分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
URL win7-sp1-x64-shaapp03-1 2021-04-18 03:44:17 2021-04-18 03:46:21 124 秒

魔盾分数

0.325

正常的

URL详细信息


登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
test-gwms.china-invs.cn 未知 A 218.17.195.41
talkingdata.china-invs.cn A 113.105.178.47
acroipm.adobe.com A 23.35.111.136
CNAME acroipm.adobe.com.edgesuite.net
CNAME a1983.dscd.akamai.net
A 23.35.111.144

摘要

登录查看详细行为信息

WHOIS 信息

Name: None
Country: None
State: None
City: None
ZIP Code: None
Address: None

Orginization: None
Domain Name(s):
    china-invs.cn
Creation Date:
    None
Updated Date:
    None
Expiration Date:
    None
Email(s):
    weijinhong@china-invs.cn

Registrar(s):
    阿里云计算有限公司(万网)
Name Server(s):
    dns27.hichina.com
    dns28.hichina.com
Referral URL(s):
    None
没有防病毒引擎扫描信息!

进程树


iexplore.exe, PID: 2460, 上一级进程 PID: 2208

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49161 113.105.178.47 talkingdata.china-invs.cn 8081
192.168.122.201 49159 218.17.195.41 test-gwms.china-invs.cn 443
192.168.122.201 49160 218.17.195.41 test-gwms.china-invs.cn 443
192.168.122.201 49163 23.35.111.144 acroipm.adobe.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
test-gwms.china-invs.cn 未知 A 218.17.195.41
talkingdata.china-invs.cn A 113.105.178.47
acroipm.adobe.com A 23.35.111.136
CNAME acroipm.adobe.com.edgesuite.net
CNAME a1983.dscd.akamai.net
A 23.35.111.144

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49161 113.105.178.47 talkingdata.china-invs.cn 8081
192.168.122.201 49159 218.17.195.41 test-gwms.china-invs.cn 443
192.168.122.201 49160 218.17.195.41 test-gwms.china-invs.cn 443
192.168.122.201 49163 23.35.111.144 acroipm.adobe.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2021-04-18 03:44:37.252879+0800 192.168.122.201 49159 218.17.195.41 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert CN RSA CA G1 C=CN, ST=Guangdong Province, L=Shenzhen, O=中国中金财富证券有限公司, CN=*.china-invs.cn 51:21:24:ae:27:91:ba:8c:d7:78:38:ae:b7:c8:04:dc:54:f4:e1:34
2021-04-18 03:44:37.581433+0800 192.168.122.201 49160 218.17.195.41 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert CN RSA CA G1 C=CN, ST=Guangdong Province, L=Shenzhen, O=中国中金财富证券有限公司, CN=*.china-invs.cn 51:21:24:ae:27:91:ba:8c:d7:78:38:ae:b7:c8:04:dc:54:f4:e1:34
2021-04-18 03:44:37.973279+0800 192.168.122.201 49161 113.105.178.47 8081 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert CN RSA CA G1 C=CN, ST=Guangdong Province, L=Shenzhen, O=中国中金财富证券有限公司, CN=*.china-invs.cn 51:21:24:ae:27:91:ba:8c:d7:78:38:ae:b7:c8:04:dc:54:f4:e1:34

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 21.924 seconds )

  • 11.266 Suricata
  • 10.526 NetworkAnalysis
  • 0.106 Static
  • 0.012 Memory
  • 0.01 AnalysisInfo
  • 0.004 BehaviorAnalysis

Signatures ( 1.426 seconds )

  • 1.338 md_url_bl
  • 0.017 md_domain_bl
  • 0.011 antiav_detectreg
  • 0.008 ransomware_extensions
  • 0.006 anomaly_persistence_autorun
  • 0.005 antiav_detectfile
  • 0.005 infostealer_ftp
  • 0.004 geodo_banking_trojan
  • 0.004 ransomware_files
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_im
  • 0.002 tinba_behavior
  • 0.002 antianalysis_detectreg
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.002 infostealer_mail
  • 0.002 network_torgateway
  • 0.001 rat_nanocore
  • 0.001 betabot_behavior
  • 0.001 cerber_behavior
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 ie_martian_children
  • 0.001 md_bad_drop

Reporting ( 0.475 seconds )

  • 0.475 ReportHTMLSummary
Task ID 631030
Mongo ID 607b3b307e769a5b9e0d8800
Cuckoo release 1.4-Maldun