
logincdn.msauth.net CNAME lgincdnvzeuno.azureedge.net
A 152.199.40.6
CNAME lgincdnvzeuno.ec.azureedge.net
CNAME lgincdn.trafficmanager.net
CNAME cs1227.wpc.alphacdn.net
acroipm.adobe.com A 23.203.63.138
CNAME acroipm.adobe.com.edgesuite.net
CNAME a1983.dscd.akamai.net
A 23.203.63.170
A 23.203.63.129
watson.microsoft.com CNAME skypedataprdcolcus15.cloudapp.net
CNAME blobcollector.events.data.trafficmanager.net
A 104.43.193.48

摘要

登录查看详细行为信息

WHOIS 信息

Name: None
Country: None
State: None
City: None
ZIP Code: None
Address: None

Orginization: None
Domain Name(s):
    MSAUTH.NET
Creation Date:
    2018-10-25 18:11:25
Updated Date:
    2020-09-23 09:29:07
Expiration Date:
    2021-10-25 18:11:25
Email(s):
    abusecomplaints@markmonitor.com

Registrar(s):
    MarkMonitor Inc.
Name Server(s):
    A1-115.AKAM.NET
    A28-64.AKAM.NET
    A5-65.AKAM.NET
    A9-66.AKAM.NET
    NS1-05.AZURE-DNS.COM
    NS2-05.AZURE-DNS.NET
    NS3-05.AZURE-DNS.ORG
    NS4-05.AZURE-DNS.INFO
Referral URL(s):
    None
没有防病毒引擎扫描信息!

进程树


iexplore.exe, PID: 2520, 上一级进程 PID: 2288

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.202 49159 152.199.40.6 logincdn.msauth.net 443
192.168.122.202 49160 23.203.63.170 acroipm.adobe.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.202 50785 192.168.122.1 53
192.168.122.202 61239 192.168.122.1 53
192.168.122.202 62960 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
logincdn.msauth.net CNAME lgincdnvzeuno.azureedge.net
A 152.199.40.6
CNAME lgincdnvzeuno.ec.azureedge.net
CNAME lgincdn.trafficmanager.net
CNAME cs1227.wpc.alphacdn.net
acroipm.adobe.com A 23.203.63.138
CNAME acroipm.adobe.com.edgesuite.net
CNAME a1983.dscd.akamai.net
A 23.203.63.170
A 23.203.63.129
watson.microsoft.com CNAME skypedataprdcolcus15.cloudapp.net
CNAME blobcollector.events.data.trafficmanager.net
A 104.43.193.48

TCP

源地址 源端口 目标地址 目标端口
192.168.122.202 49159 152.199.40.6 logincdn.msauth.net 443
192.168.122.202 49160 23.203.63.170 acroipm.adobe.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.202 50785 192.168.122.1 53
192.168.122.202 61239 192.168.122.1 53
192.168.122.202 62960 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2021-04-20 15:40:36.500775+0800 192.168.122.202 49159 152.199.40.6 443 TLS 1.2 C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=identitycdn.msauth.net 9d:e3:cc:fb:3f:16:5c:57:72:b6:61:50:3d:8d:ab:1a:23:36:2a:62

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 25.469 seconds )

  • 11.367 Suricata
  • 10.869 Static
  • 1.926 NetworkAnalysis
  • 1.289 VirusTotal
  • 0.012 AnalysisInfo
  • 0.004 BehaviorAnalysis
  • 0.002 Memory

Signatures ( 1.439 seconds )

  • 1.358 md_url_bl
  • 0.014 md_domain_bl
  • 0.011 antiav_detectreg
  • 0.006 anomaly_persistence_autorun
  • 0.005 antiav_detectfile
  • 0.005 infostealer_ftp
  • 0.004 geodo_banking_trojan
  • 0.004 ransomware_files
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_im
  • 0.003 ransomware_extensions
  • 0.002 tinba_behavior
  • 0.002 rat_nanocore
  • 0.002 antianalysis_detectreg
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.002 infostealer_mail
  • 0.002 network_torgateway
  • 0.001 betabot_behavior
  • 0.001 cerber_behavior
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 ie_martian_children
  • 0.001 md_bad_drop
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.533 seconds )

  • 0.533 ReportHTMLSummary
Task ID 631526
Mongo ID 607e86077e769a0f6f493c63
Cuckoo release 1.4-Maldun